35 lines
872 B
Python
35 lines
872 B
Python
import sys
|
|
import angr
|
|
import claripy
|
|
import time
|
|
|
|
# compiled on ubuntu 18.04 system:
|
|
# https://github.com/b01lers/b01lers-ctf-2020/tree/master/rev/100_little_engine
|
|
success = 0x0010133c
|
|
fail = 0x00101343
|
|
|
|
|
|
def main(argv):
|
|
path_to_binary = argv[1] # :string
|
|
project = angr.Project(path_to_binary)
|
|
|
|
# Start in main()
|
|
initial_state = project.factory.entry_state()
|
|
# Start simulation
|
|
simulation = project.factory.simgr(initial_state)
|
|
|
|
simulation.explore(find=success, avoid=fail)
|
|
|
|
# If found a way to reach the address
|
|
if simulation.found:
|
|
solution_state = simulation.found[0]
|
|
|
|
# Print the string that Angr wrote to stdin to follow solution_state
|
|
print(solution_state.posix.dumps(sys.stdin.fileno()))
|
|
else:
|
|
raise Exception('Could not find the solution')
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main(sys.argv)
|