void __fastcall __noreturn main(int a1, char **a2, char **a3)
{
size_t len_input; // rsi
int i; // [rsp+3Ch] [rbp-54h]
char input[36]; // [rsp+40h] [rbp-50h] BYREF
int v6; // [rsp+64h] [rbp-2Ch]
__int64 v7; // [rsp+68h] [rbp-28h]
char v8[28]; // [rsp+70h] [rbp-20h] BYREF
int v9; // [rsp+8Ch] [rbp-4h]
v9 = 0;
strcpy(v8, ":\"AL_RT^L*.?+6/46");
v7 = 0x65626D61726168LL;
v6 = 7;
printf("Welcome to the RC3 secure password guesser.\n");
printf("To continue, you must enter the correct password.\n");
printf("Enter your guess: ");
__isoc99_scanf("%32s", input);
len_input = strlen(input);
if ( len_input < strlen(v8) )
printIncorrect();
for ( i = 0; i < strlen(input); ++i )
{
if ( i >= strlen(v8) )
printIncorrect();
if ( input[i] != (char)(*((_BYTE *)&v7 + i % v6) ^ v8[i]) )
printIncorrect();
}
printCorrect();
}
题目很简单,不分析,直接上解决方法:
v8 = ":\"AL_RT^L*.?+6/46"
v7 = 0x65626D61726168
v6=7
v7_a = v7.to_bytes(8, byteorder='little')
flag = ''
for i in range(len(v8)):
flag+=chr(v7_a[i%v6]^ord(v8[i]))
print(flag)