BMZCTF-RE-Simulator

发现程序有那么点陌生.obj文件,没见过。。。。。

查了一下资料发现,这是L3C，而且题目也给了Hint(Study 《Introduction to Computer System》 carefully,the format of flag is xmctf{})
查了下这本书的资料,发现要下载 LC3Edit
用来编写LC3的软件

工具的介绍

关键代码

ps:程序中有几条指令要注意
BRZ 是跳转，类似汇编中的j…(z)
BR也会判断几个标志位分别是Z，N，P。
条件变化方式与普通汇编基本相同
BRNZP是无条件跳转类似jmp

其实代码很少 意思就是 每次取两个字符进行异或，然后跟内存里面的数据进行比较,正确就进行下一次的比较,错误就跳出

但是可以整理下执行流程

data=[19, 1, 0, 20, 0, 0, 19, 2, 1, 20, 1, 1, 19, 3, 2, 20, 2, 2, 19, 4, 3, 20, 3, 3, 19, 5, 4, 20, 4, 4, 19, 6, 5, 20, 5, 5, 19, 7, 6, 20, 6, 6, 19, 8, 7, 20, 7, 7, 19, 9, 8, 20, 8, 8, 19, 10, 9, 20, 9, 9, 19, 11, 10, 20, 10, 10, 19, 12, 11, 20, 11, 11, 19, 13, 12, 20, 12, 12, 19, 14, 13, 20, 13, 13, 19, 15, 14, 20, 14, 14, 19, 16, 15, 20, 15, 15, 19, 17, 16, 20, 16, 16, 19, 18, 17, 20, 17, 17, 19, 19, 18, 20, 18, 18, 19, 20, 19, 20, 19, 19, 19, 21, 20, 20, 20, 20, 19, 22, 21, 20, 21, 21, 19, 23, 22, 20, 22, 22, 19, 24, 23, 20, 23, 23, 20, 24, 24]
res=[108, 15, 80, 108, 110, 66, 44, 44, 30, 12, 13, 0, 51, 61, 23, 1, 43, 60, 12, 2, 29, 28, 9, 17, 17]
print(len(data))
input=list(map(ord,"7654321987654321987654321"))
i=0
while i<147:
    if data[3*i]==19:
        R1=data[3*i+1]
        R6=input[R1]
        R1=data[3*i+2]
        R5=R1
        R7=input[R1]
        print(hex(R6),hex(R7))
        R0=(~R6)&R7
        R1=(~R7)&R6
        R0=R0+R1
        # print(R0)
        input[R5]=R0
        i+=3
        continue
    if data[3*i]==20:
        R1=data[3*i+1]
        R6=R1
        R1=data[3*i+2]
        R5=0x18-R1
        R0=input[R6]
        R1=res[R5]
        if R0==R1: 
            print("okkk")
        else:
            print("error")
        i+=3
        continue

res 是储存结果集的地方

那么我们就可编写flag

res=[108, 15, 80, 108, 110, 66, 44, 44, 30, 12, 13, 0, 51, 61, 23, 1, 43, 60, 12, 2, 29, 28, 9, 17, 17]
i=1
flag=[108]
print(chr(108),end='')

for i in range(1,len(res)):
    str = res[i] ^ flag[i-1]
    flag.append(str)
    print(chr(flag[i]),end="")

get flag

xmctf{lc3_1s_small_but_complete}