ezam [CTF reverse] wp

最新推荐文章于 2024-09-12 19:02:20 发布

AlwaysBetter

最新推荐文章于 2024-09-12 19:02:20 发布

阅读量390

点赞数

分类专栏： Reverse ctf 文章标签：深度优先 c语言算法

本文链接：https://blog.csdn.net/qq_35740100/article/details/124691183

版权

Reverse 同时被 2 个专栏收录

8 篇文章 0 订阅

订阅专栏

ctf

2 篇文章 0 订阅

订阅专栏

程序开了ollvm混淆
可以利用deobfuse.py脚本去混淆
逻辑是xtea解密异或操作后得到一个数组
其实是迷宫问题,将十进制转为4进制映射到上下左右
动态调试提取出地图跑dfs获取路径再转为十进制即可
这里转换的函数思想是模拟短除法不断对base取模一直除到0
代码如下:

#include <stdio.h>
#include <string.h>
unsigned char mp[][24] =
{
  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x01,
  0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
  0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
  0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
  0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
  0x00, 0x01, 0x00, 0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
  0x01, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x00,
  0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00,
  0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x01,
  0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
  0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x01,
  0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
  0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01,
  0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x01,
  0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x01,
  0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x00,
  0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
  0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x01, 0x01,
  0x00, 0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
  0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
  0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
  0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
  0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00,
  0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
  0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x02, 0x03, 0x03,
  0x02, 0x02, 0x03, 0x00, 0x00, 0x02, 0x03, 0x03, 0x00, 0x03,
  0x00
};
int laststep[64];
int step[4][2] = { -1,0,0,-1,1,0,0,1 };
char step_char[5] = "uldr";
void dfs(int x, int y, int cnt)
{
	if (x == 8 && y == 23)
	{
		printf("%d\n", cnt);
		return;
	}
	for (int i = 0; i < 4; i++)
	{
		int next_x = x + step[i][0];
		int next_y = y + step[i][1];
		if (next_x < 0 || next_x>9 || next_y < 0 || next_y>23)continue;
		if (!mp[next_x][next_y])continue;
		laststep[cnt] = i;
		mp[x][y] = 0;
		dfs(next_x, next_y, cnt+1);
		mp[x][y] = 1;
	}
	return;
}
void convert_radix(char* src, int src_base, char* dst, int dst_base)
{
	int src_len = strlen(src);
	int dst_end = 0;
	int zero_cnt = 0;
	while (1)
	{
		int last_remainder=0;
		int first_entry = 1;
		int remainder = 0;
		if (zero_cnt == src_len) break;
		for (int i = zero_cnt; i < src_len; i++)
		{
			int va = src[i] -'0' + src_base * remainder;
			int quotient = va / dst_base;
			remainder = va % dst_base;
			src[i] = quotient+ '0';
			if (src[i] != '0') first_entry = 0;
			if (src[i] == '0' && first_entry) zero_cnt++;
		}
		dst[dst_end++] = remainder + '0';
	}
	dst[dst_end] = 0;
	char temp;
	for (int i = 0; i < (dst_end - 1) / 2; i++)
	{
		temp = dst[i];
		dst[i] = dst[dst_end - i - 1];
		dst[dst_end - i - 1] = temp;
	}
	return;
}
int main()
{
	for (int i = 0; i < 16; i++)
	{
		for (int j = 0; j < 24; j++)
		{
			printf("%d ", mp[i][j]);
		}
		printf("\n");
	}
	dfs(0, 0, 0);
	for (int i = 0; i < 45; i++)
	{
		printf("%d", laststep[i]);
	}
	printf("\n");
	for (int i = 0; i < 45; i++)
	{
		printf("%c", step_char[laststep[i]]);
	}
	printf("\n"); //232222322330030000303322223333333222233333333  902741462666576198076399615
	char four_radix[] = "232222322330030000303322223333333222233333333";
	char ten_radix[50];
	memset(ten_radix, 0, 50);
	convert_radix(four_radix, 4, ten_radix, 10);
	printf("flag{%s}", ten_radix);
	return 0;
}