当前位置:网站首页>CTF reverse Foundation
CTF reverse Foundation
2022-07-05 20:16:00 【Day-3】
For more resources, please go to :https://github.com/SycloverTeam/SycRevLearn see .
1 IDA location main function
function T1.exe.
Put the executable program into IDA in , And find characters .
double-click .
Press F5, Enter code .
You can rename the function , At this time, we have got flag.
2 Simple encryption algorithm
take T2.exe Drag in IDA in , Locate the main function , The code is as follows :
so 3,flag After encryption transformation , So we can inverse it to get flag.
Write a C Language script .
#include <stdio.h>
#include <string.h>
int main()
{
char str[] = "gmbh|ZPV`GJOE`JU`IBIB~";
for (int i = 0; i < strlen(str); i ++)
--str[i];
printf("%s\n", str);
return 0;
}
obtain flag.
Next, look at another simple encryption . First we need to know the concept of XOR .
take T3.exe Put in IDA From the analysis, it is concluded that :
Write a script :
data = [0x66,0x6D,0x63,0x64,0x7F,0x5C,0x49,0x52,0x57,0x4F,0x43,0x45,0x48,0x52,0x47,0x5B,0x4F,0x59,0x53,0x5B,0x55,0x68]
for i in range(len(data)):
data[i] ^= i
print (chr(data[i]),end ="")
3 Base64 code
take T4.exe Throw in IDA in , View source code ;
First process the encoding and then XOR decryption to get Flag.
4 Base64 Change the table in reverse
5 IDA Dynamic debugging
To set breakpoints .
debugging .
obtain Flag.
5 IDA Dynamic debugging solution RC4
F8 step over .
Debugging in an additional form bypasses anti debugging .
Input data .
v7 The data of .
transformation .
obtain Flag.
6 IDA Code repair and Array recognition
The return value of the function is meaningless, and the function type can be removed .
The amount of code is reduced a lot , You can also use shortcut keys v key .
There are also some wrong types of variables , It can also be modified in this way .
7 UPX Shelling
Remote execution IDA.
remote debugger .
Set up IP Address .
F4 The program executes to the currently selected code segment .
One step .call Step over .
Create a function .
F5 Decompile .
obtain Flag.
边栏推荐
- 1: Citation;
- 强化学习-学习笔记4 | Actor-Critic
- Solve the problem that the database configuration information under the ThinkPHP framework application directory is still connected by default after modification
- Is it safe for CICC fortune to open an account online?
- Unity编辑器扩展 UI控件篇
- Codeforces Round #804 (Div. 2) - A, B, C
- Guidelines for application of Shenzhen green and low carbon industry support plan in 2023
- [quick start of Digital IC Verification] 3. Introduction to the whole process of Digital IC Design
- Debezium series: record the messages parsed by debezium and the solutions after the MariaDB database deletes multiple temporary tables
- 挖财钱堂教育靠谱安全吗?
猜你喜欢
Leetcode skimming: binary tree 17 (construct binary tree from middle order and post order traversal sequence)
【数字IC验证快速入门】9、Verilog RTL设计必会的有限状态机(FSM)
About the priority of Bram IP reset
A solution to PHP's inability to convert strings into JSON
Zero cloud new UI design
秋招字节面试官问你还有什么问题?其实你已经踩雷了
[quick start of Digital IC Verification] 6. Quick start of questasim (taking the design and verification of full adder as an example)
Wechat applet regular expression extraction link
解决Thinkphp框架应用目录下数据库配置信息修改后依然按默认方式连接
Leetcode: binary tree 15 (find the value in the lower left corner of the tree)
随机推荐
.Net分布式事务及落地解决方案
Flume series: interceptor filtering data
[C language] merge sort
信息学奥赛一本通 1338:【例3-3】医院设置 | 洛谷 P1364 医院设置
S7-200smart uses V90 Modbus communication control library to control the specific methods and steps of V90 servo
[quick start of Digital IC Verification] 7. Basic knowledge of digital circuits necessary for verification positions (including common interview questions)
After 95, Alibaba P7 published the payroll: it's really fragrant to make up this
【数字IC验证快速入门】6、Questasim 快速上手使用(以全加器设计与验证为例)
走入并行的世界
ByteDance dev better technology salon was successfully held, and we joined hands with Huatai to share our experience in improving the efficiency of web research and development
深度學習 卷積神經網絡(CNN)基礎
Leetcode skimming: binary tree 17 (construct binary tree from middle order and post order traversal sequence)
mongodb基操的练习
Unity editor extended UI control
Go language | 02 for loop and the use of common functions
Leetcode brush question: binary tree 14 (sum of left leaves)
C language OJ gets PE, OJ of ACM introduction~
- Oui. Net Distributed Transaction and Landing Solution
Database logic processing function
leetcode刷题:二叉树11(平衡二叉树)