逆向加解密,记录一下。
题目提供了一个elf可执行文件,叫做baby_wp
反编译后看下主要逻辑:
__int64 __fastcall main(int a1, char **a2, char **a3)
{
int i; // [rsp+4h] [rbp-3Ch]
char *v5; // [rsp+8h] [rbp-38h] BYREF
char s[8]; // [rsp+10h] [rbp-30h] BYREF
__int64 v7; // [rsp+18h] [rbp-28h]
int v8; // [rsp+20h] [rbp-20h]
__int16 v9; // [rsp+24h] [rbp-1Ch]
char v10; // [rsp+26h] [rbp-1Ah]
unsigned __int64 v11; // [rsp+28h] [rbp-18h]
v11 = __readfsqword(0x28u);
*(_QWORD *)s = 0LL;
v7 = 0LL;
v8 = 0;
v9 = 0;
v10 = 0;
fgets(s, 17, stdin);
if ( strlen(s) != 16 )
exit(0);
enc(s, &v5);
for ( i = 0; i < strlen(v5); ++i )
{
if ( byte_601100[i] != v5[i] )
exit(0);
}
printf("Flag{%s}\n", s);
return 0LL;
}
__int64 __fastcall enc(const char *a1, _QWORD *a2)
{
int v2; // kr00_4
const unsigned __int16 *v3; // rcx
char *v4; // rax
_BYTE *v6; // rax
const unsigned __int16 *v7; // rcx
char *v8; // rax
const unsigned __int16 *v9; // rcx
char *v10; // rax
const unsigned __int16 *v11; // rcx
char *v12; // rax
_BYTE *v13; // rax
const unsigned __int16 *v14; // rcx
char *v15; // rax
const unsigned __int16 *v16; // rcx
char *v17; //