int __cdecl main(int argc, const char **argv, const char **envp)
{
unsigned int v3; // kr00_4
int v4; // edx
char *v5; // esi
char v6; // al
unsigned int i; // edx
int v8; // eax
char Arglist[16]; // [esp+2h] [ebp-24h] BYREF
__int64 v11; // [esp+12h] [ebp-14h] BYREF
int v12; // [esp+1Ah] [ebp-Ch]
__int16 v13; // [esp+1Eh] [ebp-8h]
printf(Format, Arglist[0]);
v12 = 0;
v13 = 0;
*(_OWORD *)Arglist = 0i64;
v11 = 0i64;
sub_401050("%s", (char)Arglist);
v3 = strlen(Arglist);
if ( v3 >= 0x10 && v3 == 24 )
{
v4 = 0;
v5 = (char *)&v11 + 7;
do
{
v6 = *v5--;
byte_40336C[v4++] = v6;
}
while ( v4 < 24 );
for ( i = 0; i < 0x18; ++i )
byte_40336C[i] = (byte_40336C[i] + 1) ^ 6;
v8 = strcmp(byte_40336C, aXircjR2twsv3pt);
if ( v8 )
v8 = v8 < 0 ? -1 : 1;
if ( !v8 )
{
printf("right\n", Arglist[0]);
system("pause");
}
}
return 0;
}
阅读代码,发现有不少令人困惑的地方,直接阅读汇编代码是更好的选择。main函数的主要功能是:把用户的输入字符串翻转,然后把每个字符加1再跟6做异或,最后跟既定的字符串作比较,相同则显示right。
用下面的代码输出flag:
string='xIrCj~<r|2tWsv3PtI'
flag = ""
for c in string:
flag+= chr((ord(c) ^ 6) - 1)
flag = flag[::-1]
print(flag)