代码如下:
01311B4D > \0F1005 F81233>movups xmm0,dqword ptr ds:[0x13312F8] == D8A79EF6CED2B8FCCFB2BBB6CBEFBCE1
01311B54 . 6A 10 push 0x10
01311B56 . 0F100D 0C1333>movups xmm1,dqword ptr ds:[0x133130C] == KCTF............
01311B5D . 8D5424 64 lea edx,dword ptr ss:[esp+0x64]
01311B61 . C74424 0C 000>mov dword ptr ss:[esp+0xC],0x0
01311B69 . 8D4C24 0C lea ecx,dword ptr ss:[esp+0xC]
01311B6D . C74424 10 000>mov dword ptr ss:[esp+0x10],0x0
01311B75 . 66:0FEFC8 pxor mm1,mm0
01311B79 . C74424 14 012>mov dword ptr ss:[esp+0x14],0x67452301
01311B81 . 0F57C0 xorps xmm0,xmm0
01311B84 . C74424 18 89A>mov dword ptr ss:[esp+0x18],0xEFCDAB89
01311B8C . 0F114C24 64 movups dqword ptr ss:[esp+0x64],xmm1 == 其实我更喜欢孙坚
01311B91 . C74424 1C FED>mov dword ptr ss:[esp+0x1C],0x98BADCFE
01311B99 . C74424 20 765>mov dword ptr ss:[esp+0x20],0x10325476
01311BA1 . 0F294424 74 movaps dqword ptr ss:[esp+0x74],xmm0
01311BA6 . E8 55F4FFFF call ZhonyaRi.01311000
013312F8 F3 A0 FD 8D 8D E1 FE B8 89 80 8A 8F F2 D7 FD A2 ................................. (1)
0133130C 35 44 37 38 43 33 46 44 46 32 31 39 39 38 41 43 5D78C3FDF21998AC (2)
003BFE20 C6 E4 CA B5 CE D2 B8 FC CF B2 BB B6 CB EF BC E1 其实我更喜欢孙坚 (3)
F3 xor 35 = C6 ....
F3 = 35 xor C6 ...
(1) xor(2)=(3) => (1) = (2) xor (3)
由此可知 (3)xor (KCTH) = (KCTH序列号)
0133130C 4B 43 54 46 00 00 00 00 00 00 00 00 00 00 00 00 KCTF............ (2)
003BFE20 C6 E4 CA B5 CE D2 B8 FC CF B2 BB B6 CB EF BC E1 其实我更喜欢孙坚 (3)
D8 A7 9E F6 CE D2 B8 FC CF B2 BB B6 CB EF BC E1 (1)
(2) xor (3) = (1)
4B xor C6 = D8 ......
43 xor E4 = A7 ......
......
00 xor E1 =E1
用户名:KCTF
序列号:D8A79EF6CED2B8FCCFB2BBB6CBEFBCE1
[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。
