finished lab8

Author: ruei-chen

lab8/solve.py

@@ -3,8 +3,28 @@
 import angr,sys
 
 def main():
-    secret_key = b""
-    sys.stdout.buffer.write(secret_key)
+    project = angr.Project('./chal', auto_load_libs=False)
+
+    # Start the analysis at main
+    state = project.factory.entry_state()
+
+    # Create a simulation manager
+    simgr = project.factory.simulation_manager(state)
+
+    # Explore until we reach the "Correct!" message
+    simgr.explore(find=lambda s: b"Correct!" in s.posix.dumps(1))
+
+    # Ensure we found a solution
+    if simgr.found:
+        solution_state = simgr.found[0]
+
+        # Extract the secret key from stdin
+        secret_key = solution_state.posix.dumps(0).split(b"\n")[0]
+
+        # Output the secret key to stdout
+        sys.stdout.buffer.write(secret_key + b"\n")
+    else:
+        print("Solution not found.")
 
 
 if __name__ == '__main__':