动态二进制分析框架 Triton 入门(一)

前言

毕设想做 AEG (Automatic Exploit Generation) 【1】 相关的研究,经朋友推荐,接触了 Triton 这个动态二进制框架。引用官方的一句话对其进行简单介绍。

Triton is a dynamic binary analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a Taint engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least, Python bindings.

本篇主要介绍 Triton 的安装。

安装

Ubuntu 17.04

因为想同时安装 Intel 的二进制动态分析框架 Pin【2】,Triton 目前只支持 Pin 71313 版本,这个版本只适用于 Linux 3.x 的内核。

考虑到老版本的 Ubuntu UI 太丑不能忍,果断安装 Ubuntu 17.04 LTS 版本然后进行内核降级。

内核降级

改源

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
cat > /etc/apt/sources.list << "EOF
deb https://mirrors.ustc.edu.cn/ubuntu/ zesty main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ zesty main restricted universe multiverse

deb https://mirrors.ustc.edu.cn/ubuntu/ zesty-security main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ zesty-security main restricted universe multiverse

deb https://mirrors.ustc.edu.cn/ubuntu/ zesty-updates main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ zesty-updates main restricted universe multiverse

deb https://mirrors.ustc.edu.cn/ubuntu/ zesty-backports main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ zesty-backports main restricted universe multiverse

deb http://security.ubuntu.com/ubuntu trusty-security main
EOF

安装 3.16 的内核

1
sudo apt-get install linux-image-extra-3.16.0-43-generic

修改 GRUB 配置

编辑 /etc/default/grub 文件,修改 GRUB_DEFAULT = 0 为以下

1
2
3
...
GRUB_DEFAULT="Advanced options for Ubuntu>Ubuntu, with Linux 3.16.0-43-generic"
...

更新 GRUB 并重启

1
2
sudo update-grub
sudo reboot now

卸载不常用软件

1
2
3
4
5
6
sudo bash
apt purge libreoffice-common
apt purge unity-webapps-common
apt purge thunderbird totem rhythmbox empathy brasero simple-scan gnome-mahjongg aisleriot gnome-mines cheese gnome-sudoku transmission-common gnome-orca webbrowser-app landscape-client-ui-install
apt purge deja-dup
apt-get update && apt-get upgrade

Triton 依赖库安装

libboost

编译安装 Boost 1.66.0 【3】

1
2
3
4
wget -c https://dl.bintray.com/boostorg/release/1.66.0/source/boost_1_66_0.tar.gz
tar -zxvf https://dl.bintray.com/boostorg/release/1.66.0/source/boost_1_66_0.tar.gz && cd boost_1_66_0
./bootstrap.sh
./b2 install

libz3

1
2
3
4
5
git clone https://github.com/Z3Prover/z3
python scripts/mk_make.py
cd build
make
sudo make install

libcapstone

1
2
sudo apt-get install libcapstone3
sudo apt-get install libcapstone-dev

安装 Trion

1
2
3
4
5
6
7
8
9
wget -c http://software.intel.com/sites/landingpage/pintool/downloads/pin-2.14-71313-gcc.4.4.7-linux.tar.gz
tar -zxvf pin-2.14-71313-gcc.4.4.7-linux.tar.gz
cd pin-2.14-71313-gcc.4.4.7-linux/source/tools/
$ git clone https://github.com/JonathanSalwan/Triton.git
$ cd Triton
$ mkdir build
$ cd build
$ cmake -DPINTOOL=on ..
$ make

常见问题

1
2
3
Q: fatal error: Python.h: No such file or directory
A: sudo apt-get install python-dev
sudo ln -sv /usr/include/python2.7/* /usr/include

参考链接

【1】: ATG 详解
https://zhuanlan.zhihu.com/p/26690230

【2】: Intel Pin 官网
https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool

【3】: libboost 1.66.0
https://dl.bintray.com/boostorg/release/1.66.0/source/boost_1_66_0.tar.gz

【4】: Z3
https://github.com/Z3Prover/z3

0%