-
-
[原创]第一题 流浪者
-
2019-3-11 15:32
-
通过特征字符串回溯或着直接下断MessageBox、GetWindowsText等API可快速定位到用于校验的代码。
校验代码如下:
写入逆向解密的代码如下:
#include "stdafx.h"
#include"stdio.h"
#include<Windows.h>
char*str1 = "abcdefghiABCDEFGHIJKLMNjklmn0123456789opqrstuvwxyzOPQRSTUVWXYZ";
char*str2 = "KanXueCTF2019JustForhappy";
int temp;
char*EncryStr;
int findPos(char*ch)
{
for (size_t i = 0; i < strlen(str1); i++)
{
if (!strncmp(ch, str1 + i,1))
return i;
}
return -1;
}
int main()
{
char*EncryStr = (char*)malloc(100);
temp = 0;
for (size_t i = 0; i < strlen(str2); i++)
{
temp = findPos(str2 + i);
if (temp==-1)
{
MessageBox(0, L"位置计算错误", nullptr, MB_OK);
return 0;
}
char*tempch = (char*)(&temp);
EncryStr[i] = *tempch;
/*strcpy_s(EncryStr + 4 * i,1, tempch+3);
strcpy_s(EncryStr + 4 * i+1,1, tempch + 2);//Unicode字符串!!!
strcpy_s(EncryStr + 4 * i+2,1, tempch + 1);
strcpy_s(EncryStr + 4 * i+3,1, tempch );*/
}
for (size_t i = 0; i < strlen(str2); i++)
{
char tempch1 = *(EncryStr + i);
char tempch2 = NULL;
if (tempch1 + 0x1D >='A' && tempch1 + 0x1D <='Z')
{
tempch2 = tempch1 + 0x1D;
EncryStr[i] = tempch2;
}
else if (tempch1 + 0x57 >= 'a' && tempch1 + 0x57 <= 'z')
{
tempch2 = tempch1 + 0x57;
EncryStr[i] = tempch2;
}
else if (tempch1 + 0x30 >= '0' && tempch1 + 0x30 <= '9')
{
tempch2 = tempch1 + 0x30;
EncryStr[i] = tempch2;
}
else
{
MessageBox(0, L"还原错误", nullptr, MB_OK);
return 0;
}
}
printf("原始flag:%.25s\n", EncryStr);
system("pause");
return 0;
}
运行如下:
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
|
|
|---|---|
