64位ida
进入主函数
这个程序逻辑很简单
1.首先告诉我们flag是33位
2.对flag进行加密处理,就是赋值加异或
3.比较,也就是告诉了我们加密后的字符
思路
这里已知的几个字符串
dword_40F040, byte_40F0E0
b,c
设 a = byte_414040,b=dword_40F040,c=byte_40F0E0,输入的字符串为flag;
从题目里得到 加密代码
a = flag[b[i]];
a ^= b;
c == a
即c = a ^ b
解密就反过来 ,因为a是不知道的,所以就先解除a
a = a ^ b 即 a = c ^ b
然后 flag[b[i]] = a
脚本
#include <iostream>
using namespace std;
int main(){
int index = 0;
char flag[44];
int v2[64]={0};
int v3[64]={0x9, 0x0A, 0x0F, 0x17, 0x7, 0x18, 0x0C, 0x6, 0x1, 0x10, 0x3, 0x11, 0x20,
0x1D, 0x0B, 0x1E, 0x1B, 0x16, 0x4, 0x0D, 0x13, 0x14, 0x15, 0x2, 0x19,
0x5, 0x1F, 0x8, 0x12, 0x1A, 0x1C, 0x0E, 0};//乱序的密码表
int v4[]={0x67,0x79,0x7B,0x7F,0x75,0x2B,0x3C,0x52,0x53,0x79,0x57,0x5E,
0x5D,0x42,0x7B,0x2D,0x2A,0x66,0x42,0x7E,0x4C,0x57,0x79,0x41,0x6B,
0x7E,0x65,0x3C,0x5C,0x45,0x6F,0x62,0x4D,0};//加密后的字符
//v2[i] = flag[v3[i]]
//v2 =v2 ^v3;
//v4 == v2
for(int i=0;i<33;i++){
v2[i] = v4[i] ^ v3[i];
flag[v3[i]] = v2[i];
index++;
}
v2[index] = '\0';
cout<<"v2:"<<v2<<endl;
flag[index] = '\0';
cout<<"结果是: "<<flag<<endl;
system("pause");
return 0;
}
dup
这里面有几个dup, 8 dup(0),3F dup(0)
意思是 后面8个0,后面3F个0,
结果是: MRCTF{Tr4nsp0sltiON_Clph3r_1s_3z}
flag是flag{Tr4nsp0sltiON_Clph3r_1s_3z}