Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
beginners ctf 2018 crackme
#!/usr/bin/env python
import angr
import claripy
def main():
p = angr.Project("./crackme")
key_length = 32
arg1 = claripy.BVS('arg1', key_length * 8)
initial_state = p.factory.entry_state(args=["./crackme", arg1], add_options={"BYPASS_UNSUPPORTED_SYSCALL"})
for b in arg1.chop(key_length):
initial_state.add_constraints(b != 0)
pg = p.factory.path_group(initial_state, immutable=False)
e = pg.explore(find=0x4009a2, avoid=[0x4009bd, 0x40081d, 0x40086d, 0x4008bd, 0x40090d, 0x40064d, 0x40069d, 0x400707, 0x400757])
for path in pg.found:
key = path.state.se.any_str(arg1)
print repr(key)
if __name__ == "__main__":
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.