feat: modify for not using angr

mamie1031 · mamie1031 · commit 510a8cfd4203 · 2025-05-20T14:43:37.000+08:00
diff --git a/lab8/solve.py b/lab8/solve.py
@@ -1,47 +1,40 @@
 #!/usr/bin/env python3
-
-import angr
-import claripy
 import sys
 
 def main():
-    # Load target file
-    proj = angr.Project('./chal', auto_load_libs=False)
-
-    # Create 8 bytes symbolic input
-    input_size = 8
-    symbolic_input = claripy.BVS('input', input_size * 8)
-
-    # Create initial state, simulate standard input
-    state = proj.factory.entry_state(
-        stdin=angr.storage.file.SimFileStream(name='stdin', content=symbolic_input, has_end=False),
-        add_options={
-            angr.options.ZERO_FILL_UNCONSTRAINED_MEMORY,
-            angr.options.ZERO_FILL_UNCONSTRAINED_REGISTERS
-        }
-    )
-
-    # The input is ASCII
-    for i in range(input_size):
-        byte = symbolic_input.get_byte(i)
-        state.solver.add(byte >= 32, byte <= 126)
-
-    simgr = proj.factory.simulation_manager(state)
-
-    # Using objdump to find target addr
-    find_addr = 0x401307  # puts("Correct!...") 的地址
-    avoid_addr = 0x4013b3  # puts("Wrong key!") 的地址
-
-    simgr.explore(find=find_addr, avoid=avoid_addr)
-
-    # Find correct path
-    if simgr.found:
-        found_state = simgr.found[0]
-        secret_key = found_state.solver.eval(symbolic_input, cast_to=bytes)
-        sys.stdout.buffer.write(secret_key)
-    else:
-        print("No solution found!", file=sys.stderr)
-        sys.exit(1)
+    # Iterate over x4 and x6 to find a valid solution
+    for x4 in range(32, 127):  # ASCII range
+        x5 = 3 * x4  # Equation 3: x4 * 3 = x5
+        if x5 < 32 or x5 > 126:  # Check if x5 is in ASCII range
+            continue
+        for x6 in range(32, 127):
+            x7 = x6 - 1  # Equation 4: x6 - x7 = 1
+            if x7 < 32 or x7 > 126:  # Check x7
+                continue
+            if (x5 ^ x6) != 42:  # Equation 6: x5 XOR x6 = 0x2A (42)
+                continue
+            # Equations 2 and 5: x2 + x3 = 200, x1 + x2 - x3 = 50
+            # Solve: x1 + (200 - x3) - x3 = 50 → x1 - 2*x3 = -150 → x3 = (x1 + 150)/2
+            for x1 in range(32, 127):
+                if (x1 + 150) % 2 != 0:  # x3 must be an integer
+                    continue
+                x3 = (x1 + 150) // 2
+                x2 = 200 - x3  # Equation 2: x2 + x3 = 200
+                if x2 < 32 or x2 > 126 or x3 < 32 or x3 > 126:  # Check x2, x3
+                    continue
+                # Equation 5: x1 + x2 - x3 = 50
+                if x1 + x2 - x3 != 50:
+                    continue
+                # Equation 1: x0 XOR x1 = 0x55 (85)
+                x0 = x1 ^ 85
+                if x0 < 32 or x0 > 126:  # Check x0
+                    continue
+                # Found a valid solution
+                secret_key = bytes([x0, x1, x2, x3, x4, x5, x6, x7])
+                sys.stdout.buffer.write(secret_key)
+                return
+    print("No solution found!", file=sys.stderr)
+    sys.exit(1)
 
 if __name__ == '__main__':
     main()
