Created
April 5, 2019 13:19
-
-
Save aaronjeline/776c6280e78d1a10d6df7d1e82e24a50 to your computer and use it in GitHub Desktop.
Angr Script for solving LockPickSim
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import angr | |
| import sys | |
| def main(argv): | |
| path_to_binary = argv[1] | |
| project = angr.Project(path_to_binary) | |
| initial_state = project.factory.entry_state() | |
| simulation = project.factory.simgr(initial_state) | |
| def is_successful(state): | |
| stdout_output = state.posix.dumps(sys.stdout.fileno()) | |
| return b'Flag' in stdout_output | |
| def should_abort(state): | |
| stdout_output = state.posix.dumps(sys.stdout.fileno()) | |
| return b'Wrong' in stdout_output | |
| simulation.explore(find=is_successful, avoid=should_abort) | |
| if simulation.found: | |
| solution_state = simulation.found[0] | |
| print(solution_state.posix.dumps(sys.stdin.fileno())) | |
| else: | |
| raise Exception('Could not find the solution') | |
| if __name__ == '__main__': | |
| main(sys.argv) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment