amatus · June 21, 2016 18:30
diff --git a/flag.py b/flag.py
 import angr

 proj = angr.Project('root_fs/bin/flag', load_options={"auto_load_libs": False})
 argv1 = angr.claripy.BVS("argv1", 0xE * 8)
 initial_state = proj.factory.entry_state(args=["./flag", argv1])
 initial_path = proj.factory.path(initial_state)
 path_group = proj.factory.path_group(initial_state)
 path_group.explore(find=0x10764, avoid=0x10768)
 found = path_group.found[0]
 print found.state.posix.dumps(1)
	import angr

	proj = angr.Project('root_fs/bin/flag', load_options={"auto_load_libs": False})
	argv1 = angr.claripy.BVS("argv1", 0xE * 8)
	initial_state = proj.factory.entry_state(args=["./flag", argv1])
	initial_path = proj.factory.path(initial_state)
	path_group = proj.factory.path_group(initial_state)
	path_group.explore(find=0x10764, avoid=0x10768)
	found = path_group.found[0]
	print found.state.posix.dumps(1)