Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add panda target and test #29

Merged
merged 2 commits into from
Aug 23, 2023
Merged

Add panda target and test #29

merged 2 commits into from
Aug 23, 2023

Conversation

AndrewFasano
Copy link
Contributor

@AndrewFasano AndrewFasano commented Aug 14, 2023

PANDA is a qemu fork designed for for dynamic analysis with a nice python interface for guest control and analysis. Avatar supports PANDA as an emulation backend, but this PR adds PANDA as a dedicated target.

The model here is a bit different than other concrete targets. Instead of passing a binary to angr and configuring it to use panda as a concrete execution engine, users explicitly drive a PANDA-emulated guest OS and use PANDA callbacks to suspend emulation at an event of interest. Then, when the concrete guest is suspended, a user can use this interface to synchronize the concrete state from PANDA to angr and run a symbolic execution. Information learned from the symbolic execution can then be used to alter concrete state in the PANDA guest.

I'm very open for suggestions on how to improve this PR, just let me know.

@AndrewFasano
Copy link
Contributor Author

Happy to try fixing the few linter issues, but I'm not sure how to best fix the failing panda import. Unfortunately PANDA's not easily installed via pip (there is a package, but it's very outdated). I could modify a dockerfile to install PANDA from source if you'd like, but I'm not sure where the dockerfile for the test container is and if that would be appropriate.

@twizmwazin
Copy link
Member

Lacking proper packaging and a strong motive I'm not sure if we want to add panda to CI. In the test file, the test can be written as a unittest.TestCase subclass, and then @skipUnless(pandare, "pandare is required for this test") could be used so that CI doesn't try to run it.

@twizmwazin
Copy link
Member

Well, it looks like they do have a pip package: https://github.com/panda-re/panda/#quickstart-python-pip

We could add this as an optional dependency and install it in the venv, and install the needed binaries at build time in the container. If this interests you, check out the angr/ci-settings repository, which is where the CI container is built.

@AndrewFasano
Copy link
Contributor Author

Thanks for the suggestions! I think skipping the CI for it would be best, the panda pip package is a few years outdated (and to make it even worse, that's my fault). I'll update this with the @skipUnless and fix up the linter errors too.

@AndrewFasano
Copy link
Contributor Author

Turns out I already had the skipUnless set up, there was just an unnecessary panda import in another file. Updated the code to (hopefully) address the various linter warnings and errors.

angr_targets/targets/panda_target.py Outdated Show resolved Hide resolved
tests/panda_not_packed_elf64.py Outdated Show resolved Hide resolved
tests/panda_not_packed_elf64.py Outdated Show resolved Hide resolved
@AndrewFasano
Copy link
Contributor Author

Thanks for the review. Fixed those 3 things and hopefully fixed the linter complaints from the last CI run.

@degrigis degrigis merged commit 46bab44 into angr:master Aug 23, 2023
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants