buuctf reverse [UTCTF2020]babymips

die 查看发现是mips的指令集,无壳,直接拖进ida

buuctf reverse [UTCTF2020]babymips

初看逻辑应该比较简单,跟进函数。

buuctf reverse [UTCTF2020]babymips

这个函数里面是程序的主要逻辑,可以看到一个异或的操作,之前在上面可以找到一串密文。

猜测逻辑是,将flag的每一个字符与23加一开始进行异或。

str = [0x62,0x6C,0x7F,0x76,0x7A,0x7B,0x66,0x73,0x76,0x50,0x52,0x7D,0x40,0x54,0x55,0x79,0x40,0x49,0x47,0x4D,0x74,0x19,0x7B,0x6A,0x42,0x0A,0x4F,0x52,0x7D,0x69,0x4F,0x53,0x0C,0x64,0x10,0x0F,0x1E,0x4A,0x67,0x03,0x7C,0x67,0x02,0x6A,0x31,0x67,0x61,0x37,0x7A,0x62,0x2C,0x2C,0x0F,0x6E,0x17,0x00,0x16,0x0F,0x16,0x0A,0x6D,0x62,0x73,0x25,0x39,0x76,0x2E,0x1C,0x63,0x78,0x2B,0x74,0x32,0x16,0x20,0x22,0x44,0x19]
flag = ‘‘
for i in range(len(str)):
    flag+=chr(str[i] ^ (23+i))
print(flag)

utflag{mips_cpp_gang_5VDm:~`N]ze;\)5%vZ=C‘C(r#$q=*efD"ZNY_GX>6&sn.wF8$v*mvA@‘}

os:这flag看着跟假的一样

buuctf reverse [UTCTF2020]babymips

上一篇:不同路径II


下一篇:react装less