File tree Expand file tree Collapse file tree 1 file changed +39
-2
lines changed
Expand file tree Collapse file tree 1 file changed +39
-2
lines changed Original file line number Diff line number Diff line change 11#!/usr/bin/env python3
22
33import angr ,sys
4+ import claripy
45
56def main ():
6- secret_key = b""
7- sys .stdout .buffer .write (secret_key )
7+ proj = angr .Project ('./chal' )
8+
9+
10+ flag_chars = [claripy .BVS (f'flag_char_{ i } , 8 ) for i in range (8 )]
11+ flag = claripy .Concat (* flag_chars )
12+
13+
14+ stdin_stream = angr .SimFileStream ('stdin' , content = flag , has_end = True )
15+
16+
17+ state = proj .factory .entry_state (
18+ stdin = stdin_stream ,
19+ add_options = {angr .options .ZERO_FILL_UNCONSTRAINED_MEMORY ,
20+ angr .options .ZERO_FILL_UNCONSTRAINED_REGISTERS }
21+ )
22+
23+
24+ for c in flag_chars :
25+ state .solver .add (c >= 32 )
26+ state .solver .add (c <= 126 )
27+
28+
29+ simgr = proj .factory .simulation_manager (state )
30+
31+
32+ simgr .explore (find = lambda s : b"Correct!" in s .posix .dumps (1 ))
33+
34+
35+ if simgr .found :
36+
37+ solution_state = simgr .found [0 ]
38+ solution = solution_state .solver .eval (flag , cast_to = bytes )
39+
40+ sys .stdout .buffer .write (solution )
41+ else :
42+ print ("No solution found!" )
43+ secret_key = b""
44+ sys .stdout .buffer .write (secret_key )
845
946
1047if __name__ == '__main__' :
You can’t perform that action at this time.
0 commit comments