读入从 文件中读取
# -*- encoding: utf-8 -*-
from __future__ import print_function
import angr
import sys
import claripy
'''
@文件 :angr_exp.py
@时间 :2020/04/24 19:40:49
@作者 :0xc4m3l
'''
def main(argv):
bin_patch = argv[1]
p = angr.Project(bin_patch)
start_addr = 0x80488D6
init_state = p.factory.blank_state(addr = start_addr)
filename = "MRXJKZYR.txt"
file_size = 0x40
password = init_state.solver.BVS("password", file_size*8)
# 保存创建一个 file 文件
sim_file = angr.storage.SimFile(filename, content=password, size=file_size)
# ngr.fs.insert 是将文件插入到文件系统中,需要文件名与符号化的文件
# 能读入创建的 符号文件 内容
init_state.fs.insert(filename, sim_file)
sm = p.factory.simgr(init_state)
def is_good(state):
return b"Good Job" in state.posix.dumps(1)
def is_bad(state):
return b"Try again" in state.posix.dumps(1)
sm.explore(find=is_good, avoid=is_bad)
if sm.found:
found_state = sm.found[0]
password_bytes = found_state.solver.eval(password, cast_to = bytes).decode('utf-8')
print("Solution : {}".format(password_bytes))
else:
raise Exception("No found")
if __name__ == '__main__':
main(sys.argv)