Skip to content

Commit d716e16

Browse files
NienTzuNienTzu
NienTzu
authored and
NienTzu
committed
submit lab8 after CI was fixed again
1 parent e6c93aa commit d716e16

File tree

1 file changed

+87
-36
lines changed

1 file changed

+87
-36
lines changed

lab8/solve.py

Lines changed: 87 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -1,56 +1,107 @@
1+
# #!/usr/bin/env python3
2+
3+
# import sys
4+
5+
# try:
6+
# import angr
7+
# import claripy
8+
# import logging
9+
10+
# def solve_with_angr():
11+
# project = angr.Project('./chal', auto_load_libs=False)
12+
13+
# input_len = 8
14+
# input_chars = [claripy.BVS(f'input_{i}', 8) for i in range(input_len)]
15+
# input_concat = claripy.Concat(*input_chars)
16+
17+
18+
# state = project.factory.full_init_state(
19+
# args=["./chal"],
20+
# stdin=input_concat
21+
# )
22+
23+
# for c in input_chars:
24+
# state.solver.add(c >= 0x20)
25+
# state.solver.add(c <= 0x7e)
26+
27+
28+
# simgr = project.factory.simulation_manager(state)
29+
30+
# def is_successful(state):
31+
# return b"CTF{" in state.posix.dumps(1)
32+
33+
# def should_abort(state):
34+
# return b"Wrong key!" in state.posix.dumps(1)
35+
36+
# simgr.explore(find=is_successful, avoid=should_abort)
37+
38+
# if simgr.found:
39+
# found = simgr.found[0]
40+
# solution = found.solver.eval(input_concat, cast_to=bytes)
41+
# print("Solution: ", solution)
42+
# return solution
43+
# else:
44+
# print("No solution!")
45+
# return b""
46+
47+
# def main():
48+
# sys.stdout.buffer.write(solve_with_angr())
49+
50+
# except ModuleNotFoundError:
51+
# def main():
52+
# secret_key = b"u m[#iCB"
53+
# sys.stdout.buffer.write(secret_key)
54+
55+
# if __name__ == '__main__':
56+
# main()
157
#!/usr/bin/env python3
258

359
import sys
460

5-
try:
6-
import angr
7-
import claripy
8-
import logging
61+
import angr
62+
import claripy
63+
import logging
964

10-
def solve_with_angr():
11-
project = angr.Project('./chal', auto_load_libs=False)
65+
def solve_with_angr():
66+
project = angr.Project('./chal', auto_load_libs=False)
1267

13-
input_len = 8
14-
input_chars = [claripy.BVS(f'input_{i}', 8) for i in range(input_len)]
15-
input_concat = claripy.Concat(*input_chars)
68+
input_len = 8
69+
input_chars = [claripy.BVS(f'input_{i}', 8) for i in range(input_len)]
70+
input_concat = claripy.Concat(*input_chars)
1671

1772

18-
state = project.factory.full_init_state(
19-
args=["./chal"],
20-
stdin=input_concat
21-
)
73+
state = project.factory.full_init_state(
74+
args=["./chal"],
75+
stdin=input_concat
76+
)
2277

23-
for c in input_chars:
24-
state.solver.add(c >= 0x20)
25-
state.solver.add(c <= 0x7e)
78+
for c in input_chars:
79+
state.solver.add(c >= 0x20)
80+
state.solver.add(c <= 0x7e)
2681

2782

28-
simgr = project.factory.simulation_manager(state)
83+
simgr = project.factory.simulation_manager(state)
2984

30-
def is_successful(state):
31-
return b"CTF{" in state.posix.dumps(1)
85+
def is_successful(state):
86+
return b"CTF{" in state.posix.dumps(1)
3287

33-
def should_abort(state):
34-
return b"Wrong key!" in state.posix.dumps(1)
88+
def should_abort(state):
89+
return b"Wrong key!" in state.posix.dumps(1)
3590

36-
simgr.explore(find=is_successful, avoid=should_abort)
91+
simgr.explore(find=is_successful, avoid=should_abort)
3792

38-
if simgr.found:
39-
found = simgr.found[0]
40-
solution = found.solver.eval(input_concat, cast_to=bytes)
41-
print("Solution: ", solution)
42-
return solution
43-
else:
44-
print("No solution!")
45-
return b""
93+
if simgr.found:
94+
found = simgr.found[0]
95+
solution = found.solver.eval(input_concat, cast_to=bytes)
96+
print("Solution: ", solution)
97+
return solution
98+
else:
99+
print("No solution!")
100+
return b""
46101

47-
def main():
48-
sys.stdout.buffer.write(solve_with_angr())
102+
def main():
103+
sys.stdout.buffer.write(solve_with_angr())
49104

50-
except ModuleNotFoundError:
51-
def main():
52-
secret_key = b"u m[#iCB"
53-
sys.stdout.buffer.write(secret_key)
54105

55106
if __name__ == '__main__':
56107
main()

0 commit comments

Comments
 (0)