前言

有幸参加了2022年山西省第二届网络安全技能大赛企业组的比赛，这是第一次参加ctf比赛，本着积累实战经验的目的去的，排名有点意外。

提示：以下是本篇文章正文内容。

一、题目

题目：

逆向题。

附件：

intertwine.exe

二、解题步骤

1.解题思路

IDA加载，F5查看伪代码，熟悉代码作用，逆向推出结果。

2.解题过程

IDA加载后可看到主要算法：

int __cdecl main(int argc, const char **argv, const char **envp)
{
  int result; // eax
  char v4; // [esp+0h] [ebp-17Ch]
  int j; // [esp+4Ch] [ebp-130h]
  int i; // [esp+50h] [ebp-12Ch]
  int v7; // [esp+54h] [ebp-128h]
  int v8[32]; // [esp+58h] [ebp-124h]
  int v9[32]; // [esp+D8h] [ebp-A4h]
  char Str[36]; // [esp+158h] [ebp-24h] BYREF

  __CheckForDebuggerJustMyCode(&unk_406015);
  v9[0] = 133;
  v9[1] = 113;
  v9[2] = 68;
  v9[3] = 124;
  v9[4] = 67;
  v9[5] = 27;
  v9[6] = 148;
  v9[7] = 63;
  v9[8] = 121;
  v9[9] = 165;
  v9[10] = 61;
  v9[11] = 54;
  v9[12] = 83;
  v9[13] = 66;
  v9[14] = 96;
  v9[15] = 87;
  v9[16] = 104;
  v9[17] = 97;
  v9[18] = 49;
  v9[19] = 54;
  v9[20] = 115;
  v9[21] = 27;
  v9[22] = 97;
  v9[23] = 17;
  v9[24] = 113;
  v9[25] = 126;
  v9[26] = 51;
  v9[27] = 25;
  v9[28] = 61;
  v9[29] = 115;
  v9[30] = 32;
  v9[31] = 1;
  v8[0] = 44512;
  v8[1] = 44288;
  v8[2] = 44288;
  v8[3] = 44000;
  v8[4] = 44320;
  v8[5] = 44000;
  v8[6] = 44288;
  v8[7] = 43008;
  v8[8] = 44736;
  v8[9] = 44192;
  v8[10] = 44000;
  v8[11] = 44448;
  v8[12] = 44064;
  v8[13] = 44480;
  v8[14] = 44832;
  v8[15] = 44000;
  v8[16] = 44224;
  v8[17] = 44064;
  v8[18] = 44480;
  v8[19] = 44672;
  v8[20] = 44064;
  v8[21] = 42656;
  v8[22] = 44672;
  v8[23] = 44320;
  v8[24] = 44128;
  v8[25] = 44000;
  v8[26] = 44480;
  v8[27] = 44704;
  v8[28] = 44448;
  v8[29] = 43072;
  v8[30] = 44192;
  v8[31] = 44608;
  memset(Str, 0, 0x21u);
  sub_401450("Input key:", v4);
  sub_4014A0("%256s", (char)Str);
  if ( strlen(Str) == 32 )
  {
    for ( i = 0; i < 32; ++i )
    {
      v7 = 0;
      for ( j = 0; j < 32; ++j )
        v7 += 16 * v9[j] + Str[i];
      if ( v7 != v8[i] )
      {
        puts("Wrong");
        return 0;
      }
    }
    puts("Pass");
    puts("flag is DASCTF{Input}");
    result = 0;
  }
  else
  {
    puts("Wrong");
    result = 0;
  }
  return result;

主要算法：
for ( j = 0; j < 32; ++j )
        v7 += 16 * v9[j] + Str[i];
      if ( v7 != v8[i] )

v7=v8某个值，这里举例，取第0个值。
v8[0]=16*sum(v9)+32*输入的第一个字符的ascii值

由此可知：
输入第一个字符的Ascii值=(v8[0]-16*sum(v9))/32

>>> v8=[0]*32
>>> v9=[0]*32
>>> exec('''
v9[0] = 133
v9[1] = 113
v9[2] = 68
v9[3] = 124
v9[4] = 67
v9[5] = 27
v9[6] = 148
v9[7] = 63
v9[8] = 121
v9[9] = 165
v9[10] = 61
v9[11] = 54
v9[12] = 83
v9[13] = 66
v9[14] = 96
v9[15] = 87
v9[16] = 104
v9[17] = 97
v9[18] = 49
v9[19] = 54
v9[20] = 115
v9[21] = 27
v9[22] = 97
v9[23] = 17
v9[24] = 113
v9[25] = 126
v9[26] = 51
v9[27] = 25
v9[28] = 61
v9[29] = 115
v9[30] = 32
v9[31] = 1
v8[0] = 44512
v8[1] = 44288
v8[2] = 44288
v8[3] = 44000
v8[4] = 44320
v8[5] = 44000
v8[6] = 44288
v8[7] = 43008
v8[8] = 44736
v8[9] = 44192
v8[10] = 44000
v8[11] = 44448
v8[12] = 44064
v8[13] = 44480
v8[14] = 44832
v8[15] = 44000
v8[16] = 44224
v8[17] = 44064
v8[18] = 44480
v8[19] = 44672
v8[20] = 44064
v8[21] = 42656
v8[22] = 44672
v8[23] = 44320
v8[24] = 44128
v8[25] = 44000
v8[26] = 44480
v8[27] = 44704
v8[28] = 44448
v8[29] = 43072
v8[30] = 44192
v8[31] = 44608
''')

>>> flag=[(v8[i]-16*sum(v9))//32 for i in range(32)]
>>> flag
[111, 104, 104, 95, 105, 95, 104, 64, 118, 101, 95, 109, 97, 110, 121, 95, 102, 97, 110, 116, 97, 53, 116, 105, 99, 95, 110, 117, 109, 66, 101, 114]


>>> print(''.join(chr(i) for i in flag))
[email protected]_many_fanta5tic_numBer

flag为：

[email protected]_many_fanta5tic_numBer

三、总结

比赛时已解出。