brainfuck++ // initiate

brainfuck++_

Two secrets. One program. Two paths out.

Below is a brainfuck program. First run it (see the rules below), and it will tell you the rest.

matrix.bf<br>{const o=b.textContent;b.textContent='copied.';setTimeout(()=>b.textContent=o,1500)})})(this)">copy

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.,+[]]<br>,+[]],+[]],+[]],+[]],+[]],+[]]<br>>>++++++++++.+[]](@)&,+[]](@)&,+[]](@)&,+[]](@)<br>>>++++++++++.<br>+[]],+[]],+[]],+[]],+[]],+[]]<br>>>++++++++++.+[]](@)&,+[]](@)&,+[]](@)&,+[]](@)<br>>>++++++++++.

Spec: this is not standard brainfuck.<br>I/O operators are self-incrementing . They move the data pointer one cell to the right after executing.

. in BF++ is equivalent to .> in BF.

, in BF++ is equivalent to ,> in BF.

All other operators behave as in standard brainfuck. Keep this in mind before you use any off-the-shelf interpreter or lifter.

How to start?<br>A good starting point is angr-platforms/bf, the angr lifter for vanilla brainfuck. It needs a small patch before it can handle this dialect, because the dialect has jump targets that cross basic block boundaries.

Apply the patch below to angr_platforms/bf/lift_bf.py:

> download patch (0001-Implement-ccall-for-jump-targets-out-of-scope.patch)

That gets you to a working symbolic execution setup. The rest is on you.