openECSC 2024 - Round 2

Category: rev

Description #

Good luck finding the secret word for my super secure program!

Attachments: anti-rev

Solution #

import angr

project = angr.Project("anti-rev", auto_load_libs=True)
simgr = project.factory.simulation_manager(p.factory.full_init_state())
simgr.explore(find=0x401def, avoid=0x401df8)
print(simgr.found[0].posix.dumps(0))

Bonus #

Use angr to disassemble and find address to search for.

import angr

project = angr.Project("anti-rev", auto_load_libs=False)
cfg = project.analyses.CFG(normalize=True)
for node in sorted(cfg.model.nodes(), key=lambda n: n.addr):
    if not node.is_simprocedure:
        node.block.pp()