参考
https://www.52pojie.cn/thread-1792441-1-1.html
查壳
无
IDA静态分析
反编译main函数
int __cdecl main(int argc, const char **argv, const char **envp)
{
v3 = std::operator<<<std::char_traits<char>>(&std::cout, "please input flag");
std::ostream::operator<<(v3, std::endl<char,std::char_traits<char>>);
std::operator>><char>(&std::cin, &str);
if ( std::string::length(&str) == 24 )
{
p_str = &str;
v14 = std::string::_Unchecked_begin(&str);
v13 = std::string::_Unchecked_end(&str);
while ( v14 != v13 )
{
item = *v14;
lambda_1b3a4e77a09e1a7ed440bad3aa4c443b_::operator()(&add, item);
++v14;
}
qmemcpy(key, "rxusoCqxw{yqK`{KZqag{r`i", sizeof(key));
lambda_7686c8adb828765130ce2b0d457195d9_::_lambda_7686c8adb828765130ce2b0d457195d9_(
&cmp,
(unsigned __int8 (*)[24])key);
v9 = std::vector<unsigned char>::_Unchecked_begin(&v);
v8 = std::vector<unsigned char>::_Unchecked_end(&v);
while ( v9 != v8 )
{
if ( !lambda_7686c8adb828765130ce2b0d457195d9_::operator()(&cmp, *v9) )
{
v6 = std::operator<<<std::char_traits<char>>(&std::cout, "error");
std::ostream::operator<<(v6, std::endl<char,std::char_traits<char>>);
LOBYTE(v19) = 0;
std::vector<unsigned char>::~vector<unsigned char>(&v);
v19 = -1;
std::string::~string(&str);
return 0;
}
++v9;
}
v7 = std::operator<<<std::char_traits<char>>(&std::cout, "good job");
关键步骤
- 对输入的24个字符进行异或
while ( v14 != v13 )
{
item = *v14;
lambda_1b3a4e77a09e1a7ed440bad3aa4c443b_::operator()(&add, item);
++v14;
}
- 逐位比较
while ( v9 != v8 )
{
if ( !lambda_7686c8adb828765130ce2b0d457195d9_::operator()(&cmp, *v9) )
{
v6 = std::operator<<<std::char_traits<char>>(&std::cout, "error");
std::ostream::operator<<(v6, std::endl<char,std::char_traits<char>>);
LOBYTE(v19) = 0;
std::vector<unsigned char>::~vector<unsigned char>(&v);
v19 = -1;
std::string::~string(&str);
return 0;
}
++v9;
}
题解
s = 'rxusoCqxw{yqK`{KZqag{r`i'
for i in range(len(s)):
print(chr(ord(s[i]) ^ 0x14), end='')