【Reverse】每日必逆0x02
BUU SimpleRev
附件 https://files.buuoj.cn/files/7458c5c0ce999ac491df13cf7a7ed9f1/SimpleRev
题解
查壳
![]()
拖入iad64进行静态分析
关键伪代码
unsigned __int64 Decry()
{
char v1; // [rsp+Fh] [rbp-51h]
int v2; // [rsp+10h] [rbp-50h]
int v3; // [rsp+14h] [rbp-4Ch]
int i; // [rsp+18h] [rbp-48h]
int v5; // [rsp+1Ch] [rbp-44h]
char src[8]; // [rsp+20h] [rbp-40h] BYREF
__int64 v7; // [rsp+28h] [rbp-38h]
int v8; // [rsp+30h] [rbp-30h]
__int64 v9[2]; // [rsp+40h] [rbp-20h] BYREF
int v10; // [rsp+50h] [rbp-10h]
unsigned __int64 v11; // [rsp+58h] [rbp-8h]v11 = __readfsqword(0x28u);
*(_QWORD *)src = 'SLCDN';
v7 = 0LL;
v8 = 0;
v9[0] = 'wodah';
v9[1] = 0LL;
v10 = 0;
text = (char *)join(key3, v9); // text = "killshadow"
strcpy(key, key1); // key = "ADSFK"
strcat(key, src); // key = "ADSFKNDCLS"
v2 = 0;
v3 = 0;
getchar();
v5 = strlen(key); // v5 = 10
for ( i = 0; i < v5; ++i ) // Convert Capital to Lower-case { if ( key[v3 % v5] > 64 && key[v3 % v5] <= 90 ) key[i] = key[v3 % v5] + 32; ++v3; } printf("Please input your flag:"); while ( 1 ) { v1 = getchar(); if ( v1 == 10 ) break; if ( v1 == 32 ) { ++v2; } else { if ( v1 <= 96 || v1 > 122 )
{
if ( v1 > 64 && v1 <= 90 )
{
str2[v2] = (v1 - 39 - key[v3 % v5] + 97) % 26 + 97;
++v3;
}
}
else
{
str2[v2] = (v1 - 39 - key[v3 % v5] + 97) % 26 + 97;
++v3;
}
if ( !(v3 % v5) )
putchar(32);
++v2;
}
}
if ( !strcmp(text, str2) )
puts("Congratulation!\n");
else
puts("Try again!\n");
return __readfsqword(0x28u) ^ v11;
}程序流向
将key3和v9连接并赋值给text,key变为"ADSFKNDCLS"(涉及小端存储,需要注意字符串的改变)=>转小写=>将输入的flag每个字母进行处理((v1 - 39 - key[v3 % v5] + 97) % 26 + 97)=》将其与text进行比较
程序逆向
获取text为"killshadow",key="adsfkndcls",再将算法进行逆向,便可以得出flag
exp
key = "ADSFKNDCLS".lower()
text = "killshadow"
strs = "QWERTYUIOPASDFGHJKLZXCVBNM"
strs2 = "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM"flag = ""
for i in range(len(text)):
for x in strs:
if (ord(x)-39-ord(key[i%10])+97)%26+97 == ord(text[i]):
flag+=x
print(flag)
也许你们会注意,这边字符串我有两种可能。应该是预期解都是大写吧,不然这题还有其他结果
总结
技术成长ing
手机扫一扫
移动阅读更方便
你可能感兴趣的文章