Skip to content

Instantly share code, notes, and snippets.

@Bono-iPad Bono-iPad/Stage2.py Secret
Created Apr 3, 2016

Embed
What would you like to do?
Nuit du Hack CTF Quals - 2016 Matriochka stage 2 (solved with angr)
import angr, simuvex
import logging
logging.basicConfig()
angr.path_group.l.setLevel('DEBUG')
p = angr.Project("./stage2.bin")
initial_state = p.factory.entry_state(args=[angr.StringSpec(string="./stage2.bin"), angr.StringSpec(sym_length=11, nonnull=True)],add_options={"BYPASS_UNSUPPORTED_SYSCALL"})
pg = p.factory.path_group(initial_state, immutable=False)
pg.explore(find=0x40064d)
print pg.found[0].state.se.any_str(pg.found[0].state.memory.load(pg.found[0].state.posix.argv, 100))
# ./stage2.binPandi_panda
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.