From 21b716395ce4c6aacb21d7428db11ee0deb1f527 Mon Sep 17 00:00:00 2001
From: Alex-Costin Puflene <puflenealexc@gmail.com>
Date: Wed, 12 Jun 2024 00:09:59 +0300
Subject: [PATCH] Fixes timeout decorator issues and radare2 parsing problems

---
 zeratool_lib/formatDetector.py        |  2 +-
 zeratool_lib/formatExploiter.py       |  2 +-
 zeratool_lib/overflowDetector.py      |  2 +-
 zeratool_lib/overflowExploitSender.py | 12 +++++++++++-
 zeratool_lib/overflowExploiter.py     | 13 +++++++++++--
 zeratool_lib/overflowRemoteLeaker.py  |  2 +-
 6 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/zeratool_lib/formatDetector.py b/zeratool_lib/formatDetector.py
index 8c0fe2d..c707528 100644
--- a/zeratool_lib/formatDetector.py
+++ b/zeratool_lib/formatDetector.py
@@ -56,7 +56,7 @@ def checkFormat(binary_name, inputType):
     # Lame way to do a timeout
     try:
 
-        @timeout_decorator.timeout(1200)
+        @timeout_decorator.timeout(1200, use_signals=False)
         def exploreBinary(simgr):
             simgr.explore(find=lambda s: "type" in s.globals)
 
diff --git a/zeratool_lib/formatExploiter.py b/zeratool_lib/formatExploiter.py
index cd83772..c0b2c7b 100644
--- a/zeratool_lib/formatExploiter.py
+++ b/zeratool_lib/formatExploiter.py
@@ -158,7 +158,7 @@ def rediscoverAndExploit(binary_name, properties, stack_position, leak_format):
     # Lame way to do a timeout
     try:
 
-        @timeout_decorator.timeout(1200)
+        @timeout_decorator.timeout(1200, use_signals=False)
         def exploreBinary(simgr):
             simgr.explore(find=lambda s: "type" in s.globals)
 
diff --git a/zeratool_lib/overflowDetector.py b/zeratool_lib/overflowDetector.py
index 6d71200..16f6034 100644
--- a/zeratool_lib/overflowDetector.py
+++ b/zeratool_lib/overflowDetector.py
@@ -49,7 +49,7 @@ def checkOverflow(binary_name, inputType):
     # Lame way to do a timeout
     try:
 
-        @timeout_decorator.timeout(120)
+        @timeout_decorator.timeout(120, use_signals=False)
         def exploreBinary(simgr):
             simgr.explore(
                 find=lambda s: "type" in s.globals, step_func=overflow_detect_filter
diff --git a/zeratool_lib/overflowExploitSender.py b/zeratool_lib/overflowExploitSender.py
index 6622f54..8e32943 100644
--- a/zeratool_lib/overflowExploitSender.py
+++ b/zeratool_lib/overflowExploitSender.py
@@ -1,4 +1,6 @@
 import logging
+import os
+import stat
 
 from overflowExploiter import exploitOverflow
 from pwn import ELF, gdb, process, u32, u64
@@ -14,8 +16,16 @@ def sendExploit(
 ):
     send_results = {}
 
+    radare2_binary_name = "/radare2_binary"
+    fin = open(binary_name, "rb")
+    fout = open(radare2_binary_name, "wb")
+    fout.write(fin.read())
+    fin.close()
+    fout.close()
+    os.chmod(radare2_binary_name, stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO)
+
     # Create local process
-    proc = process(binary_name)
+    proc = process(radare2_binary_name)
     if debug:
         gdb.attach(
             proc,
diff --git a/zeratool_lib/overflowExploiter.py b/zeratool_lib/overflowExploiter.py
index 0be6868..8478f6a 100644
--- a/zeratool_lib/overflowExploiter.py
+++ b/zeratool_lib/overflowExploiter.py
@@ -1,5 +1,6 @@
 import logging
 import os
+import stat
 
 import angr
 import claripy
@@ -54,6 +55,14 @@ def getOneGadget(properties):
 
 def exploitOverflow(binary_name, properties, inputType):
 
+    radare2_binary_name = "/radare2_binary"
+    fin = open(binary_name, "rb")
+    fout = open(radare2_binary_name, "wb")
+    fout.write(fin.read())
+    fin.close()
+    fout.close()
+    os.chmod(radare2_binary_name, stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO)
+
     run_environ = properties["pwn_type"].get("results", {})
     run_environ["type"] = run_environ.get("type", None)
 
@@ -104,7 +113,7 @@ def exploitOverflow(binary_name, properties, inputType):
     if inputType == "STDIN":
         entry_addr = p.loader.main_object.entry
         if not has_pie:
-            reg_values = getRegValues(binary_name, entry_addr)
+            reg_values = getRegValues(radare2_binary_name, entry_addr)
         state = p.factory.full_init_state(
             args=argv,
             add_options=extras,
@@ -146,7 +155,7 @@ def exploitOverflow(binary_name, properties, inputType):
     simgr.explore(find=lambda s: "type" in s.globals, step_func=step_func)
     try:
 
-        @timeout_decorator.timeout(1200)
+        @timeout_decorator.timeout(1200, use_signals=False)
         def exploreBinary(simgr):
             simgr.explore(find=lambda s: "type" in s.globals, step_func=step_func)
 
diff --git a/zeratool_lib/overflowRemoteLeaker.py b/zeratool_lib/overflowRemoteLeaker.py
index 7641d02..8b11319 100644
--- a/zeratool_lib/overflowRemoteLeaker.py
+++ b/zeratool_lib/overflowRemoteLeaker.py
@@ -69,7 +69,7 @@ def leak_remote_functions(binary_name, properties, inputType):
     # Lame way to do a timeout
     try:
 
-        @timeout_decorator.timeout(1200)
+        @timeout_decorator.timeout(1200, use_signals=False)
         def exploreBinary(simgr):
             simgr.explore(
                 find=lambda s: "libc" in s.globals, step_func=leak_remote_libc_functions