Skip to content

Instantly share code, notes, and snippets.

@ywkw1717

ywkw1717/beginners_ctf_2018_crackme_solve_angr.py

Created May 27, 2018 05:44
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ywkw1717/d06735283851b94603ee3f8c077a3ecb to your computer and use it in GitHub Desktop.
Save ywkw1717/d06735283851b94603ee3f8c077a3ecb to your computer and use it in GitHub Desktop.
Download ZIP
beginners ctf 2018 crackme
Raw
beginners_ctf_2018_crackme_solve_angr.py
#!/usr/bin/env python
import angr
import claripy
def main():
p = angr.Project("./crackme")
key_length = 32
arg1 = claripy.BVS('arg1', key_length * 8)
initial_state = p.factory.entry_state(args=["./crackme", arg1], add_options={"BYPASS_UNSUPPORTED_SYSCALL"})
for b in arg1.chop(key_length):
initial_state.add_constraints(b != 0)
pg = p.factory.path_group(initial_state, immutable=False)
e = pg.explore(find=0x4009a2, avoid=[0x4009bd, 0x40081d, 0x40086d, 0x4008bd, 0x40090d, 0x40064d, 0x40069d, 0x400707, 0x400757])
for path in pg.found:
key = path.state.se.any_str(arg1)
print repr(key)
if __name__ == "__main__":
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment