题目描述:菜鸡开始接触一些基本的算法逆向了
拿进IDA看看吧
void __fastcall __noreturn main(__int64 a1, char **a2, char **a3)
{
size_t v3; // rsi
__int64 v4; // rdi
int i; // [rsp+3Ch] [rbp-54h]
char s[36]; // [rsp+40h] [rbp-50h]
int v7; // [rsp+64h] [rbp-2Ch]
__int64 v8; // [rsp+68h] [rbp-28h]
char v9[8]; // [rsp+70h] [rbp-20h]
int v10; // [rsp+8Ch] [rbp-4h]
v10 = 0;
strcpy(v9, ":\"AL_RT^L*.?+6/46");
v8 = 28537194573619560LL; //右键转化为char类型'ebmarah'
v7 = 7;
printf("Welcome to the RC3 secure password guesser.\n", a2, a3);
printf("To continue, you must enter the correct password.\n");
printf("Enter your guess: ");
__isoc99_scanf("%32s", s);
v3 = strlen(s);
if ( v3 < strlen(v9) )
sub_4007C0(v9);
for ( i = 0; i < strlen(s); ++i )
{
if ( i >= strlen(v9) )
sub_4007C0(i);
v4 = (unsigned int)(char)(*((_BYTE *)&v8 + i % v7) ^ v9[i]);
if ( s[i] != (_DWORD)v4 )
sub_4007C0(v4);
}
sub_4007F0();
}
v9是一个字符串:"AL_RT^L*.?+6/46,v8是LL类型,即长长整型,它的值为28537194573619560,把它转为char类型方便后续运算,ebmarah是小端存储,所以正确显示是harambe。程序让我们输入密码,存到s中去。v3是我们输入密码的长度。要求,我们输入密码的长度要大于等于strlen(v9)=18,循环strlen(s)次,每一次i要小于18,i又要小于strlen(s),所以可以确定s的长度是18。(_BYTE *)&v8的意思是每次以字节的形式运算,加上i除以v7的余数作为下标的值再异或v9[i]。每次s[i]都要等于v4。
v9 = ':\"AL_RT^L*.?+6/46'
v8 = 'harambe'
v7 = 7
s = ''
for i in range(0,len(v9)):
x = ord(v8[i%v7])
s += chr(ord(v9[i])^x)
print(s)
#RC3-2016-XORISGUD
#ord():将字符串转换为ASCII
#chr():将ASCII转换为字符串