-
-
[原创]看雪CTF2017 第一题 CrackMe逆向分析
-
2017-6-1 17:17
2233
-
[原创]看雪CTF2017 第一题 CrackMe逆向分析
第一版
int sub_4011F4()
{
double v0; // st7@9
double v1; // st6@9
double v2; // st6@9
const CHAR *v4; // [sp-Ch] [bp-28h]@13
const CHAR *v5; // [sp-8h] [bp-24h]@12
CHAR String; // [sp+0h] [bp-1Ch]@1
char v7; // [sp+1h] [bp-1Bh]@3
char v8; // [sp+2h] [bp-1Ah]@4
char v9; // [sp+3h] [bp-19h]@5
int v10; // [sp+18h] [bp-4h]@9
GetDlgItemTextA(hDlg, 1001, &String, 21);
Sleep(0x1F4u);
if ( strlen(&String) != 4 || String == '0' || v7 == '0' || v8 == '0' || v9 == '0' )
{
v5 = Caption;
LABEL_15:
v4 = Text_error;
return MessageBoxA(hWnd, v4, v5, 0);
}
if ( v9 != '0' && v9 == '0' )
JUMPOUT(unk_40124E);
v10 = v8 - '0';
// 第2位
v0 = (double)v10;
v10 = String - '0';
// v1=psz[0]
v1 = (double)v10;
v10 = v7 - '0';
// v2=psz[0]/psz[1]
v2 = v1 / (double)v10;
// v10=psz[3]
v10 = v9 - '0';
// v10=(psz[2]-(psz[0]/psz[1]))*psz[3]*16==384
*(float *)&v10 = (v0 - v2) * (double)v10 * 16.0;
if ( v9 != '0' && v9 == '0' )
JUMPOUT(*(_DWORD *)&byte_401296);
v5 = Caption;
if ( *(float *)&v10 != 384.0 )
goto LABEL_15;
v4 = aRegistrationSu;
return MessageBoxA(hWnd, v4, v5, 0);
}只需要input[0]==input[1],(input[2]-1)*input[3]==24
提交1156 通过。
第二版
int sub_4011F4()
{
double v1_2; // st7@11
double v2_0; // st6@11
double v2; // st6@11
const CHAR *v4; // [sp-Ch] [bp-28h]@15
const CHAR *v5; // [sp-8h] [bp-24h]@14
CHAR String; // [sp+0h] [bp-1Ch]@1
char v7; // [sp+1h] [bp-1Bh]@3
char v8; // [sp+2h] [bp-1Ah]@4
char v9; // [sp+3h] [bp-19h]@5
int v11_1; // [sp+18h] [bp-4h]@11
GetDlgItemTextA(hDlg, 1001, &String, 21);
Sleep(0x1F4u);
if ( strlen(&String) != 4 || String == 0x30 || v7 == 0x30 || v8 == 0x30 || v9 == 0x30 || String != '1' || v7 != '5' )
{
v5 = Caption;
LABEL_17:
v4 = Text;
return MessageBoxA(hWnd, v4, v5, 0);
}
if ( v7 != '5' && v7 == '5' )
JUMPOUT(*(_DWORD *)&byte_401262);
v11_1 = v8 - 0x30;
v1_2 = (double)v11_1;
v11_1 = String - 0x30;
v2_0 = (double)v11_1;
v11_1 = v7 - 0x30;
v2 = v2_0 / (double)v11_1;
v11_1 = v9 - 0x30;
*(float *)&v11_1 = (v1_2 - v2) * (double)v11_1 * 16.0;
if ( v9 != 0x30 && v9 == 0x30 )
JUMPOUT(*(_DWORD *)&byte_4012AA);
v5 = aCrackme2017Ctf;
if ( *(float *)&v11_1 != 384.0 )
goto LABEL_17;
v4 = aRegistrationSu;
return MessageBoxA(hWnd, v4, v5, 0);
}多了限制,input[0]==1,input[2]==5,其他条件一样。
可用注册码1555,151N
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
