tried solving it, still failed using validate script

sa-llo · sa-llo · commit 04b26b8e293a · 2025-05-17T17:16:39.000+08:00
diff --git a/lab8/solve.py b/lab8/solve.py
@@ -1,11 +1,38 @@
 #!/usr/bin/env python3
 
-import angr,sys
+import angr
+import claripy
+import sys
 
 def main():
-    secret_key = b""
-    sys.stdout.buffer.write(secret_key)
+    project = angr.Project('./chal', auto_load_libs=False)
+
+    input_len = 8
+    input_chars = [claripy.BVS('', 8) for _ in range(input_len)]
+    sym_input = claripy.Concat(*input_chars)
+
+    # Explicitly use SimFileStream with has_end=False
+    stdin_stream = angr.SimFileStream(name='stdin', content=sym_input, has_end=False)
+
+    state = project.factory.full_init_state(stdin=stdin_stream)
+
+
+    for c in input_chars:
+            state.solver.add(c >= 0x20)
+            state.solver.add(c <= 0x7e)
+
+    simgr = project.factory.simgr(state)
+
+    def is_successful(state):
+        return b"Correct!" in state.posix.dumps(1)
+
+    simgr.explore(find=is_successful)
+
+    if simgr.found:
+        found = simgr.found[0]
+        result = found.solver.eval(sym_input, cast_to=bytes)
+        sys.stdout.buffer.write(result)
 
 
 if __name__ == '__main__':
-    main()
+    main()
