feat: lab8

YingMuo · YingMuo · commit 4eaa2443308b · 2025-05-15T12:39:39.000+08:00
diff --git a/.github/workflows/lab-autograding.yml b/.github/workflows/lab-autograding.yml
@@ -45,7 +45,7 @@ jobs:
                       const files = await github.rest.pulls.listFiles({ owner, repo, pull_number: issue_number });
                       const changedFiles = files.data.map((file) => file.filename);
                       const allowedFileRegex = /^lab\d+\/main_test.js$/;
-                      const specialChangedFiles = ["lab0/lab0.js", "lab5/antiasan.c", "lab6/llvm-pass.so.cc"];
+                      const specialChangedFiles = ["lab0/lab0.js", "lab5/antiasan.c", "lab6/llvm-pass.so.cc", "lab8/solve.py"];
                       if (!changedFiles.every((file) => (allowedFileRegex.test(file) || specialChangedFiles.includes(file)))) {
                         core.setFailed('The PR contains changes to files other than the allowed files.');
                       }
diff --git a/lab5/antiasan.c b/lab5/antiasan.c
@@ -1,9 +1,6 @@
-#include <sanitizer/asan_interface.h>
+#include <string.h>
 
-//TODO:
 void antiasan(unsigned long addr)
 {
-    // __asan_unpoison_memory_region((void *)addr, 64);
-    // __asan_unpoison_memory_region((void *)addr, 128);
-    __asan_unpoison_memory_region((void *)addr, 256);
-}
+
+}
diff --git a/lab8/Makefile b/lab8/Makefile
@@ -0,0 +1,8 @@
+all:
+	gcc -o chal -no-pie chal.c
+
+run:
+	./solve.py | ./chal
+
+clean:
+	rm chal
diff --git a/lab8/README.md b/lab8/README.md
@@ -0,0 +1,28 @@
+# Lab8
+
+## Introduction
+
+In this lab, you will write a angr script in `solve.py` to crack secret key in `chal.c` and get flag.
+
+## Preparation (Important!!!)
+
+1. Sync fork your branch (e.g., `SQLab:311XXXXXX`)
+2. `git checkout -b lab8` (**NOT** your student ID !!!)
+
+## Requirement
+
+(100%) Write a angr script and satisfy following requirements.
+1. Explore flag is in stdout or not by angr to solve secret key.
+2. Write secret key to stdout, and `validate.sh` pass it to `./chal` to check secret key.
+You can run `validate.sh` in your local to test if you satisfy the requirements.
+
+Please note that you must not alter files other than `solve.py`. You will get 0 points if
+
+1. you modify other files to achieve requirements.
+2. you can't pass all CI on your PR.
+
+## Submission
+
+You need to open a pull request to your branch (e.g. 311XXXXXX, your student number) and contain the code that satisfies the abovementioned requirements.
+
+Moreover, please submit the URL of your PR to E3. Your submission will only be accepted when you present at both places.
diff --git a/lab8/ans b/lab8/ans
@@ -0,0 +1,2 @@
+./solve.py | ./chal
+Enter the secret key: Correct! The flag is: CTF{symbolic_execution_for_the_win}
diff --git a/lab8/chal.c b/lab8/chal.c
@@ -0,0 +1,33 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+void gate(const char *input)
+{
+    if (strlen(input) != 8) {
+        return;
+    }
+
+    if ((input[0] ^ input[1]) != 0x55) return;
+    if ((input[2] + input[3]) != 200) return;
+    if ((input[4] * 3) != input[5]) return;
+    if ((input[6] - input[7]) != 1) return;
+
+    if ((input[1] + input[2] - input[3]) != 50) return;
+    if ((input[5] ^ input[6]) != 0x2A) return;
+
+    puts("Correct! The flag is: CTF{symbolic_execution_for_the_win}");
+    exit(0);
+}
+
+int main()
+{
+    char input[0x10] = {0};
+    printf("Enter the secret key: ");
+    fgets(input, sizeof(input), stdin);
+    input[strcspn(input, "\n")] = 0; // Strip newline
+    gate(input);
+    puts("Wrong key!");
+    return 0;
+}
+
diff --git a/lab8/solve.py b/lab8/solve.py
@@ -0,0 +1,11 @@
+#!/usr/bin/env python3
+
+import angr,sys
+
+def main():
+    secret_key = b""
+    sys.stdout.buffer.write(secret_key)
+
+
+if __name__ == '__main__':
+    main()
diff --git a/lab8/validate.sh b/lab8/validate.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# Check for unwanted files
+for file in *; do
+  if [[ $file != "solve.py" && $file != "chal.c" && $file != "Makefile" && $file != "README.md" && $file != "validate.sh" && $file != "ans" ]]; then
+    echo "[!] Unwanted file detected: $file."
+    exit 1
+  fi
+done
+
+test_path="${BASH_SOURCE[0]}"
+solution_path="$(realpath .)"
+tmp_dir=$(mktemp -d -t lab8-XXXXXXXXXX)
+answer=""
+
+cd $tmp_dir
+
+rm -rf *
+cp $solution_path/Makefile .
+cp $solution_path/ans .
+cp $solution_path/*.c .
+cp $solution_path/*.py .
+
+make
+make run > out
+result=$(diff --strip-trailing-cr ans out)
+if [[ -n $result ]]; then
+  echo "[!] Expected: "
+  cat ans
+  echo ""
+  echo "[!] Actual:   "
+  cat out
+  echo ""
+  exit 1
+else
+  echo "[V] Pass"
+fi
+
+rm -rf $tmp_dir
+
+exit 0
+
+# vim: set fenc=utf8 ff=unix et sw=2 ts=2 sts=2:

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ jobs:`
`45`	`45`	`const files = await github.rest.pulls.listFiles({ owner, repo, pull_number: issue_number });`
`46`	`46`	`const changedFiles = files.data.map((file) => file.filename);`
`47`	`47`	`const allowedFileRegex = /^lab\d+\/main_test.js$/;`
`48`		`- const specialChangedFiles = ["lab0/lab0.js", "lab5/antiasan.c", "lab6/llvm-pass.so.cc"];`
	`48`	`+ const specialChangedFiles = ["lab0/lab0.js", "lab5/antiasan.c", "lab6/llvm-pass.so.cc", "lab8/solve.py"];`
`49`	`49`	`if (!changedFiles.every((file) => (allowedFileRegex.test(file) \|\| specialChangedFiles.includes(file)))) {`
`50`	`50`	`core.setFailed('The PR contains changes to files other than the allowed files.');`
`51`	`51`	`}`
-Original file line number
+Diff line change
@@ @@ -0,0 +1,8 @@ @@
 +all:
 +	gcc -o chal -no-pie chal.c
++
 +run:
 +	./solve.py | ./chal
++
 +clean:
 +	rm chal
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+./solve.py \| ./chal`
	`2`	`+Enter the secret key: Correct! The flag is: CTF{symbolic_execution_for_the_win}`