Foreword

I am fortunate to participate in the competition of the enterprise group of the 2nd Shanxi Network Security Skills Competition in 2022. This is the first time I have participated in the ctf competition. I went there for the purpose of accumulating practical experience. The ranking is a bit unexpected.

Tips: The following is the text of this article.

I. Question

Title:

Reverse questions.

Attachments:

intertwine.exe

Second, problem solving steps

1. Problem solving ideas

Load IDA, F5 to view the pseudo code, familiar with the function of the code, and reverse the result.

2. Problem solving process

The main algorithm can be seen after IDA is loaded:int __cdecl main(int argc, const char **argv, const char **envp){int result; // eaxchar v4; // [esp+0h] [ebp-17Ch]int j; // [esp+4Ch] [ebp-130h]int i; // [esp+50h] [ebp-12Ch]int v7; // [esp+54h] [ebp-128h]int v8[32]; // [esp+58h] [ebp-124h]int v9[32]; // [esp+D8h] [ebp-A4h]char Str[36]; // [esp+158h] [ebp-24h] BYREF__CheckForDebuggerJustMyCode(&unk_406015);v9[0] = 133;v9[1] = 113;v9[2] = 68;v9[3] = 124;v9[4] = 67;v9[5] = 27;v9[6] = 148;v9[7] = 63;v9[8] = 121;v9[9] = 165;v9[10] = 61;v9[11] = 54;v9[12] = 83;v9[13] = 66;v9[14] = 96;v9[15] = 87;v9[16] = 104;v9[17] = 97;v9[18] = 49;v9[19] = 54;v9[20] = 115;v9[21] = 27;v9[22] = 97;v9[23] = 17;v9[24] = 113;v9[25] = 126;v9[26] = 51;v9[27] = 25;v9[28] = 61;v9[29] = 115;v9[30] = 32;v9[31] = 1;v8[0] = 44512;v8[1] = 44288;v8[2] = 44288;v8[3] = 44000;v8[4] = 44320;v8[5] = 44000;v8[6] = 44288;v8[7] = 43008;v8[8] = 44736;v8[9] = 44192;v8[10] = 44000;v8[11] = 44448;v8[12] = 44064;v8[13] = 44480;v8[14] = 44832;v8[15] = 44000;v8[16] = 44224;v8[17] = 44064;v8[18] = 44480;v8[19] = 44672;v8[20] = 44064;v8[21] = 42656;v8[22] = 44672;v8[23] = 44320;v8[24] = 44128;v8[25] = 44000;v8[26] = 44480;v8[27] = 44704;v8[28] = 44448;v8[29] = 43072;v8[30] = 44192;v8[31] = 44608;memset(Str, 0, 0x21u);sub_401450("Input key:", v4);sub_4014A0("%256s", (char)Str);if ( strlen(Str) == 32 ){for ( i = 0; i < 32; ++i ){v7 = 0;for ( j = 0; j < 32; ++j )v7 += 16 * v9[j] + Str[i];if ( v7 != v8[i] ){puts("Wrong");return 0;}}puts("Pass");puts("flag is DASCTF{Input}");result = 0;}else{puts("Wrong");result = 0;}return result;

Main algorithm:for ( j = 0; j < 32; ++j )v7 += 16 * v9[j] + Str[i];if ( v7 != v8[i] )v7=v8 a certain value, here is an example, take the 0th value.v8[0]=16*sum(v9)+32*ascii value of the first character enteredFrom this it can be seen that:Enter the Ascii value of the first character = (v8[0]-16*sum(v9))/32

>> v8=[0]*32>>> v9=[0]*32>>> exec('''v9[0] = 133v9[1] = 113v9[2] = 68v9[3] = 124v9[4] = 67v9[5] = 27v9[6] = 148v9[7] = 63v9[8] = 121v9[9] = 165v9[10] = 61v9[11] = 54v9[12] = 83v9[13] = 66v9[14] = 96v9[15] = 87v9[16] = 104v9[17] = 97v9[18] = 49v9[19] = 54v9[20] = 115v9[21] = 27v9[22] = 97v9[23] = 17v9[24] = 113v9[25] = 126v9[26] = 51v9[27] = 25v9[28] = 61v9[29] = 115v9[30] = 32v9[31] = 1v8[0] = 44512v8[1] = 44288v8[2] = 44288v8[3] = 44000v8[4] = 44320v8[5] = 44000v8[6] = 44288v8[7] = 43008v8[8] = 44736v8[9] = 44192v8[10] = 44000v8[11] = 44448v8[12] = 44064v8[13] = 44480v8[14] = 44832v8[15] = 44000v8[16] = 44224v8[17] = 44064v8[18] = 44480v8[19] = 44672v8[20] = 44064v8[21] = 42656v8[22] = 44672v8[23] = 44320v8[24] = 44128v8[25] = 44000v8[26] = 44480v8[27] = 44704v8[28] = 44448v8[29] = 43072v8[30] = 44192v8[31] = 44608''')>>> flag=[(v8[i]-16*sum(v9))//32 for i in range(32)]>>> flag[111, 104, 104, 95, 105, 95, 104, 64, 118, 101, 95, 109, 97, 110, 121, 95, 102, 97, 110, 116, 97, 53, 116, 105, 99, 95, 110, 117, 109, 66, 101, 114]>>> print(''.join(chr(i) for i in flag))[email protected]_many_fanta5tic_numBer

flag is:

[email protected]_many_fanta5tic_numBer

III. Summary

Resolved during the game.