-
Notifications
You must be signed in to change notification settings - Fork 472
Home
Welcome to the manticore wiki!
- Learn about Manticore basics
- HTML API docs
- Join #manticore on our Slack
- Manticore Ethereum Workshop slides
Explore the examples directory to find sample binaries and scripts that demonstrate the API.
We recommend starting with the following examples:
- multiple-styles writeup: demonstrates binary instrumentation and symbolic execution
- introduce_symbolic_bytes.py: demonstrates taint analysis
- Building an exploit: demonstrates crash analysis
More complex examples are also available in the manticore-examples repository
We're happy to offer bounties of $50, $100, or $200 for contributions to Manticore. Mugs and stickers are also available.
Contact us for a bounty payout if you:
- Publish a challenge writeup. We'll add you to the list of references on this wiki.
- Implement a new syscall or instruction. Help us get coverage of more complex binaries.
- Add a new feature like Python3 compatibility, macOS support, or better CLI output.
- Fix any bug! Try looking through the easy and help wanted labels.
This happens because of a known bug in that specific manticore version. The gas limits are too small by default and then most complex transactions will just end with an OutOfGas exception. Even complex constructors could end like this failing to make the contract account. Fix, just change the gas defaults:
import manticore.ethereum
manticore.ethereum.ManticoreEVM.create_contract.__defaults__=(0, None, None, None, 0xffffffffffff)
manticore.ethereum.ManticoreEVM.transaction.__defaults__=(0xffffffffffff,)
Manticore was installed successfully, the API is accessible via py scripts, but the commandline manticore is not available
Your $PATH can be set up incorrectly. You can still run manticore via python -m mantcore.
A deeper fix involves adding the correct directory to your PATH environment variable
I'm seeing "Invalid memory access" messages when I run Manticore on native binaries. I don't think these are correct. Is this a Manticore bug?
Maybe, but it might also be a bug in our disassembler dependency, Capstone. One way to check is to try using the --process-dependency-links pip flag when installing Manticore. This will install the development branch of Capstone, which may contain useful bug fixes and potentially resolve the issue.
Manticore is simpler. It has a smaller codebase, fewer dependencies and features, and an easier learning curve. If you come from a reverse engineering or exploitation background, you may find Manticore intuitive due to its lack of intermediate representation and overall emphasis on staying close to machine abstractions.
Not exactly. The Trail of Bits CRS used FrankenPSE to provide its binary symbolic execution capabilities. FrankenPSE and Manticore share the same heritage: PySymEmu (2013). The difference between the two stems from their respective use-cases.
Manticore is designed so an expert user can guide it, and therefore supports flexible APIs that help its users achieve specific goals. Manticore also supports more architectures and binary file formats.
FrankenPSE was designed to tightly integrate with the Trail of Bits CRS. This includes sharing the same program snapshot representation as the GRR fuzzer. FrankenPSE is also x86-only and uses microx, a lightweight, single-instruction x86 instruction JIT executor.
You ran Manticore and it errored on something like this:
File "/root/.virtualenvs/manticore/local/lib/python2.7/site-packages/manticore/core/cpu/abstractcpu.py", line 1, in <module>
from capstone import *
File "/root/.virtualenvs/manticore/local/lib/python2.7/site-packages/capstone/__init__.py", line 230, in <module>
raise ImportError("ERROR: fail to load the dynamic library.")
ImportError: ERROR: fail to load the dynamic library.
This is a known issue in capstone. Try reinstalling capstone with the --no-binary flag.
If you would like to cite Manticore, you can use this bibtex.
@misc{trailofbits-manticore,
title = "Manticore: Symbolic Execution for Humans",
author = "Trail of Bits",
howpublished = {\url{https://github.com/trailofbits/manticore}}
}