Skip to content

Instantly share code, notes, and snippets.

@k3170makan

k3170makan/angr-example.py

Created December 29, 2019 11:45
Show Gist options
  • Save k3170makan/dc99f67d3addd3bca127e76ca465f6ee to your computer and use it in GitHub Desktop.
Save k3170makan/dc99f67d3addd3bca127e76ca465f6ee to your computer and use it in GitHub Desktop.
Download ZIP
Raw
angr-example.py
#!/usr/bin/python3
import angr
import sys
import claripy
def solve(elf_binary="./binary.elf"):
project = angr.Project(elf_binary)
arg = claripy.BVS('arg',8*0x20)
initial_state = project.factory.entry_state(args=[elf_binary,arg])
simulation = project.factory.simgr(initial_state)
simulation.explore(find=is_successful)
print("[i] >(%d)" % (len(simulation.found)))
if len(simulation.found) > 0:
for solution_state in simulation.found:
print("[>>] {!r}".format(solution_state.solver.eval(arg,cast_to=bytes)))
def is_successful(state):
output = state.posix.dumps(sys.stdout.fileno())
if b'Jackpot' in output:
return True
return False
if __name__=="__main__":
if len(sys.argv) < 2:
print("[*] need 2 arguments\nUsage: %s [binary path] [target address]")
solve(sys.argv[1])
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment