BUUCTF-reverse2
本文最后更新于1547天前,其中的信息可能已经有所发展或是发生改变。

非常简单的题目,没有加壳:

main函数伪代码:

// local variable allocation has failed, the output may be wrong!
int __cdecl main(int argc, const char **argv, const char **envp)
{
    const char *v3;       // rdi
    int result;           // eax
    __int64 v5;           // rdx
    unsigned __int64 v6;  // rt1
    char v7;              // [rsp+4h] [rbp-3Ch]
    int i;                // [rsp+8h] [rbp-38h]
    unsigned int v9;      // [rsp+Ch] [rbp-34h]
    char v10;             // [rsp+10h] [rbp-30h]
    unsigned __int64 v11; // [rsp+28h] [rbp-18h]

    v11 = __readfsqword(0x28u);
    v9 = sub_400680(*(_QWORD *)&argc, argv, envp);
    if (v9)
    {
        sub_400660(v9, &v7, 0LL);
    }
    else
    {
        for (i = 0; i <= (unsigned __int64)sub_400600(flag); ++i)
        {
            if (flag[i] == 105 || flag[i] == 114)
                flag[i] = 49;
        }
    }
    sub_400620("input the flag:");
    sub_400670("%20s", &v10);
    if ((unsigned int)sub_400640(flag, &v10))
    {
        v3 = "wrong flag!";
        result = sub_4005F0("wrong flag!");
    }
    else
    {
        v3 = "this is the right flag!";
        result = sub_4005F0("this is the right flag!");
    }
    v6 = __readfsqword(0x28u);
    v5 = v6 ^ v11;
    if (v6 != v11)
        result = sub_400610(v3, &v10, v5);
    return result;
}

可以看到将Flag中的r和i进行了替换1:

    for (i = 0; i <= (unsigned __int64)sub_400600(flag); ++i)
    {
        if (flag[i] == 105 || flag[i] == 114)
            flag[i] = 49;
    }

很明显答案在flag中

; main+44↑r ...
.data:0000000000601081 db  68h ; h
.data:0000000000601082 db  61h ; a
.data:0000000000601083 db  63h ; c
.data:0000000000601084 db  6Bh ; k
.data:0000000000601085 db  69h ; i
.data:0000000000601086 db  6Eh ; n
.data:0000000000601087 db  67h ; g
.data:0000000000601088 db  5Fh ; _
.data:0000000000601089 db  66h ; f
.data:000000000060108A db  6Fh ; o
.data:000000000060108B db  72h ; r
.data:000000000060108C db  5Fh ; _
.data:000000000060108D db  66h ; f
.data:000000000060108E db  75h ; u
.data:000000000060108F db  6Eh ; n
.data:0000000000601090 db  7Dh ; }
hacking_for_fun

替换后得到Flag

hack1ng_fo1_fun

点击数:575

    暂无评论

    发送评论 编辑评论

    
    				
    |´・ω・)ノ
    ヾ(≧∇≦*)ゝ
    (☆ω☆)
    (╯‵□′)╯︵┴─┴
     ̄﹃ ̄
    (/ω\)
    ∠( ᐛ 」∠)_
    (๑•̀ㅁ•́ฅ)
    →_→
    ୧(๑•̀⌄•́๑)૭
    ٩(ˊᗜˋ*)و
    (ノ°ο°)ノ
    (´இ皿இ`)
    ⌇●﹏●⌇
    (ฅ´ω`ฅ)
    (╯°A°)╯︵○○○
    φ( ̄∇ ̄o)
    ヾ(´・ ・`。)ノ"
    ( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
    (ó﹏ò。)
    Σ(っ °Д °;)っ
    ( ,,´・ω・)ノ"(´っω・`。)
    ╮(╯▽╰)╭
    o(*////▽////*)q
    >﹏<
    ( ๑´•ω•) "(ㆆᴗㆆ)
    😂
    😀
    😅
    😊
    🙂
    🙃
    😌
    😍
    😘
    😜
    😝
    😏
    😒
    🙄
    😳
    😡
    😔
    😫
    😱
    😭
    💩
    👻
    🙌
    🖕
    👍
    👫
    👬
    👭
    🌚
    🌝
    🙈
    💊
    😶
    🙏
    🍦
    🍉
    😣
    Source: github.com/k4yt3x/flowerhd
    颜文字
    Emoji
    小恐龙
    花!
    上一篇
    下一篇