-
-
[原创] 看雪CTF2019Q2第六题消失的岛屿解题过程
-
2019-6-17 18:53
-
运行一下这个程序,发现就是要求输入序列号。
在IDA中分析一下可以发现是用的变形base64算法,base64表被换过了,并且从base64表中取元素也是另一套方法。
直接改的网上找到一个base64的源代码(https://www.twblogs.net/a/5cd3ff75bd9eee67a77f284d),改过的代码如下。
#include <stdio.h>
#include <string.h>
char charDecrypt(int data)
{
if (0x9b - data > 0x40 && 0x9b - data <= 0x5A)
{
if (0x9b - data == 0x41)
return 42;
if (0x9b - data == 0x42)
return 43;
if (0x9b - data == 0x43)
return 44;
if (0x9b - data == 0x44)
return 45;
if (0x9b - data == 0x45)
return 46;
if (0x9b - data == 0x46)
return 47;
if (0x9b - data == 0x47)
return 48;
if (0x9b - data == 0x48)
return 49;
if (0x9b - data == 0x49)
return 50;
if (0x9b - data == 0x4A)
return 51;
if (0x9b - data == 0x4B)
return 52;
if (0x9b - data == 0x4C)
return 53;
if (0x9b - data == 0x4D)
return 54;
if (0x9b - data == 0x4E)
return 55;
if (0x9b - data == 0x4F)
return 56;
if (0x9b - data == 0x50)
return 57;
if (0x9b - data == 0x51)
return 58;
if (0x9b - data == 0x52)
return 59;
if (0x9b - data == 0x53)
return 60;
if (0x9b - data == 0x54)
return 5;
if (0x9b - data == 0x55)
return 6;
if (0x9b - data == 0x56)
return 38;
if (0x9b - data == 0x57)
return 39;
if (0x9b - data == 0x58)
return 40;
if (0x9b - data == 0x59)
return 16;
if (0x9b - data == 0x5A)
return 17;
}
if (data + 0x40 > 0x60 && data + 0x40 <= 0x7A)
{
if (data + 0x40 == 0x61)
return 18;
if (data + 0x40 == 0x62)
return 19;
if (data + 0x40 == 0x63)
return 20;
if (data + 0x40 == 0x64)
return 21;
if (data + 0x40 == 0x65)
return 22;
if (data + 0x40 == 0x66)
return 23;
if (data + 0x40 == 0x67)
return 24;
if (data + 0x40 == 0x68)
return 25;
if (data + 0x40 == 0x69)
return 26;
if (data + 0x40 == 0x6A)
return 27;
if (data + 0x40 == 0x6B)
return 41;
if (data + 0x40 == 0x6C)
return 7;
if (data + 0x40 == 0x6D)
return 8;
if (data + 0x40 == 0x6E)
return 9;
if (data + 0x40 == 0x6F)
return 10;
if (data + 0x40 == 0x70)
return 11;
if (data + 0x40 == 0x71)
return 12;
if (data + 0x40 == 0x72)
return 13;
if (data + 0x40 == 0x73)
return 14;
if (data + 0x40 == 0x74)
return 0;
if (data + 0x40 == 0x75)
return 1;
if (data + 0x40 == 0x76)
return 2;
if (data + 0x40 == 0x77)
return 3;
if (data + 0x40 == 0x78)
return 4;
if (data + 0x40 == 0x79)
return 29;
if (data + 0x40 == 0x7A)
return 30;
}
if (data - 0x32 > 0x2f && data - 0x32 <= 0x39)
{
if (data - 0x32 == 0x30)
return 31;
if (data - 0x32 == 0x31)
return 32;
if (data - 0x32 == 0x32)
return 33;
if (data - 0x32 == 0x33)
return 34;
if (data - 0x32 == 0x34)
return 35;
if (data - 0x32 == 0x35)
return 36;
if (data - 0x32 == 0x36)
return 37;
if (data - 0x32 == 0x37)
return 15;
if (data - 0x32 == 0x38)
return 28;
if (data - 0x32 == 0x39)
return 61;
}
if (data == 0x77)
return 62;
if (data == 0x79)
return 63;
}
int base64_decode(const char* base64, unsigned char* dedata)
{
int i = 0, j = 0;
int trans[4] = { 0, 0, 0, 0 };
for (; base64[i] != '\0'; i += 4)
{
trans[0] = charDecrypt(base64[i]);
trans[1] = charDecrypt(base64[i + 1]);
dedata[j++] = ((trans[0] << 2) & 0xfc) | ((trans[1] >> 4) & 0x03);
if (base64[i + 2] == '=')
{
continue;
}
else
{
trans[2] = charDecrypt(base64[i + 2]);
}
dedata[j++] = ((trans[1] << 4) & 0xf0) | ((trans[2] >> 2) & 0x0f);
if (base64[i + 3] == '=')
{
continue;
}
else {
trans[3] = charDecrypt(base64[i + 3]);
}
dedata[j++] = ((trans[2] << 6) & 0xc0) | (trans[3] & 0x3f);
}
dedata[j] = '\0';
return 0;
}
int main()
{
char base64[128] = "!NGV%,$h1f4S3%2P(hkQ94==";
char dedata[128];
base64_decode(base64, (unsigned char*)dedata);
printf("解码:%s", dedata);
getchar();
getchar();
return 0;
}
运行结果如下。
[招生]科锐逆向工程师培训46期预科班将于 2023年02月09日 正式开班
最后于 2019-6-17 19:23
被houjingyi编辑
,原因:
|
|
|---|---|
