taiyoslime/solve.py

## solve.py
import sys

def call_is_correct(ch, index):
    gdb.execute(f"r '{'*' * 32}'")
    gdb.execute(f"set $rdi={ch}")
    gdb.execute(f"set $rsi={index}")
    gdb.execute("j *check+90") # just skip `fork` and so on
    gdb.execute("fin")
    res = gdb.execute("p $rax", to_string=True)
    return int(res.split(" ")[2], 16)

def solve():
    gdb.execute("b check")
    gdb.execute("b is_correct")
    flag = ""
    for i in range(32):
        for ch in range(33, 127):
            if call_is_correct(ch, i):
                flag += chr(ch)
    print(flag, file=sys.stderr)

if __name__ == "__main__":
    solve()

## solve.sh
gdb -q -x solve.py beginners_rev > /dev/null
	import sys

	def call_is_correct(ch, index):
	gdb.execute(f"r '{'' 32}'")
	gdb.execute(f"set $rdi={ch}")
	gdb.execute(f"set $rsi={index}")
	gdb.execute("j *check+90") # just skip `fork` and so on
	gdb.execute("fin")
	res = gdb.execute("p $rax", to_string=True)
	return int(res.split(" ")[2], 16)

	def solve():
	gdb.execute("b check")
	gdb.execute("b is_correct")
	flag = ""
	for i in range(32):
	for ch in range(33, 127):
	if call_is_correct(ch, i):
	flag += chr(ch)
	print(flag, file=sys.stderr)

	if __name__ == "__main__":
	solve()