拖入IDA64 strings F5查看

前面是一段赋值

 

 推测424BA0是检测长度的函数，并且从v12开始取36个长度的字符

也就是这一段：

先做第一个脚本

v12 = [73,111,100,108,62,81,110,98,40,111,99,121,127,121,46,105,127,100,96,51,119,125,119,101,107,57,123,105,121,61,126,121,76,64,69,67]
partflag = ''
for i in range(len(v12)):
    partflag += chr(v12[i]^i)
print(partflag)


Info:The first four chars are `flag`

PS 关于输入

 

 放在memset后面且距离很近的函数很可能是输入函数

 

 查看字符串，明显的base64加密

 

 十次base64加密后与6CC090进行对比

写第二段脚本

import base64
partflag = 'Vm0wd2VHUXhTWGhpUm1SWVYwZDRWVll3Wkc5WFJsbDNXa1pPVlUxV2NIcFhhMk0xVmpKS1NHVkdXbFpOYmtKVVZtcEtTMUl5VGtsaVJtUk9ZV3hhZVZadGVHdFRNVTVYVW01T2FGSnRVbGhhVjNoaFZWWmtWMXBFVWxSTmJFcElWbTAxVDJGV1NuTlhia0pXWWxob1dGUnJXbXRXTVZaeVdrWm9hVlpyV1hwV1IzaGhXVmRHVjFOdVVsWmlhMHBZV1ZSR1lWZEdVbFZTYlhSWFRWWndNRlZ0TVc5VWJGcFZWbXR3VjJKSFVYZFdha1pXWlZaT2NtRkhhRk5pVjJoWVYxZDBhMVV3TlhOalJscFlZbGhTY1ZsclduZGxiR1J5VmxSR1ZXSlZjRWhaTUZKaFZqSktWVkZZYUZkV1JWcFlWV3BHYTFkWFRrZFRiV3hvVFVoQ1dsWXhaRFJpTWtsM1RVaG9hbEpYYUhOVmJUVkRZekZhY1ZKcmRGTk5Wa3A2VjJ0U1ExWlhTbFpqUldoYVRVWndkbFpxUmtwbGJVWklZVVprYUdFeGNHOVhXSEJIWkRGS2RGSnJhR2hTYXpWdlZGVm9RMlJzV25STldHUlZUVlpXTlZadE5VOVdiVXBJVld4c1dtSllUWGhXTUZwell6RmFkRkpzVWxOaVNFSktWa1phVTFFeFduUlRhMlJxVWxad1YxWnRlRXRXTVZaSFVsUnNVVlZVTURrPQ=='
for i in range(10):
    partflag = base64.b64decode(partflag).decode("utf-8") #必须先转码成byte型，因为python3中字符都为unicode编码，但是b64encode函数的参数为byte类型
print(partflag)

//也可以在线解码十次
https://bbs.pediy.com/thread-254172.htm

参考：https://blog.csdn.net/qq_44625297/article/details/105155727

 

 ——————————————————————余下明天再写