pwnypack.util – Utility functions¶
The util module contains various utility functions.
-
pwnypack.util.cycle(length, width=4)¶ Generate a de Bruijn sequence of a given length (and width). A de Bruijn sequence is a set of varying repetitions where each sequence of n characters is unique within the sequence. This type of sequence can be used to easily find the offset to the return pointer when exploiting a buffer overflow.
Parameters: - length (int) – The length of the sequence to generate.
- width (int) – The width of each element in the sequence.
Returns: The sequence.
Return type: str
Example
>>> from pwny import * >>> cycle(80) AAAABAAACAAADAAAEAAAFAAAGAAAHAAAIAAAJAAAKAAALAAAMAAANAAAOAAAPAAAQAAARAAASAAATAAA
-
pwnypack.util.cycle_find(key, width=4)¶ Given an element of a de Bruijn sequence, find its index in that sequence.
Parameters: - key (str) – The piece of the de Bruijn sequence to find.
- width (int) – The width of each element in the sequence.
Returns: The index of
keyin the de Bruijn sequence.Return type: int
-
pwnypack.util.reghex(pattern)¶ Compile a regular hexpression (a short form regular expression subset specifically designed for searching for binary strings).
A regular hexpression consists of hex tuples interspaced with control characters. The available control characters are:
?: Any byte (optional)..: Any byte (required).?{n}: A set of 0 up to n bytes..{n}: A set of exactly n bytes.*: Any number of bytes (or no bytes at all).+: Any number of bytes (at least one byte).
Parameters: pattern (str) – The reghex pattern. Returns: A regular expression as returned by re.compile().Return type: regexp
-
pwnypack.util.pickle_call(func, *args)¶ Create a byte sequence which when unpickled calls a callable with given arguments.
Parameters: - func (callable) – The function to call or class to instantiate.
- args (tuple) – The arguments to call the callable with.
Returns: The data that when unpickled calls
func(*args).Return type: bytes
Example
>>> from pwny import * >>> import pickle >>> def hello(arg): ... print('Hello, %s!' % arg) ... >>> pickle.loads(pickle_call(hello, 'world')) Hello, world!