[buuctf.reverse] 103_ [CFI-CTF 2018]powerPacked

powerPC Things that are , If IDA It's really hard to do without plug-ins . I didn't have

But it can be used Retdec Decompilation can be implemented

py \tools\retdec\bin\retdec-decompiler.py powerPacker

And then to get c Code of language , Find the main encryption logic

int main(int argc, char ** argv) {
    char * v1 = (char *)0x45484b7d; // bp-48, 0x100006f0
    int32_t v2; // 0x100006bc
    printf("Insert password : ", (int32_t)argv, v2, 0x45484b7d, 0x6b616e71, 0x78676172, L"mg", 0x7265);
    int32_t v3; // bp-80, 0x100006bc
    scanf("%31s", &v3, v2, 0x45484b7d, 0x6b616e71, 0x78676172, L"mg", 0x7265);
    for (int32_t i = 0; i < 21; i++) {
        char * v4 = (char *)(i + (int32_t)&v1); // 0x10000760
        *v4 = (char)((0x1000000 * (int32_t)*v4 - 0x2000000) / 0x1000000);   // Subtract... From a given string 2 Compare again 
    }
    // 0x10000798
    if (strcmp(&v3, (int32_t *)&v1) == 0) {
        // 0x100007b8
        puts("Password is correct. Submit this as the flag.");
    } else {
        // 0x100007c8
        puts("Wrong password.");
    }
    // 0x100007d4
    return 0;
}

The encryption method is to subtract... From a given string 2 Then compare with the input , Note that the string given here is in the form of 32 Bit shaping gives , It is not clear whether it is the program itself or the decompiler . But it's good to see .

a = b'EHK}kanqxgarqygtre'
print(bytes([i-2 for i in a]))
#CFI{i_love_powerpc
#flag{i_love_powerpc}

Subtract a given string 2 And then deal with the package .1 It's incredible that there will be such a simple problem after the partition .