Sometimes you will want to have a give-up will have,is the old man said the old saying,but this is a difficult to achieve the realm.
1.查壳
是一个64bit文件
运行一下程序 ,看到需要输入一个Code
2.静态分析
找到main函数反编译
一些变量名字不好看,使用快捷键N重命名一下
输入的字符串为str
关键在这两个for循环,这是将b数组按照第一个for循环操作(可以看做是将输入的字符串加密)之后
第二个for循环判断是否b中每个元素都和a组相等
只有都相等才是正确的flag
跟进c和a查看存储的值
根据第一个循环的操作,和c与b中存储的数据,还原输入的值,编写wp
3.wp
a=[0x67, 0x79, 0x7B, 0x7F, 0x75, 0x2B, 0x3C, 0x52, 0x53, 0x79, 0x57, 0x5E, 0x5D, 0x42, 0x7B, 0x2D, 0x2A, 0x66, 0x42, 0x7E, 0x4C, 0x57, 0x79, 0x41, 0x6B, 0x7E, 0x65, 0x3C, 0x5C, 0x45, 0x6F, 0x62, 0x4D]
c = [0x9, 0x0A, 0x0F, 0x17, 0x7, 0x18, 0x0C, 0x6, 0x1, 0x10, 0x3, 0x11, 0x20, 0x1D, 0x0B, 0x1E, 0x1B, 0x16, 0x4, 0x0D, 0x13, 0x14, 0x15, 0x2, 0x19, 0x5, 0x1F, 0x8, 0x12, 0x1A, 0x1C, 0x0E, 0]
flag=""
for i in range(0,len(c)):
a[i]^=c[i]
for i in range(0,len(c)):
for j in range(0,len(c)):
if i==c[j]:
flag+=chr(a[j])
print(flag)
MRCTF{Tr4nsp0sltiON_Clph3r_1s_3z}