win32console
devc编译 debugmode
肥肠简单
逻辑清晰
白给的位运算前16位:
然后下面有个栈溢出:
嘛白给的溢出 找到下一个函数地址跳过去就行了,然后是白给的base64:
exp都没怎么写 直接拼了一下:
import base64
flag = ''
y1 = [35, 97, 62, 105, 84, 65, 24, 77, 110, 59, 101, 83, 48, 121, 69, 91]
y2 = [113, 4, 97, 88, 39, 30, 75, 34, 94, 100, 3, 38, 94, 23, 60, 122]
for i in range(16):
for j in range(33,127):
if (j^y1[i]) == y2[i]:
flag += chr(j)
print(flag)
'x00x40x23x3d'
# Re_1s_So0_funny!a1s0_pWn
# Re_1s_So0_funny!=#@a1s0_pWn
'Re_1s_So0_funny!x3dx23x40x00'