| #!/usr/bin/env python3 | |
| import angr | |
| import claripy | |
| p = angr.Project("a.out") | |
| flag_chars = [claripy.BVS("flag_%d" % i,8) for i in range(15)] | |
| flag = claripy.Concat(*flag_chars + [claripy.BVV(b'\n')]) | |
| state = p.factory.entry_state(stdin=flag) | |
| for f in flag_chars: | |
| state.solver.add(f < 0x7f) | |
| state.solver.add(f > 0x20) | |
| sm = p.factory.simulation_manager(state) | |
| sm.run() | |
| for x in sm.deadended: | |
| if b'SUCCESS' in x.posix.dumps(1): | |
| print(x.posix.dumps(0)) | |
| # print(sm.active[0].posix.dumps(0)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment