SimpleRev
SimpleRev(flag需加上flag{}再提交) 注意:得到的 flag 请包上 flag{} 提交
拖到ida 找到关键函数:
unsigned __int64 Decry() {char v1; // [rsp+Fh] [rbp-51h]int v2; // [rsp+10h] [rbp-50h]int v3; // [rsp+14h] [rbp-4Ch]int i; // [rsp+18h] [rbp-48h]int v5; // [rsp+1Ch] [rbp-44h]__int64 v6; // [rsp+20h] [rbp-40h]__int64 v7; // [rsp+28h] [rbp-38h]int v8; // [rsp+30h] [rbp-30h]__int64 v9; // [rsp+40h] [rbp-20h]__int64 v10; // [rsp+48h] [rbp-18h]int v11; // [rsp+50h] [rbp-10h]unsigned __int64 v12; // [rsp+58h] [rbp-8h] v12 = __readfsqword(0x28u);v6 = 'SLCDN';v7 = 0LL;v8 = 0;v9 = 'wodah';v10 = 0LL;v11 = 0;text = join(key3, (const char *)&v9); strcpy(key, key1);strcat(key, (const char *)&v6); v2 = 0;v3 = 0;getchar();v5 = strlen(key);for ( i = 0; i < v5; ++i ){if ( key[v3 % v5] > 64 && key[v3 % v5] <= 90 )key[i] = key[v3 % v5] + 32;++v3;}printf("Please input your flag:", &v6);while ( 1 ){v1 = getchar();if ( v1 == 10 )break;if ( v1 == 32 ){++v2;}else{if ( v1 <= 96 || v1 > 122 ){if ( v1 > 64 && v1 <= 90 )str2[v2] = (v1 - 39 - key[v3++ % v5] + 97) % 26 + 97;}else{str2[v2] = (v1 - 39 - key[v3++ % v5] + 97) % 26 + 97;}if ( !(v3 % v5) )putchar(32);++v2;}}if ( !strcmp(text, str2) )puts("Congratulation!\n");elseputs("Try again!\n");return __readfsqword(0x28u) ^ v12; }
可以看到一开始是两个拼接函数,构造key和text两个字符串,这里需要注意的是,因为是小端序存储的一长串数,所以按字符操作的时候需要将顺序反过来,所以这里key是“ADSFKNDCLS”,text是"killshadow"。
然后就是写脚本了,这里主要是学了下怎么写爆破:
key="ADSFKNDCLS" text="killshadow" s="" flag="" loop="ABCDEFGHIJKLMNOPQRSTUVWXYZ"v2 = 0 v3 = 0 v5 = len(key) for i in range(0,v5):if ( ord(key[i]) > 64 and ord(key[i]) <= 90 ):s += chr(ord(key[i]) + 32)else:s +=key[i] print(s)for i in range(0,len(text)):for j in loop:if ord(text[i])==(ord(j)-39-ord(s[i])+97)%26+97:flag+=jprint(flag)
:动态添加验证规则1)
)
:动态添加验证规则2)
)
:动态添加验证规则3)
:Spring的transaction-manager的用法)
:git安装教程)
)
:GitHub的注册与使用(详细图解))