攻防世界-萌新入门- alexctf-2017 re2-cpp-is-awesome

Alikas-0x0C
题目：攻防世界-萌新入门- alexctf-2017 re2-cpp-is-awesome

[这两天在撸国赛，萌新的自闭比赛就是了]

题目提示C++，那就直接拖进IDA吧

F12，看到字符串，点进去，追着交叉引用到mian函数，主要代码：

 for ( i = std::__cxx11::basic_string,std::allocator>::begin((__int64)&v12);
        ;
        sub_400D7A(&i) )
  {
    v14 = std::__cxx11::basic_string,std::allocator>::end(&v12);
    if ( !sub_400D3D((__int64)&i, (__int64)&v14) )
      break;
    v9 = *(unsigned __int8 *)sub_400D9A((__int64)&i);
    if ( (_BYTE)v9 != off_6020A0[dword_6020C0[v15]] )
      sub_400B56((__int64)&i, (__int64)&v14, v9);// Better luck next time\n
                                                // 
    ++v15;
  }
  sub_400B73((__int64)&i, (__int64)&v14, v8);   // You should have the flag by now\n
                                                // 

用户输入后，for循环，将flag逐个与字符off_6020A0[dword_6020C0[v15]]进行比较

查看数组dword_6020C0和off_6020A0[我这里按Y修改了dword_6020C0的类型，更加直观]

脚本如下：

s =[36,0,5,54,101,7,39,38,45,1,3,0,13,86,1,3,101,3,45,22,2,21,3,101,0,41,68,68,1,68,43]

print len(s)

key = "L3t_ME_T3ll_Y0u_S0m3th1ng_1mp0rtant_A_{FL4G}_W0nt_b3_3X4ctly_th4t_345y_t0_c4ptur3_H0wev3r_1T_w1ll_b3_C00l_1F_Y0u_g0t_1t"

flag = ""

for i in xrange(len(s)):

flag += key[s[i]]

print flag

运行得flag：ALEXCTF{W3_L0v3_C_W1th_CL45535}

总结：今天先水一下…明日再看看国赛的题吧！