challenge-004
打开界面之后是一个简单的打印Hello World的main函数,说明主要函数在其他地方实现,函数不多,看到如下一个有read读取输入,可以猜想与flag有关。
s存放输入的数据,长度为9,与*off_602088开始的8个字节异或得到0x00CTF{
再与后面的字节异或得到flag的剩下部分。
l = [0x01,0x16,0x79,0x44,0x04,0x64,0x12,0x5A, 0x01,0x0C,0x2F,0x21,0x72,0x53,0x60,0x16,0x02,0x2A,0x16,0x24,0x33,0x62,0x60,0x7B,0x02,0x13,0x43,0x00]
s = '0x00CTF{'
res = []
for i in xrange(8):
res.append(l[i]^ord(s[i]))
for i in xrange(8, 0x1C):
s+=chr(res[i%8]^l[i])
print s
运行结果: