gfsj re1
game
前言:不通过游戏的方法
1.打开附件
2.查壳
无壳
3.用ida分析
放入ida
4.shift+f12查看字符
往下拉
有个没有什么明显提示。
5.用f5
跟进main
(其实在这里就知道通关密码了)
拉到最下面发现是sub…所以这个里面可能是核心,跟进
再跟进
这个应该很重要
往下拉是一堆数字
这个应该那些数字的变化方式,分析发现函数进行了两次xor运算,xor的逆运算也是xor,那么我们就可以根据这个运算来写脚本得到最后的flag
这里看到v2和v59这就证明了这是两个数组的运算,所以我们应该将上面的字符串分成两个数组,分别从v2和v59开始
提取数据(shift+e)发现是
看规律可知是取第四个值即可,脚本如下
t=[ 1, 198, 69, 188, 18, 198, 69, 189, 64, 198, 69,190, 98, 198, 69, 191, 5, 198, 69, 192, 2,198, 69, 193, 4, 198, 69, 194, 6, 198, 69,195, 3, 198, 69, 196, 6, 198, 69, 197, 48,198, 69, 198, 49, 198, 69, 199, 65, 198, 69,200, 32, 198, 69, 201, 12, 198, 69, 202, 48,198, 69, 203, 65, 198, 69, 204, 31, 198, 69,205, 78, 198, 69, 206, 62, 198, 69, 207, 32,198, 69, 208, 49, 198, 69, 209, 32, 198, 69,210, 1, 198, 69, 211, 57, 198, 69, 212, 96,198, 69, 213, 3, 198, 69, 214, 21, 198, 69,215, 9, 198, 69, 216, 4, 198, 69, 217, 62,198, 69, 218, 3, 198, 69, 219, 5, 198, 69,220, 4, 198, 69, 221, 1, 198, 69, 222, 2,198, 69, 223, 3, 198, 69, 224, 44, 198, 69,225, 65, 198, 69, 226, 78, 198, 69, 227, 32,198, 69, 228, 16, 198, 69, 229, 97, 198, 69,230, 54, 198, 69, 231, 16, 198, 69, 232, 44,198, 69, 233, 52, 198, 69, 234, 32, 198, 69,235, 64, 198, 69, 236, 89, 198, 69, 237, 45,198, 69, 238, 32, 198, 69, 239, 65, 198, 69,240, 15, 198, 69, 241, 34, 198, 69, 242, 18,198, 69, 243, 16, 198, 69, 244, 0]
for i in range(0,len(t),4):print(t[i], end='')print(',', end='')
这里面有一点,要注意,我在第一个加了一个1,就不多解释了。
下面那个同理,稍改一下就行。
下面是xor的脚本
b = [18,64,98,5,2,4,6,3,6,48,49,65,32,12,48,65,31,78,62,32,49,32,1,57,96,3,21,9,4,62,3,5,4,1,2,3,44,65,78,32,16,97,54,16,44,52,32,64,89,45,32,65,15,34,18,16,0,]
a = [123,32,18,98,119,108,65,41,124,80,125,38,124,111,74,49,83,108,94,108,84,6,96,83,44,121,104,110,32,95,117,101,99,123,127,119,96,48,107,71,92,29,81,107,90,85,64,12,43,76,86,13,114,1,117,126,0,]
c = ""
for i in range(56):a[i] = a[i] ^ b[i]a[i] = a[i] ^ (0x13)c += chr(a[i])
print(c)
zsctf{T9is_tOpic_1s_v5ry_int7resting_b6t_others_are_n0t}
本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场,不承担相关法律责任。如若转载,请注明出处。 如若内容造成侵权/违法违规/事实不符,请点击【内容举报】进行投诉反馈!