From 9a57aeedef5594f4018691ecbd52aa682490bb06 Mon Sep 17 00:00:00 2001
From: 9ithu6-c0m <x@example.invalid>
Date: Wed, 21 May 2025 15:19:34 +0800
Subject: [PATCH] Complete lab8

---
 lab8/solve.py | 26 ++++++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/lab8/solve.py b/lab8/solve.py
index 9ab3ee2..1a141f3 100755
--- a/lab8/solve.py
+++ b/lab8/solve.py
@@ -1,11 +1,29 @@
 #!/usr/bin/env python3
 
-import angr,sys
+import sys
+
+import angr
+
+angr.loggers.disable_root_logger()
+
+
+def found_flag(state: angr.SimState):
+    return b"flag" in state.posix.dumps(1)
+
 
 def main():
-    secret_key = b""
-    sys.stdout.buffer.write(secret_key)
+    proj = angr.Project("./chal", auto_load_libs=False)
+    state = proj.factory.entry_state(stdin=angr.SimFile)
+    simgr = proj.factory.simgr(state)
+    simgr.explore(find=found_flag)
+    if simgr.found:
+        found_state = simgr.found[0]
+        input_data = found_state.posix.dumps(0)
+        sys.stdout.buffer.write(input_data)
+    else:
+        print("No solution found", file=sys.stderr)
+        exit(1)
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     main()