45.sudoku

复制本地路径 | 在线编辑

This is an algorithm problem rather than a pwn problem.

A typical problem using DFS to solve. A part of the exp.py:

def dfs():
    for i in range(9):
        for j in range(9):
            if table[i][j] == 0:
                for value in range(1, 10):
                    table[i][j] = value
                    if check(i, j) and require(i, j) and dfs():
                        return True
                    table[i][j] = 0

                return False

    return True

sh = remote('pwnable.kr', 9016)
sh.recvuntil('press enter to see example.')
sh.sendline('')
sh.recvuntil('press enter to start game')
sh.sendline('')

for i in range(100):
    print(sh.recvuntil('\n\n'))

    table = []
    for i in range(9):
        data = sh.recvuntil('\n', drop=True)
        table.append( ast.literal_eval(data.decode('utf-8')) )

    print(sh.recvuntil('should be '))
    require_1 = sh.recvuntil(' ', drop=True).decode('utf-8')
    print(sh.recvuntil('than '))
    require_2 = int( sh.recvuntil('\n', drop=True), 10 )

    print(require_1)
    print(require_2)

    require_list = []
    while True:
        data = sh.recvline().decode('utf-8')
        if data[0] == 's':
            break
        require_list.append( [ int(data[13])-1, int(data[15])-1 ] )

    for i in table:
        print(i)
    print(require_list)
    dfs()
    for i in table:
        print(i)
    sh.sendline(json.dumps(table))
    sh.recvuntil('cheking your solution...\n')
    print(sh.recvuntil('\n'))

sh.interactive()