.r2 scripts with fixed addresses?

[gl4nce]

I don't understand the demos with fixed addresses in the .r2 scripts. For which use case are they helpful for testers?

For example, this demo: https://mas.owasp.org/MASTG/demos/ios/MASVS-CRYPTO/MASTG-DEMO-0011/MASTG-DEMO-0011/#sample

The text implies I just have to copy the script and run it on the main binary of the testing app. This fails, of course, because the addresses don't match.

r2 -q -i ./radare_scripts/security_keysize.r2 -A ./main_binary_decrypted
WARN: Relocs has not been applied. Please use `-e bin.relocs.apply=true` or `-e bin.cache=true` next time
INFO: Analyze all flags starting with sym. and entry0 (aa)
INFO: Analyze imports (af@@@i)
INFO: Analyze entrypoint (af@ entry0)
INFO: Analyze symbols (af@@@s)
INFO: Analyze all functions arguments/locals (afva@@@F)
INFO: Analyze function calls (aac)
INFO: Analyze len bytes of instructions for references (aar)
WARN: skipping 0 uninitialized 16384 bytes at 0x100003ffd
INFO: Check for objc references (aao)
INFO: Parsing metadata in ObjC to find hidden xrefs
INFO: Found 0 objc xrefs
INFO: Found 0 objc xrefs in 0 dwords
INFO: Finding and parsing C++ vtables (avrr)
INFO: Analyzing methods (af @@ method.*)
INFO: Finding function preludes (aap)
INFO: Emulate functions to find computed references (aaef)
INFO: Recovering local variables (afva@@@F)
INFO: Type matching analysis for all functions (aaft)
INFO: Propagate noreturn information (aanr)
INFO: Use -AA or aaaa to perform additional experimental analysis
INFO: Finding xrefs in noncode sections (e anal.in=io.maps.x; aav)


Uses of SecKeyCreateRandomKey:

xrefs to SecKeyCreateRandomKey:

Use of reloc.kSecAttrKeySizeInBits as input for SecKeyCreateRandomKey:
ERROR: Invalid address (sym.func.1000046f8)
ERROR: Invalid command 'pd 1 @ sym.func.1000046f8' (0x70)

It would be nice if anybody could explain this for me.

[cpholguera]

Hi @gl4nce

Each demo lives in a folder with everything you need. The one you mentioned is here:

https://github.com/OWASP/owasp-mastg/tree/master/demos/ios/MASVS-CRYPTO/MASTG-DEMO-0011

Demos are made with a specific binary, in this case

https://github.com/OWASP/owasp-mastg/blob/master/demos/ios/MASVS-CRYPTO/MASTG-DEMO-0011/MASTestApp

This way you should be able to reproduce the exact output we provide.

How to learn more about Demos

If you'd like to know more about the new MASTG demos, open the "About the MASTG demos" box here:

https://mas.owasp.org/MASTG/demos/

You can also watch my latest talk where I present the demos and the MASTest apps (on which the demos must always be based) here:

https://youtu.be/l_Q_1WZuyjo

We also provide guidelines on how to create Demos here.

Contributions are welcome

If you'd like to contribute and improve the test code in the demo so that it works with any binary, or if you see anything else that could be improved in general, you're very welcome to do so.