攻防世界elrond32题解

使用exeinfope查看文件信息

查看后发现是一个32位的ELF可执行文件，丢进IDA32查看反汇编代码

分析反汇编代码

首先找到main函数，F5查看伪代码

看见Access granted显然可知sub_8048538()函数是输出flag的函数，点开看看

看代码发现我们需要得到数组a2的值，于是回到main函数，发现a2与sub_8048414()函数有关，点开看看

分析函数，写出代码，得到a2数组

int a1[20]={
     105,101,0,110,100,97,103,115,0,114,0,0};
for(int i=0;;i=7*(i+1)%11,k++){
     
		a2[k]=a1[i];
		printf("*%d\n",i);
		if(i==2||i==8||i>9)break;
		
	}
-->a2={
     105,115,101,110,103,97,114,100,0}

继续分析sub_8048538()函数，发现我们还需要知道v2数组的值，根据代码

qmemcpy(v2, &unk_8048760, sizeof(v2));

知道v2是从unk_8048760处复制了33个int
查看unk_8048760的值

一个int占4个内存，所以剩下3个的内存用0填充，最后得出

int v2[33]={
     0x0F,0x1F,0x04,0x09,0x1C,0x12,0x42,0x09,0x0C,0x44,0x0D,0x07,0x09,0x06,0x2D,0x37,0x59,0x1E,0x00,0x59,0x0F,0x08,0x1C,0x23,0x36,0x07,0x55,0x02,0x0C,0x08,0x41,0x0A,0x14};

编写代码获取flag

#include
#include
#include
#include
int a1[20]={
     105,101,0,110,100,97,103,115,0,114};
int main()
{
     
	int a2[20],k=0;
	int v2[33]={
     0x0F,0x1F,0x04,0x09,0x1C,0x12,0x42,0x09,0x0C,0x44,0x0D,0x07,0x09,0x06,0x2D,0x37,0x59,0x1E,0x00,0x59,0x0F,0x08,0x1C,0x23,0x36,0x07,0x55,0x02,0x0C,0x08,0x41,0x0A,0x14};
	for(int i=0;;i=7*(i+1)%11,k++){
     
		a2[k]=a1[i];
		if(i==2||i==8||i>9)break;
		
	}
	for ( int i = 0; i <= 32; ++i )
    putchar(v2[i] ^ a2[i % 8]);
}
-->flag{
     s0me7hing_S0me7hinG_t0lki3n}