逆向神器:Ghidra简介及使用方法
https://github.com/NationalSecurityAgency/ghidra
jdk
https://adoptium.net/zh-CN/temurin/releases/
binwalk '/home/giantbranch/Desktop/RE_Cirno.jpg'
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 JPEG image data, JFIF standard 1.01
10764 0x2A0C Zip archive data, at least v2.0 to extract, compressed size: 35016, uncompressed size: 172091, name: re.exe
45904 0xB350 End of Zip archive
binwalk -Me '/home/giantbranch/Desktop/RE_Cirno.jpg'
Scan Time: 2023-07-09 07:35:21
Target File: /home/giantbranch/Desktop/RE_Cirno.jpg
MD5 Checksum: 5ad8668b8bcd9ad5b9e0944063aa4d33
Signatures: 344
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 JPEG image data, JFIF standard 1.01
10764 0x2A0C Zip archive data, at least v2.0 to extract, compressed size: 35016, uncompressed size: 172091, name: re.exe
45904 0xB350 End of Zip archive
Scan Time: 2023-07-09 07:35:21
Target File: /home/giantbranch/_RE_Cirno.jpg.extracted/re.exe
MD5 Checksum: 6df009ab420867a9248befca5f829bb3
Signatures: 344
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 Microsoft executable, portable (PE)
giantbranch@ubuntu:~/_RE_Cirno.jpg.extracted$ binwalk '/home/giantbranch/Desktop/RE_Cirno.jpg'
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 JPEG image data, JFIF standard 1.01
10764 0x2A0C Zip archive data, at least v2.0 to extract, compressed size: 35016, uncompressed size: 172091, name: re.exe
45904 0xB350 End of Zip archive
giantbranch@ubuntu:~/_RE_Cirno.jpg.extracted$
use ghidra!
void FUN_0040f350(void)
{
int iVar1;
undefined4 *puVar2;
undefined4 local_b0 [16];
uint local_70;
uint local_6c;
int local_68;
int local_64 [24];
puVar2 = local_b0;
for (iVar1 = 0x2b; iVar1 != 0; iVar1 = iVar1 + -1) {
*puVar2 = 0xcccccccc;
puVar2 = puVar2 + 1;
}
local_64[0] = 0x73;
local_64[1] = 0x5e;
local_64[2] = 0x61;
local_64[3] = 0x72;
local_64[4] = 0x67;
local_64[5] = 0x2f;
local_64[6] = 0x6b;
local_64[7] = 0x72;
local_64[8] = 0x41;
local_64[9] = 0x30;
local_64[10] = 0x31;
local_64[11] = 0x69;
local_64[12] = 0x75;
local_64[13] = 0x76;
local_64[14] = 0x65;
local_64[15] = 0x30;
local_64[16] = 0x71;
local_64[17] = 0x5f;
local_64[18] = 99;
local_64[19] = 0x2f;
local_64[20] = 0x5c;
local_64[21] = 0x74;
local_64[22] = 0x5d;
local_64[23] = 0x66;
for (local_68 = 0; local_68 < 0x18; local_68 = local_68 + 1) {
local_70 = local_64[local_68] + 9U ^ 9;
local_6c = local_70;
}
FUN_00401150(&DAT_00422fac);
FUN_0040f240("pause");
local_64[23] = 0x40f478;
__chkesp();
return;
}change the code!
#include<stdio.h>
void FUN_0040f350(void);
int main(void){
FUN_0040f350();
return 0;
}
void FUN_0040f350(void)
{
int local_70;
//int local_6c;
int local_68;
int local_64 [24];
int local_64_2[24];
local_64[0] = 0x73;
local_64[1] = 0x5e;
local_64[2] = 0x61;
local_64[3] = 0x72;
local_64[4] = 0x67;
local_64[5] = 0x2f;
local_64[6] = 0x6b;
local_64[7] = 0x72;
local_64[8] = 0x41;
local_64[9] = 0x30;
local_64[10] = 0x31;
local_64[11] = 0x69;
local_64[12] = 0x75;
local_64[13] = 0x76;
local_64[14] = 0x65;
local_64[15] = 0x30;
local_64[16] = 0x71;
local_64[17] = 0x5f;
local_64[18] = 99;
local_64[19] = 0x2f;
local_64[20] = 0x5c;
local_64[21] = 0x74;
local_64[22] = 0x5d;
local_64[23] = 0x66;
for (local_68 = 0; local_68 < 0x18; local_68 = local_68 + 1) {
local_70 = (local_64[local_68] + 0x9) ^ 0x9;
//local_6c = local_70;
local_64_2[local_68]=local_70;
printf("%c",local_70 );
}
//cout>>endl;
printf("\n");
for (local_68 = 23; local_68 > -1; local_68 = local_68 - 1) {
//local_70 = (local_64[local_68] + 0x9) ^ 0x9;
//local_6c = local_70;
printf("%c",local_64_2[local_68] );
}
//return 0;
}
fotl1eas0gvw{30Cr}1yrcnu
flag{C1rno1sv3rycute0w0}
some files!
涉及的实例
