这个题就是简单的对mips汇编语片做反编译分析
使用工具:ghidra
使用ghidra对文件进行静态分析
找到main()
,并对其分析
分析关键函数FUN_00401164
void FUN_00401164(int param_1,
basic_string<char,std--char_traits<char>,std--allocator<char>> *param_2)
{
int iVar1;
basic_ostream *this;
uint uVar2;
char *pcVar3;
uint uStack20;
iVar1 = size();
if (iVar1 == 0x4e) {
uStack20 = 0;
while (uVar2 = size(), uStack20 < uVar2) {
pcVar3 = (char *)operator[](param_2,uStack20);
if (((int)*pcVar3 ^ uStack20 + 0x17) != (int)*(char *)(param_1 + uStack20))
{
this = operator<<<std--char_traits<char>>((basic_ostream *)&cout,"incorrect");
operator<<((basic_ostream<char,std--char_traits<char>> *)this,
endl<char,std--char_traits<char>>);
return;
}
uStack20 = uStack20 + 1;
}
this = operator<<<std--char_traits<char>>((basic_ostream *)&cout,"correct!");
operator<<((basic_ostream<char,std--char_traits<char>>*)this,endl<char,std--char_traits<char>>)
;
}
else {
this = operator<<<std--char_traits<char>>((basic_ostream *)&cout,"incorrect");
operator<<((basic_ostream<char,std--char_traits<char>>*)this,endl<char,std--char_traits<char>>)
;
}
return;
}
关键算法就是这一句
if (((int)*pcVar3 ^ uStack20 + 0x17) != (int)*(char *)(param_1 + uStack20))
这里是对输入的进行异或运算,异或的值是当前字符串的下标加0x17 讲异或后的结果与之前存入auStack104的字符串相比,不同就报错!!!
解题脚本
a = 0x62,0x6c,0x7f,0x76,0x7a,0x7b,0x66,0x73,0x76,0x50,0x52,0x7d,0x40,0x54,0x55,0x79,0x40,0x49,0x47,0x4d,0x74,0x19,0x7b,0x6a,0x42,0x0a,0x4f,0x52,0x7d,0x69,0x4f,0x53,0x0c,0x64,0x10,0x0f,0x1e,0x4a,0x67,0x03,0x7c,0x67,0x02,0x6a,0x31,0x67,0x61,0x37,0x7a,0x62,0x2c,0x2c,0x0f,0x6e,0x17,0x00,0x16,0x0f,0x16,0x0a,0x6d,0x62,0x73,0x25,0x39,0x76,0x2e,0x1c,0x63,0x78,0x2b,0x74,0x32,0x16,0x20,0x22,0x44,0x19,0x00,0x00,0x00,0x00,0x00,0x4e
flag = ''
for i in range(0,0x4e):
flag += chr(a[i]^0x17 + i)
print(flag)