-
-
[原创]签到题 拜师学艺 WriteUp
-
发表于:
2021-5-10 16:59
2626
-
定位程序Main(脱到IDA)
sub_401470是SMC的解密部分,动态调试步过
检测flag是否以“flag{”开头
对flag进行解密,检测是否与“Zmxhz3tryw54dw”相等
解密算法如下:
char* table = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
char* table_index = new char[0x400];
memset(table_index, 0xFF, 0x400);
for (int result = 0; result < 0x40; ++result)
table_index[table[result]] = result;
char* src = "ZmxhZ3trYW54dWV9";
char res[13] = { 0 };
auto lambdaK = [table_index](auto src, auto res) {
char c1 = table_index[src[0]];
char c2 = table_index[src[1]];
char c3 = table_index[src[2]];
char c4 = table_index[src[3]];
unsigned int rs = c4 + (c3 << 6) + (c2 << 0xc) + (c1 << 0x12);
res[0] = *((char*)&rs + 2);
res[1] = *((char*)&rs + 1);
res[2] = *((char*)&rs + 0);
};
for (int i = 0; i < 4; i++) {
lambdaK(src + i * 4, res + i * 3);
}
printf("%s", res);
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
