main函数:首先检查前4个字符是否“EIS{”,如果是,则会进入check函数。如果check返回true,则会显示“Congratulations”
int __cdecl main(int argc, const char **argv, const char **envp)
{
int result; // eax
size_t i; // [esp+4Ch] [ebp-8Ch]
char v5[8]; // [esp+50h] [ebp-88h] BYREF
char Str[128]; // [esp+58h] [ebp-80h] BYREF
printf(&unk_446360, "Give me your flag:");
notImportant(sub_403670);
sub_401440(Str, 127);
if ( strlen(Str) < 0x1E && strlen(Str) > 4 )
{
strcpy(v5, "EIS{");
for ( i = 0; i < strlen(v5); ++i )
{
if ( Str[i] != v5[i] )
goto Fail;
}
if ( Str[28] != 125 )
{
Fail:
printf(&unk_446360, "Sorry, keep trying! ");
notImportant(sub_403670);
return 0;
}
if ( (unsigned __int8)check(Str) )
printf(&unk_446360, "Congratulations! ");
else
printf(&unk_446360, "Sorry, keep trying! ");
notImportant(sub_403670);
result = 0;
}
else
{
printf(&unk_446360, "Sorry, keep trying!");
notImportant(sub_403670);
result = 0;
}
return result;
}
该函数的主要目的是检查输入字符串是否满足某种特定格式和加密规则,并返回布尔值表示结果。
bool __cdecl check(char *Str)
{
size_t v2; // eax
int v3; // [esp+50h] [ebp-B0h]
char Str2[32]; // [esp+54h] [ebp-ACh] BYREF
int v5; // [esp+74h] [ebp-8Ch]
int v6; // [esp+78h] [ebp-88h]
size_t i; // [esp+7Ch] [ebp-84h]
char v8[128]; // [esp+80h] [ebp-80h] BYREF
if ( strlen(Str) <= 4 )
return 0;
i = 4;
v6 = 0;
while ( i < strlen(Str) - 1 )
v8[v6++] = Str[i++];
v8[v6] = 0;
v5 = 0;
v3 = 0;
memset(Str2, 0, sizeof(Str2));
for ( i = 0; ; ++i )
{
v2 = strlen(v8);
if ( i >= v2 )
break;
if ( v8[i] >= 97 && v8[i] <= 122 )
{
v8[i] -= 32;
v3 = 1;
}
if ( !v3 && v8[i] >= 65 && v8[i] <= 90 )
v8[i] += 32;
Str2[i] = byte_4420B0[i] ^ sub_4013C0(v8[i]);
v3 = 0;
}
return strcmp("GONDPHyGjPEKruv{{pj]X@rF", Str2) == 0;
}
int __cdecl sub_4013C0(int a1)
{
return (a1 ^ 0x55) + 72;
}
用下面的代码输出flag:
byte_4420b0 = [
13, 19, 23, 17, 2, 1, 32, 29, 12, 2,
25, 47, 23, 43, 36, 31, 30, 22, 9, 15,
21, 39, 19, 38, 10, 47, 30, 26, 45, 12,
34, 4
]
enc="GONDPHyGjPEKruv{{pj]X@rF"
length = len(enc)
ori = []
v3 = 0
for i in range(length):
tmp = ord(enc[i])^byte_4420b0[i]
tmp = (tmp-72) ^ 0x55
ori.append(tmp)
if ori[i] >= 97 and ori[i] <= 122:
ori[i] -= 32
v3 = 1
if v3==0 and ori[i] >= 65 and ori[i] <= 90:
ori[i] += 32
v3 = 0
print(ori)
flag = 'EIS{' + ''.join(chr(i) for i in ori)+'}'
print(flag)