jakespringer / angr_ctf Goto Github PK
View Code? Open in Web Editor NEWLicense: GNU General Public License v3.0
License: GNU General Public License v3.0
Eventually, this README will have information about building, installing, and playing the levels. Currently, if you want to play around with them, take a look at package.py, which builds the levels, and dist/ which generally has an up-to-date build of each of the levels. A Makefile is included that performs an automated build for both a local installation and for the MetaCTF web installation. A list of users is passed in via the USERS environment variable which will then build the binaries for each user listed. Build binaries in obj/{foo,bar}/angr make USERS='foo bar' local Build binaries in upper-level MetaCTF repo ../www/static/obj/{foo,bar}/angr make USERS='foo bar' web
Hello,
I would like to contribute to the project.
I would like to add instructions for (at least) the local installation and also present a walkthrough for the few first levels, to help people getting started.
Is that okay with you ? is there some guideline that you would like me take into account ?
You can expect a first draft during the next weeks.
(angr) angr@fed003dbb7b2:~/angr_ctf/solutions/07_angr_symbolic_file$ python solve07.py 07_angr_symbolic_file
Traceback (most recent call last):
File "solve07.py", line 130, in <module>
main(sys.argv)
File "solve07.py", line 91, in main
password_file = angr.storage.SimFile(filename, file_options, content=symbolic_file_backing_memory, size=symbolic_file_size_bytes)
TypeError: __init__() got multiple values for argument 'content'
Hi,
I was trying to solve 12_angr_veritesting, but I am not getting a solution even though I have enabled veritesting. This is the script I used:
import sys
import angr
import logging
logging.getLogger('angr').setLevel('DEBUG')
win = 0x08048686
lose = 0x08048698
proj = angr.Project("./12_angr_veritesting")
state = proj.factory.entry_state()
sm = proj.factory.simulation_manager(state, veritesting = True)
sm.explore(find=win,avoid=lose)
found=sm.found[0]
print found.posix.dumps(sys.stdin.fileno())
I get this at the the end of the output when I run it:
DEBUG | 2018-03-21 15:59:36,528 | angr.manager | Filtering 1 states
DEBUG | 2018-03-21 15:59:36,529 | angr.manager | ... state <SimState @ 0x80486f1> matched!
DEBUG | 2018-03-21 15:59:36,529 | angr.manager | ... returning 1 matches and 0 non-matches
DEBUG | 2018-03-21 15:59:36,529 | angr.manager | Filtering 0 states
DEBUG | 2018-03-21 15:59:36,529 | angr.manager | ... returning 0 matches and 0 non-matches
INFO | 2018-03-21 15:59:36,529 | angr.analyses.veritesting | Returning new paths: (successful: 0, deadended: 0, errored: 0, deviated: 1)
DEBUG | 2018-03-21 15:59:36,529 | angr.manager | Out of states in stash active
DEBUG | 2018-03-21 15:59:36,530 | angr.manager | Out of states in stash active
Traceback (most recent call last):
File "angr12_test.py", line 15, in <module>
found=sm.found[0]
IndexError: list index out of range
I also tried running the solution script given, which also didn't work and gave this:
DEBUG | 2018-03-21 16:10:57,423 | angr.manager | Filtering 1 states
DEBUG | 2018-03-21 16:10:57,423 | angr.manager | ... state <SimState @ 0x80486f1> matched!
DEBUG | 2018-03-21 16:10:57,423 | angr.manager | ... returning 1 matches and 0 non-matches
DEBUG | 2018-03-21 16:10:57,423 | angr.manager | Filtering 0 states
DEBUG | 2018-03-21 16:10:57,423 | angr.manager | ... returning 0 matches and 0 non-matches
INFO | 2018-03-21 16:10:57,424 | angr.analyses.veritesting | Returning new paths: (successful: 0, deadended: 0, errored: 0, deviated: 1)
DEBUG | 2018-03-21 16:10:57,424 | angr.manager | Out of states in stash active
DEBUG | 2018-03-21 16:10:57,424 | angr.manager | Out of states in stash active
Traceback (most recent call last):
File "solve12.py", line 45, in <module>
main(sys.argv)
File "solve12.py", line 42, in main
raise Exception('Could not find the solution')
Exception: Could not find the solution
Can someone explain what's going wrong here? and what does enabling veritesting really do?
angr 8.0 has dropped python 2 support, so this should probably be updated accordingly.
Scaffold and solution challenge 07 are not working with latest angr, because SimFile class changed.
This is working code with latest version of angr for the filesystem part:
filename = "OJKSQYDP.txt" # :string
symbolic_file_size_bytes = 64
password = claripy.BVS('password', symbolic_file_size_bytes * 8)
password_file = angr.storage.SimFile(filename, content=password, size=symbolic_file_size_bytes)
initial_state.fs.insert(filename, password_file)
simulation = project.factory.simgr(initial_state)
I tried it on my own and tried it using the solver, in both I receive 0 0 0
.
Using the solver:
(angr) angr@5364d74d028c:/ctf$ python solver03.py 03_angr_symbolic_registers
0 0 0
My own script:
(angr) angr@5364d74d028c:/ctf$ python scaffold03.py 03_angr_symbolic_registers
WARNING | 2022-05-25 00:56:49,072 | angr.storage.memory_mixins.default_filler_mixin | The program is accessing register with an unspecified value. This could indicate unwanted behavior.
WARNING | 2022-05-25 00:56:49,072 | angr.storage.memory_mixins.default_filler_mixin | angr will cope with this by generating an unconstrained symbolic variable and continuing. You can resolve this by:
WARNING | 2022-05-25 00:56:49,072 | angr.storage.memory_mixins.default_filler_mixin | 1) setting a value to the initial state
WARNING | 2022-05-25 00:56:49,072 | angr.storage.memory_mixins.default_filler_mixin | 2) adding the state option ZERO_FILL_UNCONSTRAINED_{MEMORY,REGISTERS}, to make unknown regions hold null
WARNING | 2022-05-25 00:56:49,072 | angr.storage.memory_mixins.default_filler_mixin | 3) adding the state option SYMBOL_FILL_UNCONSTRAINED_{MEMORY,REGISTERS}, to suppress these messages.
WARNING | 2022-05-25 00:56:49,072 | angr.storage.memory_mixins.default_filler_mixin | Filling register ebp with 4 unconstrained bytes referenced from 0x804898c (main+0x32 in 03_angr_symbolic_registers (0x804898c))
WARNING | 2022-05-25 00:56:49,241 | angr.storage.memory_mixins.default_filler_mixin | Filling memory at 0xffffffed with 4 unconstrained bytes referenced from 0x804898c (main+0x32 in 03_angr_symbolic_registers (0x804898c))
WARNING | 2022-05-25 00:56:49,398 | angr.storage.memory_mixins.default_filler_mixin | Filling memory at 0xfffffff1 with 4 unconstrained bytes referenced from 0x804899f (main+0x45 in 03_angr_symbolic_registers (0x804899f))
WARNING | 2022-05-25 00:56:49,585 | angr.storage.memory_mixins.default_filler_mixin | Filling memory at 0xfffffff5 with 4 unconstrained bytes referenced from 0x80489b2 (main+0x58 in 03_angr_symbolic_registers (0x80489b2))
0 0 0
Trying 0 0 0
(angr) angr@5364d74d028c:/ctf$ ./03_angr_symbolic_registers
Enter the password: 0 0 0
Try again.
(angr) angr@5364d74d028c:/ctf$
Running python3 scaffold11.py 11_angr_sim_scanf
produces 1448564819 1398294103
on an ubuntu environment and yields the correct password for the challenge. Running the script on windows produces 1179604559 1146114388
and fails on the challenge. Any idea why this could happen?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.