-
-
[原创]2019看雪CTF 晋级赛Q2 第6题-消失的岛屿
-
2019-6-24 14:46
3726
-
[原创]2019看雪CTF 晋级赛Q2 第6题-消失的岛屿
程序逻辑
int __cdecl main(int argc, const char **argv, const char **envp)
{
int v3; // eax
uint8_t bindata; // [esp+11h] [ebp-3Fh]
const char *v6; // [esp+48h] [ebp-8h]
char *v7; // [esp+4Ch] [ebp-4h]
__main();
printf("please enter Serial:");
scanf(" %s", &bindata);
if ( strlen((const char *)&bindata) > 0x31 )
puts("error");
v7 = (char *)calloc(1u, 0x400u);
v3 = strlen((const char *)&bindata);
base64_encode(&bindata, v7, v3);
v6 = "!NGV%,$h1f4S3%2P(hkQ94==";
if ( !strcmp("!NGV%,$h1f4S3%2P(hkQ94==", v7) )
puts("Success");
else
puts("Please Try Again");
free(v7);
system("pause");
return 0;
}这是一道变形的BASE64题
目标结果字串:"!NGV%,$h1f4S3%2P(hkQ94=="
自定义table:tuvwxTUlmnopqrs7YZabcdefghij8yz0123456VWXkABCDEFGHIJKLMNOPQRS9+/
自定义的字串转化:
char __cdecl charEncrypt(int data)
{
int dataa; // [esp+18h] [ebp+8h]
dataa = aTuvwxtulmnopqr[data];
if ( dataa > 0x40 && dataa <= 0x5A )
return 0x9B - dataa;
if ( dataa > 0x60 && dataa <= 0x7A )
return dataa - 0x40;
if ( dataa > 0x2F && dataa <= 0x39 )
return dataa + 0x32;
if ( dataa == 0x2B )
return 0x77;
if ( dataa == 0x2F )
dataa = 0x79;
return dataa;
}通过以上逆推flag:
!NGV%,$h1f4S3%2P(hkQ94==
aMTEeld6q4tHserKh69Jyt==
KanXue2019ctf_st
flag:KanXue2019ctf_st
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
