FFY00 · October 21, 2018 21:57
diff --git a/output.log b/output.log
 2018-10-21 22:45:34,168: [15565] m.c.c.x86:WARNING: CPUID with EAX=80000000 not implemented @ 7ffffffcd26b
 2018-10-21 22:45:34,374: [15565] m.c.executor:ERROR: Exception: 
 Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/manticore/platforms/linux.py", line 2235, in execute
    self.current.execute()
  File "/usr/lib/python3.7/site-packages/manticore/core/cpu/abstractcpu.py", line 851, in execute
    raise e
  File "/usr/lib/python3.7/site-packages/manticore/core/cpu/abstractcpu.py", line 841, in execute
    implementation(*insn.operands)
  File "/usr/lib/python3.7/site-packages/manticore/core/cpu/abstractcpu.py", line 938, in new_method
    return old_method(cpu, *args, **kw_args)
  File "/usr/lib/python3.7/site-packages/manticore/core/cpu/x86.py", line 5331, in SYSCALL
    raise Syscall()
 manticore.core.cpu.abstractcpu.Syscall: CPU Syscall

 During handling of the above exception, another exception occurred:

 Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/manticore/core/executor.py", line 461, in run
    if not current_state.execute():
  File "/usr/lib/python3.7/site-packages/manticore/core/state.py", line 133, in execute
    result = self._platform.execute()
  File "/usr/lib/python3.7/site-packages/manticore/platforms/linux.py", line 2242, in execute
    self.syscall()
  File "/usr/lib/python3.7/site-packages/manticore/platforms/linux.py", line 2088, in syscall
    return self._syscall_abi.invoke(implementation)
  File "/usr/lib/python3.7/site-packages/manticore/core/cpu/abstractcpu.py", line 398, in invoke
    ret = super().invoke(model, prefix_args)
  File "/usr/lib/python3.7/site-packages/manticore/core/cpu/abstractcpu.py", line 349, in invoke
    result = model(*arguments)
  File "/usr/lib/python3.7/site-packages/manticore/platforms/linux.py", line 1413, in sys_arch_prctl
    assert code == ARCH_SET_FS
 AssertionError
diff --git a/solve.py b/solve.py
 #!/usr/bin/python

 from manticore import Manticore
 from manticore.models import strlen

 m = Manticore('main-sec-pw')

 buffer_addr=0
 num_bytes=127

 @m.hook(0x4141448e)
 def strlen_model(state):
    state.invoke_model(strlen)

 @m.hook(0x41414150)
 def hook(state):
    # Jump to the check
    state.cpu.EIP = 0x41414484

 @m.hook(0x41414484)
 def hook(state):
    solution = state.new_symbolic_buffer(num_bytes)
    state.constrain(solution[0] == ord('C'))
    state.constrain(solution[1] == ord('T'))
    state.constrain(solution[2] == ord('F'))
    state.constrain(solution[3] == ord('{'))
    buffer_addr=state.cpu.read_int(state.cpu.RSP)
    m.context[1] = buffer_addr
    print ("buffer addr : %08x " %(buffer_addr))
    state.cpu.write_bytes(buffer_addr, solution)

 @m.hook(0x41414553)
 def hook(state):
    print("Fail...")
    state.abandon()

 @m.hook(0x41414540)
 def hook(state):
    print("WIN!")
    buffer_addr = m.context[1]
    res = ''.join(map(chr, state.solve_buffer(buffer_addr, num_bytes)))
    print("flag is : %s"%(res))
    m.terminate()

 m.verbosity =1
 m.run(procs=10)
	2018-10-21 22:45:34,168: [15565] m.c.c.x86:WARNING: CPUID with EAX=80000000 not implemented @ 7ffffffcd26b
	2018-10-21 22:45:34,374: [15565] m.c.executor:ERROR: Exception:
	Traceback (most recent call last):
	File "/usr/lib/python3.7/site-packages/manticore/platforms/linux.py", line 2235, in execute
	self.current.execute()
	File "/usr/lib/python3.7/site-packages/manticore/core/cpu/abstractcpu.py", line 851, in execute
	raise e
	File "/usr/lib/python3.7/site-packages/manticore/core/cpu/abstractcpu.py", line 841, in execute
	implementation(*insn.operands)
	File "/usr/lib/python3.7/site-packages/manticore/core/cpu/abstractcpu.py", line 938, in new_method
	return old_method(cpu, args, *kw_args)
	File "/usr/lib/python3.7/site-packages/manticore/core/cpu/x86.py", line 5331, in SYSCALL
	raise Syscall()
	manticore.core.cpu.abstractcpu.Syscall: CPU Syscall

	During handling of the above exception, another exception occurred:

	Traceback (most recent call last):
	File "/usr/lib/python3.7/site-packages/manticore/core/executor.py", line 461, in run
	if not current_state.execute():
	File "/usr/lib/python3.7/site-packages/manticore/core/state.py", line 133, in execute
	result = self._platform.execute()
	File "/usr/lib/python3.7/site-packages/manticore/platforms/linux.py", line 2242, in execute
	self.syscall()
	File "/usr/lib/python3.7/site-packages/manticore/platforms/linux.py", line 2088, in syscall
	return self._syscall_abi.invoke(implementation)
	File "/usr/lib/python3.7/site-packages/manticore/core/cpu/abstractcpu.py", line 398, in invoke
	ret = super().invoke(model, prefix_args)
	File "/usr/lib/python3.7/site-packages/manticore/core/cpu/abstractcpu.py", line 349, in invoke
	result = model(*arguments)
	File "/usr/lib/python3.7/site-packages/manticore/platforms/linux.py", line 1413, in sys_arch_prctl
	assert code == ARCH_SET_FS
	AssertionError
	#!/usr/bin/python

	from manticore import Manticore
	from manticore.models import strlen

	m = Manticore('main-sec-pw')

	buffer_addr=0
	num_bytes=127

	@m.hook(0x4141448e)
	def strlen_model(state):
	state.invoke_model(strlen)

	@m.hook(0x41414150)
	def hook(state):
	# Jump to the check
	state.cpu.EIP = 0x41414484

	@m.hook(0x41414484)
	def hook(state):
	solution = state.new_symbolic_buffer(num_bytes)
	state.constrain(solution[0] == ord('C'))
	state.constrain(solution[1] == ord('T'))
	state.constrain(solution[2] == ord('F'))
	state.constrain(solution[3] == ord('{'))
	buffer_addr=state.cpu.read_int(state.cpu.RSP)
	m.context[1] = buffer_addr
	print ("buffer addr : %08x " %(buffer_addr))
	state.cpu.write_bytes(buffer_addr, solution)

	@m.hook(0x41414553)
	def hook(state):
	print("Fail...")
	state.abandon()

	@m.hook(0x41414540)
	def hook(state):
	print("WIN!")
	buffer_addr = m.context[1]
	res = ''.join(map(chr, state.solve_buffer(buffer_addr, num_bytes)))
	print("flag is : %s"%(res))
	m.terminate()

	m.verbosity =1
	m.run(procs=10)