Skip to content
Permalink
master
Switch branches/tags
Go to file
@ltfish
Latest commit 139150e Oct 1, 2018 History
* Attempt to fix up gitbook samples. can't run tests since I'm on windows

* A bit of py3k work

* py3k broke into my house and ate my children

* Fix the apidoc warnings filter

* oh jesus

* Update usage of clemory

* okay. here we go

* Update autodoc options for the greater good

* *snaps fingers angrily*

* There's that migration document

* VERY important clarification

* tick

* Be CONSISTENT

* tock

* Destroy simuvex

* Mention the deprecation removals

* Attempt to fix up gitbook samples. can't run tests since I'm on windows

* A bit of py3k work

* py3k broke into my house and ate my children

* Fix the apidoc warnings filter

* oh jesus

* Update usage of clemory

* okay. here we go

* Update autodoc options for the greater good

* *snaps fingers angrily*

* There's that migration document

* VERY important clarification

* tick

* Be CONSISTENT

* tock

* Destroy simuvex

* Mention the deprecation removals

* Assume sphinx output is utf-8 so we can print the escape codes

* Strip custom_ prefix from CLE arguments which aren't really all that custom

* Add changelog entry, without finalized version number

* HEY DUMBASS: DO NOT DO THAT

* Add symbols_by_addr refactor information

* Give install instrucitons a facelift, nuke the windows-install stuff

* Un-deprecate simgr

* Fix markdown style of migration guide link (#214)

* CFGAccurate -> CFGEmulated (Do not lie to the users)

* Do NOT lie to the users!!!

* Update code samples for whatever

* Add gym and arm_spotter to api-doc

* Note the removal of immutable simgr
4 contributors

Users who have contributed to this file

@zardus @tyb0807 @ltfish @rhelmot
import logging
#l = logging.getLogger('angr.manager').setLevel(logging.DEBUG)
import angr
def solve(s):
p = angr.Project("challs/magic_dist/%s" % s,
auto_load_libs=False
)
cfg = p.analyses.CFG()
state = p.factory.blank_state(addr=0x400770)
sm = p.factory.simulation_manager(state)
sm.explore()
sol = sm.deadended[-1].posix.dumps(0).replace("\x00", "").replace("\n", "")
return sol
def main():
#solve("65cb596908789372c2d6fbeb0ac3a0e3a1089039138711a016ec3994ad5c7f10")
import pwn
host, port = "cm2k-magic_b46299df0752c152a8e0c5f0a9e5b8f0.quals.shallweplayaga.me", 12001
r = pwn.remote(host, port)
print(r.readuntil("newline\n"))
while True:
filename = r.readuntil("\n").strip("\n")
print(filename)
sol = solve(filename)
print(repr(sol))
data = sol.encode("base64")
print("Send this:" + data)
r.send(data)
if __name__ == "__main__":
main()