ymgve

## pcapreader.py
import struct

f = open("onlyscanner.pcap", "rb")

of = open("packetdata.raw", "wb")

header = f.read(24)

while True:
    pheader = f.read(16)

## vgaloader-angr-solver.py
import angr

proj = angr.Project('./vgaloader.elf')
state = proj.factory.entry_state()
simgr = proj.factory.simgr(state)
simgr.explore(find=0x000B8F9F)
print repr(simgr.found[0].posix.dumps(0))

## assembler.py
import sys, struct

def s2n(s):
    if s.startswith("0x"):
        if s.endswith("L"):
            s = s[:-1]
        n = int(s[2:], 16)
    else:
        n = int(s)


## sakura-angr-solve.py
import angr

data = open("sakura-fdb3c896d8a3029f40a38150b2e30a79", "rb").read()
findseq = []
avoid = []
index = 0
count = 0
while True:
    res = data.find("\xC6\x85\xB7\xE1\xFF\xFF\x00", index)
    if res == -1:

## sssp-solver.py
import socket, struct, os, binascii, base64, random, time, itertools
import telnetlib

def readline(sc, show = True):
    res = ""
    while len(res) == 0 or res[-1] != "\n":
        data = sc.recv(1)
        if len(data) == 0:
            print repr(res)
            raise Exception("Server disconnected")

## unlockme-solver.py

intmax = 0xffffffff

def ror(v, n):
    return (v >> n) | ((v << (32-n)) & intmax)

def op1(a, b, c):
    a ^= intmax
    c |= 0x8FD6F5D4
    a = ror(a, 10)

## makeflag.js
function get_flag() {
    s = "ASIS{";
    var r0 = 65;
    var r7 = 0;
    for (var r8 = 0; r8 <= 20; r8++) {
        var r9 = 47;
        r9 = r9 < r0;
        if (!(r9 < 58)) {
            r9 = 64;
            r9 = r9 < r0;

## lcm-solver.py
import socket, struct, os, binascii, base64, subprocess
import telnetlib

import base58

def readline(sc, show = True):
    res = ""
    while len(res) == 0 or res[-1] != "\n":
        data = sc.recv(1)
        if len(data) == 0:

## lights_solver.py
import binascii, sys

import psyco; psyco.full()

def main():
    # arr = [ord(x) for x in binascii.a2b_hex("C766FCD65CB60DE829633BA8D8B823526FF8239C1DD6DE73EB963536B3483346")]
    # print arr

    #data = open("data-original", "rb").read()[8:]

## babyenc_solution.py
# a b c d e f g h

# a^b b^c c^d d^e e^f f^g g^h

# a^c b^d c^e d^f e^g f^h

# a^b^c^d b^c^d^e c^d^e^f d^e^f^g e^f^g^h

# a^e b^f c^g d^h
	import struct

	f = open("onlyscanner.pcap", "rb")

	of = open("packetdata.raw", "wb")

	header = f.read(24)

	while True:
	pheader = f.read(16)
	import angr

	proj = angr.Project('./vgaloader.elf')
	state = proj.factory.entry_state()
	simgr = proj.factory.simgr(state)
	simgr.explore(find=0x000B8F9F)
	print repr(simgr.found[0].posix.dumps(0))
	import sys, struct

	def s2n(s):
	if s.startswith("0x"):
	if s.endswith("L"):
	s = s[:-1]
	n = int(s[2:], 16)
	else:
	n = int(s)
	import angr

	data = open("sakura-fdb3c896d8a3029f40a38150b2e30a79", "rb").read()
	findseq = []
	avoid = []
	index = 0
	count = 0
	while True:
	res = data.find("\xC6\x85\xB7\xE1\xFF\xFF\x00", index)
	if res == -1:
	import socket, struct, os, binascii, base64, random, time, itertools
	import telnetlib

	def readline(sc, show = True):
	res = ""
	while len(res) == 0 or res[-1] != "\n":
	data = sc.recv(1)
	if len(data) == 0:
	print repr(res)
	raise Exception("Server disconnected")

	intmax = 0xffffffff

	def ror(v, n):
	return (v >> n) \| ((v << (32-n)) & intmax)

	def op1(a, b, c):
	a ^= intmax
	c \|= 0x8FD6F5D4
	a = ror(a, 10)
	function get_flag() {
	s = "ASIS{";
	var r0 = 65;
	var r7 = 0;
	for (var r8 = 0; r8 <= 20; r8++) {
	var r9 = 47;
	r9 = r9 < r0;
	if (!(r9 < 58)) {
	r9 = 64;
	r9 = r9 < r0;
	import socket, struct, os, binascii, base64, subprocess
	import telnetlib

	import base58

	def readline(sc, show = True):
	res = ""
	while len(res) == 0 or res[-1] != "\n":
	data = sc.recv(1)
	if len(data) == 0:
	import binascii, sys

	import psyco; psyco.full()

	def main():
	# arr = [ord(x) for x in binascii.a2b_hex("C766FCD65CB60DE829633BA8D8B823526FF8239C1DD6DE73EB963536B3483346")]
	# print arr

	#data = open("data-original", "rb").read()[8:]
	# a b c d e f g h

	# a^b b^c c^d d^e e^f f^g g^h

	# a^c b^d c^e d^f e^g f^h

	# a^b^c^d b^c^d^e c^d^e^f d^e^f^g e^f^g^h

	# a^e b^f c^g d^h