当前位置:网站首页>game攻防世界逆向
game攻防世界逆向
2022-07-07 04:47:00 【Day-3】
运行文件看一下。
一个小游戏,必须让几个灯都亮了才行。
拖入IDA中查看返汇编代码。
int __cdecl main_0(int argc, const char **argv, const char **envp)
{
char v4; // [esp+0h] [ebp-FCh]
char v5; // [esp+0h] [ebp-FCh]
char v6; // [esp+0h] [ebp-FCh]
char v7; // [esp+0h] [ebp-FCh]
char v8; // [esp+0h] [ebp-FCh]
char v9; // [esp+0h] [ebp-FCh]
char v10; // [esp+0h] [ebp-FCh]
char v11; // [esp+0h] [ebp-FCh]
char v12; // [esp+0h] [ebp-FCh]
char v13; // [esp+0h] [ebp-FCh]
char v14; // [esp+0h] [ebp-FCh]
char v15; // [esp+0h] [ebp-FCh]
char v16; // [esp+0h] [ebp-FCh]
char v17; // [esp+0h] [ebp-FCh]
char v18; // [esp+0h] [ebp-FCh]
char v19; // [esp+0h] [ebp-FCh]
char v20; // [esp+0h] [ebp-FCh]
char v21; // [esp+0h] [ebp-FCh]
char v22; // [esp+0h] [ebp-FCh]
char v23; // [esp+0h] [ebp-FCh]
int i; // [esp+DCh] [ebp-20h]
int v25; // [esp+F4h] [ebp-8h] BYREF
printf((int)&unk_50B110, v4);
printf((int)&unk_50B158, v5);
printf((int)&unk_50B1A0, v6);
printf((int)&unk_50B1E8, v7);
printf((int)&unk_50B230, v8);
printf((int)&unk_50B278, v9);
printf((int)&unk_50B2C0, v10);
printf((int)&unk_50B308, v11);
printf((int)&unk_50AFD0, v12);
printf((int)"| by 0x61 |\n", v13);
printf((int)"| |\n", v14);
printf((int)"|------------------------------------------------------|\n", v15);
printf(
(int)"Play a game\n"
"The n is the serial number of the lamp,and m is the state of the lamp\n"
"If m of the Nth lamp is 1,it's on ,if not it's off\n"
"At first all the lights were closed\n",
v16);
printf((int)"Now you can input n to change its state\n", v17);
printf(
(int)"But you should pay attention to one thing,if you change the state of the Nth lamp,the state of (N-1)th and (N+1"
")th will be changed too\n",
v18);
printf((int)"When all lamps are on,flag will appear\n", v19);
printf((int)"Now,input n \n", v20);
while ( 1 )
{
while ( 1 )
{
printf((int)"input n,n(1-8)\n", v21);
sub_459418();
printf((int)"n=", v22);
sub_4596D4("%d", &v25);
printf((int)"\n", v23);
if ( v25 >= 0 && v25 <= 8 )
break;
printf((int)"sorry,n error,try again\n", v21);
}
if ( v25 )
{
sub_4576D6(v25 - 1);
}
else
{
for ( i = 0; i < 8; ++i )
{
if ( (unsigned int)i >= 9 )
j____report_rangecheckfailure();
byte_532E28[i] = 0;
}
}
j__system("CLS");
sub_458054();
if ( byte_532E28[0] == 1
&& byte_532E28[1] == 1
&& byte_532E28[2] == 1
&& byte_532E28[3] == 1
&& byte_532E28[4] == 1
&& byte_532E28[5] == 1
&& byte_532E28[6] == 1
&& byte_532E28[7] == 1 )
{
sub_457AB4();
}
}
}
不难看出sub_457AB4()就是含有flag的函数,进入。
此函数的结果即为Flag,修改程序:
#include <stdio.h>
#include <string.h>
int main()
{
int i; // [esp+D0h] [ebp-94h]
char v3[57]; // [esp+DCh] [ebp-88h] BYREF
char v4[57]; // [esp+120h] [ebp-44h]
printf((int)"done!!! the flag is ");
v4[0] = 18;
v4[1] = 64;
v4[2] = 98;
v4[3] = 5;
v4[4] = 2;
v4[5] = 4;
v4[6] = 6;
v4[7] = 3;
v4[8] = 6;
v4[9] = 48;
v4[10] = 49;
v4[11] = 65;
v4[12] = 32;
v4[13] = 12;
v4[14] = 48;
v4[15] = 65;
v4[16] = 31;
v4[17] = 78;
v4[18] = 62;
v4[19] = 32;
v4[20] = 49;
v4[21] = 32;
v4[22] = 1;
v4[23] = 57;
v4[24] = 96;
v4[25] = 3;
v4[26] = 21;
v4[27] = 9;
v4[28] = 4;
v4[29] = 62;
v4[30] = 3;
v4[31] = 5;
v4[32] = 4;
v4[33] = 1;
v4[34] = 2;
v4[35] = 3;
v4[36] = 44;
v4[37] = 65;
v4[38] = 78;
v4[39] = 32;
v4[40] = 16;
v4[41] = 97;
v4[42] = 54;
v4[43] = 16;
v4[44] = 44;
v4[45] = 52;
v4[46] = 32;
v4[47] = 64;
v4[48] = 89;
v4[49] = 45;
v4[50] = 32;
v4[51] = 65;
v4[52] = 15;
v4[53] = 34;
v4[54] = 18;
v4[55] = 16;
v4[56] = 0;
memcpy(v3, "{ ", 2);
v3[2] = 18;
v3[3] = 98;
v3[4] = 119;
v3[5] = 108;
v3[6] = 65;
v3[7] = 41;
v3[8] = 124;
v3[9] = 80;
v3[10] = 125;
v3[11] = 38;
v3[12] = 124;
v3[13] = 111;
v3[14] = 74;
v3[15] = 49;
v3[16] = 83;
v3[17] = 108;
v3[18] = 94;
v3[19] = 108;
v3[20] = 84;
v3[21] = 6;
memcpy(&v3[22], "`S,yhn _uec{", 12);
v3[34] = 127;
v3[35] = 119;
v3[36] = 96;
v3[37] = 48;
v3[38] = 107;
v3[39] = 71;
v3[40] = 92;
v3[41] = 29;
v3[42] = 81;
v3[43] = 107;
v3[44] = 90;
v3[45] = 85;
v3[46] = 64;
v3[47] = 12;
v3[48] = 43;
v3[49] = 76;
v3[50] = 86;
v3[51] = 13;
v3[52] = 114;
v3[53] = 1;
strcpy(&v3[54], "u~");
for (i = 0; i < 56; ++i)
{
v3[i] ^= v4[i];
v3[i] ^= 0x13u;
}
printf("%s\n", v3);
return 0;
}
得到Flag。
边栏推荐
- Problem solving: unable to connect to redis
- Cnopendata geographical distribution data of religious places in China
- 这5个摸鱼神器太火了!程序员:知道了快删!
- 2022制冷与空调设备运行操作复训题库及答案
- C语言二叉树与建堆
- 【VHDL 并行语句执行】
- Cnopendata American Golden Globe Award winning data
- 图解GPT3的工作原理
- Linux server development, MySQL transaction principle analysis
- 快速使用 Jacoco 代码覆盖率统计
猜你喜欢
Hands on deep learning (IV) -- convolutional neural network CNN
Li Kou interview question 04.01 Path between nodes
JS quick start (I)
2022年茶艺师(中级)考试试题及模拟考试
2022 simulated examination question bank and online simulated examination of tea master (primary) examination questions
解决问题:Unable to connect to Redis
buuctf misc USB
Operation suggestions for today's spot Silver
Content of string
Explore Cassandra's decentralized distributed architecture
随机推荐
Linux server development, redis protocol and asynchronous mode
大视频文件的缓冲播放原理以及实现
[Stanford Jiwang cs144 project] lab4: tcpconnection
Leanote private cloud note building
LeetCode 40:组合总和 II
dash plotly
2022制冷与空调设备运行操作复训题库及答案
A bit of knowledge - about Apple Certified MFI
【数字IC验证快速入门】15、SystemVerilog学习之基本语法2(操作符、类型转换、循环、Task/Function...内含实践练习)
QT learning 26 integrated example of layout management
Ansible
Téléchargement des données de conception des puces
2022茶艺师(初级)考试题模拟考试题库及在线模拟考试
Use and analysis of dot function in numpy
[VHDL parallel statement execution]
Value sequence (subsequence contribution problem)
Sign up now | oar hacker marathon phase III, waiting for your challenge
贝叶斯定律
Qt学习28 主窗口中的工具栏
Open source ecosystem | create a vibrant open source community and jointly build a new open source ecosystem!