angr - Ch1keen Wiki 🍗

angr

angr is an open source binary analysis platform for Python. It is known as a famous tool for the concolic analysis, like the symbolic execution method, but angr also provides features of static binary analysis.

1. Initialize a new project

p = angr.Project(<Target Binary>, auto_load_libs=False)

2. Show a list of functions

3. Show disassemble of a function

4. Decompile a function

5. Symbolic Execution

6. Cheat Sheet

This script does:

Initial a new project
Show a list of functions
Show disassemble of a function
Show decompiled function

# Load Binary file as project
p = angr.Project(<Target Binary>, auto_load_libs=False)

# Call Flow Graph Analysis
p.analyses.CFGFast(normalize=True)

# Show a list of functions
idfr = p.analyses.Identifier()
pprint(idfr.func_info)

# Show Disassemble
# p.kb.funtions.items() returns a FunctionManager object, not actually a dictionary.
# But you can easily access to function, if you know its name, like it is a dictionary.
# `pp()` method shows elegant disassembly view.
main_function = p.kb.functions['main']
main_function.pp()

# Decompilation
# note: the program need to be ananlyzed with `normalize` option enabled.
decompiled = p.analyses.Decompiler(main_function)
print(decompiled.codegen.text)

7. GUI?

You can get a GUI version of angr: https://github.com/angr/angr-management

8. Reference

Official

9. See Also

Software Reverse Engineering
There is a collection of binaries to train yourself how to use angr. Similar to the Qiling lab or Frida lab.

https://github.com/jakespringer/angr_ctf