看图标应该是ios的逆向
看reader me,只提示Find The Password
用ida打开,查字符串,找到主函数
int sub_2224()
{
char v1; // [sp+4h] [bp-5Ch]@1
int v2; // [sp+54h] [bp-Ch]@1
signed __int32 v3; // [sp+58h] [bp-8h]@1
signed __int32 i; // [sp+5Ch] [bp-4h]@1
char vars0; // [sp+60h] [bp+0h]@2 60h=96
v2 = 4;
printf("Input key : ");
scanf("%s", &v1);
v3 = strlen(&v1);
sub_232C(&v1, v2);
for ( i = 0; i < v3; ++i )
{
if ( (unsigned __int8)*(&vars0 + i - 92) != byte_3004[i] )//处理后的输入不等于已知
{
puts("Wrong Key! ");
return 0;
}
}
puts("Correct Key! ");
return 0;
}
看sub_232是如何处理的
signed __int32 __fastcall sub_232C(signed __int32 &v1, int a2=4)
{
int v2; // [sp+0h] [bp-14h]@1
char *v3; // [sp+4h] [bp-10h]@1
int i; // [sp+8h] [bp-Ch]@1
signed __int32 j; // [sp+Ch] [bp-8h]@2
v3 = (char *)&v1;
v2 = a2 = 4;
for ( i = 0; i < 4; ++i )
{
for ( j = 0; ; ++j )
{
&v1 = strlen(v3);
if ( &v1 <= j )
break;
v3[j] = sub_2494((unsigned __int8)v3[j], 1);
}
}
return &v1;
}
int __fastcall sub_2494(unsigned __int8 a1, int a2)
{
int v3; // [sp+8h] [bp-8h]@1
int i; // [sp+Ch] [bp-4h]@1
v3 = a1;
for ( i = 0; i < a2; ++i )
{
v3 *= 2;
if ( v3 & 0x100 )//100000000
v3 |= 1u; //或无符号1.类似于左移一位,最高位移到最低位
}
return (unsigned __int8)v3;
}
也就是每个字符这样移4次。所以我们只需要把已知右移四次。
写个c
#include <stdio.h>
int main()
{
unsigned char s[30]={0x44, 0xF6, 0xF5, 0x57, 0xF5, 0xC6, 0x96, 0xB6, 0x56,0xF5, 0x14, 0x25, 0xD4, 0xF5, 0x96, 0xE6, 0x37, 0x47,0x27, 0x57, 0x36, 0x47, 0x96, 3, 0xE6, 0xF3, 0xA3,0x92, 0};
int i,j,c;
for(i=0;s[i]!=0;i++)
{
for(j=0;j<4;j++)
{
c = s[i] & 1;
s[i] = (s[i] >> 1) + c*0x80;
}
printf("%c",s[i]);
}
}
跑出来是:Do_u_like_ARM_instructi0n?:)