Some initial r2 support

[bannsec]

Some initial R2 functions. Keeping this as a PR for now for cognizance. Using gdb as an example, but not implementing a full Avatar2 framework.

Somewhat implemented through set/remove breakpoint at the moment.

The idea for how to use this would be to instantiate the R2Concrete class with an already instantiated r2 class. This allows for r2 to get set up however one wants, and then simply the hand the class itself off to angr when ready.

For example, my current tests look like this:

  1 #!/usr/bin/env python3
  2
  3 import r2pipe
  4 from angr_targets import R2ConcreteTarget
  5
  6 r2 = r2pipe.open('/bin/ls', ['-d'])
  7 r2.cmd('')
  8 r2.cmd('')
  9 r2.cmd('')
 10 r2db = R2ConcreteTarget(r2)
 11
 12 sp = r2.cmdj('drj')['rsp']
 13 test_str = 'this_is_a_test'
 14
 15 print('Testing read/write ... ', flush=True, end='')
 16 r2db.write_memory(sp, test_str)
 17 assert r2db.read_memory(sp, len(test_str)) == test_str
 18 print('[ OK ]')
 19
 20
 21 print('Testing read register ... ', flush=True, end='')
 22 assert r2db.read_register('sp') == sp
 23 print('[ OK ]')
 24
 25 print('Testing write register ... ', flush=True, end='')
 26 r2db.write_register('rax', 0x12345)
 27 assert r2db.read_register('rax') == 0x12345
 28 print('[ OK ]')
 29
 30 print('Testing set breakpoint ... ', flush=True, end='')
 31 addr = r2db.read_register('rip')
 32 r2db.set_breakpoint(addr) # This checks that it gets set internally and excepts out
 33 print('[ OK ]')
 34
 35 print('Testing remove breakpoint ... ', flush=True, end='')
 36 r2db.remove_breakpoint(addr) # This checks that it gets set internally and excepts out
 37 print('[ OK ]')

[bannsec]

Having tested this, it seems to mostly work.

Some pending things:

• [ ] R2 watch points are a bit broken atm: https://github.com/radare/radare2/issues/13123
• [ ] R2 ST values are broken: https://github.com/radare/radare2/issues/13118
• [ ] angr concrete doesn't sync ST values: https://github.com/angr/angr/issues/1453
• [ ] R2 XMM writing doesn't work: https://github.com/radare/radare2/issues/13090
• [x] Tests rely on my binary getting added to r2 binaries: https://github.com/angr/binaries/pull/36
• [ ] Tests rely on adding r2 into travis build

[bannsec]

So the core functionality for this target appears to work fine. Not sure when some of the auxilary issues will be closed for, for instance, R2 bugs. That said, if you use it for normal things like software breakpoints, sync, etc, it should be fine. Once R2 fixes those issues (and angr fixes ST thing) there shouldn't be any changes needed to the target code itself.

One note is that, when this code gets into automated testing, it does have a requirement for r2 to be present. Wasn't sure how you wanted to handle that. For now, manually running the nose tests in my environment works.

Personally, i think this code should be OK to merge in with the above caveats understood.

[koyaan]

https://github.com/radareorg/radare2/issues/13118 is fixed by now