Skip to content

Instantly share code, notes, and snippets.

@Es7evam
Created September 13, 2020 22:16
Show Gist options
  • Save Es7evam/8d8eecf235cb8d6b2edc2752ad7a35ba to your computer and use it in GitHub Desktop.
Save Es7evam/8d8eecf235cb8d6b2edc2752ad7a35ba to your computer and use it in GitHub Desktop.
import angr
p = angr.Project("./not_malware", preload_libs='./bypass.so')
s = p.factory.entry_state()
# Entrada = Input
entrada = s.solver.BVS("input", 480)
s = p.factory.entry_state(stdin=entrada)
s = p.factory.full_init_state(args=['./not_malware')
simgr = p.factory.simulation_manager(s)
simgr.explore(find=lambda x: b"Thanks" in x.posix.dumps(1))
for solucao in simgr.found:
print(solucao.posix.dumps(0))
print(solucao.posix.dumps(1))
print('\n\n\n', (solucao))
print(solucao.solver.eval_atleast(entrada, 30, cast_to=bytes))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment