链接:https://pan.baidu.com/s/1Xwb0pfiRjo-V2_x0044pdQ
提取码:l1jz
四道题的exe
1.easyre
这是最基础的逆向题,使用ida打开
找到主函数后
F5查看伪代码
int __cdecl main(int argc, const char **argv, const char **envp)
{
int b; // [rsp+28h] [rbp-8h]
int a; // [rsp+2Ch] [rbp-4h]
_main();
scanf("%d%d", &a, &b);
if ( a == b )
printf("flag{this_Is_a_EaSyRe}");
else
printf("sorry,you can't get flag");
return 0;
}
找到flag{this_Is_a_EaSyRe}
2.reverse1
ida运行,找到主函数,查看伪代码,不断跟进
uintptr_t sub_140013E50()
{
uintptr_t result; // rax
uintptr_t v1; // [rsp+20h] [rbp-28h]
struct _FILETIME SystemTimeAsFileTime; // [rsp+28h] [rbp-20h]
LARGE_INTEGER PerformanceCount; // [rsp+30h] [rbp-18h]
SystemTimeAsFileTime = 0i64;
if ( _security_cookie == 47936899621426i64 )
{
GetSystemTimeAsFileTime(&SystemTimeAsFileTime);
v1 = (uintptr_t)SystemTimeAsFileTime;
v1 ^= GetCurrentThreadId();
v1 ^= GetCurrentProcessId();
QueryPerformanceCounter(&PerformanceCount);
v1 ^= PerformanceCount.QuadPart ^ ((unsigned __int64)PerformanceCount.LowPart << 32);
v1 ^= (unsigned __int64)&v1;
v1 &= 0xFFFFFFFFFFFFui64;
if ( v1 == 47936899621426i64 )
v1 = 47936899621427i64;
_security_cookie = v1;
result = ~v1;
qword_14001C018 = ~v1;
}
else
{
result = ~_security_cookie;
qword_14001C018 = ~_security_cookie;
}
return result;
}
在这里看到代码很复杂,查看字符串shift+F12,看到flag
找到函数
F5查看伪代码,发现在与str2比较,跟进,看到
又根据伪代码,ASC中111对应o,48对应0,替换
flag{hell0_w0rld}
3.reverse2
这个题跟1相似
打开后直接F5查看伪代码,找到后面的flag跟进
之后根据ASC 105-i,114-r,49-1
flag{hack1ng_fo1_fun}
4.内涵的软件
这个先试了一下64位的ida,不行。又用32位的ida打开
找到关键函数,使用F5查看伪代码
int main_0()
{
int result; // eax
char v1; // [esp+4Ch] [ebp-Ch]
const char *v2; // [esp+50h] [ebp-8h]
int v3; // [esp+54h] [ebp-4h]
v3 = 5;
v2 = "DBAPP{49d3c93df25caad81232130f3d2ebfad}";
while ( v3 >= 0 )
{
printf(&byte_4250EC, v3);
sub_40100A();
--v3;
}
printf(asc_425088);
v1 = 1;
scanf("%c", &v1);
if ( v1 == 89 )
{
printf(aOd);
result = sub_40100A();
}
else
{
if ( v1 == 78 )
printf(&byte_425034);
else
printf(&byte_42501C);
result = sub_40100A();
}
return result;
}
对比一下,发现与程序正常打开,v2完全没有用处,直接
flag{v2大括号内数据}答案正确
flag{49d3c93df25caad81232130f3d2ebfad}