File tree Expand file tree Collapse file tree 1 file changed +29
-6
lines changed Expand file tree Collapse file tree 1 file changed +29
-6
lines changed Original file line number Diff line number Diff line change 11#!/usr/bin/env python3
2-
3- import angr ,sys
2+ import sys
3+ import angr
4+ import claripy
45
56def main ():
6- secret_key = b""
7- sys .stdout .buffer .write (secret_key )
8-
7+ proj = angr .Project ('./chal' , auto_load_libs = False )
8+
9+ input_size = 8
10+ sym_chars = [claripy .BVS (f'char_{ i } , 8 ) for i in range (input_size )]
11+ sym_input = claripy .Concat (* sym_chars )
12+
13+ state = proj .factory .entry_state (stdin = sym_input )
14+
15+ for char in sym_chars :
16+ state .solver .add (char >= 0x20 ) # 可列印字元
17+ state .solver .add (char <= 0x7e )
18+
19+ simgr = proj .factory .simulation_manager (state )
20+
21+ simgr .explore (
22+ find = lambda s : b"Correct!" in s .posix .dumps (1 ),
23+ avoid = lambda s : b"Wrong key!" in s .posix .dumps (1 )
24+ )
25+
26+ if len (simgr .found ) > 0 :
27+ solution = simgr .found [0 ].solver .eval (sym_input , cast_to = bytes )
28+ sys .stdout .buffer .write (solution )
29+ else :
30+ print ("No solution found" , file = sys .stderr )
31+ sys .exit (1 )
932
1033if __name__ == '__main__' :
11- main ()
34+ main ()
You can’t perform that action at this time.
0 commit comments