-
-
Save GanbaruTobi/1821f9c4cedbc98f07a2c15c22bfae5f to your computer and use it in GitHub Desktop.
radius2 frida_escrackme
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| use radius2::{Radius, RadiusOption}; | |
| fn main() { | |
| let options = [ | |
| RadiusOption::Debug(true), | |
| //RadiusOption::Sims(false), | |
| RadiusOption::LoadPlugins(true), | |
| ]; | |
| let mut radius = Radius::new_with_options(Some("frida://attach/usb//com.nowsecure.escrackme"), &options); | |
| let mut state = radius.call_state(0x6fa4eb3470); //frida_state won't work, cant set a breakpoint | |
| let bv = state.symbolic_value("flag", 64); | |
| state.registers.set("x2", bv.clone()); | |
| // not 0x6fa4eb3490 | |
| // result 0x6fa4eb34e0 | |
| let mut new_state = radius.run_until(state, 0x6fa4eb34e0, &[0x6fa4eb3490]).unwrap(); | |
| let flag = new_state.eval(&bv).unwrap().as_u64().unwrap(); | |
| println!("FLAG: {:x}", flag); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment