From a888dd93b01ca402e9ceabab7af3bc7d3f7c9870 Mon Sep 17 00:00:00 2001
From: cwkang <wei020789@gmail.com>
Date: Tue, 20 May 2025 00:20:11 +0800
Subject: [PATCH] completed the lab8

---
 lab8/solve.py | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/lab8/solve.py b/lab8/solve.py
index 9ab3ee2..ddf716d 100755
--- a/lab8/solve.py
+++ b/lab8/solve.py
@@ -1,11 +1,27 @@
 #!/usr/bin/env python3
 
-import angr,sys
+import angr, sys
 
 def main():
-    secret_key = b""
-    sys.stdout.buffer.write(secret_key)
+    proj = angr.Project("./chal")
+    state = proj.factory.entry_state()
+    simgr = proj.factory.simulation_manager(state)
 
+    def is_successful(state):
+        return b"Correct!" in state.stdout.contents
+
+    def should_abort(state):
+        return b"Wrong key!" in state.stdout.contents
+
+    simgr.explore(find=is_successful, avoid=should_abort)
+
+    if simgr.found:
+        found_state = simgr.found[0]
+        input_arg = found_state.posix.stdin.load(0, 8)
+        solution = found_state.solver.eval(input_arg, cast_to=bytes)
+        sys.stdout.buffer.write(solution)
+    else:
+        print("Could not find the secret key.")
 
 if __name__ == '__main__':
-    main()
+    main()
\ No newline at end of file