本人的Mac版本是10.13.6
官网提供了在MacOS上安装的方法:pip install angr
我试了不行,折腾了好久,找了个折中的方法,使用docker来搭建angr环境
docker search angr
NAME DEscriptION STARS OFFICIAL AUTOMATED angr/angr The next-generation binary analysis platform… 18
docker pull angr/angr
docker run -it angr/angr
这样就行了,要执行脚本的话,将脚本从宿主机拷贝到容器
宿主机向容器中拷贝: docker cp 本地文件路径 `ConTAINER ID`:容器文件路径 容器向宿主机中拷贝: docker cp `ConTAINER ID`:容器文件路径 本地文件路径
但是这样拷来拷去,真心蛋疼
幸好Pycharm可以加载docker中的Python解释器
点击ok等待完成解释器初始化
这样就能在Pycharm中运行脚本了,每次运行会打开一个新容器,程序结束后,这个容器就会关闭
然后就是,可能需要在安装新的模块,这个的话,就需要在容器中安装了,然后将容器打包成一个新的image,最后在Pychram中重新添加新镜像的解释器,总的来说有点麻烦
将容器打包成镜像
docker commit -a 'wangzhou' -m '安装barf模块' 477b9df2d308 angr/angr:v1.0
但如果就仅仅是这样,我就不写这篇博客了,下面讲一下如何在Mac上安装angr和z3-solver
在使用 pip install angr 时,会出现如下报错:
.....
7 errors generated.
make[2]: *** [src/ast/CMakeFiles/ast.dir/arith_decl_plugin.cpp.o] Error 1
make[1]: *** [src/ast/CMakeFiles/ast.dir/all] Error 2
make[1]: *** Waiting for unfinished jobs....
[ 13%] Built target subpaving
make: *** [all] Error 2
error: Unable to build Z3.
[end of output]
note: This error originates from a subprocess, and is likely not a problem with pip.
ERROR: Failed building wheel for z3-solver
Running setup.py clean for z3-solver
Failed to build z3-solver
Installing collected packages: z3-solver, unicorn, pysmt, itanium-demangler, protobuf, nampa, gitdb, CppHeaderParser, claripy, ailment, pyvex, GitPython, cle, angr
Running setup.py install for z3-solver ...
这个z3-solver安装失败了,GitHub上搜索说是gcc和clang版本太低,不支持C++17
gcc安装,下载压缩包,https://sourceforge.net/projects/hpc/files/hpc/gcc/gcc-11.2-bin.tar.gz/download
clang安装,sudo port install clang-12
z3-solver通过源码安装:
git clone https://github.com/Z3Prover/z3.git
python scripts/mk_make.py --prefix=/Users/wangzhou/anaconda/ --python --pypkgdir=/Users/wangzhou/anaconda/lib/python3.7/site-packages
cd build/ && make
漫长的编译输出…
...
clang++ -o z3 shell/datalog_frontend.o shell/dimacs_frontend.o shell/drat_frontend.o shell/gparams_register_modules.o shell/install_tactic.o shell/lp_frontend.o shell/main.o shell/mem_initializer.o shell/opt_frontend.o shell/smtlib_frontend.o shell/z3_log_frontend.o cmd_context/extra_cmds/extra_cmds.a api/api.a opt/opt.a tactic/portfolio/portfolio.a tactic/fpa/fpa_tactics.a tactic/ufbv/ufbv_tactic.a tactic/smtlogics/smtlogic_tactics.a muz/fp/fp.a muz/bmc/bmc.a muz/ddnf/ddnf.a muz/tab/tab.a muz/clp/clp.a muz/spacer/spacer.a muz/rel/rel.a muz/transforms/transforms.a muz/dataflow/dataflow.a muz/base/muz.a tactic/fd_solver/fd_solver.a sat/sat_solver/sat_solver.a qe/qe.a tactic/sls/sls_tactic.a smt/tactic/smt_tactic.a tactic/bv/bv_tactics.a smt/smt.a smt/proto_model/proto_model.a math/subpaving/tactic/subpaving_tactic.a nlsat/tactic/nlsat_tactic.a sat/tactic/sat_tactic.a sat/smt/sat_smt.a solver/assertions/solver_assertions.a qe/lite/qe_lite.a qe/mbp/mbp.a tactic/arith/arith_tactics.a tactic/core/core_tactics.a ast/rewriter/bit_blaster/bit_blaster.a ast/fpa/fpa.a ackermannization/ackermannization.a tactic/aig/aig_tactic.a ast/pattern/pattern.a parsers/smt2/smt2parser.a cmd_context/cmd_context.a solver/solver.a ast/proofs/proofs.a parsers/util/parser_util.a ast/substitution/substitution.a tactic/tactic.a model/model.a ast/normal_forms/normal_forms.a ast/macros/macros.a ast/rewriter/rewriter.a math/lp/lp.a nlsat/nlsat.a sat/sat.a math/grobner/grobner.a smt/params/smt_params.a params/params.a ast/euf/euf.a ast/ast.a math/subpaving/subpaving.a math/realclosure/realclosure.a math/automata/automata.a math/hilbert/hilbert.a math/simplex/simplex.a math/dd/dd.a math/interval/interval.a math/polynomial/polynomial.a util/util.a -lpthread -L/usr/local/opt/binutils/lib
src/api/dll/dll.cpp
src/api/dll/gparams_register_modules.cpp
src/api/dll/install_tactic.cpp
src/api/dll/mem_initializer.cpp
clang++ -o libz3.dylib -dynamiclib api/dll/dll.o api/dll/gparams_register_modules.o api/dll/install_tactic.o api/dll/mem_initializer.o api/api_algebraic.o api/api_arith.o api/api_array.o api/api_ast.o api/api_ast_map.o api/api_ast_vector.o api/api_bv.o api/api_commands.o api/api_config_params.o api/api_context.o api/api_datalog.o api/api_datatype.o api/api_fpa.o api/api_goal.o api/api_log.o api/api_log_macros.o api/api_model.o api/api_numeral.o api/api_opt.o api/api_params.o api/api_parsers.o api/api_pb.o api/api_polynomial.o api/api_qe.o api/api_quant.o api/api_rcf.o api/api_seq.o api/api_solver.o api/api_special_relations.o api/api_stats.o api/api_tactic.o api/z3_replayer.o cmd_context/extra_cmds/extra_cmds.a opt/opt.a tactic/portfolio/portfolio.a tactic/fpa/fpa_tactics.a tactic/ufbv/ufbv_tactic.a tactic/smtlogics/smtlogic_tactics.a muz/fp/fp.a muz/bmc/bmc.a muz/ddnf/ddnf.a muz/tab/tab.a muz/clp/clp.a muz/spacer/spacer.a muz/rel/rel.a muz/transforms/transforms.a muz/dataflow/dataflow.a muz/base/muz.a tactic/fd_solver/fd_solver.a sat/sat_solver/sat_solver.a qe/qe.a tactic/sls/sls_tactic.a smt/tactic/smt_tactic.a tactic/bv/bv_tactics.a smt/smt.a smt/proto_model/proto_model.a math/subpaving/tactic/subpaving_tactic.a nlsat/tactic/nlsat_tactic.a sat/tactic/sat_tactic.a sat/smt/sat_smt.a solver/assertions/solver_assertions.a qe/lite/qe_lite.a qe/mbp/mbp.a tactic/arith/arith_tactics.a tactic/core/core_tactics.a ast/rewriter/bit_blaster/bit_blaster.a ast/fpa/fpa.a ackermannization/ackermannization.a tactic/aig/aig_tactic.a ast/pattern/pattern.a parsers/smt2/smt2parser.a cmd_context/cmd_context.a solver/solver.a ast/proofs/proofs.a parsers/util/parser_util.a ast/substitution/substitution.a tactic/tactic.a model/model.a ast/normal_forms/normal_forms.a ast/macros/macros.a ast/rewriter/rewriter.a math/lp/lp.a nlsat/nlsat.a sat/sat.a math/grobner/grobner.a smt/params/smt_params.a params/params.a ast/euf/euf.a ast/ast.a math/subpaving/subpaving.a math/realclosure/realclosure.a math/automata/automata.a math/hilbert/hilbert.a math/simplex/simplex.a math/dd/dd.a math/interval/interval.a math/polynomial/polynomial.a util/util.a -lpthread
cp libz3.dylib python
Z3 was successfully built.
Z3Py scripts can already be executed in the 'build/python' directory.
Z3Py scripts stored in arbitrary directories can be executed if the 'build/python' directory is added to the PYTHonPATH environment variable and the 'build' directory is added to the DYLD_LIBRARY_PATH environment variable.
Use the following command to install Z3 at prefix /Users/wangzhou/anaconda/.
sudo make install
编译成功,执行 sudo make install 完成安装
测试代码:
from z3 import *
x, y, z = Ints('x y z')
s = Solver()
s.add(2 * x + 3 * y + z == 6)
s.add(x - y + 2 * z == -1)
s.add(x + 2 * y - z == 5)
print(s.check())
print(s.model())
x = Int('x')
s = Solver()
a = 65537
b = 64834
c = 41958
s.add(x > 0)
s.add(x % a == b)
s.add(x % b == c)
print(s.check())
print(s.model())
print(z3.get_version())
如果输出正常,那么z3-solver就意味着安装成功了
但是pip freeze的输出没有z3-solver,虽然安装了z3-solver模块,但再次pip install angr时,这个傻叉pip还是要安装z3-solver
分析了下pip freeze的源码,没找到是怎么记录pip安装包的,我感觉可能是每次的安装模块记录存在了某个文件里,想直接去修改下,把这个z3-solver添加进去
好在pip install有个选项是忽略安装依赖的:
pip install xxx --no-deps
上面在安装angr时,最后输出了:
Installing collected packages: z3-solver, unicorn, pysmt, itanium-demangler, protobuf, nampa, gitdb, CppHeaderParser, claripy, ailment, pyvex, GitPython, cle, angr
第一个就是z3-solver,先不管,安装其他的包:
pip install unicorn
pip install pysmt
pip install itanium-demangler
pip install protobuf
pip install nampa
pip install gitdb
pip install CppHeaderParser
这里安装claripy时,也要安装z3-solver,跳过,继续安装其他包:
pip install claripy
Installing collected packages: z3-solver, pysmt, claripy
Running setup.py install for z3-solver
pip install ailment
pip install pyvex
pip install GitPython
pip install cle
最后单独安装claripy和angr这两个包
pip install claripy --no-deps
pip install angr --no-deps
ok,完事
