Kali Linux

Maat : Open-source Symbolic Execution Framework

Maat is an open-source Dynamic Symbolic Execution and Binary Analysis framework. It provides various functionalities such as symbolic execution, taint analysis, constraint solving, binary loading, environment simulation, and leverages Ghidra’s sleigh library for assembly lifting: https://maat.re

Key Features

  • Fast & Portable: Designed to scale to real-world applications. Fully written in C++ for good runtime performance. There are hardly any runtime dependencies, and most of them are optional
  • User-friendly: Maat has a flexible debugger-like API, and its features are configurable to adapt to many different use-cases. As any self-respecting modern framework, it comes with Python bindings
  • Multi-arch: With lifting and emulation based on Ghidra’s awesome sleigh library, Maat has the potential to emulate many architectures, including exotic ones

Installation

To install Maat’s python module:

python3 -m pip install pymaat

To install Maat’s native SDK and use the C++ API, check out BUILDING.md

Example

from maat import *
Create a symbolic engine for Linux X86-32bits
engine = MaatEngine(ARCH.X86, OS.LINUX)
Load a binary with one command line argument
engine.load(“./some_binary”, BIN.ELF32, args=[engine.vars.new_symbolic_buffer(“some_arg”, 20)])
Get current eax value
engine.cpu.eax
Read 4 bytes at the top of the stack
engine.mem.read(engine.cpu.esp, 4)
Set a callback displaying every memory read
def show_mem_access(engine):
mem_access = engine.info.mem_access
print(f”Instruction at {engine.info.addr} reads {mem_access.size} bytes at {mem_access.addr}”)
engine.hooks.add(EVENT.MEM_R, WHEN.BEFORE, callbacks=[show_mem_access])
Take and restore snapshots
snap = engine.take_snapshot()
engine.restore_snapshot(snap)
Run the binary
engine.run()

R K

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

7 days ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

7 days ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

1 week ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

1 week ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

1 week ago