源文件下载地址
链接:https://pan.baidu.com/s/135XhpGPAF4_DACuSryQrbA 提取码:f0ra
0X1查看有无加壳
没有壳
0X2拖到IDA上面打开
获取伪代码,按F5进行反编译
代码
1 int __cdecl main(int argc, const char **argv, const char **envp) 2 { 3 char *v3; // rsi@1 4 __int64 v4; // rax@8 5 signed int i; // [sp+2Ch] [bp-124h]@2 6 char v7[264]; // [sp+40h] [bp-110h]@1 7 __int64 v8; // [sp+148h] [bp-8h]@1 8 9 v8 = *(_QWORD *)__stack_chk_guard_ptr; 10 memset(v7, 0, 0x100uLL); 11 v3 = (char *)256; 12 printf("Input your flag:\n", 0LL); 13 get_line(v7, 256LL); 14 if ( strlen(v7) != 33 ) 15 goto LABEL_13; 16 for ( i = 1; i < 33; ++i ) 17 v7[i] ^= v7[i - 1]; 18 v3 = global; 19 if ( !strncmp(v7, global, 0x21uLL) ) 20 printf("Success", v3); 21 else 22 LABEL_13: 23 printf("Failed", v3); 24 v4 = *(_QWORD *)__stack_chk_guard_ptr; 25 if ( *(_QWORD *)__stack_chk_guard_ptr == v8 ) 26 LODWORD(v4) = 0; 27 return v4; 28 }
0X3进行代码分析
第十四行代码和十六行代码告诉我们FLAG的字符长度为33
这里的输入一个长度为33的字符串,然后字符串里面的每个字母与前面的字母进行异或(ASCII码)
0X4点击"Input your flag:\n",提取里面的值
0X5开始写脚本
1 str = [ 2 0x66, 0x0A, 0x6B, 0x0C, 0x77, 0x26, 0x4F, 0x2E, 0x40, 0x11, 3 0x78, 0x0D, 0x5A, 0x3B, 0x55, 0x11, 0x70, 0x19, 0x46, 0x1F, 4 0x76, 0x22, 0x4D, 0x23, 0x44, 0x0E, 0x67, 0x06, 0x68, 0x0F, 5 0x47, 0x32, 0x4F, 0x00] #str:数组 6 flag = chr(str[0]) 7 i = 1 8 while True: 9 if i<len(str): 10 flag +=chr(str[i] ^ str[i-1]) 11 i +=1 12 else: 13 break 14 print(flag)
得到FLAG
flag{QianQiuWanDai_YiTongJiangHu}
© 著作权归作者所有
举报
发表评论
0/200