Nathan Farlow nathanfarlow

I hereby claim:

To claim this, I am signing this object:

	from pwn import *

	# Any linux/windows x86 shellcode will work great as long as there is no \x00 or \x0a.
	# This shellcode opens gnome-calculator.
	shellcode = b'\x31\xc0\x83\xec\x01\x88\x04\x24\x68\x61\x74\x6f\x72\x68\x6c\x63\x75\x6c\x68\x65\x2d\x63\x61\x68\x67\x6e\x6f\x6d\x68\x3d\x3a\x30\x20\x68\x50\x4c\x41\x59\x66\x68\x49\x53\x83\xec\x01\xc6\x04\x24\x44\x89\xe6\x83\xec\x01\x88\x04\x24\x66\x68\x2d\x63\x83\xec\x01\x88\x04\x24\x68\x62\x61\x73\x68\x68\x62\x69\x6e\x2f\x68\x75\x73\x72\x2f\x83\xec\x01\xc6\x04\x24\x2f\x50\x56\x83\xee\x03\x56\x83\xee\x0e\x56\xb0\x0b\x89\xf3\x89\xe1\x31\xd2\xcd\x80\xb0\x01\x31\xdb\xcd\x80'

	def gen_payload():

	payload_len = 2052

	def solve(f, inverse, period, target, bits):
	"""Find some integer n such that f(n) ≈ target where f is periodic and
	invertible"""

	inverse = inverse(target.n(bits))
	period = period.n(bits)

	basis1 = [1 * 2*bits, 0, 0, inverse 2**bits]
	basis2 = [0, 1, 0, period * 2**bits]
	basis3 = [0, 0, 1, -1 * 2**bits]

	# python3 swaperator.py
	# Make sure to use CPython!

	import ctypes as c

	r = lambda x: c.c_size_t.from_address(x).value
	n = r((t := r(id(int) + 96)) + 16)
	c.c_size_t.from_address(t).value = n

	a = 5

	import angr
	import claripy

	# Create a new project with the ./angry binary
	project = angr.Project('./angry')

	# It's OK if this is a (reasonable) overestimate, but
	# it cannot be an underestimate.
	flag_len = 50

	// gcc weast.c -o weast
	// ./weast
	#include<stdio.h>
	#include<stdlib.h>
	#define t <<34)*29,!x?printf("%s\n",&c):c,y:d;
	#define s sizeof(w)*x),srand(y),c=rand()+(1l
	#define a main(x+2,~x)+((w)x["L\|)\x1d"]<<
	#define e c,d=unix>linux;return!(--x&4)?y=
	#define w long long
	main(int x,int y){w e a s t}