submit 5th

Author: NienTzu

lab8/solve.py

@@ -1,26 +1,24 @@
 #!/usr/bin/env python3
-
 import sys
 import angr
 import claripy
 
 def solve_with_angr():
     project = angr.Project('./chal', auto_load_libs=False)
 
-    input_len = 8
+    input_len = 9
     input_chars = [claripy.BVS(f'input_{i}', 8) for i in range(input_len)]
     input_concat = claripy.Concat(*input_chars)
 
-
     state = project.factory.full_init_state(
         args=["./chal"],
         stdin=input_concat
     )
 
-    for c in input_chars:
+    for c in input_chars[:-1]:
         state.solver.add(c >= 0x20)
         state.solver.add(c <= 0x7e)
-
+    state.solver.add(input_chars[-1] == 0x0a)
 
     simgr = project.factory.simulation_manager(state)
 
@@ -34,15 +32,10 @@ def should_abort(state):
 
     if simgr.found:
         found = simgr.found[0]
-        solution = found.solver.eval(input_concat, cast_to=bytes)
-        # print("Solution: ", solution)
-        return solution
+        solution = found.solver.eval(claripy.Concat(*input_chars[:-1]), cast_to=bytes)
+        sys.stdout.buffer.write(solution)
     else:
-        # print("No solution!")
-        return b""
-
-def main():
-    sys.stdout.buffer.write(solve_with_angr())
+        sys.stdout.buffer.write(b"")  # fallback or nothing
 
 if __name__ == '__main__':
-    main()
+    solve_with_angr()