maze(二维迷宫问题)
- 丢进IDA
通过对这两处的分析可知
是一个二维数组(8*8)即可看做
之后对源代码进行分析
__int64 __fastcall main(__int64 a1, char **a2, char **a3)
{
signed __int64 v3; // rbx
signed int v4; // eax
bool v5; // bp
bool v6; // al
const char *v7; // rdi
__int64 v9; // [rsp+0h] [rbp-28h]
v9 = 0LL;
puts("Input flag:");
scanf("%s", &s1, 0LL);
if ( strlen(&s1) != 24 || strncmp(&s1, "nctf{", 5uLL) || *(&byte_6010BF + 24) != '}' )//长度为24(去掉nctf{}后有18个)
{
LABEL_22:
puts("Wrong flag!");
exit(-1);
}
v3 = 5;
if ( strlen(&s1) - 1 > 5 )
{
while ( 1 )
{
v4 = s1[v3];
v5 = 0;
if ( v4 > 'N' )
{
v4 = v4;
if ( v4 == 'O' )//列-1
{
v6 = sub_400650((_DWORD *)&v9 + 1);
goto LABEL_14;
}
if ( v4 == 'o' )//列+1
{
v6 = sub_400660((int *)&v9 + 1);
goto LABEL_14;
}
}
else
{
v4 = (unsigned __int8)v4;
if ( v4 == '.' )//行-1
{
v6 = sub_400670(&v9);
goto LABEL_14;
}
if ( v4 == '0' )//行+1
{
v6 = sub_400680((int *)&v9);
LABEL_14:
v5 = v6;
goto LABEL_15;
}
}
LABEL_15:
if ( !(unsigned __int8)sub_400690(asc_601060, HIDWORD(v9), (unsigned int)v9) )
goto LABEL_22;
if ( ++v3 >= strlen(&s1) - 1 )
{
if ( v5 )
break;
LABEL_20:
v7 = "Wrong flag!";
goto LABEL_21;
}
}
}
if ( asc_601060[8 * (signed int)v9 + SHIDWORD(v9)] != '#' )//SHIDWORD(v9)列
goto LABEL_20;
v7 = "Congratulations!";
LABEL_21:
puts(v7);
return 0LL;
}
- 写脚本得flag(
Python不熟练只能用c++)
#include<bits/stdc++.h>
using namespace std;
char s[9][9]={"00******",
"*000*00*",
"***0*0**",
"**00*0**",
"*00*#00*",
"**0***0*",
"**00000*",
"********"};
char a[20];
int dx[4]={0,1,0,-1};
int dy[4]={1,0,-1,0};
bool f[9][9];
bool check(int x,int y)
{
if(x<0||y<0||x>7||y>7||s[x][y]=='*')
return 0;
return 1;
}
void dfs(int x,int y,int num)
{
if(s[x][y]=='#'&&num==18)
{
cout<<a<<endl;
exit(0);
}
for(int i=0;i<4;i++)
{
int tx=x+dx[i],ty=y+dy[i];
if(check(tx,ty)&&!f[tx][ty])
{
if(i==0) a[num]='o';
if(i==1) a[num]='0';
if(i==2) a[num]='O';
if(i==3) a[num]='.';
f[tx][ty]=1;
dfs(tx,ty,num+1);
}
}
}
int main()
{
dfs(0,0,0);
return 0;
}
nctf{o0oo00O000oooo…OO}