-
-
[原创]
-
发表于: 2017-6-2 18:21 2235
-
计算输入的字符的长度,必须等于4
0040121F . 50 push eax
00401220 . E8 DB000000 call WannaLOL.00401300
00401225 . 83F8 04 cmp eax,0x4
这里是在判断输入字符的合法性。
00401232 . 384D E4 cmp byte ptr ss:[ebp-0x1C],cl
00401235 . 0F84 94000000 je WannaLOL.004012CF
0040123B . 384D E5 cmp byte ptr ss:[ebp-0x1B],cl
0040123E . 0F84 8B000000 je WannaLOL.004012CF
00401244 . 384D E6 cmp byte ptr ss:[ebp-0x1A],cl
00401247 . 0F84 82000000 je WannaLOL.004012CF
0040124D . 384D E7 cmp byte ptr ss:[ebp-0x19],cl
00401250 . 74 7D je short WannaLOL.004012CF
00401252 . 807D E4 31 cmp byte ptr ss:[ebp-0x1C],0x31
00401256 . 75 77 jnz short WannaLOL.004012CF
00401258 . 807D E5 35 cmp byte ptr ss:[ebp-0x1B],0x35
0040125C . 75 71 jnz short WannaLOL.004012CF
0040125E . 74 03 je short WannaLOL.00401263
然后是下面的计算算法
00401263 > \66:B8 0800 mov ax,0x8
00401267 . 66:35 0700 xor ax,0x7
0040126B . 0FBE45 E6 movsx eax,byte ptr ss:[ebp-0x1A] ; 算法从这里开始
0040126F . 2BC1 sub eax,ecx
00401271 . 8945 FC mov dword ptr ss:[ebp-0x4],eax
00401274 . 0FBE45 E4 movsx eax,byte ptr ss:[ebp-0x1C]
00401278 . DB45 FC fild dword ptr ss:[ebp-0x4]
0040127B . 2BC1 sub eax,ecx
0040127D . 8945 FC mov dword ptr ss:[ebp-0x4],eax
00401280 . 0FBE45 E5 movsx eax,byte ptr ss:[ebp-0x1B]
00401284 . DB45 FC fild dword ptr ss:[ebp-0x4]
00401287 . 2BC1 sub eax,ecx
00401289 . 8945 FC mov dword ptr ss:[ebp-0x4],eax
0040128C . DA75 FC fidiv dword ptr ss:[ebp-0x4]
0040128F . 0FBE45 E7 movsx eax,byte ptr ss:[ebp-0x19]
00401293 . 2BC1 sub eax,ecx
00401295 . 8945 FC mov dword ptr ss:[ebp-0x4],eax
00401298 . DEE9 fsubp st(1),st
0040129A . DA4D FC fimul dword ptr ss:[ebp-0x4]
0040129D . D80D 1C714000 fmul dword ptr ds:[0x40711C]
004012A3 . D95D FC fstp dword ptr ss:[ebp-0x4]
004012A6 . 74 03 je short WannaLOL.004012AB
004012A8 . 75 01 jnz short WannaLOL.004012AB
004012AA E8 db E8
004012AB > 66:B8 0800 mov ax,0x8
004012AF . 66:35 0700 xor ax,0x7
004012B3 . D945 FC fld dword ptr ss:[ebp-0x4]
004012B6 . D81D 18714000 fcomp dword ptr ds:[0x407118]
004012BC . 6A 00 push 0x0
004012BE . 68 78804000 push WannaLOL.00408078 ; CrackMe 2017 CTF
004012C3 . DFE0 fstsw ax
004012C5 . 9E sahf
004012C6 . 75 0E jnz short WannaLOL.004012D6
算法的意思是,输入的4位数字abcd,a=1,b=5,c,d两个数字必须满足下面这个等式
16x(c - 0.2 )x d = 384 也就是 (c-0.2)xd = 24 , c是整数减去0.2后乘以一个数还是整数,那么d应该是5,c-0.2=4.8那么c也是5,结果是1555。
[招生]系统0day安全班,企业级设备固件漏洞挖掘,Linux平台漏洞挖掘!
赞赏
- [原创] 2236
- [讨论]没有PE格式的pe文件 5960
- [求助]调试一个php 漏洞的疑惑 2599
- [求助]漏洞分析和web渗透哪个前景好 35216