BUUCTF Reverse/[MRCTF2020]Transform
先看文件属性,没有加壳且为64位程序
又是一道字符串比较的题目
IDA64打开
int __cdecl main(int argc, const char **argv, const char **envp)
{
char Str[104]; // [rsp+20h] [rbp-70h] BYREF
int j; // [rsp+88h] [rbp-8h]
int i; // [rsp+8Ch] [rbp-4h]
sub_402230(argc, argv, envp);
sub_40E640("Give me your code:\n");
sub_40E5F0("%s", Str);
if ( strlen(Str) != 33 )
{
sub_40E640("Wrong!\n");
system("pause");
exit(0);
}
for ( i = 0; i <= 32; ++i )
{
byte_414040[i] = Str[dword_40F040[i]];
byte_414040[i] ^= LOBYTE(dword_40F040[i]);
}
for ( j = 0; j <= 32; ++j )
{
if ( byte_40F0E0[j] != byte_414040[j] )
{
sub_40E640("Wrong!\n");
system("pause");
exit(0);
}
}
sub_40E640("Right!Good Job!\n");
sub_40E640("Here is your flag: %s\n", Str);
system("pause");
return 0;
}
代码很简单,查看byte_40F0E0和dword_40F040的值
写出脚本
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int main()
{
int i,j;
int flag[40] = {0};
int a[] = {0x67,0x79,0x7B,0x7F,0x75,0x2B,0x3C,0x52,0x53,0x79,0x57,
0x5E,0x5D,0x42,0x7B,0x2D,0x2A,0x66,0x42,0x7E,0x4C,0x57,
0x79,0x41,0x6B,0x7E,0x65,0x3C,0x5C,0x45,0x6F,0x62,0x4D};
int t[] = {0x9,0x0A,0x0F,0x17,0x7,0x18,0x0C,0x6,0x1,0x10,0x3,0x11,0x20,
0x1D,0x0B,0x1E,0x1B,0x16,0x4,0x0D,0x13,0x14,0x15,0x2,0x19,
0x5,0x1F,0x8,0x12,0x1A,0x1C,0x0E,0};
for(i = 0 ; i <= 32; i++)
{
a[i] ^= t[i];
flag[t[i]] = a[i];
}
for(i = 0 ; i <= 32; i++)
{
printf("%c",flag[i]);
}
return 0;
}
运行结果
flag : flag{Tr4nsp0sltiON_Clph3r_1s_3z}