ida打开
代码含义,将我们输入的密码的前一项与当前项异或再将结果如global对比,下一步查看global的值。
一开始以为这里就是他的值,后面想想不对,一般值前有db。双击aFKW这段字符串。
让后shift+e提取内容
编写exp。
def de():
password1=[]
password="660A6B0C77264F2E4011780D5A3B55117019461F76224D23440E6706680F47324F00"
for i in range(len(password)):
if i<(len(password)-1)/2:
password1.append('0x' + f"{password[2*i]}{password[2*i+1]}" )
print(password1)
def test():
password=['0x66', '0x0A', '0x6B', '0x0C', '0x77', '0x26', '0x4F', '0x2E', '0x40', '0x11', '0x78', '0x0D', '0x5A', '0x3B', '0x55', '0x11', '0x70', '0x19', '0x46', '0x1F', '0x76', '0x22', '0x4D', '0x23', '0x44', '0x0E', '0x67', '0x06', '0x68', '0x0F', '0x47', '0x32', '0x4F', '0x00']
res111=''
for i in range(len(password)):
res=int(password[i],16)^int(password[i-1],16)
res111+=chr(res)
print(res111)
if __name__=="__main__":
de()
test()