1,luck_guy
ida打开,很简单
#include<stdio.h>
int main() {
char f1[] = "GXY{do_not_";
char f2[] = "icug`of";
char temp[7];
for (int j = 0; j < 7; ++j)
{
if (j % 2 == 1)
temp[j] = f2[j] - 2;
else
temp[j] = f2[j] - 1;
f2[j] = temp[j];
}
printf("%s%s}",f1,f2);
}
得到flag
2,simplecpp
拖进ida,找到关键函数
可以分析出逻辑
v24=v19[2]&~v19[0]
v24==1176889593874
v31 = (v19[2] & ~v19[1]) & v19[0] | v19[2] & ((v19[1] & v19[0]) | v19[1] & ~v19[0] | ~(v19[1] | v19[0]))
v31 == 577031497978884115
v28 = v19[2] & ~v19[0] | v19[1] & v19[0] | v19[2] & ~v19[1] | v19[0] & ~v19[1]
v28 = 4483974544037412639
(v28 ^ v19[3]) == 4483974543195470111
((v19[2]&~v19[0]) | (v19[0] & v19[1]) | v19[1] & v19[2]) != (~v19[0] & v19[2] | 0xC00020130082C0C)
用z3
from z3 import *
x0,x1,x2,x3=BitVecs('x0 x1 x2 x3',64)
f=Solver()
f.add(((x2&~x1)&x0|x2&((x1&x0)|x1&~x0|~(x1|x0)))==577031497978884115)
f.add((4483974544037412639^x3)==4483974543195470111)
f.add(x2&~x0==1176889593874)
f.add((x2&~x0|x1&x0|x2&~x1|x0&~x1)==4483974544037412639)
if f.check() == sat:
print f.model()
[x3 = 842073600,
x1 = 2452209997103237128,
x0 = 4483973367147818765,
x2 = 577031497978884115]
再看
将得出来的数与dst异或
Dst = 'i_will_check_is_debug_or_noi_wil'
flag = [0x3E,0x3A,0x46,0x05,0x33,0x28,0x6F,0x0D,0x36,0x38,0x40,0x00,0x22,0x00,0x4f,0x08,0x08,0x02,0x07,0x17,0x15,0x3E,0x30,0x13,0x32,0x31,0x06]
for i in range(len(flag)):
print(chr(ord(Dst[i]) ^ flag[i]),end='')
得到:We1l_D0n^]#k}i<Wlgebra_am_i,但是不对
之后看了看别人的wp,发现原来在比赛时发公告给了第二部分为e!P0or_a
3,第三道卡住了,做出来再写