__main();
v8 = 0;
v9 = 0;
v10 = 0;
memset(v6, 0, sizeof(v6));
v7 = 0;
v5 = 0;
v4 = 0;
v15 = 0;
v14 = 0;
printf("Please input your luck string:");
scanf("%s", &v8);
if ( strlen((const char *)&v8) != 6 )
return 0;
for ( i = 0; i <= 5; ++i )
{
if ( *((_BYTE *)&v8 + i) <= '`' || *((_BYTE *)&v8 + i) > 'z' )
return 0;
}
getMD5((char *)&v8, v6);
for ( j = 0; j <= 31; ++j )
{
if ( v6[j] == 48 )
{
++v15;
v14 += j;
}
}
if ( 10 * v15 + v14 == 403 )
{
for ( k = 0; k <= 3; ++k )
{
*((_BYTE *)&v5 + k) = v6[k];
*((_BYTE *)&v4 + k) = v6[k + 28];
}
decode((unsigned __int8 *)&v4);
}
check((unsigned __int8 *)&v5);
return 0;
}
对输入进行了验证ascii值满足if ( *((_BYTE *)&v8 + i) <= '
|| *((_BYTE *)&v8 + i) > ‘z’ )`
然后进行了md5加密还有另一个验证。后面的decode和check虽然不能反编译,但是它最多是对v4和v5进行一些校验,先爆破看看满足条件的还剩多少。
#coding:utf-8
import hashlib
def md5encode(str1):
a=hashlib.md5()
a.update(str1)
return a.hexdigest()
def seek_luckstring():
string=""
for a in range(97,123):
for b in range(97,123):
for c in range(97,123):
for d in range(97,123):
for e in range(97,123):
for f in range(97,123):
string=chr(a)+chr(b)+chr(c)+chr(d)+chr(e)+chr(f)
md5_string=md5encode(string)
v14=0
v15=0
for x in range(len(md5_string)):
if md5_string[x]=="0":
v15+=1
v14+=x
if 10*v15+v14==403:
print string
exit(0)
seek_luckstring()