reverse3
查看一下32位,无壳
拉入32位ida,找到main函数,F5查看伪代码
for ( i = 0; i < 100; ++i )
{
if ( (unsigned int)i >= 0x64 )
j____report_rangecheckfailure(a1, a2, a3);
Dest[i] = 0;
}
sub_41132F("please enter the flag:");
sub_411375("%20s", &Str);
v3 = j_strlen(&Str);
v4 = (const char *)sub_4110BE((int)&Str, v3, (int)&v14);
strncpy(Dest, v4, 0x28u);
v11 = j_strlen(Dest);
for ( j = 0; j < v11; ++j )
Dest[j] += j;
v5 = j_strlen(Dest);
if ( !strncmp(Dest, Str2, v5) )
sub_41132F("rigth flag!\n");
else
sub_41132F("wrong flag!\n");
HIDWORD(v7) = v6;
LODWORD(v7) = 0;
return v7;
倒着推,第一个if,Dest与str2比较,说明Dest位flag,找到str2
中间有sub_4110BE,查看,发现一直在用
查看,有看是64位,猜测base64
写脚本
import base64
x=''
flag=''
str2="e3nifIH9b_C@n@dH"
for i in range(0,len(str2)):
x += chr(ord(str2[i])-i)
print(x)
flag = base64.b64decode(x)
print(flag)
输出,如图,大括号内就是flag
flag{i_l0ve_you}