import angr
import claripy
import logging
from pwn import *

logging.getLogger('angr').setLevel('DEBUG')

base = 0x00100000

input_len = 32

success = 0x001014a8
fail = 0x0010150b

proj = angr.Project("/home/simon/CTF/Blockharbor/rev/Reversing #1/chal", main_opts = {"base_addr": base})

flag_chars = [ claripy.BVS(f"flag_char{i}", 8) for i in range(input_len)]
flag = claripy.Concat( *flag_chars )

state = proj.factory.entry_state(args=["./chal"], remove_options={angr.options.LAZY_SOLVES}, stdin=flag)

for k in flag_chars:
    state.solver.add(k >= 0x00)
    state.solver.add(k <= 0xff)

simgr = proj.factory.simulation_manager(state)
simgr.explore(find=success)

if len(simgr.found) > 0:
    for found in simgr.found:
        print(found.posix.dumps(0))
        io = process("./chal")
        io.send(found.posix.dumps(0))
        print(io.recvall())

else:
    print(simgr)