1.elf暴力破解尝试

尝试通过z3暴力破解1.elf

具体代码如下

from z3 import *  
f = Solver()  
DataCmp=[		
161, 186, 110, 70, 128, 244, 217, 170, 180, 54, 90,
204, 140, 30, 149, 33, 143, 67, 225, 19, 138, 168, 106,
66, 174, 251, 247, 165, 157, 11, 75, 222, 186, 0, 135,
35, 144, 70, 211, 223]
flag = [BitVec('flag[%2d]' % i, 8) for i in range(40)]  #初始化序列
out=[0]*40
v1=-85
v2=0     #创建约束求解器
for i in range(39):
    for j in range(50):
        v1^=j^v2^0x5f
        v2=v2+1
        out[i]=flag[i]^flag[(i+1)%40]^v1
for i in range(39):
    f.add(out[i]==DataCmp[i])
while(f.check()==sat):
    condition = []
    m = f.model()
    p=""
    for i in range(34):
        p+=chr(int("%s" % (m[flag[i]])))
        condition.append(flag[i]!=int("%s" % (m[flag[i]])))
    print(p)
    f.add(Or(condition))

通过对输出结果观察，仅是一堆乱码，通过ctrl+f寻找flag
也仅显示无结果，不知道到底哪里出了错误