Skip to content
/ colorguard Public

Concolic tracer to detect flag leaks and create Type-2 POVs.

License

BSD-2-Clause license
13 stars 11 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mechaphish/colorguard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

130 Commits
colorguard
colorguard
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
setup.py
setup.py
 
 

Repository files navigation

Colorguard

Detect and exploit leaks of the flag page given an input. Makes stdin entirely concrete with the only symbolic data being the flag page. For most binaries this should allow us to execute almost entirely in Unicorn

>>> cg = colorguard.Colorguard("../binaries/tests/i386/simple_leak", "deadbeef")
>>> pov = cg.attempt_exploit() # if a leak occurs exploit it
>>> pov # these POVs are the same as the POVs generated by Rex
<colorguard.pov.ColorguardType2Exploit at 0x7f7d9a2c2610>
>>> pov.test_binary() # being Rex POVs they can also be run against a simulation of the CGC architecture
True
>>> pov.dump_c('leak.c') # they can be dumped just like Rex POVs too
>>> pov.dump_binary('leak.pov')

About

Concolic tracer to detect flag leaks and create Type-2 POVs.

Resources

Readme

License

BSD-2-Clause license
Activity
Custom properties

Stars

13 stars

Watchers

5 watching

Forks

11 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 10

Languages