Skip to content

Instantly share code, notes, and snippets.

@inaz2 inaz2/solve.py
Last active Sep 30, 2016

Embed
What would you like to do?
# time python solve.py
'_\x96\x1es\xdd\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
real 0m4.301s
user 0m3.588s
sys 0m0.688s
# useradd -m crackme
# echo THIS_IS_FLAG > /home/crackme/key
# ./crackme &
# echo -e '_\x96\x1es\xdd\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | nc localhost 54321
Enter registration code: Thank you, valued customer!
Your key is: THIS_IS_FLAG
import angr
p = angr.Project('./crackme', load_options={'auto_load_libs': False})
s = p.factory.blank_state(addr=0x8048ef6)
initial_path = p.factory.path(s)
pg = p.factory.path_group(initial_path)
e = pg.explore(find=0x8048f88, avoid=0x804900b)
if len(e.found) > 0:
s = e.found[0].state
print "%r" % s.se.any_str(s.memory.load(s.regs.bp-0x20c, 0x10))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.