sefcom / retspill Goto Github PK

While running with the main example using the docker environment, I ran into some issues caused by the fact that the code in chain_builder.py was done with an old version of angrop in mind, so it fails due to some more or less recent changes in the package.

For example:

$ docker build -t retspill .
...
$ docker run --privileged --mount type=bind,source=./exploit_env,target=/test -it --rm retspill bash
root@5bfd706f6d02:/RetSpill/igni# python3 analyzer.py -k /test/CVEs/CVE-2010-2959/kernel/arch/x86/boot/bzImage -e /test/CVEs/CVE-2010-2959/poc/poc                      
Traceback (most recent call last):
  File "/RetSpill/igni/analyzer.py", line 428, in <module>
    from chain_builder import ChainBuilder
  File "/RetSpill/igni/chain_builder.py", line 13, in <module>
    from angrop.gadget_analyzer import GadgetAnalyzer
ModuleNotFoundError: No module named 'angrop.gadget_analyzer'

In this case, this error is due to the fact that gadget_analyzer.py was moved into the gadget_finder/ directory in the angr commit angr/angrop@07d2b2e.

Not sure if it's better to fix it by updating the code in chain_builder.py or by pinning the angrop version in the Dockerfile.

As for the non-docker environment, if someone has the last (or a recent) version of angrop installed, I guess they'll bump into the same issues.

For this reason, I went with fixing the code in chain_builder.py in my fork of RetSpill. I can create a PR if you're interested, or you can just straight copy the changes if they make sense to you.