ida64打开
int __cdecl main(int argc, const char **argv, const char **envp)
{
int i; // [rsp+2Ch] [rbp-124h]
char __b[264]; // [rsp+40h] [rbp-110h] BYREF
memset(__b, 0, 0x100uLL);
printf("Input your flag:\n");
get_line(__b, 256LL); //获取输入,并存储在_b
if ( strlen(__b) != 33 ) //_b长度需要等于33
goto LABEL_7;
for ( i = 1; i < 33; ++i ) //异或算法,_b后一位与前一位异或,
__b[i] ^= __b[i - 1];
if ( !strncmp(__b, global, 0x21uLL) ) //如果异或后的_b前33位与global相等,则证明输入正常的flag
printf("Success");
else
LABEL_7:
printf("Failed");
return 0;
}
找到global
双击global
按shift+e提取数据,其实global的值就是shift+f12查看字符串中的f\nk\fw&O.@\x11x\rZ;U\x11p\x19F\x1Fv"M#D\x0Eg\x06h\x0FG2O
提取ascii码,进行异或运算
```python
m =[
102, 10, 107, 12, 119, 38, 79, 46, 64, 17,
120, 13, 90, 59, 85, 17, 112, 25, 70, 31,
118, 34, 77, 35, 68, 14, 103, 6, 104, 15,
71, 50, 79, 0
]
flag=''
for i in range(1,len(m)):
flag+=chr(m[i]^m[i-1])
print(flag)
flag{QianQiuWanDai_YiTongJiangHu}