Tags: rev angr 

Rating:

```py
# You have to pass the binary as an argument.

import angr
import claripy
import sys

def main(argv):
b = argv[1]
project = angr.Project(b)
length = 17
characters = [claripy.BVS('flag{-%d' %i, 8) for i in range(length)]
input_ = claripy.Concat(*characters + [claripy.BVV(b'\n')])

state = project.factory.full_init_state(args=["b"], stdin=input_)

simulate = project.factory.simulation_manager(state)
good_addr = 0x00001482
bad_addr = 0x00001461
simulate.explore(find=good_addr, avoid=bad_addr)

s = []
for j in simulate.deadended:
if b"Good Work!" in j.posix.dumps(1):
s.append(j)

valid = s[0].posix.dumps(0)
print(valid)

if __name__ == '__main__':
main(sys.argv)

# darkCTF{n0_5ymb0l1c,3x30}
```

Original writeup (https://github.com/csivitu/CTF-Write-ups/blob/master/DarkCTF%202020/Rev/Jack/exploit.py).