[MRCTF2020]Xor(无法F5)

发表于 更新于 分类于

无法F5的题目

  1. 只能先用IDA打开,看汇编
    1

  2. 分析一下

    2

3

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#include <stdio.h>
#include <string.h>

unsigned char byte_41EA08[] = { /* ... 需要填充实际值 ... */ };

int main(int argc, const char **argv, const char **envp) {
    char inputBuffer[100]; // 0x64 (100 in decimal)
    
    printf("Give Me Your Flag String:\n");
    scanf("%s", inputBuffer);

    int length = strlen(inputBuffer);
    if(length != 0x27 /* 39 in decimal */) {
        printf("Wrong!\n");
        system("pause");
        return -1; // 或者其它错误处理
    }

    for(int i = 0; i < length; ++i) {
        if((inputBuffer[i] ^ i) != byte_41EA08[i]) {
            printf("Wrong!\n");
            system("pause");
            return -1;
        }
    }

    printf("Right!\n");
    system("pause");

    return 0;
}

大概就是上面编码的意思

  1. 编写脚本解题
    找到byte_41EA08
    4

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    #include<stdio.h>
    #include<string.h>
    #include<stdlib.h>
    int main(){
    	char ida_chars[] =
     {
      0x4D, 0x53, 0x41, 0x57, 0x42, 0x7E, 0x46, 0x58, 0x5A, 0x3A, 
      0x4A, 0x3A, 0x60, 0x74, 0x51, 0x4A, 0x22, 0x4E, 0x40, 0x20, 
      0x62, 0x70, 0x64, 0x64, 0x7D, 0x38, 0x67, 0x00
     };
        char flag[strlen(ida_chars)];
        int i;
        for(i=0;i<strlen(ida_chars);i++){
        	flag[i] = ida_chars[i] ^ i;
    	}
    	printf("flag:%s",flag);
    } 
1
MRCTF{@_R3@1ly_E2_R3verse!}