[BUUCTF]REVERSE——[ACTF新生赛2020]rome

[ACTF新生赛2020]rome

附件

步骤

  1. 无壳,32位程序
    [BUUCTF]REVERSE——[ACTF新生赛2020]rome
  2. 32位ida载入,根据提示字符串“You are correct!”,找到关键函数func
 v15 = 'Q';
v16 = 's';
v17 = 'w';
v18 = '3';
v19 = 's';
v20 = 'j';
v21 = '_';
v22 = 'l';
v23 = 'z';
v24 = '4';
v25 = '_';
v26 = 'U';
v27 = 'j';
v28 = 'w';
v29 = '@';
v30 = 'l';
v31 = '\0';
printf("Please input:");
scanf("%s", &v5);
result = v5;
if ( v5 == 65 )
{
result = v6;
if ( v6 == 67 )
{
result = v7;
if ( v7 == 84 )
{
result = v8;
if ( v8 == 70 )
{
result = v9;
if ( v9 == 123 )
{
result = v14;
if ( v14 == 125 )
{
v1 = v10;
v2 = v11;
v3 = v12;
v4 = v13;
for ( i = 0; i <= 15; ++i )
{
if ( *((_BYTE *)&v1 + i) > 64 && *((_BYTE *)&v1 + i) <= 90 )// 大写字母
*((_BYTE *)&v1 + i) = (*((char *)&v1 + i) - 51) % 26 + 65;
if ( *((_BYTE *)&v1 + i) > 96 && *((_BYTE *)&v1 + i) <= 122 )// 小写字母
*((_BYTE *)&v1 + i) = (*((char *)&v1 + i) - 79) % 26 + 97;
}
for ( i = 0; i <= 15; ++i )
{
result = (unsigned __int8)*(&v15 + i);
if ( *((_BYTE *)&v1 + i) != (_BYTE)result )
return result;
}
result = printf("You are correct!");
}
}
}
}
}
}
return result;
}
  1. 程序很简单,就是让我们输入一个字符串,然后判断大小写,进行相应的运算,最后得到了程序开头的数组
    v15= [ ‘Q’,‘s’,‘w’,‘3’,‘s’,‘j’, ‘’,‘l’,‘z’,‘4’,’’,‘U’,‘j’,‘w’,’@’,‘l’ ]

由于加密运算里的那个%运算的逆运算很神奇,所以我就采取了最简单值观的暴力破解

v15= [ 'Q','s','w','3','s','j', '_','l','z','4','_','U','j','w','@','l' ]
flag="" for i in range(16):
for j in range(128):#ascii表上有127个字符,一个一个试吧
x=j
if chr(x).isupper():
x=(x-51)%26+65
if chr(x).islower():
x=(x-79)%26+97
if chr(x)==v15[i]:
flag+=chr(j) print ('flag{'+flag+'}')

[BUUCTF]REVERSE——[ACTF新生赛2020]rome

上一篇:[BUUCTF]REVERSE——[ACTF新生赛2020]easyre


下一篇:iOS经典面试题总结--内存管理