Advertisement
saleks28

tsuib_1_pswd

Jan 31st, 2021
1,443
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 0.64 KB | None | 0 0
  1. from angr import Project
  2. from claripy import BVS
  3.  
  4. CONST_EXE_NAME = "crackme11.exe"
  5.  
  6. result = 0x00800000
  7. start = 0x004014C0
  8. find = 0x00401658
  9.  
  10. crack = Project(CONST_EXE_NAME)
  11. state = crack.factory.blank_state(addr=start)
  12.  
  13. password = BVS('password', 37 * 8)
  14. state.memory.store(result, password)
  15. state.stack_push(result)
  16. state.stack_push(0)
  17.  
  18. for i in range(0, 37):
  19.     state.solver.add(password.get_byte(i) > 31)
  20.     state.solver.add(password.get_byte(i) < 128)
  21.  
  22. sm = crack.factory.simulation_manager(state)
  23. sm.explore(find=find, avoid=[0x00401527, 0x00401624])
  24. if sm.found:
  25.     print(sm.found[0].solver.eval(password, cast_to=bytes))
  26.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement