首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. CTF对抗
    3. 发新帖
2
[原创] KCTF 2019 Q1 第二题 有的放矢
发表于: 2019-3-23 21:54 6261

[原创] KCTF 2019 Q1 第二题 有的放矢

HHHso 活跃值
22
2019-3-23 21:54
6261

比较快速的方式是拿到中间运算的核心表,然后使用核心表拟合内部逻辑,相对来说比较省事,关键是可以避免全逻辑拟合的纰漏。
0x00 一切的关键在于native化的eq()函数


0x01 在核心Transformers\lib\armeabi-v7a\liboo000oo.so  中
导出函数datadiv_decode5009363700628197108 会通过简单的异或解密出 eq()函数的native化信息


0x02 解密后得到如图,于是我们可以定位到对应eq()函数的本地代码函数 A8DEE784 Hi_eq_sub_A8DEE784
(注意:后面的+1,无伤大雅,忽略就行,这是由于ARM的字对齐会忽略最低bit)


eq()函数伪码相对有点绕,不过我们只关注如何使用key,这时会发现前半部分都是由
unsigned char g_gidstr[] = "650f909c-7217-3647-9331-c82df8b98e98";
char vs16[] = "dbeafc2409715836";
unsigned char g_gidstr[] = "650f909c-7217-3647-9331-c82df8b98e98";
char vs16[] = "dbeafc2409715836";
经过多次变换得到ref100,然后才使用key参与运算

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
int __fastcall sub_A8DEE784(int a1)
{
  size_t guidlen;// r10
  unsigned __int8*gidbuf1_reverse_gid;// r6
  _BYTE*gidbuf2_nosplit;// r8
  _BYTE*gidbuf3;// r11
  signed int gidbuf2_nosplit_len;// r0
  size_t v6;// r2
  char*v7;// r1
  int v8;// r3
  int v9;// r1
  unsigned int v10;// r2
  int v11;// r3
  int v12;// r0
  int v13;// r4
  unsigned __int8 v14;// r0
  _BYTE*v15;// r3
  char*v16;// r5
  char*pbuf2;// r4
  int i;// r5
  int v19;// r1
  int ix;// r0
  signed int v21;// r1
  int v22;// r2
  size_t pwdlen;// r0
  unsigned int loc_pwdlen;// r8
  unsigned int b64_salt_size;// r5
  _BYTE*pwdsaltstr;// r0
  int v27;// r3
  int txi;// r10
  unsigned int pwd_idx;// r2
  int txj;// r12
  bool b31;// zf
  _BYTE*v32;// r1
  bool b32;// zf
  int v34;// r3
  int tx;// r1
  unsigned __int8 txijvx;// r11
  unsigned int v37;// lr
  char v38;// r1
  char*v39;// r2
  int v40;// t1
  unsigned int pwd_salt_b64_bytelen;// [sp+4h] [bp-234h]
  unsigned int pwd_b64_bitlen;// [sp+8h] [bp-230h]
  unsigned int v44;// [sp+10h] [bp-228h]
  char*pwd;// [sp+14h] [bp-224h]
  char loc_buf100[256];// [sp+18h] [bp-220h]
  char buf100_2[256];// [sp+118h] [bp-120h]
  int v48;// [sp+218h] [bp-20h]
 
  pwd=(char*)(*(int(**)(void))(*(_DWORD*)a1+676))();
  guidlen=strlen(gidstr);
  gidbuf1_reverse_gid=(unsigned __int8*)malloc(guidlen);
  gidbuf2_nosplit=malloc(guidlen);
  gidbuf3=malloc(guidlen);
  _aeabi_memclr(gidbuf1_reverse_gid,guidlen);
  _aeabi_memclr(gidbuf2_nosplit,guidlen);
  _aeabi_memclr(gidbuf3,guidlen);
  if(guidlen)
  {
    gidbuf2_nosplit_len=0;
    v6=guidlen;
    v7=gidstr;
    do
    {
      v8=(unsigned __int8)*v7++;
      if(v8!='-' )
        gidbuf2_nosplit[gidbuf2_nosplit_len++]=v8;
      --v6;
    }
    while(v6);
    if(gidbuf2_nosplit_len>=1)
    {
      v9=gidbuf2_nosplit_len-1;
      v10=-8;
      v11=0;
      v12=0;
      do
      {
        if((v11|(v10>>2))>3)
        {
          v13=v12;
        }
        else
        {
          v13=v12+1;
          gidbuf1_reverse_gid[v12]='-';
        }
        v14=gidbuf2_nosplit[v9--];
        v11+=0x40000000;
        gidbuf1_reverse_gid[v13]=v14;
        ++v10;
        v12=v13+1;
      }
      while(v9!=-1);
      if(v13>=0)
      {
        v15=gidbuf3;
        while(1)
        {
          v16=(char*)*gidbuf1_reverse_gid;
          if((unsigned __int8)((_BYTE)v16-'a') <= 5u )
            break;
          if((unsigned __int8)((_BYTE)v16-'0') <= 9u )
          {
            v16=&aDbeafc24097158[(_DWORD)v16-42];
            goto LABEL_18;
          }
LABEL_19:
          *v15++=(_BYTE)v16;
          --v12;
          ++gidbuf1_reverse_gid;
          if(!v12)
            goto LABEL_20;
        }
        v16=&aDbeafc24097158[(_DWORD)v16-'a'];
LABEL_18:
        LOBYTE(v16)=*v16;
        goto LABEL_19;
      }
    }
  }
LABEL_20:
  _aeabi_memcpy8(loc_buf100,Hi_gbuf100,256);
  pbuf2=buf100_2;
  i=0;
  do
  {
    Hi_idx_mod_len(i,guidlen);
    buf100_2[i++]=gidbuf3[v19];
  }
  while(i!=256);
  ix=(unsigned __int8)(buf100_2[0]-41);
  loc_buf100[0]=loc_buf100[ix];
  loc_buf100[ix]=-41;
  v21=1;
  do
  {
    v22=(unsigned __int8)loc_buf100[v21];
    ix=(ix+(unsigned __int8)buf100_2[v21]+v22)%256;
    loc_buf100[v21++]=loc_buf100[ix];
    loc_buf100[ix]=v22;
  }
  while(v21!=256);
  pwdlen=strlen(pwd);
  loc_pwdlen=pwdlen;
  b64_salt_size=(unsigned __int8)gidbuf3[3];
  pwd_b64_bitlen=8*(3--3*(pwdlen/3));
  pwd_salt_b64_bytelen=b64_salt_size+pwd_b64_bitlen/6;
  pwdsaltstr=malloc(pwd_salt_b64_bytelen+1);
  if(loc_pwdlen)
  {
    txi=0;
    pwd_idx=0;
    txj=0;
    v44=b64_salt_size;
    do
    {
      txi=(txi+1)%256;
      tx=(unsigned __int8)loc_buf100[txi];
      txj=(txj+tx)%256;
      loc_buf100[txi]=loc_buf100[txj];
      loc_buf100[txj]=tx;
      pbuf2=(char*)(unsigned __int8)loc_buf100[txi];
      txijvx=loc_buf100[(unsigned __int8)(tx+(_BYTE)pbuf2)]^pwd[pwd_idx];
      if(pwd_idx&&(v27=0xAAAAAAAB*(unsigned __int64)pwd_idx>>32,v37=3*(pwd_idx/3),v37!=pwd_idx))
      {
        b31=pwd_idx==1;
        if(pwd_idx!=1)
          b31=v37+1==pwd_idx;
        if(b31)
        {
          v32=aAbcdefghijklmn;
          pwdsaltstr[v44+pwd_idx]=aAbcdefghijklmn[(unsigned __int8)pwdsaltstr[v44+pwd_idx]|((unsigned int)txijvx>>4)];
          pbuf2=&pwdsaltstr[v44+pwd_idx];
          v27=4*txijvx&0x3C;
          pbuf2[1]=v27;
          if(pwd_idx+1>=loc_pwdlen)
            goto LABEL_53;
        }
        else
        {
          b32=pwd_idx==2;
          if(pwd_idx!=2)
            b32=v37+2==pwd_idx;
          if(b32)
          {
            pbuf2=(char*)(txijvx&0xC0);
            v34=v44+++pwd_idx;
            pwdsaltstr[v34]=aAbcdefghijklmn[(unsigned __int8)pwdsaltstr[v34]|((unsigned int)pbuf2>>6)]^0xF;
            v27=(int)&pwdsaltstr[v34];
            *(_BYTE*)(v27+1)=aAbcdefghijklmn[txijvx&0x3F];
          }
        }
      }
      else
      {
        pwdsaltstr[v44+pwd_idx]=aAbcdefghijklmn[(unsigned int)txijvx>>2]^7;
        pbuf2=&pwdsaltstr[v44+pwd_idx];
        v27=16*txijvx&0x30;
        pbuf2[1]=v27;
        if(pwd_idx+1>=loc_pwdlen)
        {
          v38=aAbcdefghijklmn[v27];
          *((_WORD*)pbuf2+1)=';;';
          goto LABEL_43;
        }
      }
      ++pwd_idx;
    }
    while(pwd_idx<loc_pwdlen);
  }
  while(1)
  {
    if(pwd_b64_bitlen)
    {
      v32=(_BYTE*)1;
      pbuf2=(char*)pwd_salt_b64_bytelen;
      v39=&Hi_cmp_byte_A8DF04E8;
      do
      {
        v27=(unsigned __int8)pwdsaltstr[b64_salt_size++];
        v40=(unsigned __int8)*v39++;
        if(v40!=v27)
          v32=0u;
      }
      while(b64_salt_size<pwd_salt_b64_bytelen);
    }
    else
    {
      v32=(_BYTE*)1;
    }
    pwdsaltstr=(_BYTE*)(_stack_chk_guard-v48);
    if(_stack_chk_guard==v48)
      break;
LABEL_53:
    v38=v32[v27];
    pbuf2[2]='4';
LABEL_43:
    pbuf2[1]=v38;
  }
  return(unsigned __int8)v32;
}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
int __fastcall sub_A8DEE784(int a1)
{
  size_t guidlen;// r10
  unsigned __int8*gidbuf1_reverse_gid;// r6
  _BYTE*gidbuf2_nosplit;// r8
  _BYTE*gidbuf3;// r11
  signed int gidbuf2_nosplit_len;// r0
  size_t v6;// r2
  char*v7;// r1
  int v8;// r3
  int v9;// r1
  unsigned int v10;// r2
  int v11;// r3
  int v12;// r0
  int v13;// r4
  unsigned __int8 v14;// r0
  _BYTE*v15;// r3
  char*v16;// r5
  char*pbuf2;// r4
  int i;// r5
  int v19;// r1
  int ix;// r0
  signed int v21;// r1
  int v22;// r2
  size_t pwdlen;// r0
  unsigned int loc_pwdlen;// r8
  unsigned int b64_salt_size;// r5
  _BYTE*pwdsaltstr;// r0
  int v27;// r3
  int txi;// r10
  unsigned int pwd_idx;// r2
  int txj;// r12
  bool b31;// zf
  _BYTE*v32;// r1
  bool b32;// zf
  int v34;// r3
  int tx;// r1
  unsigned __int8 txijvx;// r11
  unsigned int v37;// lr
  char v38;// r1
  char*v39;// r2
  int v40;// t1
  unsigned int pwd_salt_b64_bytelen;// [sp+4h] [bp-234h]
  unsigned int pwd_b64_bitlen;// [sp+8h] [bp-230h]
  unsigned int v44;// [sp+10h] [bp-228h]
  char*pwd;// [sp+14h] [bp-224h]
  char loc_buf100[256];// [sp+18h] [bp-220h]
  char buf100_2[256];// [sp+118h] [bp-120h]
  int v48;// [sp+218h] [bp-20h]
 
  pwd=(char*)(*(int(**)(void))(*(_DWORD*)a1+676))();
  guidlen=strlen(gidstr);
  gidbuf1_reverse_gid=(unsigned __int8*)malloc(guidlen);
  gidbuf2_nosplit=malloc(guidlen);
  gidbuf3=malloc(guidlen);
  _aeabi_memclr(gidbuf1_reverse_gid,guidlen);
  _aeabi_memclr(gidbuf2_nosplit,guidlen);
  _aeabi_memclr(gidbuf3,guidlen);
  if(guidlen)
  {
    gidbuf2_nosplit_len=0;
    v6=guidlen;
    v7=gidstr;
    do
    {
      v8=(unsigned __int8)*v7++;
      if(v8!='-' )
        gidbuf2_nosplit[gidbuf2_nosplit_len++]=v8;
      --v6;
    }
    while(v6);
    if(gidbuf2_nosplit_len>=1)
    {
      v9=gidbuf2_nosplit_len-1;
      v10=-8;
      v11=0;
      v12=0;
      do
      {
        if((v11|(v10>>2))>3)
        {
          v13=v12;
        }
        else
        {
          v13=v12+1;
          gidbuf1_reverse_gid[v12]='-';
        }
        v14=gidbuf2_nosplit[v9--];
        v11+=0x40000000;
        gidbuf1_reverse_gid[v13]=v14;
        ++v10;
        v12=v13+1;
      }
      while(v9!=-1);
      if(v13>=0)
      {
        v15=gidbuf3;
        while(1)
        {
          v16=(char*)*gidbuf1_reverse_gid;
          if((unsigned __int8)((_BYTE)v16-'a') <= 5u )
            break;
          if((unsigned __int8)((_BYTE)v16-'0') <= 9u )
          {
            v16=&aDbeafc24097158[(_DWORD)v16-42];
            goto LABEL_18;
          }
LABEL_19:
          *v15++=(_BYTE)v16;
          --v12;
          ++gidbuf1_reverse_gid;
          if(!v12)
            goto LABEL_20;
        }
        v16=&aDbeafc24097158[(_DWORD)v16-'a'];
LABEL_18:
        LOBYTE(v16)=*v16;
        goto LABEL_19;
      }
    }
  }
LABEL_20:
  _aeabi_memcpy8(loc_buf100,Hi_gbuf100,256);
  pbuf2=buf100_2;
  i=0;
  do
  {
    Hi_idx_mod_len(i,guidlen);
    buf100_2[i++]=gidbuf3[v19];
  }
  while(i!=256);
  ix=(unsigned __int8)(buf100_2[0]-41);
  loc_buf100[0]=loc_buf100[ix];
  loc_buf100[ix]=-41;
  v21=1;
  do
  {
    v22=(unsigned __int8)loc_buf100[v21];
    ix=(ix+(unsigned __int8)buf100_2[v21]+v22)%256;
    loc_buf100[v21++]=loc_buf100[ix];
    loc_buf100[ix]=v22;
  }
  while(v21!=256);
  pwdlen=strlen(pwd);
  loc_pwdlen=pwdlen;
  b64_salt_size=(unsigned __int8)gidbuf3[3];
  pwd_b64_bitlen=8*(3--3*(pwdlen/3));
  pwd_salt_b64_bytelen=b64_salt_size+pwd_b64_bitlen/6;
  pwdsaltstr=malloc(pwd_salt_b64_bytelen+1);
  if(loc_pwdlen)
  {
    txi=0;
    pwd_idx=0;
    txj=0;
    v44=b64_salt_size;
    do
    {
      txi=(txi+1)%256;
      tx=(unsigned __int8)loc_buf100[txi];
      txj=(txj+tx)%256;
      loc_buf100[txi]=loc_buf100[txj];
      loc_buf100[txj]=tx;
      pbuf2=(char*)(unsigned __int8)loc_buf100[txi];
      txijvx=loc_buf100[(unsigned __int8)(tx+(_BYTE)pbuf2)]^pwd[pwd_idx];
      if(pwd_idx&&(v27=0xAAAAAAAB*(unsigned __int64)pwd_idx>>32,v37=3*(pwd_idx/3),v37!=pwd_idx))
      {
        b31=pwd_idx==1;
        if(pwd_idx!=1)
          b31=v37+1==pwd_idx;
        if(b31)
        {
          v32=aAbcdefghijklmn;
          pwdsaltstr[v44+pwd_idx]=aAbcdefghijklmn[(unsigned __int8)pwdsaltstr[v44+pwd_idx]|((unsigned int)txijvx>>4)];
          pbuf2=&pwdsaltstr[v44+pwd_idx];
          v27=4*txijvx&0x3C;
          pbuf2[1]=v27;
          if(pwd_idx+1>=loc_pwdlen)
            goto LABEL_53;
        }
        else
        {
          b32=pwd_idx==2;
          if(pwd_idx!=2)
            b32=v37+2==pwd_idx;
          if(b32)
          {
            pbuf2=(char*)(txijvx&0xC0);
            v34=v44+++pwd_idx;
            pwdsaltstr[v34]=aAbcdefghijklmn[(unsigned __int8)pwdsaltstr[v34]|((unsigned int)pbuf2>>6)]^0xF;
            v27=(int)&pwdsaltstr[v34];
            *(_BYTE*)(v27+1)=aAbcdefghijklmn[txijvx&0x3F];
          }
        }
      }
      else
      {
        pwdsaltstr[v44+pwd_idx]=aAbcdefghijklmn[(unsigned int)txijvx>>2]^7;
        pbuf2=&pwdsaltstr[v44+pwd_idx];
        v27=16*txijvx&0x30;
        pbuf2[1]=v27;
        if(pwd_idx+1>=loc_pwdlen)
        {
          v38=aAbcdefghijklmn[v27];
          *((_WORD*)pbuf2+1)=';;';
          goto LABEL_43;
        }
      }
      ++pwd_idx;
    }
    while(pwd_idx<loc_pwdlen);
  }
  while(1)
  {
    if(pwd_b64_bitlen)
    {
      v32=(_BYTE*)1;
      pbuf2=(char*)pwd_salt_b64_bytelen;
      v39=&Hi_cmp_byte_A8DF04E8;
      do
      {
        v27=(unsigned __int8)pwdsaltstr[b64_salt_size++];
        v40=(unsigned __int8)*v39++;
        if(v40!=v27)
          v32=0u;
      }
      while(b64_salt_size<pwd_salt_b64_bytelen);
    }
    else
    {
      v32=(_BYTE*)1;
    }
    pwdsaltstr=(_BYTE*)(_stack_chk_guard-v48);
    if(_stack_chk_guard==v48)
      break;
LABEL_53:
    v38=v32[v27];
    pbuf2[2]='4';
LABEL_43:
    pbuf2[1]=v38;
  }
  return(unsigned __int8)v32;
}

0x03 代码相对比较清晰,由下述横线分为前后两个部分,
(1)上半部分(主要得到loc_buf100表,这个我们可以通过下述断点断下后,通过IDAPython脚本提取buf存储的表
(2)下半部分就是依次通过(1)表提取因子A与key的字符B异或,得到结果R,而将结果转为类似64进制编码结果,
       这里其对64编码结果加了盐,即对特定位异或了不同因子,
     最后与Hi_cmp_byte_A8DF04E8 即 xb64_pwd = " {9*8ga*l!Tn?@#fj'j$\\g;;"比较






0x04 因为关键的都是异或,所以可逆,
通过断点处的提取,我们得到初始表,此表每选用一个异或因子后,都会发生变动。
memcpy(&loc_buf100[0],&g_buf100[0],0x100);

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
unsigned char ref100[] = {
    0xF0, 0x37, 0xE1, 0x9B, 0x2A, 0x15, 0x17, 0x9F, 0xD7, 0x58, 0x4D, 0x6E, 0x33, 0xA0, 0x39, 0xAE, 
    0x04, 0xD0, 0xBE, 0xED, 0xF8, 0x66, 0x5E, 0x00, 0xD6, 0x91, 0x2F, 0xC3, 0x10, 0x4C, 0xF7, 0xA6, 
    0xC1, 0xEC, 0x6D, 0x0B, 0x50, 0x65, 0xBB, 0x34, 0xFA, 0xA4, 0x2D, 0x3B, 0x23, 0xA1, 0x96, 0xD5, 
    0x1D, 0x38, 0x56, 0x0A, 0x5D, 0x4F, 0xE4, 0xCC, 0x24, 0x0D, 0x12, 0x87, 0x35, 0x85, 0x8E, 0x6F, 
    0xC6, 0x13, 0x9A, 0xD3, 0xFC, 0xE7, 0x08, 0xAC, 0xB7, 0xE9, 0xB0, 0xE8, 0x41, 0xAA, 0x55, 0x53, 
    0xC2, 0x42, 0xBC, 0xE6, 0x0F, 0x8A, 0x86, 0xA8, 0xCF, 0x84, 0xC5, 0x48, 0x74, 0x36, 0x07, 0xEB, 
    0x88, 0x51, 0xF6, 0x7F, 0x57, 0x05, 0x63, 0x3E, 0xFE, 0xB8, 0xC9, 0xF5, 0xAF, 0xDF, 0xEA, 0x82, 
    0x44, 0xF9, 0xCD, 0x06, 0xBA, 0x30, 0x47, 0x40, 0xDE, 0xFD, 0x1C, 0x7C, 0x11, 0x5C, 0x02, 0x31, 
    0x2C, 0x9C, 0x5F, 0x46, 0x27, 0xC4, 0x83, 0x73, 0x16, 0x90, 0x20, 0x76, 0x7B, 0xF2, 0xE3, 0xF3, 
    0x77, 0x52, 0x80, 0x25, 0x09, 0x26, 0x3F, 0xC7, 0x18, 0x1B, 0xA3, 0xFF, 0xFB, 0xCB, 0xA9, 0x8C, 
    0x54, 0x7A, 0x68, 0xB4, 0x70, 0x4B, 0xE2, 0x49, 0x22, 0x7E, 0xA5, 0xB6, 0x81, 0x9D, 0x4E, 0x67, 
    0xF1, 0xA7, 0x3C, 0xD9, 0x94, 0xEF, 0x32, 0x6B, 0x1F, 0xB1, 0x60, 0xB9, 0x64, 0x59, 0x01, 0xB3, 
    0x7D, 0xE0, 0x6C, 0xAD, 0x97, 0x19, 0xB5, 0x3A, 0xF4, 0xD8, 0x8D, 0x98, 0x03, 0x93, 0x1A, 0xDC, 
    0x1E, 0x4A, 0xC0, 0x5A, 0xE5, 0xD1, 0x3D, 0x14, 0xC8, 0x79, 0xBD, 0x43, 0xDB, 0x69, 0xD2, 0x61, 
    0x95, 0x9E, 0x21, 0x45, 0x89, 0x2B, 0xAB, 0x29, 0xA2, 0x8B, 0x2E, 0xD4, 0x0E, 0x62, 0xCA, 0x28, 
    0xDA, 0x5B, 0x72, 0x8F, 0x99, 0x75, 0xEE, 0x78, 0x0C, 0x71, 0xBF, 0xDD, 0xCE, 0x92, 0x6A, 0xB2
};

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
unsigned char ref100[] = {
    0xF0, 0x37, 0xE1, 0x9B, 0x2A, 0x15, 0x17, 0x9F, 0xD7, 0x58, 0x4D, 0x6E, 0x33, 0xA0, 0x39, 0xAE, 
    0x04, 0xD0, 0xBE, 0xED, 0xF8, 0x66, 0x5E, 0x00, 0xD6, 0x91, 0x2F, 0xC3, 0x10, 0x4C, 0xF7, 0xA6, 
    0xC1, 0xEC, 0x6D, 0x0B, 0x50, 0x65, 0xBB, 0x34, 0xFA, 0xA4, 0x2D, 0x3B, 0x23, 0xA1, 0x96, 0xD5, 
    0x1D, 0x38, 0x56, 0x0A, 0x5D, 0x4F, 0xE4, 0xCC, 0x24, 0x0D, 0x12, 0x87, 0x35, 0x85, 0x8E, 0x6F, 
    0xC6, 0x13, 0x9A, 0xD3, 0xFC, 0xE7, 0x08, 0xAC, 0xB7, 0xE9, 0xB0, 0xE8, 0x41, 0xAA, 0x55, 0x53, 
    0xC2, 0x42, 0xBC, 0xE6, 0x0F, 0x8A, 0x86, 0xA8, 0xCF, 0x84, 0xC5, 0x48, 0x74, 0x36, 0x07, 0xEB, 
    0x88, 0x51, 0xF6, 0x7F, 0x57, 0x05, 0x63, 0x3E, 0xFE, 0xB8, 0xC9, 0xF5, 0xAF, 0xDF, 0xEA, 0x82, 
    0x44, 0xF9, 0xCD, 0x06, 0xBA, 0x30, 0x47, 0x40, 0xDE, 0xFD, 0x1C, 0x7C, 0x11, 0x5C, 0x02, 0x31, 
    0x2C, 0x9C, 0x5F, 0x46, 0x27, 0xC4, 0x83, 0x73, 0x16, 0x90, 0x20, 0x76, 0x7B, 0xF2, 0xE3, 0xF3, 
    0x77, 0x52, 0x80, 0x25, 0x09, 0x26, 0x3F, 0xC7, 0x18, 0x1B, 0xA3, 0xFF, 0xFB, 0xCB, 0xA9, 0x8C, 
    0x54, 0x7A, 0x68, 0xB4, 0x70, 0x4B, 0xE2, 0x49, 0x22, 0x7E, 0xA5, 0xB6, 0x81, 0x9D, 0x4E, 0x67, 
    0xF1, 0xA7, 0x3C, 0xD9, 0x94, 0xEF, 0x32, 0x6B, 0x1F, 0xB1, 0x60, 0xB9, 0x64, 0x59, 0x01, 0xB3, 
    0x7D, 0xE0, 0x6C, 0xAD, 0x97, 0x19, 0xB5, 0x3A, 0xF4, 0xD8, 0x8D, 0x98, 0x03, 0x93, 0x1A, 0xDC, 
    0x1E, 0x4A, 0xC0, 0x5A, 0xE5, 0xD1, 0x3D, 0x14, 0xC8, 0x79, 0xBD, 0x43, 0xDB, 0x69, 0xD2, 0x61, 
    0x95, 0x9E, 0x21, 0x45, 0x89, 0x2B, 0xAB, 0x29, 0xA2, 0x8B, 0x2E, 0xD4, 0x0E, 0x62, 0xCA, 0x28, 
    0xDA, 0x5B, 0x72, 0x8F, 0x99, 0x75, 0xEE, 0x78, 0x0C, 0x71, 0xBF, 0xDD, 0xCE, 0x92, 0x6A, 0xB2
};

[注意]看雪招聘,专注安全领域的专业人才平台!

最后于 2019-3-27 20:03 被HHHso编辑 ,原因:
收藏
免费 2
支持
分享
赞赏记录
参与人
雪币
留言
时间
PLEBFE
为你点赞~
2023-1-28 00:25
SnowFox
为你点赞~
2019-3-25 12:29
最新回复 (2)
jiaduo
雪    币: 2415
活跃值: (505)
能力值: ( LV5,RANK:76 )
在线值:
发帖
回帖
粉丝
私信
2
写的真好
2019-3-25 17:08
0
琅環玉碎
雪    币: 1636
活跃值: (653)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
私信
3
写的真好
2020-11-11 23:01
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回

账号登录
验证码登录

忘记密码?
没有账号?立即免费注册
我已同意 《看雪服务条款》 《看雪课程免责声明》 《看雪隐私政策》