File tree Expand file tree Collapse file tree 1 file changed +26
-2
lines changed Expand file tree Collapse file tree 1 file changed +26
-2
lines changed Original file line number Diff line number Diff line change 11#!/usr/bin/env python3
22
33import angr ,sys
4+ import claripy
45
56def main ():
6- secret_key = b""
7- sys .stdout .buffer .write (secret_key )
7+ # 載入二進位檔並關閉自動載入庫功能
8+ proj = angr .Project ('./chal' , auto_load_libs = False )
9+
10+ # 建立 8 個符號位元組 (symbolic bytes)
11+ sym_bytes = [claripy .BVS (f'byte_{ i } , 8 ) for i in range (8 )]
12+ sym_input = claripy .Concat (* sym_bytes )
13+
14+ # 使用符號 stdin 初始化模擬狀態
15+ state = proj .factory .full_init_state (
16+ stdin = angr .SimFileStream (name = 'stdin' , content = sym_input , has_end = True )
17+ )
18+
19+ # 探索至輸出包含 "Correct!" 的執行路徑
20+ simgr = proj .factory .simgr (state )
21+ simgr .explore (find = lambda s : b"Correct!" in s .posix .dumps (1 ))
22+
23+ if simgr .found :
24+ found = simgr .found [0 ]
25+ secret_key = found .solver .eval (sym_input , cast_to = bytes )
26+ sys .stdout .buffer .write (secret_key )
27+ else :
28+ print ("No solution found" )
29+
30+ # secret_key = b""
31+ # sys.stdout.buffer.write(secret_key)
832
933
1034if __name__ == '__main__' :
You can’t perform that action at this time.
0 commit comments