Skip to content

Instantly share code, notes, and snippets.

@Raz0r

Raz0r/solution.py Secret

Created November 6, 2018 12:27
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save Raz0r/394c152363d8599233f105e98c87103b to your computer and use it in GitHub Desktop.
Save Raz0r/394c152363d8599233f105e98c87103b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
solution.py
import binascii
from manticore.ethereum import ManticoreEVM, ABI
m = ManticoreEVM()
owner_account = m.create_account(balance=1000, name='owner', address=0xbc7ddd20d5bceb395290fd7ce3a9da8d8b485559)
attacker_account = m.create_account(balance=1000, name='attacker', address=0x762C808237A69d786A85E8784Db8c143EB70B2fB)
cashmoney_contract = m.create_account(balance=1000, name='CashMoney', address=0x64ba926175bc69ba757ef53a6d5ef616889c9999)
bytecode = binascii.unhexlify(b"7f646f6765636f696e746f7468656d6f6f6e6c616d626f736f6f6e64756465732160015560c06040526020"
b"60808190527f546861742077617320766572792063617368206d6f6e6579206f6620796f752e60a0908152"
b"6100629160029190610093565b5034801561006f57600080fd5b5060008054600160a060020a0319908116"
b"331790915560038054909116905561012e565b828054600181600116156101000203166002900490600052"
b"602060002090601f016020900481019282601f106100d457805160ff1916838001178555610101565b8280"
b"0160010185558215610101579182015b828111156101015782518255916020019190600101906100e6565b"
b"5061010d929150610111565b5090565b61012b91905b8082111561010d5760008155600101610117565b90"
b"565b610e1d8061013d6000396000f3006080604052600436106100985763ffffffff7c0100000000000000"
b"00000000000000000000000000000000000000000060003504166331d2111c811461009d5780633e27df2a"
b"146100c85780637fd4b61a146100ea5780638d5781211461010a5780638da5cb5b146101375780639d9ca2"
b"8d1461014c578063c3e8512414610179578063d2ec9fe714610199578063d4a55161146101bb575b600080"
b"fd5b3480156100a957600080fd5b506100b26101e8565b6040516100bf9190610cf3565b60405180910390"
b"f35b3480156100d457600080fd5b506100e86100e3366004610ab2565b6102c1565b005b3480156100f657"
b"600080fd5b506100e8610105366004610ab2565b61034b565b34801561011657600080fd5b5061012a6101"
b"25366004610b17565b61065e565b6040516100bf9190610c9f565b34801561014357600080fd5b5061012a"
b"610686565b34801561015857600080fd5b5061016c610167366004610a8c565b610695565b6040516100bf"
b"9190610d04565b34801561018557600080fd5b506100e8610194366004610a8c565b6106b3565b34801561"
b"01a557600080fd5b506101ae6106f9565b6040516100bf9190610ce2565b3480156101c757600080fd5b50"
b"6101db6101d6366004610b17565b61075b565b6040516100bf9190610d12565b6060600680548060200260"
b"2001604051908101604052809291908181526020016000905b828210156102b75760008481526020908190"
b"208301805460408051601f6002600019610100600187161502019094169390930492830185900485028101"
b"8501909152818152928301828280156102a35780601f106102785761010080835404028352916020019161"
b"02a3565b820191906000526020600020905b81548152906001019060200180831161028657829003601f16"
b"8201915b50505050508152602001906001019061020c565b5050505090505b90565b600054600160a06002"
b"0a031633146102d857600080fd5b6040805160608101825283815260208082018481526001838501819052"
b"600160a060020a0388166000908152600784529490942083518155905180519394919361032a9392850192"
b"9190910190610981565b50604091909101516002909101805460ff1916911515919091179055505050565b"
b"60035460609060009081908390600160a060020a0316331461036c57600080fd5b6040855110156103b157"
b"6040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016103"
b"a890610d23565b60405180910390fd5b8451604011156103c057600080fd5b6103cd856020604061080256"
b"5b600154909450600160a060020a038816189250600091505b83518263ffffffff1610156104755782601f"
b"83166020811061040357fe5b1a60f860020a02604260f860020a0218848363ffffffff1681518110151561"
b"042757fe5b906020010181815160f860020a900460f860020a02189150907effffffffffffffffffffffff"
b"ffffffffffffffffffffffffffffffffffffff1916908160001a9053506001909101906103e5565b600280"
b"5460408051602060018416156101000260001901909316849004601f810184900484028201840190925281"
b"815261050a938893919290918301828280156105005780601f106104d55761010080835404028352916020"
b"0191610500565b820191906000526020600020905b8154815290600101906020018083116104e357829003"
b"601f168201915b50505050506108b8565b1561062357600160a060020a0387166000908152600460209081"
b"5260408220805460ff1916600117905561053f918791610802565b60068054600181018083556000929092"
b"5282519293509091610588917ff652222313e28459528d920b65115c16c04f3efc82aaedc97be59f3f377c"
b"0d3f01906020850190610981565b5050600580546001810182556000919091527f036b6384b5eca791c627"
b"61152d0c79bb0604c104a5fb6f4eb0703f3154bb3db001805473ffffffffffffffffffffffffffffffffff"
b"ffffff1916600160a060020a0389161790556040517f7804feab32c9029e450d463575157bebe1cb6700ad"
b"1104371721398aaff9aad39061061690899084908a90610cb3565b60405180910390a1610655565b604051"
b"7f08c379a00000000000000000000000000000000000000000000000000000000081526004016103a89061"
b"0d23565b50505050505050565b600580548290811061066c57fe5b600091825260209091200154600160a0"
b"60020a0316905081565b600054600160a060020a031681565b600160a060020a0316600090815260046020"
b"52604090205460ff1690565b600054600160a060020a031633146106ca57600080fd5b6003805473ffffff"
b"ffffffffffffffffffffffffffffffffff1916600160a060020a0392909216919091179055565b60606005"
b"80548060200260200160405190810160405280929190818152602001828054801561075157602002820191"
b"906000526020600020905b8154600160a060020a03168152600190910190602001808311610733575b5050"
b"505050905090565b600680548290811061076957fe5b600091825260209182902001805460408051601f60"
b"02600019610100600187161502019094169390930492830185900485028101850190915281815293509091"
b"8301828280156107fa5780601f106107cf576101008083540402835291602001916107fa565b8201919060"
b"00526020600020905b8154815290600101906020018083116107dd57829003601f168201915b5050505050"
b"81565b60608060008484036040519080825280601f01601f19166020018201604052801561083757816020"
b"0160208202803883390190505b5091508490505b838110156108af57858181518110151561085457fe5b90"
b"602001015160f860020a900460f860020a028286830381518110151561087757fe5b9060200101907effff"
b"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff1916908160001a90535060010161"
b"083e565b50949350505050565b600080825184511415156108cf576000915061097a565b5060005b835181"
b"10156109755782818151811015156108ea57fe5b90602001015160f860020a900460f860020a027effffff"
b"ffffffffffffffffffffffffffffffffffffffffffffffffffffffff1916848281518110151561092d57fe"
b"5b60209101015160f860020a90819004027fff000000000000000000000000000000000000000000000000"
b"00000000000000161461096d576000915061097a565b6001016108d3565b600191505b5092915050565b82"
b"8054600181600116156101000203166002900490600052602060002090601f016020900481019282601f10"
b"6109c257805160ff19168380011785556109ef565b828001600101855582156109ef579182015b82811115"
b"6109ef5782518255916020019190600101906109d4565b506109fb9291506109ff565b5090565b6102be91"
b"905b808211156109fb5760008155600101610a05565b6000610a258235610d8c565b9392505050565b6000"
b"601f82018313610a3d57600080fd5b8135610a50610a4b82610d5a565b610d33565b915080825260208301"
b"60208301858383011115610a6c57600080fd5b610a77838284610d9d565b50505092915050565b6000610a"
b"2582356102be565b600060208284031215610a9e57600080fd5b6000610aaa8484610a19565b9493505050"
b"50565b600080600060608486031215610ac757600080fd5b6000610ad38686610a19565b9350506020610a"
b"e486828701610a80565b925050604084013567ffffffffffffffff811115610b0157600080fd5b610b0d86"
b"828701610a2c565b9150509250925092565b600060208284031215610b2957600080fd5b6000610aaa8484"
b"610a80565b610b3e81610d8c565b82525050565b6000610b4f82610d88565b808452602084019350610b61"
b"83610d82565b60005b82811015610b9157610b77868351610b35565b610b8082610d82565b602096909601"
b"959150600101610b64565b5093949350505050565b6000610ba682610d88565b8084526020840193508360"
b"2082028501610bbf85610d82565b60005b84811015610bf6578383038852610bda838351610c0b565b9250"
b"610be582610d82565b602098909801979150600101610bc2565b50909695505050505050565b610b3e8161"
b"0d98565b6000610c1682610d88565b808452610c2a816020860160208601610da9565b610c3381610dd956"
b"5b9093016020019392505050565b602281527f74686174207761736e277420766572792063617368206d6f"
b"6e6579206f66207960208201527f6f75000000000000000000000000000000000000000000000000000000"
b"000000604082015260600190565b610b3e816102be565b60208101610cad8284610b35565b92915050565b"
b"60608101610cc18286610b35565b8181036020830152610cd38185610c0b565b9050610aaa604083018461"
b"0c96565b60208082528101610a258184610b44565b60208082528101610a258184610b9b565b6020810161"
b"0cad8284610c02565b60208082528101610a258184610c0b565b60208082528101610cad81610c40565b60"
b"405181810167ffffffffffffffff81118282101715610d5257600080fd5b604052919050565b600067ffff"
b"ffffffffffff821115610d7157600080fd5b506020601f91909101601f19160190565b60200190565b5190"
b"565b600160a060020a031690565b151590565b82818337506000910152565b60005b83811015610dc45781"
b"81015183820152602001610dac565b83811115610dd3576000848401525b50505050565b601f01601f1916"
b"905600a265627a7a723058207dac21b23e9c3edeeacc729a73196e5c52acead4a7d0462ebf35a8fb0406a2"
b"8b6c6578706572696d656e74616cf50037")
winnerlog_contract = m.create_contract(init=bytecode, owner=owner_account, name="WinnerLog", address=0x2e4d2a597a2fcbdf6cc55eb5c973e76aa19ac410)
m.transaction(caller=owner_account,
address=winnerlog_contract,
data=binascii.unhexlify(b"c3e8512400000000000000000000000064ba926175bc69ba757ef53a6d5ef616889c9999"), value=0)
symbolic_data = m.make_symbolic_buffer(64)
calldata = ABI.function_call('logWinner(address,uint256,bytes)', attacker_account, 0, symbolic_data)
m.transaction(caller=cashmoney_contract, address=winnerlog_contract, data=calldata, value=0, gas=10000000)
for state in m.running_states:
world = state.platform
result = state.solve_one(symbolic_data)
print("[+] FOUND: {}".format(binascii.hexlify(result)))
break
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment