File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 11#!/usr/bin/env python3
22
3- import angr ,sys
3+ import angr
4+ import claripy
5+ import sys
46
57def main ():
6- secret_key = b""
7- sys .stdout .buffer .write (secret_key )
8+ proj = angr .Project ("./chal" , auto_load_libs = False )
9+ key_bytes = [claripy .BVS (f'key_{ i } , 8 ) for i in range (8 )]
10+ secret_key = claripy .Concat (* key_bytes )
11+ state = proj .factory .full_init_state (stdin = secret_key )
12+ for b in key_bytes :
13+ state .solver .add (b >= 0x20 )
14+ state .solver .add (b <= 0x7e )
15+ simgr = proj .factory .simgr (state )
816
17+ def is_successful (state ):
18+ return b"Correct!" in state .posix .dumps (1 )
19+
20+ def should_abort (state ):
21+ return b"Wrong key!" in state .posix .dumps (1 )
22+
23+ simgr .explore (find = is_successful , avoid = should_abort )
24+
25+ if simgr .found :
26+ found = simgr .found [0 ]
27+ key = found .solver .eval (secret_key , cast_to = bytes )
28+ sys .stdout .buffer .write (key )
29+ else :
30+ print ("No solution found." )
931
1032if __name__ == '__main__' :
1133 main ()
You can’t perform that action at this time.
0 commit comments