破解算法

版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_38204481/article/details/78218326

很简单的一个程序:

int __cdecl main(int argc, const char **argv, const char **envp)
{
  int result; // eax@2
  char s; // [sp+10h] [bp-30h]@1
  int v5; // [sp+38h] [bp-8h]@3
  int v6; // [sp+3Ch] [bp-4h]@1

  printf("Let me cheack your flag:", argv, argv);
  gets(&s);
  v6 = strlen(&s);
  if ( (unsigned int)cheack_func(&s) )          // serial=22
  {
    v5 = decode1((__int64)&s, v6);
    judge_func(v5);
    result = 0;
  }
  else
  {
    puts("Try again~");
    result = 0;
  }
  return result;
}

上面是main函数反编译出来的算法,和一些我加的注释

__int64 __fastcall decode1(__int64 a1, int a2)
{
  unsigned int v3; // [sp+14h] [bp-8h]@1
  int i; // [sp+18h] [bp-4h]@1

  v3 = 0;
  for ( i = 0; i < a2; ++i )
  {
    if ( (i ^ *(_BYTE *)(i + a1)) != compare[(signed __int64)i] )
      return 0LL;                               // v3==22
    ++v3;
  }
  return v3;
}

最后结果要返回v3=22也就是for循环要走完
compare的内容:
rodata:00000000004007F0 ; char compare[]
.rodata:00000000004007F0 compare db ‘E’ ; DATA XREF: decode1+38r
.rodata:00000000004007F1 a1zF1fkbufirfnf db ‘`1z[F1fkbUFiRFnftMUa{‘,0

a="E1z[F1fkbUFiRFnftMUa{"
a=list(a)for i in range(len(a)):
    print(chr(i^ord(a[i])),end="")

得到结果:E0xXB4lj\Lb^Kid\Gro

展开阅读全文

没有更多推荐了,返回首页