-
-
2019ddctf reverse1_final
-
2019-4-20 01:23
-
0x00 运行程序
0x01 查壳
程序加了upx的壳
0x2 脱壳
这个壳可以工具脱,也可以手脱。
工具脱:执行命令:upx -d 文件名
脱过之后:
0x03 分析
1、将脱壳后的程序拖到IDA中:
sub_401000这个函数是关键。
从0x402ff8开始,以我们的输入为索引,形成新字符串,这个字符串与“DDCTF{reverseME}”作比较,相同即会输入正确。
2、拖到OD里面去看0x402ff8开始的数据
ctrl + g 输入0x402ff8
0x04 解题脚本
table = [00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFF,0x3A,0xFC,0x30,0x00,0xC5,0x03,0xCF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0x01,0x00,0x00,0x00,0x7E,0x7D,0x7C,0x7B,0x7A,0x79,0x78,0x77,0x76,0x75,0x74,0x73,0x72,0x71,0x70,0x6F,0x6E,0x6D,0x6C,0x6B,0x6A,0x69,0x68,0x67,0x66,0x65,0x64,0x63,0x62,0x61,0x60,0x5F,0x5E,0x5D,0x5C,0x5B,0x5A,0x59,0x58,0x57,0x56,0x55,0x54,0x53,0x52,0x51,0x50,0x4F,0x4E,0x4D,0x4C,0x4B,0x4A,0x49,0x48,0x47,0x46,0x45,0x44,0x43,0x42,0x41,0x40,0x3F,0x3E,0x3D,0x3C,0x3B,0x3A,0x39,0x38,0x37,0x36,0x35,0x34,0x33,0x32,0x31,0x30,0x2F,0x2E,0x2D,0x2C,0x2B,0x2A,0x29,0x28,0x27,0x26,0x25,0x24,0x23,0x22,0x21,0x20,0x00,0x01,0x00,0x00,0x00,0x70,0x19,0x38,0x00,0x80,0x12,0x38,0x00,0x00,0x00,0x00,0x00]
flag = ''
str1 = "DDCTF{reverseME}"
for i in range(len(str1)):
flag += chr(table.index(ord(str1[i])))
print(flag)
得到:ZZ[JX#,9(9,+9QY!
[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。
最后于 2020-2-12 21:23
被kanxue编辑
,原因:
|
|
|---|---|
