Merge branch 'dev' into dependabot/github_actions/actions/setup-python-5

.github/workflows/android.yml

@@ -37,6 +37,7 @@ jobs:
 
     - name: Install Android AVD
       run: |
+        sudo usermod -aG kvm $USER
         source travis/setup_avd_fast.sh
         sed -i 's/skip_android = True/skip_android = False/' docs/source/conf.py
         set | grep ^PATH >.android.env

CHANGELOG.md

@@ -76,13 +76,15 @@ The table below shows which release corresponds to each branch, and what date th
 - [#2293][2293] Add x86 CET status to checksec output
 - [#1763][1763] Allow to add to the existing environment in `process` instead of replacing it
 - [#2307][2307] Fix `pwn libcdb file` crashing if "/bin/sh" string was not found
+- [#2309][2309] Detect challenge binary and libc in `pwn template`
 
 [2242]: https://github.com/Gallopsled/pwntools/pull/2242
 [2277]: https://github.com/Gallopsled/pwntools/pull/2277
 [2281]: https://github.com/Gallopsled/pwntools/pull/2281
 [2293]: https://github.com/Gallopsled/pwntools/pull/2293
 [1763]: https://github.com/Gallopsled/pwntools/pull/1763
 [2307]: https://github.com/Gallopsled/pwntools/pull/2307
+[2309]: https://github.com/Gallopsled/pwntools/pull/2309
 
 ## 4.12.0 (`beta`)
 

pwnlib/adb/adb.py

@@ -66,6 +66,7 @@
 from pwnlib.context import LocalContext
 from pwnlib.context import context
 from pwnlib.device import Device
+from pwnlib.exception import PwnlibException
 from pwnlib.log import getLogger
 from pwnlib.protocols.adb import AdbClient
 from pwnlib.util.packing import _decode
@@ -122,7 +123,7 @@ def current_device(any=False):
 
         >>> device = adb.current_device(any=True)
         >>> device  # doctest: +ELLIPSIS
-        AdbDevice(serial='emulator-5554', type='device', port='emulator', product='sdk_...phone_armv7', model='sdk ...phone armv7', device='generic')
+        AdbDevice(serial='emulator-5554', type='device', port='emulator', product='sdk_...phone_...', model='...', device='generic...')
         >>> device.port
         'emulator'
     """
@@ -252,13 +253,13 @@ class AdbDevice(Device):
 
         >>> device = adb.wait_for_device()
         >>> device.arch
-        'arm'
+        'amd64'
         >>> device.bits
-        32
+        64
         >>> device.os
         'android'
         >>> device.product  # doctest: +ELLIPSIS
-        'sdk_...phone_armv7'
+        'sdk_...phone_...'
         >>> device.serial
         'emulator-5554'
     """
@@ -1364,7 +1365,7 @@ def compile(source):
         >>> filename = adb.compile(temp)
         >>> sent = adb.push(filename, "/data/local/tmp")
         >>> adb.process(sent).recvall() # doctest: +ELLIPSIS
-        b'... /system/bin/linker\n...'
+        b'... /system/lib64/libc.so\n...'
     """
 
     ndk_build = misc.which('ndk-build')
@@ -1490,8 +1491,9 @@ class Partitions(object):
     @context.quietfunc
     def by_name_dir(self):
         try:
-            return next(find('/dev/block/platform','by-name'))
-        except StopIteration:
+            with context.local(log_level=logging.FATAL):
+                return next(find('/dev/block/platform','by-name'))
+        except (StopIteration, PwnlibException):
             return '/dev/block'
 
     @context.quietfunc

pwnlib/commandline/template.py

@@ -9,24 +9,54 @@
 parser = common.parser_commands.add_parser(
     'template',
     help = 'Generate an exploit template',
-    description = 'Generate an exploit template'
+    description = 'Generate an exploit template. If no arguments are given, '
+                    'the current directory is searched for an executable binary and ' 
+                    'libc. If only one binary is found, it is assumed to be the '
+                    'challenge binary.'
 )
 
 # change path to hardcoded one when building the documentation
 printable_data_path = "pwnlib/data" if 'sphinx' in sys.modules else pwnlib.data.path
 
-parser.add_argument('exe', nargs='?', help='Target binary')
+parser.add_argument('exe', nargs='?', help='Target binary. If not given, the current directory is searched for an executable binary.')
 parser.add_argument('--host', help='Remote host / SSH server')
 parser.add_argument('--port', help='Remote port / SSH port', type=int)
 parser.add_argument('--user', help='SSH Username')
 parser.add_argument('--pass', '--password', help='SSH Password', dest='password')
-parser.add_argument('--libc', help='Path to libc binary to use')
+parser.add_argument('--libc', help='Path to libc binary to use. If not given, the current directory is searched for a libc binary.')
 parser.add_argument('--path', help='Remote path of file on SSH server')
 parser.add_argument('--quiet', help='Less verbose template comments', action='store_true')
 parser.add_argument('--color', help='Print the output in color', choices=['never', 'always', 'auto'], default='auto')
 parser.add_argument('--template', help='Path to a custom template. Tries to use \'~/.config/pwntools/templates/pwnup.mako\', if it exists. '
                                    'Check \'%s\' for the default template shipped with pwntools.' % 
                                         os.path.join(printable_data_path, "templates", "pwnup.mako"))
+parser.add_argument('--no-auto', help='Do not automatically detect missing binaries', action='store_false', dest='auto')
+
+def detect_missing_binaries(args):
+    log.info("Automatically detecting challenge binaries...")
+    # look for challenge binary, libc, and ld in current directory
+    exe, libc, ld = args.exe, args.libc, None
+    other_files = []
+    for filename in os.listdir():
+        if not os.path.isfile(filename):
+            continue
+        if not libc and ('libc-' in filename or 'libc.' in filename):
+            libc = filename
+        elif not ld and 'ld-' in filename:
+            ld = filename
+        else:
+            if os.access(filename, os.X_OK):
+                other_files.append(filename)
+    if len(other_files) == 1:
+        exe = other_files[0]
+    elif len(other_files) > 1:
+        log.warning("Failed to find challenge binary. There are multiple binaries in the current directory: %s", other_files)
+
+    if exe != args.exe:
+        log.success("Found challenge binary %r", exe)
+    if libc != args.libc:
+        log.success("Found libc binary %r", libc)
+    return exe, libc
 
 def main(args):
 
@@ -44,19 +74,20 @@ def main(args):
         if not (args.path or args.exe):
             log.error("Must specify --path or a exe")
 
-        s = ssh(args.user, args.host, args.port or 22, args.password or None)
-
-        try:
-            remote_file = args.path or args.exe
-            s.download(remote_file)
-        except Exception:
-            log.warning("Could not download file %r, opening a shell", remote_file)
-            s.interactive()
-            return
+        with ssh(args.user, args.host, args.port or 22, args.password or None) as s:
+            try:
+                remote_file = args.path or args.exe
+                s.download(remote_file)
+            except Exception:
+                log.warning("Could not download file %r, opening a shell", remote_file)
+                s.interactive()
+                return
 
         if not args.exe:
             args.exe = os.path.basename(args.path)
 
+    if args.auto and (args.exe is None or args.libc is None):
+        args.exe, args.libc = detect_missing_binaries(args)
 
     if args.template:
         template = Template(filename=args.template) # Failing on invalid file is ok

travis/setup_avd_fast.sh

@@ -8,7 +8,7 @@ set -ex
 # - arm64-v8a
 # - x86
 # - x86_64
-ANDROID_ABI='armeabi-v7a'
+ANDROID_ABI='x86_64'
 ANDROIDV=android-24
 
 # Create our emulator Android Virtual Device (AVD)
@@ -18,7 +18,7 @@ yes | sdkmanager --sdk_root="$ANDROID_HOME" --install "system-images;$ANDROIDV;d
 yes | sdkmanager --sdk_root="$ANDROID_HOME" --licenses
 echo no | avdmanager --silent create avd --name android-$ANDROID_ABI --force --package "system-images;$ANDROIDV;default;$ANDROID_ABI"
 
-"$ANDROID_HOME"/emulator/emulator -avd android-$ANDROID_ABI -no-window -no-boot-anim -read-only -no-audio -no-window -no-snapshot &
+"$ANDROID_HOME"/emulator/emulator -avd android-$ANDROID_ABI -no-window -no-boot-anim -read-only -no-audio -no-window -no-snapshot -gpu off -accel off &
 adb wait-for-device
 adb shell id
 adb shell getprop