submit lab8 4th

Author: NienTzu

lab8/solve.py

@@ -1,52 +1,48 @@
 #!/usr/bin/env python3
+
 import sys
+import angr
+import claripy
+
+def solve_with_angr():
+    project = angr.Project('./chal', auto_load_libs=False)
 
-try:
-    import angr
-    import claripy
-    import logging
-    logging.getLogger("angr").setLevel(logging.ERROR)
+    input_len = 8
+    input_chars = [claripy.BVS(f'input_{i}', 8) for i in range(input_len)]
+    input_concat = claripy.Concat(*input_chars)
 
-    def solve_with_angr():
-        project = angr.Project("./chal", auto_load_libs=False)
-        input_len = 9
-        input_chars = [claripy.BVS(f"input_{i}", 8) for i in range(input_len)]
-        input_concat = claripy.Concat(*input_chars)
 
-        state = project.factory.full_init_state(
-            args=["./chal"],
-            stdin=input_concat
-        )
+    state = project.factory.full_init_state(
+        args=["./chal"],
+        stdin=input_concat
+    )
 
-        for c in input_chars[:-1]:
-            state.solver.add(c >= 0x20)
-            state.solver.add(c <= 0x7e)
-        state.solver.add(input_chars[-1] == 0x0a)
+    for c in input_chars:
+        state.solver.add(c >= 0x20)
+        state.solver.add(c <= 0x7e)
 
-        simgr = project.factory.simulation_manager(state)
 
-        def is_successful(state):
-            return b"CTF{" in state.posix.dumps(1)
+    simgr = project.factory.simulation_manager(state)
 
-        def should_abort(state):
-            return b"Wrong key!" in state.posix.dumps(1)
+    def is_successful(state):
+        return b"CTF{" in state.posix.dumps(1)
 
-        simgr.explore(find=is_successful, avoid=should_abort)
+    def should_abort(state):
+        return b"Wrong key!" in state.posix.dumps(1)
 
-        if simgr.found:
-            found = simgr.found[0]
-            solution = found.solver.eval(claripy.Concat(*input_chars[:-1]), cast_to=bytes)
-            print("Solution：", solution)
-            return solution
-        else:
-            return b"Q`U4DD0/" 
+    simgr.explore(find=is_successful, avoid=should_abort)
 
-    def main():
-        sys.stdout.buffer.write(solve_with_angr())
+    if simgr.found:
+        found = simgr.found[0]
+        solution = found.solver.eval(input_concat, cast_to=bytes)
+        # print("Solution: ", solution)
+        return solution
+    else:
+        # print("No solution!")
+        return b""
 
-except ImportError:
-    def main():
-        sys.stdout.buffer.write(b"Q`U4DD0/")
+def main():
+    sys.stdout.buffer.write(solve_with_angr())
 
-if __name__ == "__main__":
-    main()
+if __name__ == '__main__':
+    main()