1. IDA
2. 分析
- 本题与之前两题差不多
- 还是老思路
- 给simulation两个参数
- 然后返回结果
3.exp
import angr
p = angr.Project('02_angr_find_condition')
init_state = p.factory.entry_state()
sm = p.factory.simulation_manager(init_state)
def is_good(state):
return b'Good Job' in state.posix.dumps(1)
def is_bad(state):
return b'Try again' in state.posix.dumps(1)
sm.explore(find=is_good, avoid=is_bad)
if sm.found:
found_state = sm.found[0]
print("Solution:",found_state.posix.dumps(0))