Skip to content

Instantly share code, notes, and snippets.

@Bono-iPad

Bono-iPad/Stage2.py Secret

Created April 3, 2016 04:36
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Bono-iPad/99a226f5ec4661af41f66f5c2a76cd11 to your computer and use it in GitHub Desktop.
Save Bono-iPad/99a226f5ec4661af41f66f5c2a76cd11 to your computer and use it in GitHub Desktop.
Download ZIP
Nuit du Hack CTF Quals - 2016 Matriochka stage 2 (solved with angr)
Raw
Stage2.py
import angr, simuvex
import logging
logging.basicConfig()
angr.path_group.l.setLevel('DEBUG')
p = angr.Project("./stage2.bin")
initial_state = p.factory.entry_state(args=[angr.StringSpec(string="./stage2.bin"), angr.StringSpec(sym_length=11, nonnull=True)],add_options={"BYPASS_UNSUPPORTED_SYSCALL"})
pg = p.factory.path_group(initial_state, immutable=False)
pg.explore(find=0x40064d)
print pg.found[0].state.se.any_str(pg.found[0].state.memory.load(pg.found[0].state.posix.argv, 100))
# ./stage2.binPandi_panda
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment