From 74962e88a6eff42eebddc63594948833eeda7770 Mon Sep 17 00:00:00 2001
From: skysoul1024 <zj4204@gmail.com>
Date: Thu, 22 May 2025 02:47:37 +0800
Subject: [PATCH 1/8] Update solve.py

---
 lab8/solve.py | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/lab8/solve.py b/lab8/solve.py
index 9ab3ee2..27ccdf1 100755
--- a/lab8/solve.py
+++ b/lab8/solve.py
@@ -1,11 +1,22 @@
-#!/usr/bin/env python3
-
-import angr,sys
+import angr
+import sys
 
 def main():
-    secret_key = b""
-    sys.stdout.buffer.write(secret_key)
+    angr.loggers.disable_root_logger()
+
+    proj = angr.Project("chal")
+    state = proj.factory.entry_state(stdin=angr.SimFile)
+    simgr = proj.factory.simulation_manager(state)
+    
+    simgr.explore(find=lambda s: b"Correct!" in s.posix.dumps(1),
+                 avoid=lambda s: b"Wrong key!" in s.posix.dumps(1))
 
+    if len(simgr.found) > 0:
+        found_state = simgr.found[0]
+        solution = found_state.posix.dumps(0)
+        sys.stdout.buffer.write(solution)
+    else:
+        print("No solution found")
 
 if __name__ == '__main__':
-    main()
+    main()
\ No newline at end of file

From 6aa0e44d3f1688a67b3a48bbde56da1f96ab113b Mon Sep 17 00:00:00 2001
From: skysoul1024 <zj4204@gmail.com>
Date: Thu, 22 May 2025 02:52:49 +0800
Subject: [PATCH 2/8] Update solve.py

---
 lab8/solve.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lab8/solve.py b/lab8/solve.py
index 27ccdf1..3bfd2f5 100755
--- a/lab8/solve.py
+++ b/lab8/solve.py
@@ -8,7 +8,7 @@ def main():
     state = proj.factory.entry_state(stdin=angr.SimFile)
     simgr = proj.factory.simulation_manager(state)
     
-    simgr.explore(find=lambda s: b"Correct!" in s.posix.dumps(1),
+    simgr.explore(find=lambda s: b"flag" in s.posix.dumps(1),
                  avoid=lambda s: b"Wrong key!" in s.posix.dumps(1))
 
     if len(simgr.found) > 0:
@@ -19,4 +19,4 @@ def main():
         print("No solution found")
 
 if __name__ == '__main__':
-    main()
\ No newline at end of file
+    main()

From fa49d155259bd1138d22b7f7066c5fc19d4261fc Mon Sep 17 00:00:00 2001
From: skysoul1024 <zj4204@gmail.com>
Date: Thu, 22 May 2025 02:58:07 +0800
Subject: [PATCH 3/8] Update solve.py

---
 lab8/solve.py | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/lab8/solve.py b/lab8/solve.py
index 3bfd2f5..124c6cd 100755
--- a/lab8/solve.py
+++ b/lab8/solve.py
@@ -1,19 +1,25 @@
 import angr
 import sys
+import claripy
+
+angr.loggers.disable_root_logger()
 
 def main():
-    angr.loggers.disable_root_logger()
+    proj = angr.Project("chal", auto_load_libs=False)
+    flag_bytes = [claripy.BVS(f'byte_{i}', 8) for i in range(8)]
+    flag = claripy.Concat(*flag_bytes)
+
+    state = proj.factory.full_init_state(
+        stdin = angr.SimFileStream(name='stdin', content=flag, has_end=True)
+    )
 
-    proj = angr.Project("chal")
-    state = proj.factory.entry_state(stdin=angr.SimFile)
     simgr = proj.factory.simulation_manager(state)
     
-    simgr.explore(find=lambda s: b"flag" in s.posix.dumps(1),
-                 avoid=lambda s: b"Wrong key!" in s.posix.dumps(1))
+    simgr.explore(find=lambda s: b"flag" in s.posix.dumps(1))
 
     if len(simgr.found) > 0:
         found_state = simgr.found[0]
-        solution = found_state.posix.dumps(0)
+        solution = found_state.solver.eval(flag, cast_to=bytes)
         sys.stdout.buffer.write(solution)
     else:
         print("No solution found")

From 1232b79231e355358c4610b5c9dedda398722aff Mon Sep 17 00:00:00 2001
From: skysoul1024 <zj4204@gmail.com>
Date: Thu, 22 May 2025 03:07:07 +0800
Subject: [PATCH 4/8] Update solve.py

---
 lab8/solve.py | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/lab8/solve.py b/lab8/solve.py
index 124c6cd..c677ffa 100755
--- a/lab8/solve.py
+++ b/lab8/solve.py
@@ -1,28 +1,28 @@
-import angr
 import sys
-import claripy
+import angr
+
+def found_correct(state: angr.SimState):
+    return b"Correct!" in state.posix.dumps(1)
 
-angr.loggers.disable_root_logger()
+def avoid_wrong(state: angr.SimState):
+    return b"Wrong key!" in state.posix.dumps(1)
 
 def main():
-    proj = angr.Project("chal", auto_load_libs=False)
-    flag_bytes = [claripy.BVS(f'byte_{i}', 8) for i in range(8)]
-    flag = claripy.Concat(*flag_bytes)
+    angr.loggers.disable_root_logger()
 
-    state = proj.factory.full_init_state(
-        stdin = angr.SimFileStream(name='stdin', content=flag, has_end=True)
-    )
+    proj = angr.Project("./chal", auto_load_libs=False)
+    state = proj.factory.entry_state(stdin=angr.SimFile)
 
-    simgr = proj.factory.simulation_manager(state)
-    
-    simgr.explore(find=lambda s: b"flag" in s.posix.dumps(1))
+    simgr = proj.factory.simgr(state)
+    simgr.explore(find=found_correct, avoid=avoid_wrong)
 
-    if len(simgr.found) > 0:
+    if simgr.found:
         found_state = simgr.found[0]
-        solution = found_state.solver.eval(flag, cast_to=bytes)
+        solution = found_state.posix.dumps(0)
         sys.stdout.buffer.write(solution)
     else:
-        print("No solution found")
+        print("No solution found", file=sys.stderr)
+        exit(1)
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     main()

From 515f517a916f42cd786d41580c1ed5979f5df614 Mon Sep 17 00:00:00 2001
From: skysoul1024 <zj4204@gmail.com>
Date: Thu, 22 May 2025 03:11:24 +0800
Subject: [PATCH 5/8] Update solve.py

---
 lab8/solve.py | 29 ++++++++++++++---------------
 1 file changed, 14 insertions(+), 15 deletions(-)

diff --git a/lab8/solve.py b/lab8/solve.py
index c677ffa..4acab55 100755
--- a/lab8/solve.py
+++ b/lab8/solve.py
@@ -1,28 +1,27 @@
 import sys
 import angr
-
-def found_correct(state: angr.SimState):
-    return b"Correct!" in state.posix.dumps(1)
-
-def avoid_wrong(state: angr.SimState):
-    return b"Wrong key!" in state.posix.dumps(1)
+import claripy
 
 def main():
-    angr.loggers.disable_root_logger()
-
     proj = angr.Project("./chal", auto_load_libs=False)
-    state = proj.factory.entry_state(stdin=angr.SimFile)
+    flag_bytes = [claripy.BVS(f'flag_{i}', 8) for i in range(8)]
+    flag = claripy.Concat(*flag_bytes)
+
+    state = proj.factory.entry_state(stdin=flag)
 
     simgr = proj.factory.simgr(state)
-    simgr.explore(find=found_correct, avoid=avoid_wrong)
+    simgr.explore(
+        find=lambda s: b"Correct!" in s.posix.dumps(1),
+        avoid=lambda s: b"Wrong key!" in s.posix.dumps(1)
+    )
 
     if simgr.found:
-        found_state = simgr.found[0]
-        solution = found_state.posix.dumps(0)
+        found = simgr.found[0]
+        solution = found.solver.eval(flag, cast_to=bytes)
         sys.stdout.buffer.write(solution)
     else:
-        print("No solution found", file=sys.stderr)
-        exit(1)
+        print("No solution found!", file=sys.stderr)
+        sys.exit(1)
 
-if __name__ == "__main__":
+if __name__ == '__main__':
     main()

From d33a8c40aa24b0cde9f704e95f0336d394799d12 Mon Sep 17 00:00:00 2001
From: skysoul1024 <zj4204@gmail.com>
Date: Thu, 22 May 2025 03:13:55 +0800
Subject: [PATCH 6/8] Update solve.py

---
 lab8/solve.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lab8/solve.py b/lab8/solve.py
index 4acab55..20009a9 100755
--- a/lab8/solve.py
+++ b/lab8/solve.py
@@ -1,3 +1,5 @@
+#!/usr/bin/env python3
+
 import sys
 import angr
 import claripy

From b2aba00e7136ab2f5f94a3db974f14b5fb5c3f57 Mon Sep 17 00:00:00 2001
From: skysoul1024 <zj4204@gmail.com>
Date: Thu, 22 May 2025 03:16:01 +0800
Subject: [PATCH 7/8] Update solve.py


From efb6dcf8f703e4938dac079afca748250a7b7e35 Mon Sep 17 00:00:00 2001
From: skysoul1024 <zj4204@gmail.com>
Date: Thu, 22 May 2025 03:16:34 +0800
Subject: [PATCH 8/8] Update solve.py