rookie,新手,菜鸡。。。很适合我的身份。
给出一个exe
无壳,64位
找到main函数。
{
size_t v3; // rbx
__int64 v4; // rdx
char v6[44]; // [rsp+20h] [rbp-60h]
int i; // [rsp+4Ch] [rbp-34h]
_main(*(_QWORD *)&argc, argv);
printf(*(const char **)&argc, argv, "please input your flag: \n", "%s");
scanf(*(const char **)&argc, argv, v6, "%s");
for ( i = 0; ; ++i )
{
v3 = i;
if ( v3 >= strlen(*(const char **)&argc) )
break;
v6[i] = (v6[i] ^ 0x16) + 1;
}
if ( !strcmp(*(const char **)&argc, (const char *)argv) )
printf(*(const char **)&argc, argv, v4, "you are right !welcome come to reverse world rookie!\n");
else
printf(*(const char **)&argc, argv, v4, "try again!\n");
system(*(const char **)&argc);
return 0;
}
简单逻辑就是输入的字符串,经过处理后,与保存的字符串比对。
处理就是跟0x16异或了再+1.。。rookie。
#!python3
# -*- coding: utf-8 -*-
# @Time : 2020/11/13 17:22
# @Author : A.James
# @FileName: rookie_reverse_exp.py
cipher = "dyvcqnbt{v\"|tJc'JdyvcqJuXupJetateftl"
print(cipher)
flag = ''
for i in range(len(cipher)):
flag += chr((ord(cipher[i]) - 1) ^ 0x16)
print(flag)
unctf{welc7me_t0_unctf_bAby_reverse}
简单粗暴