DaniloNC · November 3, 2022 00:13
diff --git a/gistfile1.txt b/gistfile1.txt
 (angr) angr@109f4c4b9c89:/app$ time python3 solve.py  
 ...

 DEBUG   | 2022-11-03 00:12:24,788 | angr.storage.memory_mixins.paged_memory.paged_memory_mixin | reg.load(0xb8, 8, Iend_LE) = <BV64 0x404de2>
 <SimState @ 0x404de2>
 b'EKO{AFLFTW_b2379f00aa927b1372e8af7cc5c89200d9da229fe183c8cd01dc1969164d99f9}\x00'

 real	4m31.130s
 user	4m24.501s
 sys	0m6.173s
diff --git a/solve.py b/solve.py
 import angr
 import claripy

 import logging
 logging.getLogger('angr').setLevel('DEBUG')

 def main():
    proj = angr.Project('./dynamic', load_options={"auto_load_libs": False})
    argv1 = claripy.BVS("argv1", 8 * (0x4c + 1 ))
    initial_state = proj.factory.full_init_state(args=["./dynamic", argv1], add_options={angr.options.CGC_ZERO_FILL_UNCONSTRAINED_MEMORY}) 

    sm = proj.factory.simulation_manager(initial_state)

    
    sm.explore(find=0x404de2, avoid=0x404dd4)
    found = sm.found[0]
    print(found)
    return found.solver.eval(argv1, cast_to=bytes)

 if __name__ == '__main__':
    print(main())
	(angr) angr@109f4c4b9c89:/app$ time python3 solve.py
	...

	DEBUG \| 2022-11-03 00:12:24,788 \| angr.storage.memory_mixins.paged_memory.paged_memory_mixin \| reg.load(0xb8, 8, Iend_LE) = <BV64 0x404de2>
	<SimState @ 0x404de2>
	b'EKO{AFLFTW_b2379f00aa927b1372e8af7cc5c89200d9da229fe183c8cd01dc1969164d99f9}\x00'

	real 4m31.130s
	user 4m24.501s
	sys 0m6.173s
	import angr
	import claripy

	import logging
	logging.getLogger('angr').setLevel('DEBUG')

	def main():
	proj = angr.Project('./dynamic', load_options={"auto_load_libs": False})
	argv1 = claripy.BVS("argv1", 8 * (0x4c + 1 ))
	initial_state = proj.factory.full_init_state(args=["./dynamic", argv1], add_options={angr.options.CGC_ZERO_FILL_UNCONSTRAINED_MEMORY})

	sm = proj.factory.simulation_manager(initial_state)


	sm.explore(find=0x404de2, avoid=0x404dd4)
	found = sm.found[0]
	print(found)
	return found.solver.eval(argv1, cast_to=bytes)

	if __name__ == '__main__':
	print(main())