IDA源码:
int __fastcall main(int argc, const char **argv, const char **envp)
{
char input[104]; // [rsp+20h] [rbp-70h] BYREF
int j; // [rsp+88h] [rbp-8h]
int i; // [rsp+8Ch] [rbp-4h]
_unknown_library_function_3(argc, argv, envp);
outputf("Give me your code:\n");
inputf("%s", input);
if ( strlen(input) != 33 )
{
outputf("Wrong!\n");
system("pause");
exit(0);
}
for ( i = 0; i <= 32; ++i )
{
b40[i] = input[dw40[i]];
b40[i] ^= LOBYTE(dw40[i]);
}
for ( j = 0; j <= 32; ++j )
{
if ( br40[j] != b40[j] )
{
outputf("Wrong!\n");
system("pause");
exit(0);
}
}
outputf("Right!Good Job!\n");
outputf("Here is your flag: %s\n", input);
system("pause");
return 0;
}
修改后查看逻辑:根据输入的数组,打乱顺序赋值,再根据索引数组异或;和最终结果比较。如下exp(反过来操作就可以了)
cipher=[0x67, 0x79, 0x7B, 0x7F, 0x75, 0x2B, 0x3C, 0x52, 0x53, 0x79,
0x57, 0x5E, 0x5D, 0x42, 0x7B, 0x2D, 0x2A, 0x66, 0x42, 0x7E,
0x4C, 0x57, 0x79, 0x41, 0x6B, 0x7E, 0x65, 0x3C, 0x5C, 0x45,
0x6F, 0x62, 0x4D]
index=[9, 10, 15, 23, 7, 24, 12, 6, 1, 16, 3,
17, 32, 29, 11, 30, 27, 22, 4, 13, 19, 20,
21, 2, 25, 5, 31, 8, 18, 26, 28, 14, 0]
input=[0]*33
x=[0]*33
for i in range(len(input)):
x[i]=cipher[i]^index[i]
for i in range(len(x)):
input[index[i]]=x[i]
flag = ''.join([chr(c) for c in input])
print(flag)
MRCTF{Tr4nsp0sltiON_Clph3r_1s_3z}
1-4的程序已经打包上传到资源里了