当前位置:网站首页>Game attack and defense world reverse
Game attack and defense world reverse
2022-07-07 08:09:00 【Day-3】
Check the operation file .
A little game , Several lights must be on .
Drag in IDA View the reassembly code in .
int __cdecl main_0(int argc, const char **argv, const char **envp)
{
char v4; // [esp+0h] [ebp-FCh]
char v5; // [esp+0h] [ebp-FCh]
char v6; // [esp+0h] [ebp-FCh]
char v7; // [esp+0h] [ebp-FCh]
char v8; // [esp+0h] [ebp-FCh]
char v9; // [esp+0h] [ebp-FCh]
char v10; // [esp+0h] [ebp-FCh]
char v11; // [esp+0h] [ebp-FCh]
char v12; // [esp+0h] [ebp-FCh]
char v13; // [esp+0h] [ebp-FCh]
char v14; // [esp+0h] [ebp-FCh]
char v15; // [esp+0h] [ebp-FCh]
char v16; // [esp+0h] [ebp-FCh]
char v17; // [esp+0h] [ebp-FCh]
char v18; // [esp+0h] [ebp-FCh]
char v19; // [esp+0h] [ebp-FCh]
char v20; // [esp+0h] [ebp-FCh]
char v21; // [esp+0h] [ebp-FCh]
char v22; // [esp+0h] [ebp-FCh]
char v23; // [esp+0h] [ebp-FCh]
int i; // [esp+DCh] [ebp-20h]
int v25; // [esp+F4h] [ebp-8h] BYREF
printf((int)&unk_50B110, v4);
printf((int)&unk_50B158, v5);
printf((int)&unk_50B1A0, v6);
printf((int)&unk_50B1E8, v7);
printf((int)&unk_50B230, v8);
printf((int)&unk_50B278, v9);
printf((int)&unk_50B2C0, v10);
printf((int)&unk_50B308, v11);
printf((int)&unk_50AFD0, v12);
printf((int)"| by 0x61 |\n", v13);
printf((int)"| |\n", v14);
printf((int)"|------------------------------------------------------|\n", v15);
printf(
(int)"Play a game\n"
"The n is the serial number of the lamp,and m is the state of the lamp\n"
"If m of the Nth lamp is 1,it's on ,if not it's off\n"
"At first all the lights were closed\n",
v16);
printf((int)"Now you can input n to change its state\n", v17);
printf(
(int)"But you should pay attention to one thing,if you change the state of the Nth lamp,the state of (N-1)th and (N+1"
")th will be changed too\n",
v18);
printf((int)"When all lamps are on,flag will appear\n", v19);
printf((int)"Now,input n \n", v20);
while ( 1 )
{
while ( 1 )
{
printf((int)"input n,n(1-8)\n", v21);
sub_459418();
printf((int)"n=", v22);
sub_4596D4("%d", &v25);
printf((int)"\n", v23);
if ( v25 >= 0 && v25 <= 8 )
break;
printf((int)"sorry,n error,try again\n", v21);
}
if ( v25 )
{
sub_4576D6(v25 - 1);
}
else
{
for ( i = 0; i < 8; ++i )
{
if ( (unsigned int)i >= 9 )
j____report_rangecheckfailure();
byte_532E28[i] = 0;
}
}
j__system("CLS");
sub_458054();
if ( byte_532E28[0] == 1
&& byte_532E28[1] == 1
&& byte_532E28[2] == 1
&& byte_532E28[3] == 1
&& byte_532E28[4] == 1
&& byte_532E28[5] == 1
&& byte_532E28[6] == 1
&& byte_532E28[7] == 1 )
{
sub_457AB4();
}
}
}
It's not hard to see. sub_457AB4() It contains flag Function of , Get into .
The result of this function is Flag, Modify the program :
#include <stdio.h>
#include <string.h>
int main()
{
int i; // [esp+D0h] [ebp-94h]
char v3[57]; // [esp+DCh] [ebp-88h] BYREF
char v4[57]; // [esp+120h] [ebp-44h]
printf((int)"done!!! the flag is ");
v4[0] = 18;
v4[1] = 64;
v4[2] = 98;
v4[3] = 5;
v4[4] = 2;
v4[5] = 4;
v4[6] = 6;
v4[7] = 3;
v4[8] = 6;
v4[9] = 48;
v4[10] = 49;
v4[11] = 65;
v4[12] = 32;
v4[13] = 12;
v4[14] = 48;
v4[15] = 65;
v4[16] = 31;
v4[17] = 78;
v4[18] = 62;
v4[19] = 32;
v4[20] = 49;
v4[21] = 32;
v4[22] = 1;
v4[23] = 57;
v4[24] = 96;
v4[25] = 3;
v4[26] = 21;
v4[27] = 9;
v4[28] = 4;
v4[29] = 62;
v4[30] = 3;
v4[31] = 5;
v4[32] = 4;
v4[33] = 1;
v4[34] = 2;
v4[35] = 3;
v4[36] = 44;
v4[37] = 65;
v4[38] = 78;
v4[39] = 32;
v4[40] = 16;
v4[41] = 97;
v4[42] = 54;
v4[43] = 16;
v4[44] = 44;
v4[45] = 52;
v4[46] = 32;
v4[47] = 64;
v4[48] = 89;
v4[49] = 45;
v4[50] = 32;
v4[51] = 65;
v4[52] = 15;
v4[53] = 34;
v4[54] = 18;
v4[55] = 16;
v4[56] = 0;
memcpy(v3, "{ ", 2);
v3[2] = 18;
v3[3] = 98;
v3[4] = 119;
v3[5] = 108;
v3[6] = 65;
v3[7] = 41;
v3[8] = 124;
v3[9] = 80;
v3[10] = 125;
v3[11] = 38;
v3[12] = 124;
v3[13] = 111;
v3[14] = 74;
v3[15] = 49;
v3[16] = 83;
v3[17] = 108;
v3[18] = 94;
v3[19] = 108;
v3[20] = 84;
v3[21] = 6;
memcpy(&v3[22], "`S,yhn _uec{", 12);
v3[34] = 127;
v3[35] = 119;
v3[36] = 96;
v3[37] = 48;
v3[38] = 107;
v3[39] = 71;
v3[40] = 92;
v3[41] = 29;
v3[42] = 81;
v3[43] = 107;
v3[44] = 90;
v3[45] = 85;
v3[46] = 64;
v3[47] = 12;
v3[48] = 43;
v3[49] = 76;
v3[50] = 86;
v3[51] = 13;
v3[52] = 114;
v3[53] = 1;
strcpy(&v3[54], "u~");
for (i = 0; i < 56; ++i)
{
v3[i] ^= v4[i];
v3[i] ^= 0x13u;
}
printf("%s\n", v3);
return 0;
}
obtain Flag.
边栏推荐
猜你喜欢
Linux server development, SQL statements, indexes, views, stored procedures, triggers
![[quick start of Digital IC Verification] 17. Basic grammar of SystemVerilog learning 4 (randomization)](/img/39/cac2b5492d374da393569e2ab467a4.png)
[quick start of Digital IC Verification] 17. Basic grammar of SystemVerilog learning 4 (randomization)
JS quick start (I)
【數字IC驗證快速入門】15、SystemVerilog學習之基本語法2(操作符、類型轉換、循環、Task/Function...內含實踐練習)
QT learning 26 integrated example of layout management
JSON data flattening pd json_ normalize
json 数据展平pd.json_normalize
LeetCode简单题之判断一个数的数字计数是否等于数位的值
Avatary的LiveDriver试用体验
Call pytorch API to complete linear regression
随机推荐
复杂网络建模(三)
C language communication travel card background system
These five fishing artifacts are too hot! Programmer: I know, delete it quickly!
快解析内网穿透助力外贸管理行业应对多种挑战
Linux server development, SQL statements, indexes, views, stored procedures, triggers
互动送书-《Oracle DBA工作笔记》签名版
Leetcode 40: combined sum II
快解析内网穿透为文档加密行业保驾护航
通俗易懂单点登录SSO
Linux server development, MySQL index principle and optimization
贝叶斯定律
Linux server development, MySQL transaction principle analysis
padavan手动安装php
UnityHub破解&Unity破解
Quick analysis of Intranet penetration helps the foreign trade management industry cope with a variety of challenges
数据库实时同步利器——CDC(变化数据捕获技术)
Linux server development, redis source code storage principle and data model
Few shot Learning & meta learning: small sample learning principle and Siamese network structure (I)
ROS Bridge 笔记(05)— carla_ackermann_control 功能包(将Ackermann messages 转化为 CarlaEgoVehicleControl 消息)
Main window in QT learning 27 application