Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from angr import Project
- from claripy import BVS
- CONST_EXE_NAME = "crackme11.exe"
- result = 0x00800000
- start = 0x004014C0
- find = 0x00401658
- crack = Project(CONST_EXE_NAME)
- state = crack.factory.blank_state(addr=start)
- password = BVS('password', 37 * 8)
- state.memory.store(result, password)
- state.stack_push(result)
- state.stack_push(0)
- for i in range(0, 37):
- state.solver.add(password.get_byte(i) > 31)
- state.solver.add(password.get_byte(i) < 128)
- sm = crack.factory.simulation_manager(state)
- sm.explore(find=find, avoid=[0x00401527, 0x00401624])
- if sm.found:
- print(sm.found[0].solver.eval(password, cast_to=bytes))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement