angr

p = angr.Project(exe)

stdin =  simuvex.storage.file.SimFile("/dev/stdin", "r", size=flag_len)
files = {'/dev/stdin': stdin}

st =  p.factory.entry_state(fs=files)
state = st
for j in xrange(flag_len):
    byte = stdin.read_from(1)
    state.add_constraints(byte >= ord('a'))
    state.add_constraints(byte <= ord('r'))
    for i in xrange(ord('a'), ord('r')):
        if chr(i) in ['a','b','d','l','r','u']:
            continue
        state.add_constraints(byte != i)

stdin.seek(0)

path = p.factory.path(state=st)

ex = p.surveyors.Explorer(start=path, find=(good, ), avoid=(bad,))
ex.run()

WARNING | 2016-05-01 10:59:34,873 | simuvex.vex.irsb | <SimIRSB 0x400991> hit an error while analyzing statement 8
Traceback (most recent call last):
  File "/Users/jonasfelber/.pythonVenvs/env1/lib/python2.7/site-packages/simuvex/vex/irsb.py", line 97, in _handle_irsb
    self._handle_statements()
  File "/Users/jonasfelber/.pythonVenvs/env1/lib/python2.7/site-packages/simuvex/vex/irsb.py", line 223, in _handle_statements
    s_stmt = translate_stmt(self.irsb, stmt_idx, self.last_imark, self.state)
  File "/Users/jonasfelber/.pythonVenvs/env1/lib/python2.7/site-packages/simuvex/vex/statements/__init__.py", line 31, in translate_stmt
    s.process()
  File "/Users/jonasfelber/.pythonVenvs/env1/lib/python2.7/site-packages/simuvex/vex/statements/base.py", line 26, in process
    self._execute()
  File "/Users/jonasfelber/.pythonVenvs/env1/lib/python2.7/site-packages/simuvex/vex/statements/wrtmp.py", line 6, in _execute
    data = self._translate_expr(self.stmt.data)
  File "/Users/jonasfelber/.pythonVenvs/env1/lib/python2.7/site-packages/simuvex/vex/statements/base.py", line 36, in _translate_expr
    e = translate_expr(expr, self.imark, self.stmt_idx, self.state)
  File "/Users/jonasfelber/.pythonVenvs/env1/lib/python2.7/site-packages/simuvex/vex/expressions/__init__.py", line 14, in translate_expr
    e.process()
  File "/Users/jonasfelber/.pythonVenvs/env1/lib/python2.7/site-packages/simuvex/vex/expressions/base.py", line 38, in process
    self._execute()
  File "/Users/jonasfelber/.pythonVenvs/env1/lib/python2.7/site-packages/simuvex/vex/expressions/load.py", line 30, in _execute
    self.expr = self.state.memory.load(addr.expr, size, endness=self._expr.endness)
  File "/Users/jonasfelber/.pythonVenvs/env1/lib/python2.7/site-packages/simuvex/storage/memory.py", line 603, in load
    a,r,c = self._load(addr_e, size_e, condition=condition_e, fallback=fallback_e)
  File "/Users/jonasfelber/.pythonVenvs/env1/lib/python2.7/site-packages/simuvex/plugins/symbolic_memory.py", line 587, in _load
    addrs = self.concretize_read_addr(dst)
  File "/Users/jonasfelber/.pythonVenvs/env1/lib/python2.7/site-packages/simuvex/plugins/symbolic_memory.py", line 506, in concretize_read_addr
    return self._concretize_addr(addr, strategy=strategy, limit=limit, approx_limit=approx_limit, action='load')
  File "/Users/jonasfelber/.pythonVenvs/env1/lib/python2.7/site-packages/simuvex/plugins/symbolic_memory.py", line 457, in _concretize_addr
    raise SimMemoryAddressError("Unable to concretize address with the provided strategy.")
SimMemoryAddressError: Unable to concretize address with the provided strategy.