-
-
[原创][2021][KCTF] 第四题 英雄救美 wp
-
2021-5-14 14:06 4541
-
没仔细看算法,翻翻数据看到这个:
.data:004187C0 dd 0, 4, 0, 7, 0, 0, 0, 0, 0
.data:004187E4 dd 9, 2, 0, 0, 0, 0, 6, 0, 7
.data:00418808 dd 8, 3, 0, 0, 0, 5, 4, 0, 0
.data:0041882C dd 0, 1, 0, 0, 0, 3, 0, 0, 0
.data:00418850 dd 0, 0, 0, 2, 0, 1, 0, 0, 0
.data:00418874 dd 0, 0, 0, 5, 0, 0, 0, 4, 0
.data:00418898 dd 0, 0, 4, 9, 0, 0, 0, 7, 1
.data:004188BC dd 3, 0, 5, 0, 0, 0, 0, 9, 4
.data:004188E0 dd 0, 0, 0, 0, 0, 8, 0, 6, 0
挺像是数独,还不确定,不管怎样先把这个数独玩出来再说:
5 4 6 7 1 9 2 3 8
9 2 1 8 3 4 6 5 7
8 3 7 6 2 5 4 1 9
7 1 8 4 6 3 9 2 5
4 5 3 2 9 1 7 8 6
6 9 2 5 8 7 1 4 3
2 8 4 9 5 6 3 7 1
3 6 5 1 7 2 8 9 4
1 7 9 3 4 8 5 6 2
验证在sub_401000里面,中间把数据替换掉,返回1,确认果然是数独
输入是要把数独数据中是0的位置补缺,9行输入如下:
5 6 1 9 2 3 8
1 8 3 4 5
7 6 2 1 9
7 8 4 6 9 2 5
4 5 3 9 7 8 6
6 9 2 8 7 1 3
2 8 5 6 3
6 1 7 2 8
1 7 9 3 4 5 2
然后构造输入,sub_401240里是解析输入的,9行输入字符转换表:
$BPV:ubfY
p}]DtN>aT
^MGmJQ#*H
r`O'wjic0
!hdy{oZz-
@n+?&%s_/
g<e[W)XUx
RFSLRA;.l
=CEkvK-(q
每行输入不足9个字符时,末尾用9减去本行输入长度对应的数字填补,得到9行输入:
:u$YBPf2
pa]Dt4
#QM^H4
ic'j0`w2
y{d-Zzo2
%/n_s@+2
<UW)e4
AR;F.4
=-qEkvC2
完整拼接起来得到序列号:
:u$YBPf2pa]Dt4#QM^H4ic'j0`w2y{d-Zzo2%/n_s@+2<UW)e4AR;F.4=-qEkvC2
代码:
int b[9][9] = { {5,6,1,9,2,3,8,0,0}, {1,8,3,4,5,0,0,0,0}, {7,6,2,1,9,0,0,0,0}, {7,8,4,6,9,2,5,0,0}, {4,5,3,9,7,8,6,0,0}, {6,9,2,8,7,1,3,0,0}, {2,8,5,6,3,0,0,0,0}, {6,1,7,2,8,0,0,0,0}, {1,7,9,3,4,5,2,0,0}, }; void s04() { int i,j; char *t = "$BPV:ubfYp}]DtN>aT^MGmJQ#*Hr`O'wjic0!hdy{oZz-@n+?&%s_/g<e[W)XUxRFSLRA;.l=CEkvK-(q"; for (j=0;j<9;j++) { for (i=0;i<9;i++) { if (b[j][i]) { printf("%c", t[j*9 + b[j][i]-1]); } else { printf("%d\n",9-i); break; } } } }
[CTF入门培训]顶尖高校博士及硕士团队亲授《30小时教你玩转CTF》,视频+靶场+题目!助力进入CTF世界