BUUCTF-reverse2
本文最后更新于1190天前,其中的信息可能已经有所发展或是发生改变。

非常简单的题目,没有加壳:

main函数伪代码:

// local variable allocation has failed, the output may be wrong!
int __cdecl main(int argc, const char **argv, const char **envp)
{
    const char *v3;       // rdi
    int result;           // eax
    __int64 v5;           // rdx
    unsigned __int64 v6;  // rt1
    char v7;              // [rsp+4h] [rbp-3Ch]
    int i;                // [rsp+8h] [rbp-38h]
    unsigned int v9;      // [rsp+Ch] [rbp-34h]
    char v10;             // [rsp+10h] [rbp-30h]
    unsigned __int64 v11; // [rsp+28h] [rbp-18h]

    v11 = __readfsqword(0x28u);
    v9 = sub_400680(*(_QWORD *)&argc, argv, envp);
    if (v9)
    {
        sub_400660(v9, &v7, 0LL);
    }
    else
    {
        for (i = 0; i <= (unsigned __int64)sub_400600(flag); ++i)
        {
            if (flag[i] == 105 || flag[i] == 114)
                flag[i] = 49;
        }
    }
    sub_400620("input the flag:");
    sub_400670("%20s", &v10);
    if ((unsigned int)sub_400640(flag, &v10))
    {
        v3 = "wrong flag!";
        result = sub_4005F0("wrong flag!");
    }
    else
    {
        v3 = "this is the right flag!";
        result = sub_4005F0("this is the right flag!");
    }
    v6 = __readfsqword(0x28u);
    v5 = v6 ^ v11;
    if (v6 != v11)
        result = sub_400610(v3, &v10, v5);
    return result;
}

可以看到将Flag中的r和i进行了替换1:

    for (i = 0; i <= (unsigned __int64)sub_400600(flag); ++i)
    {
        if (flag[i] == 105 || flag[i] == 114)
            flag[i] = 49;
    }

很明显答案在flag中

; main+44↑r ...
.data:0000000000601081 db  68h ; h
.data:0000000000601082 db  61h ; a
.data:0000000000601083 db  63h ; c
.data:0000000000601084 db  6Bh ; k
.data:0000000000601085 db  69h ; i
.data:0000000000601086 db  6Eh ; n
.data:0000000000601087 db  67h ; g
.data:0000000000601088 db  5Fh ; _
.data:0000000000601089 db  66h ; f
.data:000000000060108A db  6Fh ; o
.data:000000000060108B db  72h ; r
.data:000000000060108C db  5Fh ; _
.data:000000000060108D db  66h ; f
.data:000000000060108E db  75h ; u
.data:000000000060108F db  6Eh ; n
.data:0000000000601090 db  7Dh ; }
hacking_for_fun

替换后得到Flag

hack1ng_fo1_fun

点击数:572

暂无评论

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
上一篇
下一篇