{"id":17219389,"url":"https://github.com/andreafioraldi/angr_pyqbdi","last_synced_at":"2025-03-25T14:42:06.930Z","repository":{"id":86885007,"uuid":"151214106","full_name":"andreafioraldi/angr_pyqbdi","owner":"andreafioraldi","description":"State synchronization between a pyQBDI instrumented process and angr. Based on angrdbg.","archived":false,"fork":false,"pushed_at":"2018-10-02T07:17:01.000Z","size":7,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-30T13:26:25.142Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andreafioraldi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-10-02T07:07:57.000Z","updated_at":"2020-03-14T11:12:10.000Z","dependencies_parsed_at":"2023-05-29T17:15:08.477Z","dependency_job_id":null,"html_url":"https://github.com/andreafioraldi/angr_pyqbdi","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreafioraldi%2Fangr_pyqbdi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreafioraldi%2Fangr_pyqbdi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreafioraldi%2Fangr_pyqbdi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreafioraldi%2Fangr_pyqbdi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andreafioraldi","download_url":"https://codeload.github.com/andreafioraldi/angr_pyqbdi/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245484726,"owners_count":20623135,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-15T03:49:45.720Z","updated_at":"2025-03-25T14:42:06.904Z","avatar_url":"https://github.com/andreafioraldi.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# angr_pyqbdi\n\nState synchronization between a pyQBDI instrumented process and angr. Based on [angrdbg](https://github.com/andreafioraldi/angrdbg).\n\nThis module transfers the instrumented process state in angr to perform symbolic execution and after injects the results in the concrete process to bypass all checks.\n\nYou need to run an rpyc server on localhost in the same execution folder of the script to be able to run it.\n\nTo start an rpyc server (be sure that you are in a virtualenv with angrdbg installed):\n```\n$ rpyc_classic.py\n```\n\nTo start the script:\n```\n$ export LD_LIBRARY_PATH=/usr/local/lib/\n$ LD_PRELOAD=/usr/local/lib/libpyqbdi.so PYQBDI_TOOL=./ais3_crackme.py ./ais3_crackme DUMMYDUMMYDUMMY\n```\n\nExample run:\n```\n ╭─andrea@malweisse ~/Desktop/angr-qdbi\n ╰─$ LD_PRELOAD=/usr/local/lib/libpyqbdi.so PYQBDI_TOOL=./ais3_crackme.py ./ais3_crackme DUMMYDUMMYDUMMY\n \u003e\u003e symbolizing 0x7ffd8962ff26 : 100\n \u003e\u003e starting exploration...\n \u003e\u003e valid state found\n \u003e\u003e solution:\n0x7ffd8962ff26 : 100 = 'ais3{I_tak3_g00d_n0t3s}##\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\nCorrect! that is the secret key!\n```\n\n### differencies with angrgdb and others\n\nThe angrdbg API StateShot must not be directly invoked in this module but you must invoke VMShot passing the current pyQBDI vm object as first argument.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreafioraldi%2Fangr_pyqbdi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandreafioraldi%2Fangr_pyqbdi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreafioraldi%2Fangr_pyqbdi/lists"}