0
点赞
收藏
分享

微信扫一扫

20210928gfsj_re_getit

zhoulujun 2022-03-27 阅读 27

题目描述:菜鸡发现这个程序偷偷摸摸在自己的机器上搞事情,它决定一探究竟

拿去IDA看一下主函数伪代码

int __cdecl main(int argc, const char **argv, const char **envp)
{
  char v3; // al
  __int64 v5; // [rsp+0h] [rbp-40h]
  int i; // [rsp+4h] [rbp-3Ch]
  FILE *stream; // [rsp+8h] [rbp-38h]
  char filename[8]; // [rsp+10h] [rbp-30h]
  unsigned __int64 v9; // [rsp+28h] [rbp-18h]

  v9 = __readfsqword(0x28u);
  LODWORD(v5) = 0;//赋值
  while ( (signed int)v5 < strlen(s) )//s=c61b68366edeb7bdce3c6820314b7498
  {										//strlen(s)=32
    if ( v5 & 1 )
      v3 = 1;
    else
      v3 = -1;
    *(&t + (signed int)v5 + 10) = s[(signed int)v5] + v3;
      //t=SharifCTF{????????????????????????????????}
    LODWORD(v5) = v5 + 1;
  }
  strcpy(filename, "/tmp/flag.txt");
    // /tmp是Linux下的存储临时文件的目录,程序运行完即自动删除该程序的文件
  stream = fopen(filename, "w");
  fprintf(stream, "%s\n", u, v5);
    //u=*******************************************,写这一串进去意味给flag加密
  for ( i = 0; i < strlen(&t); ++i )
  {
    fseek(stream, p[i], 0);
    fputc(*(&t + p[i]), stream);
    fseek(stream, 0LL, 0);
    fprintf(stream, "%s\n", u);
  }
  fclose(stream);
  remove(filename);
  return 0;
}

编写脚本

s='c61b68366edeb7bdce3c6820314b7498'
flag='SharifCTF{'
t=''
a='}'
for i in range(len(s)):
    if i & 1:
        v3=1
    else:
    	v3=-1
    t+=chr(ord(s[i])+v3)
print(flag + t + a)
#SharifCTF{b70c59275fcfa8aebf2d5911223c6589}
举报

相关推荐

0 条评论