Tags: rev angr
Rating:
```py
# You have to pass the binary as an argument.
import angr
import claripy
import sys
def main(argv):
b = argv[1]
project = angr.Project(b)
length = 17
characters = [claripy.BVS('flag{-%d' %i, 8) for i in range(length)]
input_ = claripy.Concat(*characters + [claripy.BVV(b'\n')])
state = project.factory.full_init_state(args=["b"], stdin=input_)
simulate = project.factory.simulation_manager(state)
good_addr = 0x00001482
bad_addr = 0x00001461
simulate.explore(find=good_addr, avoid=bad_addr)
s = []
for j in simulate.deadended:
if b"Good Work!" in j.posix.dumps(1):
s.append(j)
valid = s[0].posix.dumps(0)
print(valid)
if __name__ == '__main__':
main(sys.argv)
# darkCTF{n0_5ymb0l1c,3x30}
```
