File tree Expand file tree Collapse file tree 1 file changed +29
-4
lines changed Expand file tree Collapse file tree 1 file changed +29
-4
lines changed Original file line number Diff line number Diff line change 11#!/usr/bin/env python3
22
3- import angr ,sys
3+ import angr
4+ import claripy
5+ import sys
6+
7+ angr .loggers .disable_root_logger ()
8+
9+ def is_flag_found (state ):
10+ output = state .posix .dumps (1 )
11+ return b"flag" in output
412
513def main ():
6- secret_key = b""
7- sys .stdout .buffer .write (secret_key )
14+ # 載入 binary
15+ project = angr .Project ("./chal" , auto_load_libs = False )
16+
17+ input_len = 100
18+ input_bits = claripy .BVS ("input" , input_len * 8 )
19+ symbolic_stdin = angr .SimFile ("stdin" , content = input_bits , size = input_len )
20+
21+ initial_state = project .factory .entry_state (stdin = symbolic_stdin )
22+
23+ simgr = project .factory .simgr (initial_state )
24+
25+ simgr .explore (find = is_flag_found )
826
27+ if simgr .found :
28+ found = simgr .found [0 ]
29+ solution = found .solver .eval (input_bits , cast_to = bytes )
30+ sys .stdout .buffer .write (solution )
31+ else :
32+ print ("No solution found." , file = sys .stderr )
33+ sys .exit (1 )
934
10- if __name__ == ' __main__'
35+ if __name__ == " __main__"
1136 main ()
You can’t perform that action at this time.
0 commit comments