Skip to content

Instantly share code, notes, and snippets.

@CreateRemoteThread

CreateRemoteThread/gctf-reversing-solve.py

Created August 26, 2020 02:43
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save CreateRemoteThread/53d53b0b4a10346dabb9392231b81955 to your computer and use it in GitHub Desktop.
Save CreateRemoteThread/53d53b0b4a10346dabb9392231b81955 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gctf-reversing-solve.py
#!/usr/bin/env python3
import angr
import claripy
p = angr.Project("a.out")
flag_chars = [claripy.BVS("flag_%d" % i,8) for i in range(15)]
flag = claripy.Concat(*flag_chars + [claripy.BVV(b'\n')])
state = p.factory.entry_state(stdin=flag)
for f in flag_chars:
state.solver.add(f < 0x7f)
state.solver.add(f > 0x20)
sm = p.factory.simulation_manager(state)
sm.run()
for x in sm.deadended:
if b'SUCCESS' in x.posix.dumps(1):
print(x.posix.dumps(0))
# print(sm.active[0].posix.dumps(0))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment