Debugging binary with pwntools and radare2

Posted on 2021-10-18 In CTF

Brief

When using radare2 debugger, How to deal with the user input when debugging? There are two simple method.

use rarun2 with stdio
use pwntools with debugger.

use rarun2

open second terminal, enter tty, record the output

$ tty
/dev/pts/2

create a file p.rr2, write stdio equal the tty value you get from second termial

# p.rr2 content
stdio=/dev/pts/1

in second terminal, run sleep 9999999999 to wait for output and input
run r2 -r p.rr2 -d vuln in the first terminal and start debugging!

see more: doc

use pwntools

in the pwntool template, add following code

io = start()
pid = util.proc.pidof(io)[0]
print("The pid is: "+str(pid))
util.proc.wait_for_debugger(pid)
input("press enter to continue")
io.interactive()

then, run radare2 with r2 -d pid, using the pid from scripts.