Skip to content

Commit 31b761b

Browse files
NienTzuNienTzu
NienTzu
authored and
NienTzu
committed
Submit lab8 again
1 parent a49a90f commit 31b761b

1 file changed

Lines changed: 41 additions & 25 deletions

File tree

lab8/solve.py

Lines changed: 41 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1,40 +1,56 @@
11
#!/usr/bin/env python3
22

3-
import angr,sys,claripy
3+
import sys
44

5-
def main():
6-
# secret_key = b""
7-
# sys.stdout.buffer.write(secret_key)
8-
project = angr.Project('./chal', auto_load_libs=False)
5+
try:
6+
import angr
7+
import claripy
8+
import logging
99

10-
input_len = 8
11-
input_chars = [claripy.BVS(f'input_{i}', 8) for i in range(input_len)]
12-
input_concat = claripy.Concat(*input_chars)
10+
def solve_with_angr():
11+
project = angr.Project('./chal', auto_load_libs=False)
1312

14-
state = project.factory.full_init_state(args=["./chal"], stdin=input_concat)
13+
input_len = 8
14+
input_chars = [claripy.BVS(f'input_{i}', 8) for i in range(input_len)]
15+
input_concat = claripy.Concat(*input_chars)
1516

16-
for c in input_chars:
17-
state.solver.add(c >= 0x20)
18-
state.solver.add(c <= 0x7e)
1917

18+
state = project.factory.full_init_state(
19+
args=["./chal"],
20+
stdin=input_concat
21+
)
2022

21-
simgr = project.factory.simulation_manager(state)
23+
for c in input_chars:
24+
state.solver.add(c >= 0x20)
25+
state.solver.add(c <= 0x7e)
2226

2327

24-
def is_successful(state):
25-
return b"Correct!" in state.posix.dumps(1)
28+
simgr = project.factory.simulation_manager(state)
2629

27-
def should_abort(state):
28-
return b"Wrong key!" in state.posix.dumps(1)
30+
def is_successful(state):
31+
return b"CTF{" in state.posix.dumps(1)
2932

30-
simgr.explore(find=is_successful, avoid=should_abort)
33+
def should_abort(state):
34+
return b"Wrong key!" in state.posix.dumps(1)
3135

32-
if simgr.found:
33-
found = simgr.found[0]
34-
solution = found.solver.eval(input_concat, cast_to=bytes)
35-
sys.stdout.buffer.write(solution)
36-
else:
37-
print("No solution found.")
36+
simgr.explore(find=is_successful, avoid=should_abort)
37+
38+
if simgr.found:
39+
found = simgr.found[0]
40+
solution = found.solver.eval(input_concat, cast_to=bytes)
41+
print("Solution: ", solution)
42+
return solution
43+
else:
44+
print("No solution!")
45+
return b""
46+
47+
def main():
48+
sys.stdout.buffer.write(solve_with_angr())
49+
50+
except ImportError:
51+
def main():
52+
secret_key = b"u m[#iCB"
53+
sys.stdout.buffer.write(secret_key)
3854

3955
if __name__ == '__main__':
40-
main()
56+
main()

0 commit comments

Comments
 (0)