Merge branch 'dev' into elf_stripped

Author: peace-maker

.github/workflows/android.yml

@@ -14,7 +14,7 @@ jobs:
     - uses: actions/checkout@v4
 
     - name: Cache for pip
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       id: cache-pip
       with:
         path: ~/.cache/pip

.github/workflows/ci.yml

@@ -20,7 +20,7 @@ jobs:
         git log --oneline --graph -10
 
     - name: Cache for pip
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       id: cache-pip
       with:
         path: ~/.cache/pip

.github/workflows/lint.yml

@@ -12,7 +12,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Cache for pip
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       id: cache-pip
       with:
         path: ~/.cache/pip

.github/workflows/pylint.yml

@@ -12,7 +12,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Cache for pip
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       id: cache-pip
       with:
         path: ~/.cache/pip

CHANGELOG.md

@@ -82,6 +82,10 @@ The table below shows which release corresponds to each branch, and what date th
 - [#2310][2310] Add support to start a process on Windows
 - [#2334][2334] Speed up disasm commandline tool with colored output
 - [#2328][2328] Lookup using $PATHEXT file extensions in `which` on Windows
+- [#2189][2189] Explicitly define p64/u64 functions for IDE support
+- [#2339][2339] Fix: Allow setting attributes on gdb Breakpoints
+- [#2323][2323] Retry failed lookups after one week in libcdb
+- [#2325][2325] Match against local system libc first in libcdb
 - [#2336][2336] Add `ELF.stripped` and `ELF.debuginfo` properties
 
 [2242]: https://github.com/Gallopsled/pwntools/pull/2242
@@ -96,6 +100,10 @@ The table below shows which release corresponds to each branch, and what date th
 [2310]: https://github.com/Gallopsled/pwntools/pull/2310
 [2334]: https://github.com/Gallopsled/pwntools/pull/2334
 [2328]: https://github.com/Gallopsled/pwntools/pull/2328
+[2189]: https://github.com/Gallopsled/pwntools/pull/2189
+[2339]: https://github.com/Gallopsled/pwntools/pull/2339
+[2323]: https://github.com/Gallopsled/pwntools/pull/2323
+[2325]: https://github.com/Gallopsled/pwntools/pull/2325
 [2336]: https://github.com/Gallopsled/pwntools/pull/2336
 
 ## 4.12.0 (`beta`)

pwnlib/gdb.py

@@ -652,7 +652,10 @@ def __init__(self, conn, *args, **kwargs):
         """
         # Creates a real breakpoint and connects it with this mirror
         self.conn = conn
-        self.server_breakpoint = conn.root.set_breakpoint(
+        self.server_breakpoint = self._server_set_breakpoint(*args, **kwargs)
+
+    def _server_set_breakpoint(self, *args, **kwargs):
+        return self.conn.root.set_breakpoint(
             self, hasattr(self, 'stop'), *args, **kwargs)
 
     def __getattr__(self, item):
@@ -670,25 +673,43 @@ def __getattr__(self, item):
             raise AttributeError()
         return getattr(self.server_breakpoint, item)
 
+    def __setattr__(self, name, value):
+        """Set attributes of the real breakpoint."""
+        if name in (
+            'enabled',
+            'silent',
+            'thread',
+            'task',
+            'ignore_count',
+            'hit_count'
+            'condition',
+            'commands',
+        ):
+            return setattr(self.server_breakpoint, name, value)
+        return super().__setattr__(name, value)
+
     def exposed_stop(self):
         # Handle stop() call from the server.
         return self.stop()
 
-class FinishBreakpoint:
+class FinishBreakpoint(Breakpoint):
     """Mirror of ``gdb.FinishBreakpoint`` class.
 
     See https://sourceware.org/gdb/onlinedocs/gdb/Finish-Breakpoints-in-Python.html
     for more information.
     """
 
-    def __init__(self, conn, *args, **kwargs):
+    def __init__(self, *args, **kwargs):
         """Do not create instances of this class directly.
 
         Use ``pwnlib.gdb.Gdb.FinishBreakpoint`` instead.
         """
-        # Creates a real finish breakpoint and connects it with this mirror
-        self.conn = conn
-        self.server_breakpoint = conn.root.set_finish_breakpoint(
+        # See https://github.com/pylint-dev/pylint/issues/4228
+        # pylint: disable=useless-super-delegation
+        super().__init__(*args, **kwargs)
+
+    def _server_set_breakpoint(self, *args, **kwargs):
+        return self.conn.root.set_finish_breakpoint(
             self, hasattr(self, 'stop'), hasattr(self, 'out_of_scope'),
             *args, **kwargs)
 
@@ -708,10 +729,6 @@ def __getattr__(self, item):
             raise AttributeError()
         return getattr(self.server_breakpoint, item)
 
-    def exposed_stop(self):
-        # Handle stop() call from the server.
-        return self.stop()
-
     def exposed_out_of_scope(self):
         # Handle out_of_scope() call from the server.
         return self.out_of_scope()

pwnlib/gdb_api_bridge.py

@@ -110,5 +110,6 @@ def exposed_quit(self):
     socket_path=socket_path,
     protocol_config={
         'allow_all_attrs': True,
+        'allow_setattr': True,
     },
 ).start)

pwnlib/libcdb.py

@@ -5,6 +5,7 @@
 from __future__ import division
 
 import os
+import time
 import six
 import tempfile
 
@@ -13,14 +14,20 @@
 from pwnlib.log import getLogger
 from pwnlib.tubes.process import process
 from pwnlib.util.fiddling import enhex
+from pwnlib.util.hashes import sha1filehex, sha256filehex, md5filehex
 from pwnlib.util.misc import read
 from pwnlib.util.misc import which
 from pwnlib.util.misc import write
 from pwnlib.util.web import wget
 
 log = getLogger(__name__)
 
-HASHES = ['build_id', 'sha1', 'sha256', 'md5']
+HASHES = {
+    'build_id': lambda path: enhex(ELF(path, checksec=False).buildid or b''),
+    'sha1': sha1filehex,
+    'sha256': sha256filehex,
+    'md5': md5filehex,
+}
 DEBUGINFOD_SERVERS = [
     'https://debuginfod.elfutils.org/',
 ]
@@ -29,6 +36,9 @@
     urls = os.environ['DEBUGINFOD_URLS'].split(' ')
     DEBUGINFOD_SERVERS = urls + DEBUGINFOD_SERVERS
 
+# Retry failed lookups after some time
+NEGATIVE_CACHE_EXPIRY = 60 * 60 * 24 * 7 # 1 week
+
 # https://gitlab.com/libcdb/libcdb wasn't updated after 2019,
 # but still is a massive database of older libc binaries.
 def provider_libcdb(hex_encoded_id, hash_type):
@@ -100,7 +110,23 @@ def provider_libc_rip(hex_encoded_id, hash_type):
         return None
     return data
 
-PROVIDERS = [provider_libcdb, provider_libc_rip]
+# Check if the local system libc matches the requested hash.
+def provider_local_system(hex_encoded_id, hash_type):
+    if hash_type == 'id':
+        return None
+    shell_path = os.environ.get('SHELL', None) or '/bin/sh'
+    if not os.path.exists(shell_path):
+        log.debug('Shell path %r does not exist. Skipping local system libc matching.', shell_path)
+        return None
+    local_libc = ELF(shell_path, checksec=False).libc
+    if not local_libc:
+        log.debug('Cannot lookup libc from shell %r. Skipping local system libc matching.', shell_path)
+        return None
+    if HASHES[hash_type](local_libc.path) == hex_encoded_id:
+        return local_libc.data
+    return None
+
+PROVIDERS = [provider_local_system, provider_libcdb, provider_libc_rip]
 
 def search_by_hash(hex_encoded_id, hash_type='build_id', unstrip=True):
     assert hash_type in HASHES, hash_type
@@ -109,6 +135,10 @@ def search_by_hash(hex_encoded_id, hash_type='build_id', unstrip=True):
     cache, cache_valid = _check_elf_cache('libcdb', hex_encoded_id, hash_type)
     if cache_valid:
         return cache
+    
+    # We searched for this buildid before, but didn't find anything.
+    if cache is None:
+        return None
 
     # Run through all available libc database providers to see if we have a match.
     for provider in PROVIDERS:
@@ -141,6 +171,10 @@ def _search_debuginfo_by_hash(base_url, hex_encoded_id):
     cache, cache_valid = _check_elf_cache('libcdb_dbg', hex_encoded_id, 'build_id')
     if cache_valid:
         return cache
+    
+    # We searched for this buildid before, but didn't find anything.
+    if cache is None:
+        return None
 
     # Try to find separate debuginfo.
     url  = '/buildid/{}/debuginfo'.format(hex_encoded_id)
@@ -191,8 +225,11 @@ def _check_elf_cache(cache_type, hex_encoded_id, hash_type):
 
     data = read(cache)
     if not data.startswith(b'\x7FELF'):
-        log.info_once("Skipping unavailable ELF %s", hex_encoded_id)
-        return cache, False
+        # Retry failed lookups after some time
+        if time.time() > os.path.getmtime(cache) + NEGATIVE_CACHE_EXPIRY:
+            return cache, False
+        log.info_once("Skipping invalid cached ELF %s", hex_encoded_id)
+        return None, False
 
     log.info_once("Using cached data from %r", cache)
     return cache, True

pwnlib/tubes/ssh.py

@@ -324,6 +324,7 @@ def libs(self):
 
         for lib in maps:
             remote_path = lib.split(self.parent.host)[-1]
+            remote_path = self.parent.readlink('-f', remote_path).decode()
             for line in maps_raw.splitlines():
                 if line.endswith(remote_path):
                     address = line.split('-')[0]

pwnlib/util/misc.py

@@ -307,7 +307,7 @@ def run_in_new_terminal(command, terminal=None, args=None, kill_at_exit=True, pr
         elif 'STY' in os.environ and which('screen'):
             terminal = 'screen'
             args     = ['-t','pwntools-gdb','bash','-c']
-        elif 'TERM_PROGRAM' in os.environ:
+        elif 'TERM_PROGRAM' in os.environ and which(os.environ['TERM_PROGRAM']):
             terminal = os.environ['TERM_PROGRAM']
             args     = []
         elif 'DISPLAY' in os.environ and which('x-terminal-emulator'):