题目链接:https://buuoj.cn/challenges#[GUET-CTF2019]re
虽然是个文件,但还是拖进exeinfo里查看下有没有壳,发现有壳,64位的
脱下壳 “upx.exe -d re”,在拖进IDA64里,通过查找关键字符串,找到关键函数
先是输入flag,然后通过sub_4009AE函数进行判断,看到sub_4009AE函数
直接写个脚本跑一下就可以
a = [0]*32
a[0] = chr(166163712//1629056)
a[1] = chr(731332800//6771600)
a[2] = chr(357245568//3682944)
a[3] = chr(1074393000//10431000)
a[4] = chr(489211344//3977328)
a[5] = chr(518971936//5138336)
a[6] = '_'
a[7] = chr(406741500//7532250)
a[8] = chr(294236496//5551632)
a[9] = chr(177305856//3409728)
a[10] = chr(650683500//13013670)
a[11] = chr(298351053//6088797)
a[12] = chr(386348487//7884663)
a[13] = chr(438258597//8944053)
a[14] = chr(249527520//5198490)
a[15] = chr(445362764//4544518)
a[16] = chr(981182160//10115280)
a[17] = chr(174988800//3645600)
a[18] = chr(493042704//9667504)
a[19] = chr(257493600//5364450)
a[20] = chr(767478780//13464540)
a[21] = chr(312840624//5488432)
a[22] = chr(1404511500//14479500)
a[23] = chr(316139670//6451830)
a[24] = chr(619005024//6252576)
a[25] = chr(372641472//7763364)
a[26] = chr(373693320//7327320)
a[27] = chr(498266640//8741520)
a[28] = chr(452465676//8871876)
a[29] = chr(208422720//4086720)
a[30] = chr(515592000//9374400)
a[31] = chr(719890500//5759124)
print(''.join('%s' %id for id in a))
因为a[6]是没有的,所以自己尝试结果为1
flag:flag{e165421110ba03099a1c039337}