diff --git a/barf.sh b/barf.sh index a71b933..ceb1f27 100755 --- a/barf.sh +++ b/barf.sh @@ -19,6 +19,32 @@ BARFPATH="$(dirname $(realpath $0))/src" CHUNKSIZE=1 PERSISTENT="False" +# show the help and exit +function show_help { + echo "Usage: ./barf.sh ./path/to/your/binary" + echo "" + echo " BASIC OPTIONS" + echo " -p | --positive-addr 0x123456 a location to be counted as good hit" + echo " -n | --negative-addr 0x234567 a location to be counted as bad hit" + echo " -w | --win-addr 0x345678 a location reached if your input is correct" + echo " -l | --lose-addr 0x456789 a location reached if your input is incorrect" + echo "" + echo " PERSISTENT MODE OPTIONS" + echo " -x | --persistent enable the experimental (!) persistent mode" + echo " -s | --start-addr 0x56789A a location directly after your input is fed into the target" + echo " -e | --end-addr 0x6789AB a location where the to-be-fuzzed logic is done" + echo " --buff-addr 0x789ABC the location where user input is stored" + echo "" + echo " MISC OPTIONS" + echo " -b | --prefix CTF{ a known prefix, e.g. the prefix of your flag" + echo " -a | --suffix } a known suffix, e.g. the suffix of your flag" + echo " -c | --chunksize 2 amount of characters to try at once (default: 1)" + echo " -h | --help a great and useful help message, you should try it!" + echo "" + echo "See https://github.com/maride/barf for more information and examples!" + exit 1 +} + # getopt is kind-of unstable across distributions and versions, so we implement it on our own # hat-tip to https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash while [[ $# -gt 0 ]]; do @@ -80,16 +106,22 @@ while [[ $# -gt 0 ]]; do esac done +# see if the user needs our help +if [ "$SHOWHELP" == 1 ]; then + show_help +fi + # check if we have all arguments we need if [ "$POSITIVEADDR" == "" ] && [ "$NEGATIVEADDR" == "" ] || [ "$TARGETFILE" == "" ] ; then # nope, missing some args - SHOWHELP=1 + echo "Missing -p and -n or a target" + show_help fi # check if the arguments are valid if [ ! "$TARGETFILE" == "" ] && [ ! -e "$TARGETFILE" ]; then echo "The file $TARGETFILE does not exist." - SHOWHELP=1 + show_help fi # check if the persistent mode can be used @@ -99,34 +131,7 @@ if [[ "$PERSISTENT" == "1" && ("$STARTADDR" == "" || "$ENDADDR" == "" || "$BUFFA echo "Set --start-addr to an address before your input reaches the program (e.g. before fgets())" echo "Set --end-addr to an address after the program has checked if the input is good or not (e.g. somewhere after gets('Yay!') and gets('Nay!'))" echo "Set --buffer-addr to the address where user input is stored (e.g. the address of b in case of fgets(b, 16, stdin)" - SHOWHELP=1 -fi - - -# see if the user needs our help -if [ "$SHOWHELP" == 1 ]; then - echo "Usage: ./barf.sh ./path/to/your/binary" - echo "" - echo " BASIC OPTIONS" - echo " -p | --positive-addr 0x123456 a location to be counted as good hit" - echo " -n | --negative-addr 0x234567 a location to be counted as bad hit" - echo " -w | --win-addr 0x345678 a location reached if your input is correct" - echo " -l | --lose-addr 0x456789 a location reached if your input is incorrect" - echo "" - echo " PERSISTENT MODE OPTIONS" - echo " -x | --persistent enable the experimental (!) persistent mode" - echo " -s | --start-addr 0x56789A a location directly after your input is fed into the target" - echo " -e | --end-addr 0x6789AB a location where the to-be-fuzzed logic is done" - echo " --buff-addr 0x789ABC the location where user input is stored" - echo "" - echo " MISC OPTIONS" - echo " -b | --prefix CTF{ a known prefix, e.g. the prefix of your flag" - echo " -a | --suffix } a known suffix, e.g. the suffix of your flag" - echo " -c | --chunksize 2 amount of characters to try at once (default: 1)" - echo " -h | --help a great and useful help message, you should try it!" - echo "" - echo "See https://github.com/maride/barf for more information and examples!" - exit 1 + show_help fi # ready for take-off