Tags: python angr
Rating: 3.0
```
#!/usr/bin/env python
import angr
flag_address = 0x6ccd60
find = (0x400c6c, )
avoid = (0x400d5d, )
checking_address = 0x004009d8
p = angr.Project("./warmup")
state = p.factory.blank_state(addr=checking_address)
flag = state.se.BVS("flag_string", 30 * 8)
state.memory.store(flag_address, flag)
pg = p.factory.path_group(state)
pg.explore(find=find, avoid=avoid)
if len(pg.found) > 0:
found_path = pg.found[0]
flag_found = found_path.state.se.any_str(flag)
print "Flag found: {}".format(flag_found)
else:
print "Try smarter!!!"
```
