查壳

无壳

反编译

拉进漂亮姐姐中(IDA)

shift+F12看一下字串

首先看到一个关键信息,点进去,Ctrl+x交叉引用

F5看一下伪代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
int __cdecl main(int argc, const char **argv, const char **envp)
{
int v3; // eax
char v4; // al
int v5; // eax
char v7; // [rsp+33h] [rbp-Dh]
char v8; // [rsp+33h] [rbp-Dh]
int v9; // [rsp+34h] [rbp-Ch]
int i; // [rsp+38h] [rbp-8h]
int v11; // [rsp+3Ch] [rbp-4h]

_main();
v11 = 0;
v9 = 0;
puts("Please input your flag:");
while ( 1 )
{
v8 = getchar();
if ( v8 == 10 )
break;
v7 = key[v9 % 4] ^ v8; //输入的字符,进行异或操作,得到v7
while ( 1 )
{
v4 = v7--; //循环v7次
if ( v4 <= 0 ) //此while循环是向s[]中输入v7个1
break;
v3 = v11++;
s[v3] = 1;
}
v5 = v11++; //输出v7个1后,使用0与下一串1隔开
s[v5] = 0;
++v9;
}
while ( v11 <= 2559 ) //输入的字符全部转化为1之后,不够2559个的话填充-1(255)
s[v11++] = -1;
for ( i = 0; i <= 2559; ++i )
{
if ( r[i] != s[i] ) //进行比较
{
puts("Lose lose lose!");
break;
}
}
if ( i == 2560 )
puts("Win win win!");
system("pause");
return 0;
}

其中r是

1
2
3
r = [0x35, 0x2F, 0x2F, 0x32, 0x28, 0x14, 0x27, 0x3B, 0x3D, 0x70,
0x3C, 0x0A, 0x3D, 0x73, 0x3A, 0x0A, 0x1F, 0x73, 0x3D, 0x66,
0x21, 0x1C, 0x6D, 0x28]

key是SCNU

解密

写一下解密python

1
2
3
4
5
6
7
8
r = [0x35, 0x2F, 0x2F, 0x32, 0x28, 0x14, 0x27, 0x3B, 0x3D, 0x70,
0x3C, 0x0A, 0x3D, 0x73, 0x3A, 0x0A, 0x1F, 0x73, 0x3D, 0x66,
0x21, 0x1C, 0x6D, 0x28]
key = "SCNU"
flag=''
for i in range(len(r)):
flag+=chr(ord(key[i % 4]) ^ r[i])
print(flag)

FLAG

1
flag{Winn3r_n0t_L0s3r_#}