angr 04_angr_symbolic_stack 栈符号化

Posted 漫小牛

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了angr 04_angr_symbolic_stack 栈符号化相关的知识,希望对你有一定的参考价值。

文章目录


04_angr_symbolic_stack是angr的第5个例子,下载位置:https://github.com/jakespringer/angr_ctf

1 解题过程

import angr                                                                                                                
import sys 

def main(argv):
    bin_path = argv[1]
    p = angr.Project(bin_path)

    start_addr = 0x08048697
    init_state = p.factory.blank_state(addr=start_addr)

    padding_size = 8 
#   init_state.stack_push(init_state.regs.ebp)
    init_state.regs.ebp = init_state.regs.esp

    init_state.regs.esp -= padding_size

    pass1 = init_state.solver.BVS("pass1", 32) 
    pass2 = init_state.solver.BVS("pass2", 32) 
    
    init_state.stack_push(pass1)
    init_state.stack_push(pass2)

    sm = p.factory.simgr(init_state)

    def is_good(state):
        return b'Good Job' in state.posix.dumps(1)
    def is_bad(state):
        return b'Try again' in state.posix.dumps(1)

    sm.explore(find=is_good, avoid=is_bad)

    if sm.found:
        found_state = sm.found[0]
        password1 = found_state.solver.eval(pass1)

        password1 = found_state.solver.eval(pass1)
        password2 = found_state.solver.eval(pass2)
        print("Solution: {} {}".format(password1, password2))
    else:
        raise Exception("Solution not found")
        
if __name__ == '__main__':
    main(sys.argv)         

执行如下命令:

python 04.py 04_angr_symbolic_stack

得到solution:

Solution: 1704280884 2382341151

将该Solution作为程序的输入,经验证无误:

(angr) dist$ ./04_angr_symbolic_stack 
Enter the password: 1704280884 2382341151
Good Job.

以上是关于angr 04_angr_symbolic_stack 栈符号化的主要内容,如果未能解决你的问题,请参考以下文章

angr 04_angr_symbolic_stack 栈符号化

angr 04_angr_symbolic_stack 栈符号化

CTF 逆向工具angr的学习笔记

angr 00_angr_find demo

angr 00_angr_find demo

angr 00_angr_find demo