write up
这是一个PE32程序,打开IDA发现不能反编译
引用:.NET程序一般不直接生成本机(汇编)代码,出来的是IL代码, 实际汇编代码在运行期由CLR实时编译产生
发现.NET相关的DLL,然后上DnSPY
参考:
IL指令大全 https://www.cnblogs.com/zery/p/3368460.html
dnspy 使用总结 https://blog.csdn.net/yuqian123455/article/details/85038617
using System;
using System.Security.Cryptography;
using System.Text;
// Token: 0x02000003 RID: 3
internal class ᜅ
{
// Token: 0x06000005 RID: 5 RVA: 0x0000212B File Offset: 0x0000032B
private static int ᜀ(int A_0, int A_1)
{
return (new int[]
{
2,
3,
5,
7,
11,
13,
17,
19,
23,
29,
31,
37,
41,
43,
47,
53,
59,
61,
67,
71,
73,
79,
83,
89,
97,
101,
103,
107,
109,
113
})[A_1] ^ A_0;
}
// Token: 0x06000006 RID: 6 RVA: 0x00002144 File Offset: 0x00000344
private static string ᜀ(string A_0)
{
byte[] bytes = Encoding.ASCII.GetBytes(A_0);
return "flag{" + BitConverter.ToString(new MD5CryptoServiceProvider().ComputeHash(bytes)).Replace("-", "") + "}";
}
// Token: 0x06000007 RID: 7 RVA: 0x0000218C File Offset: 0x0000038C
private static void ᜀ(string A_0, int A_1, ref string A_2)
{
int num = 0;
if (0 < A_0.Length)
{
do
{
char c = A_0[num];
int num2 = 1;
do
{
c = Convert.ToChar(ᜅ.ᜀ(Convert.ToInt32(c), num2));
num2++;
}
while (num2 < 15);
A_2 += c;
num++;
}
while (num < A_0.Length);
}
A_2 = ᜅ.ᜀ(A_2);
}
// Token: 0x06000008 RID: 8 RVA: 0x000021F0 File Offset: 0x000003F0
private static void ᜀ(string[] A_0)
{
string b = null;
string value = string.Format("{0}", DateTime.Now.Hour + 1);
string a_ = "CreateByTenshine";
ᜅ.ᜀ(a_, Convert.ToInt32(value), ref b);
string a = Console.ReadLine();
if (a == b)
{
Console.WriteLine("u got it!");
Console.ReadKey(true);
}
else
{
Console.Write("wrong");
}
Console.ReadKey(true);
}
}
该程序从控制台读入了一个数a,然后与b比较,b经过了复杂的计算,但我们不用管他,直接在算完b的地方下断点,得到了b,也就是flag
# flag{967DDDFBCD32C1F53527C221D9E40A0B}
1238
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
