前言
时间真的不多咯。这次来看看如何编写简单高效的angr脚本,如何进行设置约束条件。
题目五unbreakable
题目链接
我先贴上自己写的粗糙的脚本:
# -*-coding:utf-8-*-
from angr import *
import logging,claripy,archinfo
logging.getLogger('angr.manager').setLevel(logging.DEBUG)
START_ADDR = 0x4005bd
AVOID_ADDR = 0x400850
FIND_ADDR = 0x40083E
INPUT_LENGTH = 0xf2 - 0xc0 + 1
def main():
p = Project("unbreakable-enterprise-product-activation",auto_load_libs=False)
arg1=claripy.BVS("arg1",0x43*8)
args=[p.filename,arg1]
print('adding BitVectors and constraints')
# state = p.factory.entry_state(addr=START_ADDR, add_options={options.LAZY_SOLVES})
state = p.factory.entry_state(args=args,add_options={options.LAZY_SOLVES})
state.libc.buf_symbolic_bytes=0x43 + 1
<