|
| 1 | +# Lab6 |
| 2 | + |
| 3 | +## Introduction |
| 4 | + |
| 5 | +In this lab, you will write a `solve.py` to learn how to use angr to execute the binary and find the correct input symbolically. |
| 6 | + |
| 7 | +## Goal |
| 8 | + |
| 9 | +This challenge is designed to test your skills in reverse engineering and symbolic execution. You will be working with a stripped ELF binary (`chal`) that contains multiple layers of traps and complex logic. |
| 10 | + |
| 11 | +Your goal is to find **two secret 8-byte inputs** that cause the program to print the success message. You need to create a `solve.py` script that generates these two inputs and saves them as `1.txt` and `2.txt`. |
| 12 | + |
| 13 | +Hints for the Inputs |
| 14 | +* The solution for `1.txt` consists of 8 **alphanumeric** bytes. |
| 15 | +* The solution for `2.txt` consists of 8 bytes that may include **non-printable** characters. |
| 16 | +* Remember that your final `.txt` files should contain the 8-byte secret followed by a newline character (`\n`), for a total of 9 bytes. |
| 17 | + |
| 18 | +While other creative solutions might exist, this problem is specifically designed to be solved efficiently using **symbolic execution**. We strongly recommend using the **angr** framework to navigate the program's intricate paths and automatically solve for the correct inputs. |
| 19 | + |
| 20 | +## Requirement |
| 21 | + |
| 22 | +Your grade will be based on the following criteria: |
| 23 | + |
| 24 | +1. **(70%) Correctness**: |
| 25 | + * (30%) Your generated `1.txt` passes the check from `./validate.sh 1`. |
| 26 | + * (40%) Your generated `2.txt` passes the check from `./validate.sh 2`. |
| 27 | +2. **(30%) Solution Report**: |
| 28 | + * You must submit a report named `{student_id}_solution.pdf` (e.g., `314551001_solution.pdf`). |
| 29 | + * This report should clearly explain your methodology, the challenges you encountered, and how you solved them. If you used `angr`, describe the features you used. |
| 30 | + |
| 31 | +### Bonus |
| 32 | + |
| 33 | +1. **(10%)**: Your solution report is well-organized, easy to read, and includes clear code snippets with syntax highlighting. |
| 34 | +2. **(10%)**: You use **angr**. |
| 35 | + |
| 36 | +You will get 0 points if |
| 37 | +1. You modify any other files (`Makefile`, `validate.sh`, etc.) or patch the binary (`chal`) to simplify the challenge. |
| 38 | +2. You can't pass all CI on your PR. |
| 39 | + |
| 40 | +## Submission |
| 41 | + |
| 42 | +You need to commit and push the following files to your repository: |
| 43 | +1. Your `solve.py` script. |
| 44 | +2. The generated `1.txt` and `2.txt` files. |
| 45 | +3. Your final report, `{student_id}_solution.pdf`. |
| 46 | + |
| 47 | +You need to commit and push the corresponding changes to your repository, which contains the code that satisfies the aforementioned requirements. |
| 48 | + |
| 49 | +**Important**: The CI will **not** execute your `solve.py`. It will directly use the `1.txt` and `2.txt` files you commit to run the validation. Please ensure you have run your script locally to generate the correct files before committing. |
0 commit comments