3.5.1

3.5.1

• #945 Speed up ssh via caching checksec results (fixes #944)
• #950 Fixes a bug where setting context.arch does not have an effect on adb.compile() output architecture

3.5.0

3.5.0

• b584ca3 Fixed an issue running setup.py on ARM
• #822 Enabled relative leaks with MemLeak
  • This should be useful for e.g. heap-relative leaks
• #832 Changed all internal imports to use absolute imports (no functional changes)
• a12d0b6 Move STDOUT, PIPE, PTY constants to globals
  • process(..., stdin=process.PTY) --> process(..., stdin=PTY)
• #828 Use PR_SET_PTRACER for all process() and ssh.process() instances
  • This simplifies debugging on systems with YAMA ptrace enabled
• Various documentation enhancements
  • In particular, the gdb, elf, and ssh docs are much better
• #833 Performance enhancements for adb module
• d0267f3 packing.fit() now treats large offsets as cyclic patterns (e.g. 0x61616161 behaves the same as "aaaa")
• #835 Added ssh.checksec
  • Reports the kernel version and other relevant information on connection
• #857 Slightly shortened execve shellcode
• 300f8e0 Slightly speed up processing of large ELF files
• #861 Adds support for extracting IKCONFIG configs from Linux kernel images, and extends checksec to report on any insecure configurations discovered
• #871 Moves all of the basic syscall templates to shellcraft/common and exposes them via symlinks. Closed #685
  • Should not have any visible effects from any documented APIs
  • shellcraft.arch.os.syscall_function() still works the same
  • We now have the ability to differentiate between the connect syscall, and a TCP connect helper
• #887 sh_string now returns a quoted empty string '' rather than just an empty string
• #839 Exposes a huge amount of functionality via corefiles which was not previously availble. See the docs for examples.
  • process().corefile will automatically instantiate a Corefile for the process
  • QEMU-emulated processes are supported
  • Native processes are supported, including extraction of coredumps from apport crash logs
  • Native processes can be dumped while running, in a manner similar to GDB's gcore script
• #875 Added documentation (and tests) for AArch64 shellcode
• #882 The ROP class now respects context.bytes instead of using the hard-coded value of 4 (fixed #879)
• #869 Added several fields to the process class (uid, gid, suid, sgid) which are recorded at execution time, based on the file permissions
• #868 Changed the way that ssh.process() works internally, and it now returns a more specialized class, ssh_process.
  • Added ssh_process.corefile for fetching remote corefiles
  • Added ssh_process.ELF for getting an ELF of the remote executable
  • The uid, gid, and suid, and sgid which are recorded at execution time, based on the file permissions
• #865 Fixes ELF.read to support contiguous memory reads across non-contiguous file-backed segments
• #862 Adds a symlink= argument to ssh.set_working_directory, which will automatically symlink all of the files in the "old" working directory into the "new" working directory

3.4.1

3.4.1

• #894 Fix a bug when using gdb.debug() over ssh.
• e021f57 Fix a bug (#891) in rop when needing to insert padding to fix alignment

3.4.0

3.4.0

• #800 Add shell= option to ssh.process()
• #806 Add context.buffer_size for fine-tuning tube performance
  • Also adds buffer_fill_size= argument for all tubes
• b83a6c7 Fix undocumented process.leak function
• 546061e Modify coredump_filter of all spawned processes, so that core dumps are more complete
• #809 Add several functions to adb (unlink, mkdir, makedirs, isdir, exists)
• #817 Make disconnection detection more robust

3.3.4

3.3.4

• #850 and #846 fix issues with hexdump and the phd command-line utility, when using pipes (e.g. echo foo | phd)
• #852 Fixes register ordering in regsort
• #853 Fixes the registers restored in shellcraft.amd64.popad

3.3.3

3.3.3

• #843 fixed a bug in amd64.mov.

3.3.2

3.3.2

• #840 Fixed a regression introduced by [#837][837].

3.3.1

3.3.1

• #833 Fixed a performance-impacting bug in the adb module.
• #837 Fixed a bug(#836) causing hexdump(cyclic=True) to throw an exception.

3.3.0

3.3.0

• b198ec8 Added tube.stream() function, which is like tube.interact() without a prompt or keyboard input.
  • Effectively, this is similar to cat file and just prints data as fast as it is received.
• aec3fa6 Disable update checks against GitHub
  • These checks frequently broke due to GitHub query limits
• #757 Fixed adb.wait_for_device() re-use of the same connection
• f9133b1 Add a STDERR magic argument to make logging go to stderr instead of stdout
  • Usage is e.g. python foo.py STDERR or PWNLIB_STDERR=1 python foo.py
  • Also adds context.log_console to log to any file or terminal
• 67e11a9 Add faster error checking to cyclic() when provided very large values
• 5fda658 Expose BitPolynom in globals()
• #765 Added -d option for hex-escaped output for shellcraft command-line tool
• #772 Fixed bash completion regressions
• 30c34b7 Fix ROP.call() with Function objects from ELF.functions
• fa402ce Add adb.uptime and adb.boot_time
• 82312ba Add cyclic_metasploit and cyclic_metasploit_find

3.2.1

3.2.1

Multiple bug fixes.

• #783 Fix adb.uninstall typo
• #787 Added error handling for ssh.process argument preexec_fn
• #793 Fixed progress message in remote() when connections failed
• #802 Fixed partition listing in adb.partitions, which accidentally shelled out to the adb binary
• #804 Fix error message for 32-bit distributions
• #805 Fix exception in Core.segments when a segment has no name
• #811 Fixes and performance improvements for adb.wait_for_device()
• #813 Fixed a release script
• #814 Fixed exceptions thrown if the $HOME directory is not writable
• #815 Properly handle None in MemLeak