64位ELF文件
sub_407470((unsigned __int64)"Give me the password: ");//输出函数
sub_4075A0((unsigned __int64)"%s");//输入函数
for ( i = 0; v1[i]; ++i )//i等于输入的长度+1,即长度为21
;
v11 = i == 22;
v10 = 10;
do
{
v7 = (signed int)sub_406D90() % 22;//v7=0~21
v9 = 0;
v6 = byte_6B4270[v7];
v5 = v1[v7];
v4 = v7 + 1;
v8 = 0;
while ( v8 < v4 )
{
++v8;
v9 = 1828812941 * v9 + 12345;
}
v3 = v9 ^ v5;
if ( v6 != ((unsigned __int8)v9 ^ v5) )//v5=v6^v9
//flag[i]=byte_6B4270[i]^v9
v11 = 0;
--v10;
}
while ( v10 );
if ( v11 )
v2 = sub_407470((unsigned __int64)"Congras\n");
else
v2 = sub_407470((unsigned __int64)"Oh no!\n");
return 0LL;
}
exp
int byte_6b4270[24]={0x5f,0xf2,0x5e,0x8b,0x4e,0x0e,0xa3,0xaa,0xc7,0x93,0x81,0x3d,0x5f,0x74,0xa3,0x09,0x91,0x2b,0x49,0x28,0x93,0x67,0,0};
int i,v8,v9;
int flag[22];
for(i=0; i<22; i++)
{
v8=0;
v9=0;
while(v8 < i+1)
{
++v8;
v9 = 1828812941 * v9 + 12345;
}
flag[i]=byte_6b4270[i]^v9;
printf("%c",(char)flag[i]);
}
//flag{d826e6926098ef46}