[原创]第六题：消失的岛屿-CTF对抗-看雪-安全社区|安全招聘|kanxue.com

[原创]第六题：消失的岛屿

发表于: 2019-6-15 21:26 2753

[原创]第六题：消失的岛屿

kanv

2019-6-15 21:26

2753

载入IDA：

通过变形的base64对输入字符串加密，与“!NGV%,$h1f4S3%2P(hkQ94==”比较，相等则成功，否则重试。

int __cdecl base64_encode(const uint8_t *bindata, char *base64, int binlength)

{

int v3; // eax

char *v4; // ebx

int v5; // eax

int v6; // ST0C_4

char *v7; // ebx

int v8; // eax

int v9; // eax

char *v10; // ebx

int v11; // eax

int v12; // eax

char *v13; // ebx

uint8_t current; // [esp+Bh] [ebp-Dh]

uint8_t currenta; // [esp+Bh] [ebp-Dh]

int j; // [esp+Ch] [ebp-Ch]

int ja; // [esp+Ch] [ebp-Ch]

int jb; // [esp+Ch] [ebp-Ch]

int i; // [esp+10h] [ebp-8h]

i = 0;

j = 0;

while ( i < binlength )

{

v3 = j;

ja = j + 1;

v4 = &base64[v3];

*v4 = charEncrypt((bindata[i] >> 2) & 0x3F);

current = 16 * bindata[i] & 0x30;

if ( i + 1 >= binlength )

{

v5 = ja;

v6 = ja + 1;

v7 = &base64[v5];

*v7 = charEncrypt(current);

base64[v6] = 61;//‘=’

v8 = v6 + 1;

j = v6 + 2;

base64[v8] = 61;//‘=’

break;

}

v9 = ja;

jb = ja + 1;

v10 = &base64[v9];

*v10 = charEncrypt((bindata[i + 1] >> 4) | current);

currenta = 4 * bindata[i + 1] & 0x3C;

if ( i + 2 >= binlength )

{

base64[jb] = charEncrypt(currenta);

v11 = jb + 1;

j = jb + 2;

base64[v11] = 61;//‘=’