File tree Expand file tree Collapse file tree 1 file changed +30
-6
lines changed Expand file tree Collapse file tree 1 file changed +30
-6
lines changed Original file line number Diff line number Diff line change 11#!/usr/bin/env python3
2-
3- import angr ,sys
2+ import angr
3+ import claripy
4+ import sys
45
56def main ():
6- secret_key = b""
7- sys .stdout .buffer .write (secret_key )
7+ proj = angr .Project ("./chal" )
8+
9+ key_len = 8
10+ newline_len = 1
11+ sym_bytes = [claripy .BVS (f"byte{ i } , 8 ) for i in range (key_len + newline_len )]
12+ sym_input = claripy .Concat (* sym_bytes )
13+
14+ state = proj .factory .full_init_state (stdin = sym_input )
15+
16+ for b in sym_bytes [:key_len ]:
17+ state .solver .add (b >= 0x20 )
18+ state .solver .add (b <= 0x7e )
19+ state .solver .add (sym_bytes [- 1 ] == 0x0a )
820
21+ sm = proj .factory .simgr (state )
22+ sm .explore (find = lambda s : b"Correct!" in s .posix .dumps (1 ))
23+
24+ if not sm .found :
25+ print ("Can't find Secret key!" , file = sys .stderr )
26+ return
27+
28+ found = sm .found [0 ]
29+ concrete_input = found .solver .eval (sym_input , cast_to = bytes )
30+ secret_key = concrete_input [:key_len ]
31+
32+ sys .stdout .buffer .write (secret_key )
933
10- if __name__ == ' __main__'
11- main ()
34+ if __name__ == " __main__"
35+ main ()
You can’t perform that action at this time.
0 commit comments