File tree Expand file tree Collapse file tree 1 file changed +32
-3
lines changed Expand file tree Collapse file tree 1 file changed +32
-3
lines changed Original file line number Diff line number Diff line change 11#!/usr/bin/env python3
22
3- import angr ,sys
3+ import angr
4+ import claripy
5+ import sys
6+
7+ angr .loggers .disable_root_logger ()
8+
9+ def is_flag_found (state ):
10+ output = state .posix .dumps (1 )
11+ return b"flag" in output
412
513def main ():
6- secret_key = b""
7- sys .stdout .buffer .write (secret_key )
14+ project = angr .Project ("./chal" , auto_load_libs = False )
15+
16+ sym_chars = [claripy .BVS (f'byte_{ i } , 8 ) for i in range (8 )]
17+ sym_input = claripy .Concat (* sym_chars )
18+
19+ state = project .factory .full_init_state (
20+ stdin = angr .SimFileStream (name = 'stdin' , content = sym_input , has_end = True )
21+ )
22+
23+
24+ simgr = project .factory .simgr (state )
25+
26+ simgr .explore (
27+ find = lambda s :b"Correct!" in s .posix .dumps (1 )
28+ )
29+
30+ if simgr .found :
31+ found = simgr .found [0 ]
32+ secret_key = found .solver .eval (sym_input , cast_to = bytes )
33+ sys .stdout .buffer .write (secret_key )
34+ else :
35+ print ("No solution found!" )
36+ sys .exit (1 )
837
938
1039if __name__ == '__main__' :
You can’t perform that action at this time.
0 commit comments