Demo entry 6755057

1

   

Submitted by anonymous on Jul 24, 2018 at 13:22
Language: Python. Code size: 972 Bytes.

import angr
import sys

def get_value(vector, state):
	return state.solver.eval(vector)

def get_addr_value(addr, simgr, state):
	return simgr.active[0].mem[addr].uint32_t.concrete

def main():
        proj = angr.Project("test")
   	state = proj.factory.entry_state(stdin='a')
        simgr = proj.factory.simulation_manager(state)

   	while True :
		simgr.explore(find=0x3135a)
		state = simgr.found[0]
		simgr = proj.factory.simulation_manager(state)

		ebx = get_addr_value(get_value(state.regs.ebx, state), simgr, state)
		eax = get_value(state.regs.eax, state)
		if eax != ebx and eax & 0xffff0000 == 0 and ebx & 0xffff0000 == 0:
			if 0x41 < ebx and ebx < 0xff and 0x41 < eax and eax < 0xff:
				offset = eax - ebx
				sys.stdout.write(chr(ord('a')+offset))
				sys.stdout.flush()
		# reset
		simgr.explore(find=0x31341)
		state = simgr.found[0]
		simgr = proj.factory.simulation_manager(state)

if __name__ == '__main__':
	main()

This snippet took 0.00 seconds to highlight.

Back to the Entry List or Home.

Delete this entry (admin only).