Problem

This binary from the plaidctf seems to cause problems with qira: It does not reliably display data.

the binary

According to qira it runs about 61000 instructions (too many?). At some point it starts ropping itself for the rest of the run, maybe this is another problem.

Steps to reproduce

qira "./qqq_ba4356a66c6a0f6802e5cebc3de5c4d1 --pctfkey PCTF{foo}"
browse to port 3002
if data gets displayed: scroll around
if no data gets displayed: refresh browser
qira crashed, does not display any new data

Version: git commit f977ec43638962cdcab7cd8f2a5bc5996bbfd034. I just installed it over the 'old' version with sudo ./install.sh

crash report

$ qira "./qqq_ba4356a66c6a0f6802e5cebc3de5c4d1_ --pctfkey PCTF{foo}"
*** program is /vagrant/plaid/qqq_ba4356a66c6a0f6802e5cebc3de5c4d1_ with hash 120e312c89b9df2d5fe3122403e4fda86a1d5ce0
**** using /home/vagrant/qira/tracers/qemu/qemu-2.5.1/i386-linux-user/qemu-i386 for 0x3
no qira server found, starting it
*** deleting old runs
**** running /vagrant/plaid/qqq_ba4356a66c6a0f6802e5cebc3de5c4d1_
****** starting WEB SERVER on 0.0.0.0:3002
Validating key...
wrong
*** using base 0 for 0
on 0 going from 1 to 378724...*** WARNING, changing segment 0x8048000 135835459
done 295.800000 ms
*** mapping 064f80d002469c9de9f19d821766081ae2effabd /usr/lib/locale/locale-archive sz:0x1887f0 off:0x0 @ 0xF6674000 done
client connected {0: [1, 61128]}
SOCKET 227.31 ms in getinstructions      with (0, 60443, 60427, 60460)
SOCKET 551.71 ms in getinstructions      with (0, 60444, 60428, 60461)
SOCKET  53.73 ms in getregisters         with (0, 60443)
SOCKET 444.51 ms in getinstructions      with (0, 60445, 60429, 60462)
SOCKET  73.43 ms in getregisters         with (0, 60444)
SOCKET 1313.96 ms in getinstructions      with (0, 60446, 60430, 60463)
SOCKET 219.30 ms in getregisters         with (0, 60445)
SOCKET  52.83 ms in getclnum             with (0, 60446, [u'L', u'S'], 2)
SOCKET 1958.43 ms in getinstructions      with (0, 60447, 60431, 60464)
SOCKET 130.99 ms in getchanges           with (-1, u'0x80a36e0', u'I', [0, 61128], 85.85393258426966, 60447)
SOCKET 1912.91 ms in getinstructions      with (0, 60448, 60432, 60465)
SOCKET 157.73 ms in getregisters         with (0, 60447)
SOCKET 171.85 ms in getclnum             with (0, 60448, [u'L', u'S'], 2)
SOCKET  71.88 ms in getchanges           with (-1, u'0x80a36e0', u'I', [0, 61128], 85.85393258426966, 60448)
SOCKET 1930.39 ms in getinstructions      with (0, 60449, 60433, 60466)
SOCKET  63.04 ms in getchanges           with (-1, u'0x80a36e0', u'I', [0, 61128], 85.85393258426966, 60449)
SOCKET 362.82 ms in getinstructions      with (0, 60450, 60434, 60467)
SOCKET  75.27 ms in getregisters         with (0, 60449)
SOCKET 165.04 ms in getclnum             with (0, 60450, [u'L', u'S'], 2)
SOCKET 267.57 ms in getchanges           with (-1, u'0x80a36e0', u'I', [0, 61128], 85.85393258426966, 60450)
SOCKET 5573.24 ms in getinstructions      with (0, 60451, 60435, 60468)
Traceback (most recent call last):
  File "/home/vagrant/qira/venv/local/lib/python2.7/site-packages/gevent/pywsgi.py", line 884, in handle_one_response
    self.run_application()
  File "/home/vagrant/qira/venv/local/lib/python2.7/site-packages/gevent/pywsgi.py", line 870, in run_application
    self.result = self.application(self.environ, self.start_response)
  File "/home/vagrant/qira/venv/local/lib/python2.7/site-packages/flask/app.py", line 1836, in __call__
    return self.wsgi_app(environ, start_response)
  File "/home/vagrant/qira/venv/local/lib/python2.7/site-packages/flask_socketio/__init__.py", line 37, in __call__
    start_response)
  File "/home/vagrant/qira/venv/local/lib/python2.7/site-packages/engineio/middleware.py", line 47, in __call__
    return self.engineio_app.handle_request(environ, start_response)
  File "/home/vagrant/qira/venv/local/lib/python2.7/site-packages/socketio/server.py", line 303, in handle_request
    return self.eio.handle_request(environ, start_response)
  File "/home/vagrant/qira/venv/local/lib/python2.7/site-packages/engineio/server.py", line 244, in handle_request
    socket.handle_post_request(environ)
  File "/home/vagrant/qira/venv/local/lib/python2.7/site-packages/engineio/socket.py", line 96, in handle_post_request
    self.receive(pkt)
  File "/home/vagrant/qira/venv/local/lib/python2.7/site-packages/engineio/socket.py", line 48, in receive
    self.server._trigger_event('message', self.sid, pkt.data)
  File "/home/vagrant/qira/venv/local/lib/python2.7/site-packages/engineio/server.py", line 330, in _trigger_event
    return self.handlers[event](*args)
  File "/home/vagrant/qira/venv/local/lib/python2.7/site-packages/socketio/server.py", line 429, in _handle_eio_message
    self._handle_event(sid, pkt.namespace, pkt.id, pkt.data)
  File "/home/vagrant/qira/venv/local/lib/python2.7/site-packages/socketio/server.py", line 371, in _handle_event
    r = self._trigger_event(data[0], namespace, sid, *data[1:])
  File "/home/vagrant/qira/venv/local/lib/python2.7/site-packages/socketio/server.py", line 397, in _trigger_event
    return self.handlers[namespace][event](*args)
  File "/home/vagrant/qira/venv/local/lib/python2.7/site-packages/flask_socketio/__init__.py", line 177, in _handler
    app = self.server.environ[sid]['flask.app']
KeyError: '3f9ff8348f9c49e9b9de8c70706e8fe1'
{'CONTENT_LENGTH': '5916',
 'CONTENT_TYPE': 'text/plain;charset=UTF-8',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': '*/*',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
 'HTTP_ACCEPT_LANGUAGE': 'en-us',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_COOKIE': '__utma=111872281.1738590689.1448917922.1456146375.1459771569.4; __utmz=111872281.1449526770.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); io=3f9ff8348f9c49e9b9de8c70706e8fe1; _ga=GA1.1.1738590689.1448917922; meteor_login_token=lfLq9FiBEsgUqlT22o3jDnHgHq18WX6S4go1ohNQy-b',
 'HTTP_DNT': '1',
 'HTTP_HOST': 'localhost:3002',
 'HTTP_ORIGIN': 'http://localhost:3002',
 'HTTP_REFERER': 'http://localhost:3002/',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17',
 'PATH_INFO': '/socket.io/',
 'QUERY_STRING': 'EIO=3&transport=polling&t=1461076355062-45&sid=3f9ff8348f9c49e9b9de8c70706e8fe1',
 'REMOTE_ADDR': '10.0.2.2',
 'REMOTE_PORT': '63086',
 'REQUEST_METHOD': 'POST',
 'SCRIPT_NAME': '',
 'SERVER_NAME': 'vagrant-ubuntu-wily-64',
 'SERVER_PORT': '3002',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'gevent/1.1 Python/2.7',
 'flask.app': <Flask 'qira_webserver'>,
 'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f4264dde1e0>,
 'wsgi.input': <gevent.pywsgi.Input object at 0x7f426040a120>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': False,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)} failed with KeyError

Killed

geohot / qira

Crash Report #170

Problem

the binary

Steps to reproduce

crash report