首先进入主函数查看
密文s1有明显 base64加密 特征,进入sub_12EB函数
_BYTE *__fastcall sub_12EB(const char *a1)
{
int v2; // [rsp+10h] [rbp-20h]
int v3; // [rsp+14h] [rbp-1Ch]
__int64 v4; // [rsp+18h] [rbp-18h]
signed __int64 v5; // [rsp+20h] [rbp-10h]
_BYTE *v6; // [rsp+28h] [rbp-8h]
v5 = strlen(a1);
if ( v5 % 3 )
v4 = 4 * (v5 / 3 + 1);
else
v4 = 4 * (v5 / 3);
v6 = malloc(v4 + 1);
v6[v4] = 0;
v2 = 0;
v3 = 0;
while ( v2 < v4 - 2 )
{
v6[v2] = *((_BYTE *)&qword_4020 + ((unsigned __int8)a1[v3] >> 2));
v6[v2 + 1] = *((_BYTE *)&qword_4020 + ((16 * a1[v3]) & 0x30 | (unsigned int)((unsigned __int8)a1[v3 + 1] >> 4)));
v6[v2 + 2] = *((_BYTE *)&qword_4020 + ((4 * a1[v3 + 1]) & 0x3C | (unsigned int)((unsigned __int8)a1[v3 + 2] >> 6)));
v6[v2 + 3] = *((_BYTE *)&qword_4020 + (a1[v3 + 2] & 0x3F));
v3 += 3;
v2 += 4;
}
if ( v5 % 3 == 1 )
{
v6[v2 - 2] = 61;
v6[v2 - 1] = 61;
}
else if ( v5 % 3 == 2 )
{
v6[v2 - 1] = 61;
}
return v6;
}
尝试对密文进行 base64 解码,结果出现乱码
思索到题目名为 before_main,故往前查看,没有发现关键函数再往回看,跟进qword_4020
推测为 base64变体 - 换表
将其转为字符串后拼接,以此为编码表进行解码依旧没有成功
查看引用发现新函数并跟进
以qaCpwYM2tO/RP0XeSZv8kLd6nfA7UHJ1No4gF5zr3VsBQbl9juhEGymc+WTxIiDK为编码表进行解码
最终得到 flag :
hgame{s0meth1ng_run_befOre_m@in}