diff --git a/lab8/solve.py b/lab8/solve.py
index 9ab3ee2..082f2d2 100755
--- a/lab8/solve.py
+++ b/lab8/solve.py
@@ -1,11 +1,34 @@
 #!/usr/bin/env python3
 
-import angr,sys
+import angr
+import claripy
+import sys
 
 def main():
-    secret_key = b""
-    sys.stdout.buffer.write(secret_key)
+    project = angr.Project('./chal', auto_load_libs=False)
 
+    input_len = 8
+    chars = [claripy.BVS('', 8) for _ in range(input_len)]
+    buf = claripy.Concat(*chars, claripy.BVV(0, 8))  # Add null terminator!
+
+    state = project.factory.entry_state(stdin=buf)
+
+    for c in chars:
+        state.solver.add(c >= 0x20)
+        state.solver.add(c <= 0x7e)
+
+    simgr = project.factory.simgr(state)
+
+    simgr.explore(
+        find=lambda s: b"Correct!" in s.posix.dumps(1),
+        avoid=lambda s: b"Wrong key" in s.posix.dumps(1)
+    )
+
+    if simgr.found:
+        sol = simgr.found[0].solver.eval(buf, cast_to=bytes)
+        print(sol.decode(), end='')  # Print cleanly
+    else:
+        print("[-] No solution found.", end='')
 
 if __name__ == '__main__':
     main()