本来想要写在buu合集里,但这题太恶心了,拿出来单独写
elf,拖进ida,找到主函数
程序需要两个参数,再运行时可以看到打印了“bad”,由此找到
第一个参数很简单,
a="bngcg`debd"
for i in a:
print(chr(ord(i)^0x56),end="")
再找第二个参数之前,程序有两处反调,第一处
(为了方便调试,上图我已经把jnz改为了jmp)
第二处(或许不是为了反调,正常运行也不正常)
这里用了syscall,我直接nop掉了
然后进行了痛苦的寻找第二个参数的过程,这一个参数我调了一天,就是找不到在哪里比对,大概得看了几万条汇编,感觉在*里游泳
又跳到栈里去了,开个NX不好吗(doge),加密过程如下
[stack]:00007FFEDB5B06FC loc_7FFEDB5B06FC: ; CODE XREF: [stack]:00007FFEDB5B06F0↑j [stack]:00007FFEDB5B06FC ror byte ptr [rax], 0F2h [stack]:00007FFEDB5B06FF cmp byte ptr [rax], 1Bh [stack]:00007FFEDB5B0702 jz short loc_7FFEDB5B0706 [stack]:00007FFEDB5B0704 jmp rbx [stack]:00007FFEDB5B0706 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B0706 [stack]:00007FFEDB5B0706 loc_7FFEDB5B0706: ; CODE XREF: [stack]:00007FFEDB5B0702↑j [stack]:00007FFEDB5B0706 add rax, 1 [stack]:00007FFEDB5B070A xor byte ptr [rax], 40h [stack]:00007FFEDB5B070D xor byte ptr [rax], 0F2h [stack]:00007FFEDB5B0710 xor byte ptr [rax], 0B3h [stack]:00007FFEDB5B0713 cmp byte ptr [rax], 30h [stack]:00007FFEDB5B0716 jz short loc_7FFEDB5B071A [stack]:00007FFEDB5B0718 jmp rbx [stack]:00007FFEDB5B071A ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B071A [stack]:00007FFEDB5B071A loc_7FFEDB5B071A: ; CODE XREF: [stack]:00007FFEDB5B0716↑j [stack]:00007FFEDB5B071A add rax, 1 [stack]:00007FFEDB5B071E xor byte ptr [rax], 71h [stack]:00007FFEDB5B0721 cmp byte ptr [rax], 1Fh [stack]:00007FFEDB5B0724 jz short loc_7FFEDB5B0728 [stack]:00007FFEDB5B0726 jmp rbx [stack]:00007FFEDB5B0728 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B0728 [stack]:00007FFEDB5B0728 loc_7FFEDB5B0728: ; CODE XREF: [stack]:00007FFEDB5B0724↑j [stack]:00007FFEDB5B0728 add rax, 1 [stack]:00007FFEDB5B072C add byte ptr [rax], 0A3h [stack]:00007FFEDB5B072F ror byte ptr [rax], 0BCh [stack]:00007FFEDB5B0732 cmp byte ptr [rax], 0B0h [stack]:00007FFEDB5B0735 jz short loc_7FFEDB5B0739 [stack]:00007FFEDB5B0737 jmp rbx [stack]:00007FFEDB5B0739 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B0739 [stack]:00007FFEDB5B0739 loc_7FFEDB5B0739: ; CODE XREF: [stack]:00007FFEDB5B0735↑j [stack]:00007FFEDB5B0739 add rax, 1 [stack]:00007FFEDB5B073D sub byte ptr [rax], 79h [stack]:00007FFEDB5B0740 cmp byte ptr [rax], 0E8h [stack]:00007FFEDB5B0743 jz short loc_7FFEDB5B0747 [stack]:00007FFEDB5B0745 jmp rbx [stack]:00007FFEDB5B0747 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B0747 [stack]:00007FFEDB5B0747 loc_7FFEDB5B0747: ; CODE XREF: [stack]:00007FFEDB5B0743↑j [stack]:00007FFEDB5B0747 add rax, 1 [stack]:00007FFEDB5B074B ror byte ptr [rax], 82h [stack]:00007FFEDB5B074E sub byte ptr [rax], 28h [stack]:00007FFEDB5B0751 cmp byte ptr [rax], 0F6h [stack]:00007FFEDB5B0754 jz short loc_7FFEDB5B0758 [stack]:00007FFEDB5B0756 jmp rbx [stack]:00007FFEDB5B0758 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B0758 [stack]:00007FFEDB5B0758 loc_7FFEDB5B0758: ; CODE XREF: [stack]:00007FFEDB5B0754↑j [stack]:00007FFEDB5B0758 add rax, 1 [stack]:00007FFEDB5B075C sub byte ptr [rax], 0B0h [stack]:00007FFEDB5B075F ror byte ptr [rax], 4Dh [stack]:00007FFEDB5B0762 add byte ptr [rax], 2Ch [stack]:00007FFEDB5B0765 cmp byte ptr [rax], 1Fh [stack]:00007FFEDB5B0768 jz short loc_7FFEDB5B076C [stack]:00007FFEDB5B076A jmp rbx [stack]:00007FFEDB5B076C ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B076C [stack]:00007FFEDB5B076C loc_7FFEDB5B076C: ; CODE XREF: [stack]:00007FFEDB5B0768↑j [stack]:00007FFEDB5B076C add rax, 1 [stack]:00007FFEDB5B0770 add byte ptr [rax], 54h [stack]:00007FFEDB5B0773 rol byte ptr [rax], 99h [stack]:00007FFEDB5B0776 xor byte ptr [rax], 0B8h [stack]:00007FFEDB5B0779 ror byte ptr [rax], 2Ah [stack]:00007FFEDB5B077C add byte ptr [rax], 3Fh [stack]:00007FFEDB5B077F cmp byte ptr [rax], 0AFh [stack]:00007FFEDB5B0782 jz short loc_7FFEDB5B0786 [stack]:00007FFEDB5B0784 jmp rbx [stack]:00007FFEDB5B0786 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B0786 [stack]:00007FFEDB5B0786 loc_7FFEDB5B0786: ; CODE XREF: [stack]:00007FFEDB5B0782↑j [stack]:00007FFEDB5B0786 add rax, 1 [stack]:00007FFEDB5B078A ror byte ptr [rax], 0BAh [stack]:00007FFEDB5B078D cmp byte ptr [rax], 5Dh [stack]:00007FFEDB5B0790 jz short loc_7FFEDB5B0794 [stack]:00007FFEDB5B0792 jmp rbx [stack]:00007FFEDB5B0794 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B0794 [stack]:00007FFEDB5B0794 loc_7FFEDB5B0794: ; CODE XREF: [stack]:00007FFEDB5B0790↑j [stack]:00007FFEDB5B0794 add rax, 1 [stack]:00007FFEDB5B0798 xor byte ptr [rax], 0EDh [stack]:00007FFEDB5B079B ror byte ptr [rax], 6Ch [stack]:00007FFEDB5B079E add byte ptr [rax], 30h [stack]:00007FFEDB5B07A1 cmp byte ptr [rax], 29h [stack]:00007FFEDB5B07A4 jz short loc_7FFEDB5B07A8 [stack]:00007FFEDB5B07A6 jmp rbx [stack]:00007FFEDB5B07A8 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B07A8 [stack]:00007FFEDB5B07A8 loc_7FFEDB5B07A8: ; CODE XREF: [stack]:00007FFEDB5B07A4↑j [stack]:00007FFEDB5B07A8 add rax, 1 [stack]:00007FFEDB5B07AC sub byte ptr [rax], 0BFh [stack]:00007FFEDB5B07AF cmp byte ptr [rax], 0B5h [stack]:00007FFEDB5B07B2 jz short loc_7FFEDB5B07B6 [stack]:00007FFEDB5B07B4 jmp rbx [stack]:00007FFEDB5B07B6 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B07B6 [stack]:00007FFEDB5B07B6 loc_7FFEDB5B07B6: ; CODE XREF: [stack]:00007FFEDB5B07B2↑j [stack]:00007FFEDB5B07B6 add rax, 1 [stack]:00007FFEDB5B07BA rol byte ptr [rax], 0BCh [stack]:00007FFEDB5B07BD add byte ptr [rax], 8Ch [stack]:00007FFEDB5B07C0 rol byte ptr [rax], 7Bh [stack]:00007FFEDB5B07C3 sub byte ptr [rax], 31h [stack]:00007FFEDB5B07C6 add byte ptr [rax], 63h [stack]:00007FFEDB5B07C9 cmp byte ptr [rax], 0A5h [stack]:00007FFEDB5B07CC jz short loc_7FFEDB5B07D0 [stack]:00007FFEDB5B07CE jmp rbx [stack]:00007FFEDB5B07D0 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B07D0 [stack]:00007FFEDB5B07D0 loc_7FFEDB5B07D0: ; CODE XREF: [stack]:00007FFEDB5B07CC↑j [stack]:00007FFEDB5B07D0 add rax, 1 [stack]:00007FFEDB5B07D4 rol byte ptr [rax], 20h [stack]:00007FFEDB5B07D7 rol byte ptr [rax], 16h [stack]:00007FFEDB5B07DA xor byte ptr [rax], 0AEh [stack]:00007FFEDB5B07DD rol byte ptr [rax], 98h [stack]:00007FFEDB5B07E0 cmp byte ptr [rax], 0F3h [stack]:00007FFEDB5B07E3 jz short loc_7FFEDB5B07E7 [stack]:00007FFEDB5B07E5 jmp rbx [stack]:00007FFEDB5B07E7 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B07E7 [stack]:00007FFEDB5B07E7 loc_7FFEDB5B07E7: ; CODE XREF: [stack]:00007FFEDB5B07E3↑j [stack]:00007FFEDB5B07E7 add rax, 1 [stack]:00007FFEDB5B07EB ror byte ptr [rax], 6Eh [stack]:00007FFEDB5B07EE add byte ptr [rax], 0D2h [stack]:00007FFEDB5B07F1 cmp byte ptr [rax], 0A6h [stack]:00007FFEDB5B07F4 jz short loc_7FFEDB5B07F8 [stack]:00007FFEDB5B07F6 jmp rbx [stack]:00007FFEDB5B07F8 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B07F8 [stack]:00007FFEDB5B07F8 loc_7FFEDB5B07F8: ; CODE XREF: [stack]:00007FFEDB5B07F4↑j [stack]:00007FFEDB5B07F8 add rax, 1 [stack]:00007FFEDB5B07FC add byte ptr [rax], 34h [stack]:00007FFEDB5B07FF cmp byte ptr [rax], 62h [stack]:00007FFEDB5B0802 jz short loc_7FFEDB5B0806 [stack]:00007FFEDB5B0804 jmp rbx [stack]:00007FFEDB5B0806 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B0806 [stack]:00007FFEDB5B0806 loc_7FFEDB5B0806: ; CODE XREF: [stack]:00007FFEDB5B0802↑j [stack]:00007FFEDB5B0806 add rax, 1 [stack]:00007FFEDB5B080A add byte ptr [rax], 0CDh [stack]:00007FFEDB5B080D sub byte ptr [rax], 10h [stack]:00007FFEDB5B0810 add byte ptr [rax], 62h [stack]:00007FFEDB5B0813 xor byte ptr [rax], 0B2h [stack]:00007FFEDB5B0816 cmp byte ptr [rax], 32h [stack]:00007FFEDB5B0819 jz short loc_7FFEDB5B081D [stack]:00007FFEDB5B081B jmp rbx [stack]:00007FFEDB5B081D ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B081D [stack]:00007FFEDB5B081D loc_7FFEDB5B081D: ; CODE XREF: [stack]:00007FFEDB5B0819↑j [stack]:00007FFEDB5B081D add rax, 1 [stack]:00007FFEDB5B0821 xor byte ptr [rax], 0B7h [stack]:00007FFEDB5B0824 xor byte ptr [rax], 73h [stack]:00007FFEDB5B0827 ror byte ptr [rax], 7 [stack]:00007FFEDB5B082A cmp byte ptr [rax], 0EBh [stack]:00007FFEDB5B082D jz short loc_7FFEDB5B0831 [stack]:00007FFEDB5B082F jmp rbx [stack]:00007FFEDB5B0831 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B0831 [stack]:00007FFEDB5B0831 loc_7FFEDB5B0831: ; CODE XREF: [stack]:00007FFEDB5B082D↑j [stack]:00007FFEDB5B0831 add rax, 1 [stack]:00007FFEDB5B0835 add byte ptr [rax], 34h [stack]:00007FFEDB5B0838 sub byte ptr [rax], 61h [stack]:00007FFEDB5B083B ror byte ptr [rax], 36h [stack]:00007FFEDB5B083E add byte ptr [rax], 5Bh [stack]:00007FFEDB5B0841 sub byte ptr [rax], 4Ch [stack]:00007FFEDB5B0844 cmp byte ptr [rax], 0Bh [stack]:00007FFEDB5B0847 jz short loc_7FFEDB5B084B [stack]:00007FFEDB5B0849 jmp rbx [stack]:00007FFEDB5B084B ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B084B [stack]:00007FFEDB5B084B loc_7FFEDB5B084B: ; CODE XREF: [stack]:00007FFEDB5B0847↑j [stack]:00007FFEDB5B084B add rax, 1 [stack]:00007FFEDB5B084F add byte ptr [rax], 5Ah [stack]:00007FFEDB5B0852 cmp byte ptr [rax], 9Ah [stack]:00007FFEDB5B0855 jz short loc_7FFEDB5B0859 [stack]:00007FFEDB5B0857 jmp rbx [stack]:00007FFEDB5B0859 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B0859 [stack]:00007FFEDB5B0859 loc_7FFEDB5B0859: ; CODE XREF: [stack]:00007FFEDB5B0855↑j [stack]:00007FFEDB5B0859 add rax, 1 [stack]:00007FFEDB5B085D ror byte ptr [rax], 0A2h [stack]:00007FFEDB5B0860 cmp byte ptr [rax], 99h [stack]:00007FFEDB5B0863 jz short loc_7FFEDB5B0867 [stack]:00007FFEDB5B0865 jmp rbx [stack]:00007FFEDB5B0867 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B0867 [stack]:00007FFEDB5B0867 loc_7FFEDB5B0867: ; CODE XREF: [stack]:00007FFEDB5B0863↑j [stack]:00007FFEDB5B0867 add rax, 1 [stack]:00007FFEDB5B086B xor byte ptr [rax], 7Eh [stack]:00007FFEDB5B086E sub byte ptr [rax], 0E7h [stack]:00007FFEDB5B0871 cmp byte ptr [rax], 2Bh [stack]:00007FFEDB5B0874 jz short loc_7FFEDB5B0878 [stack]:00007FFEDB5B0876 jmp rbx [stack]:00007FFEDB5B0878 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B0878 [stack]:00007FFEDB5B0878 loc_7FFEDB5B0878: ; CODE XREF: [stack]:00007FFEDB5B0874↑j [stack]:00007FFEDB5B0878 add rax, 1 [stack]:00007FFEDB5B087C sub byte ptr [rax], 0B8h [stack]:00007FFEDB5B087F xor byte ptr [rax], 86h [stack]:00007FFEDB5B0882 add byte ptr [rax], 4Eh [stack]:00007FFEDB5B0885 ror byte ptr [rax], 4Ah [stack]:00007FFEDB5B0888 rol byte ptr [rax], 57h [stack]:00007FFEDB5B088B cmp byte ptr [rax], 0AFh [stack]:00007FFEDB5B088E jz short loc_7FFEDB5B0892 [stack]:00007FFEDB5B0890 jmp rbx [stack]:00007FFEDB5B0892 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B0892 [stack]:00007FFEDB5B0892 loc_7FFEDB5B0892: ; CODE XREF: [stack]:00007FFEDB5B088E↑j [stack]:00007FFEDB5B0892 add rax, 1 [stack]:00007FFEDB5B0896 ror byte ptr [rax], 86h [stack]:00007FFEDB5B0899 xor byte ptr [rax], 0E8h [stack]:00007FFEDB5B089C rol byte ptr [rax], 95h [stack]:00007FFEDB5B089F xor byte ptr [rax], 4Ah [stack]:00007FFEDB5B08A2 xor byte ptr [rax], 0ADh [stack]:00007FFEDB5B08A5 cmp byte ptr [rax], 0C3h [stack]:00007FFEDB5B08A8 jz short loc_7FFEDB5B08AC [stack]:00007FFEDB5B08AA jmp rbx [stack]:00007FFEDB5B08AC ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B08AC [stack]:00007FFEDB5B08AC loc_7FFEDB5B08AC: ; CODE XREF: [stack]:00007FFEDB5B08A8↑j [stack]:00007FFEDB5B08AC add rax, 1 [stack]:00007FFEDB5B08B0 ror byte ptr [rax], 45h [stack]:00007FFEDB5B08B3 xor byte ptr [rax], 0CCh [stack]:00007FFEDB5B08B6 add byte ptr [rax], 1Ch [stack]:00007FFEDB5B08B9 cmp byte ptr [rax], 3 [stack]:00007FFEDB5B08BC jz short loc_7FFEDB5B08C0 [stack]:00007FFEDB5B08BE jmp rbx [stack]:00007FFEDB5B08C0 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B08C0 [stack]:00007FFEDB5B08C0 loc_7FFEDB5B08C0: ; CODE XREF: [stack]:00007FFEDB5B08BC↑j [stack]:00007FFEDB5B08C0 add rax, 1 [stack]:00007FFEDB5B08C4 sub byte ptr [rax], 4Ah [stack]:00007FFEDB5B08C7 cmp byte ptr [rax], 0E3h [stack]:00007FFEDB5B08CA jz short loc_7FFEDB5B08CE [stack]:00007FFEDB5B08CC jmp rbx [stack]:00007FFEDB5B08CE ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B08CE [stack]:00007FFEDB5B08CE loc_7FFEDB5B08CE: ; CODE XREF: [stack]:00007FFEDB5B08CA↑j [stack]:00007FFEDB5B08CE add rax, 1 [stack]:00007FFEDB5B08D2 xor byte ptr [rax], 0A5h [stack]:00007FFEDB5B08D5 ror byte ptr [rax], 90h [stack]:00007FFEDB5B08D8 cmp byte ptr [rax], 0CAh [stack]:00007FFEDB5B08DB jz short loc_7FFEDB5B08DF [stack]:00007FFEDB5B08DD jmp rbx [stack]:00007FFEDB5B08DF ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B08DF [stack]:00007FFEDB5B08DF loc_7FFEDB5B08DF: ; CODE XREF: [stack]:00007FFEDB5B08DB↑j [stack]:00007FFEDB5B08DF add rax, 1 [stack]:00007FFEDB5B08E3 ror byte ptr [rax], 0DEh [stack]:00007FFEDB5B08E6 rol byte ptr [rax], 36h [stack]:00007FFEDB5B08E9 xor byte ptr [rax], 78h [stack]:00007FFEDB5B08EC sub byte ptr [rax], 0D8h [stack]:00007FFEDB5B08EF cmp byte ptr [rax], 3Eh [stack]:00007FFEDB5B08F2 jz short loc_7FFEDB5B08F6 [stack]:00007FFEDB5B08F4 jmp rbx [stack]:00007FFEDB5B08F6 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B08F6 [stack]:00007FFEDB5B08F6 loc_7FFEDB5B08F6: ; CODE XREF: [stack]:00007FFEDB5B08F2↑j [stack]:00007FFEDB5B08F6 add rax, 1 [stack]:00007FFEDB5B08FA add byte ptr [rax], 0B5h [stack]:00007FFEDB5B08FD sub byte ptr [rax], 0ADh [stack]:00007FFEDB5B0900 ror byte ptr [rax], 89h [stack]:00007FFEDB5B0903 rol byte ptr [rax], 0A2h [stack]:00007FFEDB5B0906 rol byte ptr [rax], 11h [stack]:00007FFEDB5B0909 cmp byte ptr [rax], 0D8h [stack]:00007FFEDB5B090C jz short loc_7FFEDB5B0910 [stack]:00007FFEDB5B090E jmp rbx [stack]:00007FFEDB5B0910 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B0910 [stack]:00007FFEDB5B0910 loc_7FFEDB5B0910: ; CODE XREF: [stack]:00007FFEDB5B090C↑j [stack]:00007FFEDB5B0910 add rax, 1 [stack]:00007FFEDB5B0914 add byte ptr [rax], 40h [stack]:00007FFEDB5B0917 sub byte ptr [rax], 21h [stack]:00007FFEDB5B091A ror byte ptr [rax], 0C0h [stack]:00007FFEDB5B091D cmp byte ptr [rax], 82h [stack]:00007FFEDB5B0920 jz short loc_7FFEDB5B0924 [stack]:00007FFEDB5B0922 jmp rbx [stack]:00007FFEDB5B0924 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B0924 [stack]:00007FFEDB5B0924 loc_7FFEDB5B0924: ; CODE XREF: [stack]:00007FFEDB5B0920↑j [stack]:00007FFEDB5B0924 add rax, 1 [stack]:00007FFEDB5B0928 rol byte ptr [rax], 0E3h [stack]:00007FFEDB5B092B cmp byte ptr [rax], 7Bh [stack]:00007FFEDB5B092E jz short loc_7FFEDB5B0932 [stack]:00007FFEDB5B0930 jmp rbx [stack]:00007FFEDB5B0932 ; --------------------------------------------------------------------------- [stack]:00007FFEDB5B0932 [stack]:00007FFEDB5B0932 loc_7FFEDB5B0932: ; CODE XREF: [stack]:00007FFEDB5B092E↑j [stack]:00007FFEDB5B0932 add rax, 1 [stack]:00007FFEDB5B0936 sub byte ptr [rax], 78h [stack]:00007FFEDB5B0939 ror byte ptr [rax], 0F6h [stack]:00007FFEDB5B093C cmp byte ptr [rax], 0D7h [stack]:00007FFEDB5B093F jz short loc_7FFEDB5B0943 [stack]:00007FFEDB5B0941 jmp rbx [stack]:00007FFEDB5B0943 ; ------------------------
另外,每个字符加密都不一样。。。,有点恶心
def rol(a,b,c=0):
a=bin(a)[2:]
l=[]
for i in range(8-len(a)):
l.append('0')
for i in a:
l.append(i)
for i in range(b):
t=l[0]
for j in range(len(l)-1):
l[j]=l[j+1]
l[len(l)-1]=t
a=''
for i in l:
a+=i
return(chr((int(a,2)-c)&0xff))
def ror(a,b,c=0):
a=bin(a)[2:]
l=[]
for i in range(8-len(a)):
l.append('0')
for i in a:
l.append(i)
for i in range(b):
t=l[len(l)-1]
for j in range(len(l)-1,0,-1):
l[j]=l[j-1]
l[0]=t
a=''
for i in l:
a+=i
return(chr((int(a,2)-c)&0xff))
print(rol(0x1b,0xf2),end="")
print(chr(0x30^0xb3^0xf2^0x40),end="")
print(chr(0x1f^0x71),end="")
print(rol(0xb0,0xbc,0xa3),end="")
print(chr(0xff&(0xe8+0x79)),end="")
print(rol(0xff&(0xf6+0x28),0x82),end="")
print(rol(0xff&(0x1f-0x2c),0x4d,-0xb0),end="")
print(ror((ord(rol(0xff&(0xaf-0x3f),0x2a))^0xb8),0x99,0x54),end="")
print(rol(0x5d,0xba),end="")
print(chr(ord(rol(0xff&(0x29-0x30),0x6c))^0xed),end="")
print(chr(0xff&(0xb5+0xbf)),end="")
print(ror(ord(ror(0xff&(0xa5-0x63+0x31),0x7b,0x8c)),0xbc),end="")
print(ror(ord(ror(ord(ror(0xf3,0x98))^0xae,0x16)),0x20),end="")
print(rol(0xff&(0xa6-0xd2),0x6e),end="")
print(chr(0x62-0x34),end="")
print(chr(((0x32^0xb2)-0x62+0x10-0xcd)&0xff),end="")
print(chr(ord(rol(0xeb,0x7))^0x73^0xb7),end="")
print(rol(0xff&(0x0b+0x4c-0x5b),0x36,-0x61+0x34),end="")
print(chr(0x9a-0x5a),end="")
print(rol(0x99,0xa2),end="")
print(chr(0xff&(0x2b+0xe7)^0x7e),end="")
print(chr(0xff&(0xff&(ord(rol(ord(ror(0xaf,0x57)),0x4a,0x4e))^0x86)+0xb8)),end="")
print(rol(ord(ror(0xc3^0xad^0x4a,0x95))^0xe8,0x86),end="")
print(rol(((0x3-0x1c)^0xcc)&0xff,0x45),end="")
print(chr(0xff&(0xe3+0x4a)),end="")
print(chr(ord(rol(0xca,0x90))^0xa5),end="")
print(rol(ord(ror(0xff&(0x3e+0xd8)^0x78,0x36)),0xde),end="")
print(rol(ord(ror(ord(ror(0xd8,0x11)),0xa2)),0x89,0xB5-0xad),end="")
print(rol(0x82,0xc0,0x40-0x21),end="")
print(ror(0x7b,0xe3),end="")
print(rol(0xd7,0xf6,-0x78),end="")
print("")