tried solving it, still failed using validate script

sa-llo · sa-llo · commit c16e0eea8c7e · 2025-05-17T17:27:55.000+08:00
diff --git a/lab8/solve.py b/lab8/solve.py
@@ -8,32 +8,27 @@ def main():
     project = angr.Project('./chal', auto_load_libs=False)
 
     input_len = 8
-    input_chars = [claripy.BVS('', 8) for _ in range(input_len)]
-    sym_input = claripy.Concat(*input_chars, claripy.BVV(0, 8))
+    chars = [claripy.BVS('', 8) for _ in range(input_len)]
+    buf = claripy.Concat(*chars, claripy.BVV(0, 8))  # Add null terminator!
 
-    # Explicitly use SimFileStream with has_end=False
-    stdin_stream = angr.SimFileStream(name='stdin', content=sym_input, has_end=False)
+    state = project.factory.entry_state(stdin=buf)
 
-    state = project.factory.entry_state(stdin=stdin_stream)
-
-
-    for c in input_chars:
-            state.solver.add(c >= 0x20)
-            state.solver.add(c <= 0x7e)
+    for c in chars:
+        state.solver.add(c >= 0x20)
+        state.solver.add(c <= 0x7e)
 
     simgr = project.factory.simgr(state)
 
-    def is_successful(state):
-        return b"Correct!" in state.posix.dumps(1)
-
-    simgr.explore(find=is_successful)
+    simgr.explore(
+        find=lambda s: b"Correct!" in s.posix.dumps(1),
+        avoid=lambda s: b"Wrong key" in s.posix.dumps(1)
+    )
 
     if simgr.found:
-        sol = simgr.found[0].solver.eval(claripy.Concat(*input_chars), cast_to=bytes)
-        print(sol.decode(), end='')
+        sol = simgr.found[0].solver.eval(buf, cast_to=bytes)
+        print(sol.decode(), end='')  # Print cleanly
     else:
         print("[-] No solution found.", end='')
 
-
 if __name__ == '__main__':
-    main()
+    main()
