zoukankan      html  css  js  c++  java
  • 攻防世界 reverse elrond32

    tinyctf-2014 

    elrond32

     1 int __cdecl main(int a1, char **arg_input)
     2 {
     3   if ( a1 > 1 && check_8048414(arg_input[1], 0) )
     4   {
     5     puts("Access granted");
     6     print_flag_8048538((int)arg_input[1]);
     7   }
     8   else
     9   {
    10     puts("Access denied");
    11   }
    12   return 0;
    13 }

    关注check_8048414函数和print_flag_8048538函数

     1 signed int __cdecl sub_8048414(_BYTE *a1, int a2)
     2 {
     3   signed int result; // eax
     4 
     5   switch ( a2 )
     6   {
     7     case 0:
     8       if ( *a1 == 'i' )
     9         goto LABEL_19;
    10       result = 0;
    11       break;
    12     case 1:
    13       if ( *a1 == 'e' )
    14         goto LABEL_19;
    15       result = 0;
    16       break;
    17     case 3:
    18       if ( *a1 == 'n' )
    19         goto LABEL_19;
    20       result = 0;
    21       break;
    22     case 4:
    23       if ( *a1 == 'd' )
    24         goto LABEL_19;
    25       result = 0;
    26       break;
    27     case 5:
    28       if ( *a1 == 'a' )
    29         goto LABEL_19;
    30       result = 0;
    31       break;
    32     case 6:
    33       if ( *a1 == 'g' )
    34         goto LABEL_19;
    35       result = 0;
    36       break;
    37     case 7:
    38       if ( *a1 == 's' )
    39         goto LABEL_19;
    40       result = 0;
    41       break;
    42     case 9:
    43       if ( *a1 == 'r' )
    44 LABEL_19:
    45         result = check_8048414(a1 + 1, 7 * (a2 + 1) % 11);// arg2-->0 7 1 3 6 5 9 4
    46       else
    47         result = 0;
    48       break;
    49     default:
    50       result = 1;
    51       break;
    52   }
    53   return result;
    54 }

    上面函数验证输入

    输出flag函数print_flag_8048538:

    1 int __cdecl print_flag_8048538(int a1)
    2 {
    3   int v2[33]; // [esp+18h] [ebp-A0h]
    4   int i; // [esp+9Ch] [ebp-1Ch]
    5 
    6   qmemcpy(v2, data_8048760, sizeof(v2));
    7   for ( i = 0; i <= 32; ++i )
    8     putchar(v2[i] ^ *(char *)(a1 + i % 8));
    9   return putchar(10);

    wp:

     1 a='ie ndags r'
     2 x=0
     3 s=[]
     4 for i in range(8):
     5     x=7*x%11
     6     s.append(a[x])
     7     x+=1
     8 print(''.join(s))
     9 data=[15, 31, 4, 9, 28, 18, 66, 9, 12, 68, 13, 7, 9, 6, 45, 55, 89, 30, 0, 89, 15, 8, 28, 35, 54, 7, 85, 2, 12, 8, 65, 10, 20]
    10 for i in range(33):
    11     print(chr(ord(s[i%8])^data[i]),end='')

    isengard
    flag{s0me7hing_S0me7hinG_t0lki3n}

  • 相关阅读:
    【tips】Clion添加Qt gui绘制快捷方式
    conda配置安装pytorch tensorflow-gpu
    用当前最新版vs2019编译opencv最新版4.3.0遇到的问题---
    cuda报错: nvcc fatal : Host compiler targets unsupported OS
    C++中结构体与类的区别(struct与class的区别)
    cmake
    Windows 下配置Boost MPI
    VC----MFC对象的创建总结
    VC++、MFC最好的开源项目
    机械设计人员怎么学习电控?
  • 原文地址:https://www.cnblogs.com/DirWang/p/11964073.html
Copyright © 2011-2022 走看看