2020 ciscn 东北分区赛 re题解

唉，居然没师傅出re题，悲伤
此题考点在于抓取或解密出迷宫，这里我用的原函数进行生成，改改几个定义就可以输出迷宫了：

#include
#include
#include 
#include
#include
#include
//#+OXJ xnB1 QWT4 9cnW cGFB ZOjn yfZo ZV1m 7+/v /29t f2c= 
__int64 sub_556D3A76F833(unsigned int* a1, int a2)
{
    int v3; // eax
    int v4[48]; // [rsp+10h] [rbp-E0h]
    int v5; // [rsp+D0h] [rbp-20h]
    int v6; // [rsp+DCh] [rbp-14h]
    int k; // [rsp+E0h] [rbp-10h]
    int j; // [rsp+E4h] [rbp-Ch]
    int i; // [rsp+E8h] [rbp-8h]
    unsigned int v10; // [rsp+ECh] [rbp-4h]

    if (a2 == 1)
        return *a1;
    v10 = 0;
    memset(v4, 0, sizeof(v4));
    v5 = 0;
    for (i = 0; i < a2; ++i)
    {
        for (j = 0; j < a2 - 1; ++j)
        {
            for (k = 0; k < a2 - 1; ++k)
            {
                if (k < i)
                    v3 = k;
                else
                    v3 = k + 1;
                v4[k + 7LL * j] = a1[7 * (j + 1LL) + v3];
            }
        }
        v6 = sub_556D3A76F833((unsigned int*)v4, a2 - 1);
        if (i & 1)
            v10 -= v6 * a1[i];
        else
            v10 += v6 * a1[i];
    }
    return v10;
}

unsigned __int64 __fastcall sub_556D3A76F99D(__int64 a1, int a2, unsigned int* a3)
{
    unsigned __int64 result; // rax
    signed __int64 v4; // rdx
    signed __int64 v5; // rdx
    int v6; // eax
    signed __int64 v7; // rbx
    int v8; // eax
    unsigned int* v9; // [rsp+8h] [rbp-108h]
    int v10[52]; // [rsp+20h] [rbp-F0h]
    int l; // [rsp+F0h] [rbp-20h]
    int k; // [rsp+F4h] [rbp-1Ch]
    int j; // [rsp+F8h] [rbp-18h]
    int i; // [rsp+FCh] [rbp-14h]

    v9 = a3;
    if (a2 == 1)
    {
        result = (unsigned __int64)a3;
        *a3 = 1;
    }
    else
    {
        for (i = 0; ; ++i)
        {
            result = (unsigned int)i;
            if (i >= a2)
                break;
            for (j = 0; j < a2; ++j)
            {
                for (k = 0; k < a2 - 1; ++k)
                {
                    for (l = 0; l < a2 - 1; ++l)
                    {
                        if (k < i)
                            v4 = 28LL * k;
                        else
                            v4 = 28LL * (k + 1);
                        v5 = a1 + v4;
                        if (l < j)
                            v6 = l;
                        else
                            v6 = l + 1;
                        v10[l + 7LL * k] = *(uint32_t*)(v5 + 4LL * v6);
                    }
                }
                v7 = (signed __int64)&v9[7 * j];
                v8 = sub_556D3A76F833((unsigned int*)v10, a2 - 1);
                *(unsigned int*)(v7 + 4LL * i) = v8;
                if ((j + i) % 2 == 1)
                    v9[7 * j + i] = -v9[7 * j + i];
            }
        }
    }
    return result;
}
signed __int64 __fastcall sub_556D3A76FB98(__int64 a1, int a2, __int64 a3)
{
    __int64 v4; // [rsp+8h] [rbp-E8h]
    unsigned int v5[49]; // [rsp+20h] [rbp-D0h]
    int v6; // [rsp+E4h] [rbp-Ch]
    int j; // [rsp+E8h] [rbp-8h]
    int i; // [rsp+ECh] [rbp-4h]

    v4 = a3;
    v6 = sub_556D3A76F833((unsigned int*)a1, a2);
    if (!v6)
        return 0LL;
    sub_556D3A76F99D(a1, a2, v5);
    for (i = 0; i < a2; ++i)
    {
        for (j = 0; j < a2; ++j)
            *(unsigned int*)(28LL * i + v4 + 4LL * j) = v5[j + 7LL * i] / v6;
    }
    return 1LL;
}

__int64 __fastcall sub_556D3A76F7A2(__int64 a1, signed int a2, __int64 a3)
{
    __int64 result; // rax
    signed int j; // [rsp+20h] [rbp-8h]
    signed int i; // [rsp+24h] [rbp-4h]

    for (i = 0; ; ++i)
    {
        result = (unsigned int)i;
        if (i >= a2)
            break;
        for (j = 0; j < a2; ++j)
            *(unsigned int*)(28LL * i + a3 + 4LL * j) = *(unsigned int*)(28LL * j + a1 + 4LL * (a2 - i - 1));
    }
    return result;
}
unsigned char unk_556D3A773160[255] = { 0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,0x3,0x0,0x0,0x0,0xff,0xff,0xff,0xff,0x0,0x0,0x0,0x0,0x1,0x0,0x0,0x0,0x2,0x0,0x0,0x0,0x1,0x0,0x0,0x0,0x1,0x0,0x0,0x0,0xfe,0xff,0xff,0xff,0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x0,0x0,0x0,0x0,0x1,0x0,0x0,0x0,0xff,0xff,0xff,0xff,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x1,0x0,0x0,0x0,0x3,0x0,0x0,0x0,0xfc,0xff,0xff,0xff,0x2,0x0,0x0,0x0,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x1,0x0,0x0,0x0,0x1,0x0,0x0,0x0,0x1,0x0,0x0,0x0,0x1,0x0,0x0,0x0,0xfe,0xff,0xff,0xff,0x1,0x0,0x0,0x0,0xff,0xff,0xff,0xff,0x0,0x0,0x0,0x0,0xff,0xff,0xff,0xff,0x0,0x0,0x0,0x0,0xff,0xff,0xff,0xff,0x2,0x0,0x0,0x0,0xff,0xff,0xff,0xff,0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0 };
int main()
{
//    char v8[255] = { 2,0,0,0,255,0,0,0,0,0,0,0,254,0,0,0,1,0,0,0,255,0,0,0,0,0,0,0,
//1,0,0,0,255,0,0,0,0,0,0,0,255,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,
//0,0,0,0,0,0,0,0,0,0,0,0,255,0,0,0,0,0,0,0,255,0,0,0,1,0,0,0,
//255,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,255,0,0,0,
//3,0,0,0,254,0,0,0,255,0,0,0,252,0,0,0,1,0,0,0,254,0,0,0,2,0,0,0,
//254,0,0,0,1,0,0,0,1,0,0,0,3,0,0,0,255,0,0,0,1,0,0,0,255,0,0,0,
//255,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,255,0,0,0,1,0,0,0,0,0,0,0 };
    char v8;
    memset(&v8, 0, 0xC0uLL);
    char v6;
    memset(&v6, 0, 0xC0uLL);
    int d;
  //  scanf("%d", &d);
    sub_556D3A76F7A2((__int64)&unk_556D3A773160, 7, (__int64)&v8);
    //for (int i = 0; i < 0xc0; i++)
    //{
    //    printf("%d ", *(&v8 + i));
    //    if (i % 28 == 0 && i != 0)
    //        printf("\n");
    //}
    printf("\n\n");
    sub_556D3A76FB98((__int64)&v8, 7, (__int64)&v6);
    for (int i = 0; i <= 0xc4; i++)
    {
        printf("%d ", *(&v6+i));
        if (i % 28 == 0 && i!=0)
            printf("\n");
    }
}

然后解密即可。