【攻防世界】Reverse——happyctf writeup

使用IDA分析,查看主程序:

int __cdecl main(int argc, const char **argv, const char **envp)
{
  std::ostream *v3; // eax
  std::ostream *v4; // eax
  int result; // eax
  std::ostream *v6; // eax
  std::ostream *v7; // eax
  unsigned __int8 *v8; // [esp+5Ch] [ebp-70h]
  unsigned __int8 *v9; // [esp+60h] [ebp-6Ch]
  main::__l2:: cmp; // [esp+68h] [ebp-64h] BYREF
  unsigned __int8 key[24]; // [esp+6Ch] [ebp-60h] BYREF
  char item; // [esp+87h] [ebp-45h]
  char *v13; // [esp+88h] [ebp-44h]
  char *v14; // [esp+8Ch] [ebp-40h]
  std::string *v15; // [esp+90h] [ebp-3Ch]
  main::__l2:: add; // [esp+94h] [ebp-38h] BYREF
  std::vector v; // [esp+98h] [ebp-34h] BYREF
  std::string str; // [esp+A4h] [ebp-28h] BYREF
  int v19; // [esp+C8h] [ebp-4h]

  std::string::string(&str);
  v19 = 0;
  v3 = std::operator<<>(&std::cout, "please input flag");
  std::ostream::operator<<(v3, std::endl>);
  std::operator>>(&std::cin, &str);
  if ( std::string::length(&str) == 24 )
  {
    std::vector::vector(&v);
    LOBYTE(v19) = 1;
    lambda_1b3a4e77a09e1a7ed440bad3aa4c443b_::_lambda_1b3a4e77a09e1a7ed440bad3aa4c443b_(&add, &v);
    v15 = &str;
    v14 = std::string::_Unchecked_begin(&str);
    v13 = std::string::_Unchecked_end(&str);
    while ( v14 != v13 )
    {
      item = *v14;
      lambda_1b3a4e77a09e1a7ed440bad3aa4c443b_::operator()(&add, item);
      ++v14;
    }
    qmemcpy(key, "rxusoCqxw{yqK`{KZqag{r`i", sizeof(key));
    lambda_7686c8adb828765130ce2b0d457195d9_::_lambda_7686c8adb828765130ce2b0d457195d9_(
      &cmp,
      (unsigned __int8 (*)[24])key);
    v9 = std::vector::_Unchecked_begin(&v);
    v8 = std::vector::_Unchecked_end(&v);
    while ( v9 != v8 )
    {
      if ( !lambda_7686c8adb828765130ce2b0d457195d9_::operator()(&cmp, *v9) )
      {
        v6 = std::operator<<>(&std::cout, "error");
        std::ostream::operator<<(v6, std::endl>);
        LOBYTE(v19) = 0;
        std::vector::~vector(&v);
        v19 = -1;
        std::string::~string(&str);
        return 0;
      }
      ++v9;
    }
    v7 = std::operator<<>(&std::cout, "good job");
    std::ostream::operator<<(v7, std::endl>);
    LOBYTE(v19) = 0;
    std::vector::~vector(&v);
    v19 = -1;
    std::string::~string(&str);
    result = 0;
  }
  else
  {
    v4 = std::operator<<>(&std::cout, "not enought");
    std::ostream::operator<<(v4, std::endl>);
    v19 = -1;
    std::string::~string(&str);
    result = 0;
  }
  return result;
}
void __thiscall lambda_1b3a4e77a09e1a7ed440bad3aa4c443b_::operator()(main::__l2:: *this, unsigned __int8 bytee)
{
  unsigned __int8 _Val[65]; // [esp+Fh] [ebp-45h] BYREF
  const main::__l2:: *thisa; // [esp+50h] [ebp-4h]

  thisa = this;
  _Val[0] = bytee ^ 0x14;
  std::vector::push_back(this->v, _Val);
  ++`_lambda_1b3a4e77a09e1a7ed440bad3aa4c443b_::operator()'::`2'::index;

这个程序就是把输入经过异或处理然后做对比,以下是破解:

text= "rxusoCqxw{yqK`{KZqag{r`i"
flag=''.join(chr(ord(c)^0x14) for c in text)
print(flag)

你可能感兴趣的:(逆向工程,CTF,安全)