高手区re
re1
gdb调试拿到flag
gdb-peda$ x/s $esp+0x24
0xffffd174: "SECCON{Welcome to the SECCON 2014 CTF!}"
re2
MD5 *__fastcall MD5::init(MD5 *this)
{
MD5 *result; // rax
*this = 0;
*(this + 17) = 0;
*(this + 18) = 0;
*(this + 19) = 0x67452301;
*(this + 20) = 0xEFCDAB89;
*(this + 21) = 0x98BADCFE;
result = this;
*(this + 22) = 0x10325476;
return result;
}
md5的4个常数,没改,所以百度搜下md5解密,解780438d5b6e29db0898bc4f0225935c0
解出来就是这个
hash: b781cbb29054db12f88f08c6e161c199
re3
dump出数据跑一下就好
#!/usr/bin/env python
# coding=utf-8
List1 = [0x00000024, 0x00000000, 0x00000005, 0x00000036, 0x00000065, 0x00000007, 0x00000027, 0x00000026, 0x0000002D, 0x00000001, 0x00000003, 0x00000000, 0x0000000D, 0x00000056, 0x00000001, 0x00000003, 0x00000065, 0x00000003, 0x0000002D, 0x00000016, 0x00000002, 0x00000015, 0x00000003, 0x00000065, 0x00000000, 0x00000029, 0x00000044, 0x00000044, 0x00000001, 0x00000044, 0x0000002B]
string = "L3t_ME_T3ll_Y0u_S0m3th1ng_1mp0rtant_A_{FL4G}_W0nt_b3_3X4ctly_th4t_345y_t0_c4ptur3_H0wev3r_1T_w1ll_b3_C00l_1F_Y0u_g0t_1t"
flag = ""
for i in range(len(string)):
flag += string[List1[i]]
print(flag)
#ALEXCTF{W3_L0v3_C_W1th_CL45535}
re4
北斗壳,用nspack脱掉
#!/usr/bin/env python
# coding=utf-8
List =[0x00000012, 0x00000004, 0x00000008, 0x00000014, 0x00000024, 0x0000005C, 0x0000004A, 0x0000003D, 0x00000056, 0x0000000A, 0x00000010, 0x00000067, 0x00000000, 0x00000041, 0x00000000, 0x00000001, 0x00000046, 0x0000005A, 0x00000044, 0x00000042, 0x0000006E, 0x0000000C, 0x00000044, 0x00000072, 0x0000000C, 0x0000000D, 0x00000040, 0x0000003E, 0x0000004B, 0x0000005F, 0x00000002, 0x00000001, 0x0000004C, 0x0000005E, 0x0000005B, 0x00000017, 0x0000006E, 0x0000000C, 0x00000016, 0x00000068, 0x0000005B, 0x00000012, 0x00000000, 0x00000000]
string = "this_is_not_flag"
flag = ""
for i in range(len(List)):
first = ord(string[i%16])
second = chr( first ^ List[i] )
flag += second
print(flag)
#flag{59b8ed8f-af22-11e7-bb4a-3cf862d1ee75}
re5
强,mips的题目
#!/usr/bin/env python
# coding=utf-8
string = "cbtcqLUBChERV[[Nh@_X^D]X_YPV[CJ"
flag = ""
for i in string:
first = ord(i)^55
flag += chr(first)
print(flag)
pyt