Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

HackCon 2016 (angry-reverser) does not work

See original GitHub issue

(angr)angr@c06036219af2:~/angr-dev/angr-doc/examples/hackcon2016_angry-reverser$ python solve.py 
Launching exploration
ERROR   | 2016-09-12 17:20:39,947 | angr.simos | Syscall 101 is not found for arch AMD64
ERROR   | 2016-09-12 17:20:39,950 | angr.simos | Syscall 101 is not found for arch AMD64
Traceback (most recent call last):
  File "solve.py", line 42, in <module>
    assert main() == "HACKCON{VVhYS04ngrY}"
  File "solve.py", line 35, in main
    final = ex.found[0].state
IndexError: list index out of range
Segmentation fault (core dumped)
(angr)angr@c06036219af2:~/angr-dev/angr-doc/examples/hackcon2016_angry-reverser$ pip list
ana (0.02, /home/angr/angr-dev/ana)
angr (5.6.8.22, /home/angr/angr-dev/angr)
angr-management (4.6.6.28, /home/angr/angr-dev/angr-management)
angr-only-z3-custom (4.4.1.post4)
archinfo (5.6.8.22, /home/angr/angr-dev/archinfo)
argparse (1.2.1)
astroid (1.4.8)
atom (0.3.10)
backports.functools-lru-cache (1.2.1)
backports.shutil-get-terminal-size (1.0.0)
backports.ssl-match-hostname (3.5.0.1)
bintrees (2.0.4)
cachetools (1.1.6)
capstone (3.0.4)
cffi (1.8.2)
claripy (5.6.8.22, /home/angr/angr-dev/claripy)
cle (5.6.8.22, /home/angr/angr-dev/cle)
configparser (3.5.0)
cooldict (1.02, /home/angr/angr-dev/cooldict)
coverage (4.2)
decorator (4.0.10)
distribute (0.7.3)
dpkt-fix (1.7)
enaml (0.9.8)
enum34 (1.1.6)
future (0.15.2)
futures (3.0.5)
idalink (0.10, /home/angr/angr-dev/idalink)
ipdb (0.10.1)
ipython (5.1.0)
ipython-genutils (0.1.0)
isort (4.2.5)
kiwisolver (0.1.3)
lazy-object-proxy (1.2.2)
mccabe (0.5.2)
monkeyhex (1.1, /home/angr/angr-dev/monkeyhex)
mulpyplexer (0.07, /home/angr/angr-dev/mulpyplexer)
networkx (1.11)
nose (1.3.7)
nose-timer (0.6.0)
pathlib2 (2.1.0)
pefile (2016.3.28)
pexpect (4.2.1)
pickleshare (0.7.4)
pip (1.5.4)
plumbum (1.6.2)
ply (3.9)
progressbar (2.3)
prompt-toolkit (1.0.7)
ptyprocess (0.5.1)
pycparser (2.14)
pyelftools (0.24)
Pygments (2.1.3)
pylint (1.6.4)
pyvex (5.6.8.22, /home/angr/angr-dev/pyvex)
rpyc (3.3.0)
setuptools (27.1.2)
simplegeneric (0.8.1)
simuvex (5.6.8.22, /home/angr/angr-dev/simuvex)
six (1.10.0)
superstruct (1.0, /home/angr/angr-dev/superstruct)
termcolor (1.1.0)
traitlets (4.3.0)
unicorn (1.0)
wcwidth (0.1.7)
websocket-client (0.37.0)
wrapt (1.10.8)
wsgiref (0.1.2)

Pinging @P1kachu (#87).

Issue Analytics

State:
Created 7 years ago
Comments:5 (5 by maintainers)

Top GitHub Comments

1reaction

ltfishcommented, Sep 12, 2016

All possible sources of a memory corruption in angr:

Z3.
Unicorn support in SimuVEX or Unicorn itself.
VEX and its Python binding (unlikely).

A core dump should be able to tell you which one is the culprit.

0reactions

Manouchehricommented, Oct 2, 2016

I’m no longer able to reproduce this error on my current machine, must have been something to do with my last setup.

Regardless, this isn’t an issue in angr-doc.

Top Results From Across the Web

HackCon 2016 - angry-reverser does not work #95 - GitHub

i met the same problem, the amd64 syscall table in simos.py, There is no Syscall to No. 101(ptrace), have anyone solve it? and...

HackCon 2016 - angry-reverser writeup (RE)

Security engineer. Reverse engineering, Writeups, Frankenstein Programming, Stupid ideas and discoveries is mostly what can be found here.

angr examples

This is a basic script that explains how to use angr to symbolically execute a program and produce concrete input satisfying certain conditions....

angr:python-based binary analysis framework ... - Vulners

angr is a python-based binary vulnerability analysis framework, it will previous a variety of analytical techniques integrated in, facilitate ...

Shell-Storm

... 2018-11-02 - HackCon 2016: angry-reverser (outdated solving for Triton use cases) ... Based on these issues, a binary dynamic analysis framework has...