Last active
March 24, 2019 16:48
-
-
Save FrankSpierings/87323a09b201fa40be7a3b27b0fa768e to your computer and use it in GitHub Desktop.
Simple Angr solver of 1 function
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import angr | |
| import claripy | |
| proj = angr.Project('./test', main_opts={'custom_base_addr': 0x00100000}) | |
| arg1 = claripy.BVS('arg1', 8) | |
| state = proj.factory.call_state(proj.loader.find_symbol('check').rebased_addr, arg1) | |
| sm = proj.factory.simgr(state) | |
| sm.explore(find=lambda s: b"You win" in s.posix.dumps(1)) | |
| for found in sm.found: | |
| print(hex(found.solver.eval(arg1))) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <string.h> | |
| int foo(int a, int b) { | |
| return a*2+b; | |
| } | |
| int bar(char *s) { | |
| printf("Hello World: %s\n", s); | |
| return 1; | |
| } | |
| void check(char key) { | |
| char data[]="\xce\xe3\xea\xea\xe9\xf1\xe9\xf4\xea\xe2\xa7"; | |
| for (int i=0; i < strlen(data); i++) { | |
| data[i] = data[i] ^ key; | |
| } | |
| if (strcmp(data, "Helloworld!") == 0) { | |
| printf("You win\n"); | |
| } | |
| else{ | |
| printf("I win\n"); | |
| } | |
| } | |
| void main() { | |
| printf("Starting the program\n"); | |
| printf("Result: %d\n", foo(8,3)); | |
| bar("lalalala"); | |
| int key; | |
| printf("input: "); | |
| scanf("%d", &key); | |
| check((char)key); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment