一个简单的crackme欢迎来搞!
相对比较简单,欢迎来搞,哈哈 flag{59b8ed8f-af22-11e7-bb4a-3cf862d1ee75}2017年的修改日期,确定是你自己写的?
脱壳 得到两个表.两个表互相反疑惑. 走42次得出 flag. 在上班.偷偷看了下逻辑.哈哈. flag{59b8ed8f-af22-11e7-bb4a-3cf862d1ee75} 本帖最后由 By小猪 于 2020-6-12 17:23 编辑
flag{59b8ed8f-af22-11e7-bb4a-3cf862d1ee75}
代码如下:
unsigned char szDataFlag[] =
{
0x74, 0x68, 0x69, 0x73, 0x5F, 0x69, 0x73, 0x5F, 0x6E, 0x6F,
0x74, 0x5F, 0x66, 0x6C, 0x61, 0x67, 0x00
};
unsigned int ida_chars[] =
{
0x00000012, 0x00000004, 0x00000008, 0x00000014, 0x00000024, 0x0000005C, 0x0000004A, 0x0000003D,
0x00000056, 0x0000000A, 0x00000010, 0x00000067, 0x00000000, 0x00000041, 0x00000000, 0x00000001,
0x00000046, 0x0000005A, 0x00000044, 0x00000042, 0x0000006E, 0x0000000C, 0x00000044, 0x00000072,
0x0000000C, 0x0000000D, 0x00000040, 0x0000003E, 0x0000004B, 0x0000005F, 0x00000002, 0x00000001,
0x0000004C, 0x0000005E, 0x0000005B, 0x00000017, 0x0000006E, 0x0000000C, 0x00000016, 0x00000068,
0x0000005B, 0x00000012, 0x00000000, 0x00000000, 0x00000048
};
std::string flag = "";
for (auto i = 0; i < sizeof(ida_chars) / sizeof(ida_chars); i++)
{
if (i == 42)
{
break;
}
char ch = (szDataFlag ^ ida_chars);
flag += ch;
}
其实就是字符串与 表进行亦或.
IDA打开如下
两个表, 用 this_is_not_flag 疑惑下边的 Debyte表即可得出正确flag
结果:
新手注意有壳, 直接ESP定律脱,也可以看下我博客.
https://www.cnblogs.com/iBinary/p/7726721.html
关于结构中的值,直接IDA shift + E 导出即可.
```
CharList=[
0x74, 0x68, 0x69, 0x73, 0x5F, 0x69, 0x73, 0x5F, 0x6E, 0x6F,
0x74, 0x5F, 0x66, 0x6C, 0x61, 0x67]
DeList = [
18, 4,8,20, 36,92,74,61,86,10,16,103,0,65,0,1,
70,90,68,66,110,12,68,114,12,13,64,62,75,95,2,
1,76,94,91,23,110,12,22,104,91,18,0,0,72
]
for number in range(0,42):
print(chr(CharList ^ DeList),end="")
#flag{59b8ed8f-af22-11e7-bb4a-3cf862d1ee75}
```
页:
[1]