当前位置:网站首页>[wp][入门]攻防世界-game

[wp][入门]攻防世界-game

2022-06-12 14:18:00 _小飒

攻防世界
game

方法一

找到主程序
在这里插入图片描述

void main_0()
{
    
  char v0; // ST08_1
  char v1; // ST08_1
  char v2; // ST08_1
  char v3; // ST08_1
  char v4; // ST08_1
  char v5; // ST08_1
  char v6; // ST08_1
  char v7; // ST08_1
  char v8; // ST08_1
  char v9; // ST08_1
  char v10; // ST08_1
  char v11; // ST08_1
  char v12; // ST08_1
  char v13; // ST08_1
  char v14; // ST08_1
  char v15; // ST08_1
  char v16; // ST08_1
  char v17; // ST08_1
  char v18; // [esp+0h] [ebp-FCh]
  char v19; // [esp+0h] [ebp-FCh]
  signed int i; // [esp+DCh] [ebp-20h]
  int v21; // [esp+F4h] [ebp-8h]

  sub_45A7BE((int)&unk_50B110, v18);
  sub_45A7BE((int)&unk_50B158, v0);
  sub_45A7BE((int)&unk_50B1A0, v1);
  sub_45A7BE((int)&unk_50B1E8, v2);
  sub_45A7BE((int)&unk_50B230, v3);
  sub_45A7BE((int)&unk_50B278, v4);
  sub_45A7BE((int)&unk_50B2C0, v5);
  sub_45A7BE((int)&unk_50B308, v6);
  sub_45A7BE((int)&unk_50AFD0, v7);
  sub_45A7BE((int)"| by 0x61 |\n", v8);
  sub_45A7BE((int)"| |\n", v9);
  sub_45A7BE((int)"|------------------------------------------------------|\n", v10);
  sub_45A7BE(
    (int)"Play a game\n"
         "The n is the serial number of the lamp,and m is the state of the lamp\n"
         "If m of the Nth lamp is 1,it's on ,if not it's off\n"
         "At first all the lights were closed\n",
    v11);
  sub_45A7BE((int)"Now you can input n to change its state\n", v12);
  sub_45A7BE(
    (int)"But you should pay attention to one thing,if you change the state of the Nth lamp,the state of (N-1)th and (N+1"
         ")th will be changed too\n",
    v13);
  sub_45A7BE((int)"When all lamps are on,flag will appear\n", v14);
  sub_45A7BE((int)"Now,input n \n", v15);
  while ( 1 )
  {
    
    while ( 1 )
    {
    
      sub_45A7BE((int)"input n,n(1-8)\n", v19);
      sub_459418();
      sub_45A7BE((int)"n=", v16);
      sub_4596D4("%d", &v21);
      sub_45A7BE((int)"\n", v17);
      if ( v21 >= 0 && v21 <= 8 )
        break;
      sub_45A7BE((int)"sorry,n error,try again\n", v19);
    }
    if ( v21 )
    {
    
      sub_4576D6(v21 - 1);
    }
    else
    {
    
      for ( i = 0; i < 8; ++i )
      {
    
        if ( (unsigned int)i >= 9 )
          j____report_rangecheckfailure();
        byte_532E28[i] = 0;
      }
    }
    j__system("CLS");
    sub_458054();
    if ( byte_532E28[0] == 1
      && byte_532E28[1] == 1
      && byte_532E28[2] == 1
      && byte_532E28[3] == 1
      && byte_532E28[4] == 1
      && byte_532E28[5] == 1
      && byte_532E28[6] == 1
      && byte_532E28[7] == 1 )
    {
    
      sub_457AB4();
    }
  }
}

让用户输入v21,v21需要满足一些条件
猜测是让游戏循环8次(for 语句) 产生8个结果
运行完后,当8个结果满足一定条件
就运行sub_457AB4();
在这里插入图片描述
所以我们要看sub_457AB4();里是什么内容。双击,找到下面内容

sub_45A7BE((int)"done!!! the flag is ", v1);
  v60 = 18;
  v61 = 64;
  v62 = 98;
  v63 = 5;
  v64 = 2;
  v65 = 4;
  v66 = 6;
  v67 = 3;
  v68 = 6;
  v69 = 48;
  v70 = 49;
  v71 = 65;
  v72 = 32;
  v73 = 12;
  v74 = 48;
  v75 = 65;
  v76 = 31;
  v77 = 78;
  v78 = 62;
  v79 = 32;
  v80 = 49;
  v81 = 32;
  v82 = 1;
  v83 = 57;
  v84 = 96;
  v85 = 3;
  v86 = 21;
  v87 = 9;
  v88 = 4;
  v89 = 62;
  v90 = 3;
  v91 = 5;
  v92 = 4;
  v93 = 1;
  v94 = 2;
  v95 = 3;
  v96 = 44;
  v97 = 65;
  v98 = 78;
  v99 = 32;
  v100 = 16;
  v101 = 97;
  v102 = 54;
  v103 = 16;
  v104 = 44;
  v105 = 52;
  v106 = 32;
  v107 = 64;
  v108 = 89;
  v109 = 45;
  v110 = 32;
  v111 = 65;
  v112 = 15;
  v113 = 34;
  v114 = 18;
  v115 = 16;
  v116 = 0;
  v3 = 123;
  v4 = 32;
  v5 = 18;
  v6 = 98;
  v7 = 119;
  v8 = 108;
  v9 = 65;
  v10 = 41;
  v11 = 124;
  v12 = 80;
  v13 = 125;
  v14 = 38;
  v15 = 124;
  v16 = 111;
  v17 = 74;
  v18 = 49;
  v19 = 83;
  v20 = 108;
  v21 = 94;
  v22 = 108;
  v23 = 84;
  v24 = 6;
  v25 = 96;
  v26 = 83;
  v27 = 44;
  v28 = 121;
  v29 = 104;
  v30 = 110;
  v31 = 32;
  v32 = 95;
  v33 = 117;
  v34 = 101;
  v35 = 99;
  v36 = 123;
  v37 = 127;
  v38 = 119;
  v39 = 96;
  v40 = 48;
  v41 = 107;
  v42 = 71;
  v43 = 92;
  v44 = 29;
  v45 = 81;
  v46 = 107;
  v47 = 90;
  v48 = 85;
  v49 = 64;
  v50 = 12;
  v51 = 43;
  v52 = 76;
  v53 = 86;
  v54 = 13;
  v55 = 114;
  v56 = 1;
  v57 = 117;
  v58 = 126;
  v59 = 0;
  for ( i = 0; i < 56; ++i )
  {
    
    *(&v3 + i) ^= *(&v60 + i);
    *(&v3 + i) ^= 0x13u;
  }
  return sub_45A7BE((int)"%s\n", (unsigned int)&v3);
}

v3以下的和v60以上异或在和0x13异或
编写python代码解题

a=[123,32,18,98,119,108,65,41,124,80,125,38,124,111,74,49,83,108,94,108,84,6,96,83,44,121,104,110,32,95,117,101,99,123,127,119,96,48,107,71,92,29,81,107,90,85,64,12,43,76,86,13,114,1,117,126,0]
b=[ 18, 64, 98, 5, 2, 4, 6, 3, 6, 48, 49, 65, 32, 12, 48, 65, 31, 78, 62, 32, 49, 32, 1, 57, 96, 3, 21, 9, 4, 62, 3, 5, 4, 1, 2, 3, 44, 65, 78, 32, 16,97,54,16,44,52,32,64,89,45,32,65,15,34,18,16,0]
l=len(a)
for i in range(l):
	ch=chr(a[i]^b[i]^0x13)
	print(ch,end="")

方法二

在网上看到的
shift+s 后 alt+t(我个人尝试ctrl+f也可以)
找到done!!!the flag is 双击
在这里插入图片描述
右键 交叉引用列表(或者ctrl+x)
在这里插入图片描述
点0k 弹出来后 F5
后面过程和上面类似

原网站

版权声明
本文为[_小飒]所创,转载请带上原文链接,感谢
https://blog.csdn.net/Yjlay/article/details/125228365

边栏推荐

猜你喜欢

随机推荐