# 验证是否成功 llvm-nm Regexp.bc U klee_make_symbolic ---------------- T main ---------------- T match ---------------- t matchhere ---------------- t matchstar
ptr: Stores or loads of invalid memory locations. free: Doubleor invalid free(). abort: The program calledabort(). assert: An assertion failed. div: A division or modulus by zero was detected. user: There is a problem with the input (invalid klee intrinsic calls) or the way KLEE is being used. exec: There was a problem which prevented KLEE from executing the program; for example an unknown instruction, a callto an invalid function pointer, orinline assembly. model: KLEE was unable to keep fullprecisionandisonly exploring parts of the program state. For example, symbolic sizes to malloc are not currently supported, in such cases KLEE will concretize the argument.
tutorial3 % for f in $(ls klee-last/ |grep err); do ktest-tool "klee-last/${f:0:10}.ktest"; done |grep text object 0: text: sddwddddsddwssssssssssssssss object 0: text: ssssddddwwaawwddddsddwssssss object 0: text: sddwddddssssddwwwwssssssssss object 0: text: ssssddddwwaawwddddssssddwwww
Turorial 4 Keygenning with KLEE and Hex-Rays
目的是破解密钥,首先将该 bin 文件使用 ghidra 反编译 main 函数如下:
// WARNING: [r2ghidra] Failed to match type signed int64_t for variable var_ch to Decompiler type: Unknown type // identifier signed // WARNING: [r2ghidra] Detected overlap for variable var_8h // WARNING: [r2ghidra] Failed to match type size_t for variable var_4h to Decompiler type: Unknown type identifier // size_t // WARNING: [r2ghidra] Detected overlap for variable var_4h // WARNING: [r2ghidra] Detected overlap for variable ptr