攻防世界---＞点燃我

做题笔记。

下载 查壳

32ida打开。

先看main函数:

(自己改已知的函数名--->不再赘述)

跟进sub_4011C0:

在已知密文的情况下，直接逆向还原去得到input的值。

C脚本：

#include <stdio.h>
#include <string.h>int main() {unsigned char a[] ={13,  19,  23,  17,   2,   1,  32,  29,  12,   2,25,  47,  23,  43,  36,  31,  30,  22,   9,  15,21,  39,  19,  38,  10,  47,  30,  26,  45,  12,34,   4};char b[25] = "GONDPHyGjPEKruv{{pj]X@rF";char c[25] = " ";char flag[25] = " ";for (size_t i = 0; i <strlen(b); i++){c[i] = b[i] ^ a[i];flag[i] = (c[i] - 72) ^ 0x55;}for (int i = 0; i < strlen(flag); i++){if (flag[i]>='a'&& flag[i]<='z'){flag[i] -= 32;}else if(flag[i]>='A' && flag[i]<='Z'){flag[i] += 32;}}printf("EIS{%s}", flag);return 0;
}

Python：

a = [13, 19, 23, 17, 2, 1, 32, 29, 12, 2, 25, 47, 23, 43, 36, 31, 30, 22, 9, 15, 21, 39, 19, 38, 10, 47, 30, 26, 45, 12, 34, 4]
b = "GONDPHyGjPEKruv{{pj]X@rF"c = [chr(ord(b[i]) ^ a[i]) for i in range(len(b))]
flag = [chr(((ord(c[i]) - 72) ^ 0x55)) for i in range(len(c))]def adjust_char(char):if 'a' <= char <= 'z':return chr(ord(char) - 32)elif 'A' <= char <= 'Z':return chr(ord(char) + 32)else:return charflag = "".join([adjust_char(char) for char in flag])print(f"EIS{{{flag}}}")

EIS{wadx_tdgk_aihc_ihkn_pjlm}