首页
社区
课程
招聘
[原创]2021强网杯Reverse-LongTimeAgo
发表于: 2021-6-18 14:33 16300

[原创]2021强网杯Reverse-LongTimeAgo

2021-6-18 14:33
16300

拖入IDA之后发现有花指令,逐个patch太慢,以便之后我们多次调试,写一个IDAPython的脚本来批量patch,不然IDA每次重新调试我们都要重新patch一次

patch之后反编译,才能正确看到main函数

main函数如下:

逐段进行分析:

输入之后并判断长度是否为64

take_eight_to_hex函数的意思就是:比如我输入的是1111111122222222.....等64个字节,那么逐渐循环take_eight_to_hex取出来的就是0x11111111,0x22222222,.......(自己调试一下就可以发现)

然后这种小循环,是判断有多少个有效16进制字节的,比如0x123456,返回的就是3,0x11111111,返回的就是4

下方对那个已知的数组(就是比较数据)
图片描述

进行相同的储存方式

存一个地址就偏移36字节,貌似是一个类似对象,结构体的东西

调试一下,每次循环都查看cmp_dest 和input_dest 就可以知道

实际上就是生成key并判断生成的数据的长度,和前面是相同的储存方式

其实对于生成key的函数,就是create里面的一个函数:

图片描述

每次调试,修改传入的a2参数,然后查看返回的v3的值,猜测规律

我的猜测过程:
图片描述

得到这个函数功能:

加密的函数,4个部分,前两个进行xtea加密,后两个进行tea加密

里面关键加密的一段:对拍过程看//后面的注释

写出xtea_encrypt函数:

写出tea_encrypt函数:

这里吐槽一句,不知道题目的author是使用了什么库?左移右移加法异或这些都是小函数,得自己看

这里就是和比较数据进行比较

addr = 0x4A2A0C
for i in range(2):
    ida_bytes.patch_byte((addr+i), 0x90)
add_arr = [0x00000000004A2A4B, 0x00000000004A2ABC, 0x00000000004A2AC1, 0x00000000004A2B4A,
0x0000000000402F89]
for i in range(len(add_arr)):
    for j in range(5):
        ida_bytes.patch_byte((add_arr[i]+j), 0x90)
add_arr1 = [0x00000000004A2ABC]
for i in range(len(add_arr)):
    for j in range(4):
        ida_bytes.patch_byte((add_arr1[i]+j), 0x90)
addr = 0x4A2A0C
for i in range(2):
    ida_bytes.patch_byte((addr+i), 0x90)
add_arr = [0x00000000004A2A4B, 0x00000000004A2ABC, 0x00000000004A2AC1, 0x00000000004A2B4A,
0x0000000000402F89]
for i in range(len(add_arr)):
    for j in range(5):
        ida_bytes.patch_byte((add_arr[i]+j), 0x90)
add_arr1 = [0x00000000004A2ABC]
for i in range(len(add_arr)):
    for j in range(4):
        ida_bytes.patch_byte((add_arr1[i]+j), 0x90)
int __cdecl main(int argc, const char **argv, const char **envp)
{
  char *v3; // rdx
  int v4; // ecx
  unsigned int v5; // eax
  char *input_1; // r15
  char *v8; // rdi
  int *cmp_addr; // r12
  char *cmp_dest; // r14
  int *input_dest; // rbx
  int *v12; // r13
  int hex_data; // eax
  __int64 tmp; // rax
  int data_len; // edx
  int v16; // eax
  __int64 cmp_data_len; // rax
  int cmp_data_len_1; // edx
  int v19; // ecx
  int v20; // eax
  __int64 v21; // rax
  char v22; // dl
  char input[80]; // [rsp+30h] [rbp-3F8h] BYREF
  int input_dest_1[18]; // [rsp+80h] [rbp-3A8h] BYREF
  int v25[18]; // [rsp+C8h] [rbp-360h] BYREF
  int v26[18]; // [rsp+110h] [rbp-318h] BYREF
  int v27[18]; // [rsp+158h] [rbp-2D0h] BYREF
  int key[9]; // [rsp+1A0h] [rbp-288h] BYREF
  int v29; // [rsp+1C4h] [rbp-264h] BYREF
  __int64 v30; // [rsp+1E8h] [rbp-240h] BYREF
  int v31; // [rsp+20Ch] [rbp-21Ch] BYREF
  char v32[360]; // [rsp+2C0h] [rbp-168h] BYREF
 
  sub_40CC40(argc, argv, envp);
  memset(input, 0, sizeof(input));
  std::operator<<<std::char_traits<char>>((std::ostream *)off_4A68E0, "Input Your Key:");
  std::operator>><char,std::char_traits<char>>((std::istream *)&addr, input);
  v3 = input;
  do
  {
    v4 = *(_DWORD *)v3;
    v3 += 4;
    v5 = ~v4 & (v4 - 0x1010101) & 0x80808080;
  }
  while ( !v5 );
  if ( (~v4 & (v4 - 0x1010101) & 0x8080) == 0 )
    v5 >>= 16;
  if ( (~v4 & (v4 - 0x1010101) & 0x8080) == 0 )
    v3 += 2;
  if ( &v3[-__CFADD__((_BYTE)v5, (_BYTE)v5) - 3] - input == 64 )// strlen() == 64
  {
    input_1 = input;
    v8 = v32;
    cmp_addr = &cmp_data;
    cmp_dest = v32;
    std::operator<<<std::char_traits<char>>((std::ostream *)off_4A68E0, "Are You Sure You Want To Keep Waiting...\n");
    input_dest = input_dest_1;
    v12 = input_dest_1;
    do
    {
      hex_data = take_eight_to_hex(input_1, 8); // 8个字节当作16进制数据
      *((_BYTE *)input_dest + 8) = 0;
      input_dest[1] = hex_data;
      tmp = 4i64;                               // 判断总共有多少个有效16进制数据
      while ( 1 )
      {
        data_len = tmp;
        if ( *((_BYTE *)input_dest + tmp + 3) )
          break;
        if ( !--tmp )
        {
          data_len = 0;
          break;
        }
      }
      *input_dest = data_len;
      v16 = *cmp_addr;
      cmp_dest[8] = 0;
      *((_DWORD *)cmp_dest + 1) = v16;
      cmp_data_len = 4i64;
      while ( 1 )
      {
        cmp_data_len_1 = cmp_data_len;
        if ( cmp_dest[cmp_data_len + 3] )
          break;
        if ( !--cmp_data_len )
        {
          cmp_data_len_1 = 0;
          break;
        }
      }
      input_1 += 8;                             // 输入字符串的地址偏移8字节
      *(_DWORD *)cmp_dest = cmp_data_len_1;
      input_dest += 9;
      cmp_dest += 36;
      ++cmp_addr;
    }
    while ( input_1 != &input[64] );            // 循环8次,将对应数据按格式存储
    create((__int64)key, 13i64);
    create((__int64)&v29, 14i64);
    create((__int64)&v30, 15i64);
    create((__int64)&v31, 16i64);               // 根据第二个参数传入的值,生成一个数并判断其hex共多少字节
                                                // 传入13,14,15,16生成对应的四个key
    xtea(input_dest_1, key);
    xtea(v25, key);
    tea(v26, key);
    tea(v27, key);
    v19 = 0;
    while ( 1 )
    {
      v20 = *v12;
      if ( *v12 != *(_DWORD *)v8 )
        break;
      if ( v20 - 1 >= 0 )
      {
        if ( v32[36 * v19 - 573 + v20] != v32[36 * v19 + 3 + v20] )
          break;
        v21 = v20 - 2;
        while ( (int)v21 >= 0 )
        {
          v22 = *((_BYTE *)v12 + v21-- + 4);
          if ( v22 != v8[v21 + 5] )
            goto LABEL_8;
        }
      }
      ++v19;
      v12 += 9;
      v8 += 36;
      if ( v19 == 8 )
      {
        printf_0("QWB{%s}\n", input);
        return 0;
      }
    }
  }
LABEL_8:
  printf_0("sorry\n");
  return 0;
}
int __cdecl main(int argc, const char **argv, const char **envp)
{
  char *v3; // rdx
  int v4; // ecx
  unsigned int v5; // eax
  char *input_1; // r15
  char *v8; // rdi
  int *cmp_addr; // r12
  char *cmp_dest; // r14
  int *input_dest; // rbx
  int *v12; // r13
  int hex_data; // eax
  __int64 tmp; // rax
  int data_len; // edx
  int v16; // eax
  __int64 cmp_data_len; // rax
  int cmp_data_len_1; // edx
  int v19; // ecx
  int v20; // eax
  __int64 v21; // rax
  char v22; // dl
  char input[80]; // [rsp+30h] [rbp-3F8h] BYREF
  int input_dest_1[18]; // [rsp+80h] [rbp-3A8h] BYREF
  int v25[18]; // [rsp+C8h] [rbp-360h] BYREF
  int v26[18]; // [rsp+110h] [rbp-318h] BYREF
  int v27[18]; // [rsp+158h] [rbp-2D0h] BYREF
  int key[9]; // [rsp+1A0h] [rbp-288h] BYREF
  int v29; // [rsp+1C4h] [rbp-264h] BYREF
  __int64 v30; // [rsp+1E8h] [rbp-240h] BYREF
  int v31; // [rsp+20Ch] [rbp-21Ch] BYREF
  char v32[360]; // [rsp+2C0h] [rbp-168h] BYREF
 
  sub_40CC40(argc, argv, envp);
  memset(input, 0, sizeof(input));
  std::operator<<<std::char_traits<char>>((std::ostream *)off_4A68E0, "Input Your Key:");
  std::operator>><char,std::char_traits<char>>((std::istream *)&addr, input);
  v3 = input;
  do
  {
    v4 = *(_DWORD *)v3;
    v3 += 4;
    v5 = ~v4 & (v4 - 0x1010101) & 0x80808080;
  }
  while ( !v5 );
  if ( (~v4 & (v4 - 0x1010101) & 0x8080) == 0 )
    v5 >>= 16;
  if ( (~v4 & (v4 - 0x1010101) & 0x8080) == 0 )
    v3 += 2;
  if ( &v3[-__CFADD__((_BYTE)v5, (_BYTE)v5) - 3] - input == 64 )// strlen() == 64
  {
    input_1 = input;
    v8 = v32;
    cmp_addr = &cmp_data;
    cmp_dest = v32;
    std::operator<<<std::char_traits<char>>((std::ostream *)off_4A68E0, "Are You Sure You Want To Keep Waiting...\n");
    input_dest = input_dest_1;
    v12 = input_dest_1;
    do
    {
      hex_data = take_eight_to_hex(input_1, 8); // 8个字节当作16进制数据
      *((_BYTE *)input_dest + 8) = 0;
      input_dest[1] = hex_data;
      tmp = 4i64;                               // 判断总共有多少个有效16进制数据
      while ( 1 )
      {
        data_len = tmp;
        if ( *((_BYTE *)input_dest + tmp + 3) )
          break;
        if ( !--tmp )
        {
          data_len = 0;
          break;
        }
      }
      *input_dest = data_len;
      v16 = *cmp_addr;
      cmp_dest[8] = 0;
      *((_DWORD *)cmp_dest + 1) = v16;
      cmp_data_len = 4i64;
      while ( 1 )
      {
        cmp_data_len_1 = cmp_data_len;
        if ( cmp_dest[cmp_data_len + 3] )
          break;
        if ( !--cmp_data_len )
        {
          cmp_data_len_1 = 0;
          break;
        }
      }
      input_1 += 8;                             // 输入字符串的地址偏移8字节
      *(_DWORD *)cmp_dest = cmp_data_len_1;
      input_dest += 9;
      cmp_dest += 36;
      ++cmp_addr;
    }
    while ( input_1 != &input[64] );            // 循环8次,将对应数据按格式存储
    create((__int64)key, 13i64);
    create((__int64)&v29, 14i64);
    create((__int64)&v30, 15i64);
    create((__int64)&v31, 16i64);               // 根据第二个参数传入的值,生成一个数并判断其hex共多少字节
                                                // 传入13,14,15,16生成对应的四个key
    xtea(input_dest_1, key);
    xtea(v25, key);
    tea(v26, key);
    tea(v27, key);
    v19 = 0;
    while ( 1 )
    {
      v20 = *v12;
      if ( *v12 != *(_DWORD *)v8 )
        break;
      if ( v20 - 1 >= 0 )
      {
        if ( v32[36 * v19 - 573 + v20] != v32[36 * v19 + 3 + v20] )
          break;
        v21 = v20 - 2;
        while ( (int)v21 >= 0 )
        {
          v22 = *((_BYTE *)v12 + v21-- + 4);
          if ( v22 != v8[v21 + 5] )
            goto LABEL_8;
        }
      }
      ++v19;
      v12 += 9;
      v8 += 36;
      if ( v19 == 8 )
      {
        printf_0("QWB{%s}\n", input);
        return 0;
      }
    }
  }
LABEL_8:
  printf_0("sorry\n");
  return 0;
}
sub_40CC40(argc, argv, envp);
memset(input, 0, sizeof(input));
std::operator<<<std::char_traits<char>>((std::ostream *)off_4A68E0, "Input Your Key:");
std::operator>><char,std::char_traits<char>>((std::istream *)&addr, input);
v3 = input;
do
{
  v4 = *(_DWORD *)v3;
  v3 += 4;
  v5 = ~v4 & (v4 - 0x1010101) & 0x80808080;
}
while ( !v5 );
if ( (~v4 & (v4 - 0x1010101) & 0x8080) == 0 )
  v5 >>= 16;
if ( (~v4 & (v4 - 0x1010101) & 0x8080) == 0 )
  v3 += 2;
if ( &v3[-__CFADD__((_BYTE)v5, (_BYTE)v5) - 3] - input == 64 )// strlen() == 64
sub_40CC40(argc, argv, envp);
memset(input, 0, sizeof(input));
std::operator<<<std::char_traits<char>>((std::ostream *)off_4A68E0, "Input Your Key:");
std::operator>><char,std::char_traits<char>>((std::istream *)&addr, input);
v3 = input;
do
{
  v4 = *(_DWORD *)v3;
  v3 += 4;
  v5 = ~v4 & (v4 - 0x1010101) & 0x80808080;
}
while ( !v5 );
if ( (~v4 & (v4 - 0x1010101) & 0x8080) == 0 )
  v5 >>= 16;
if ( (~v4 & (v4 - 0x1010101) & 0x8080) == 0 )
  v3 += 2;
if ( &v3[-__CFADD__((_BYTE)v5, (_BYTE)v5) - 3] - input == 64 )// strlen() == 64
input_1 = input;
v8 = v32;
cmp_addr = &cmp_data;
cmp_dest = v32;
std::operator<<<std::char_traits<char>>((std::ostream *)off_4A68E0, "Are You Sure You Want To Keep Waiting...\n");
input_dest = input_dest_1;
v12 = input_dest_1;
do
{
  hex_data = take_eight_to_hex(input_1, 8); // 8个字节当作16进制数据
  *((_BYTE *)input_dest + 8) = 0;
  input_dest[1] = hex_data;
  tmp = 4i64;                               // 判断总共有多少个有效16进制数据
  while ( 1 )
  {
    data_len = tmp;
    if ( *((_BYTE *)input_dest + tmp + 3) )
      break;
    if ( !--tmp )
    {
      data_len = 0;
      break;
    }
  }
  *input_dest = data_len;
  v16 = *cmp_addr;
  cmp_dest[8] = 0;
  *((_DWORD *)cmp_dest + 1) = v16;
  cmp_data_len = 4i64;
  while ( 1 )
  {
    cmp_data_len_1 = cmp_data_len;
    if ( cmp_dest[cmp_data_len + 3] )
      break;
    if ( !--cmp_data_len )
    {
      cmp_data_len_1 = 0;
      break;
    }
  }
  input_1 += 8;                             // 输入字符串的地址偏移8字节
  *(_DWORD *)cmp_dest = cmp_data_len_1;
  input_dest += 36;
  cmp_dest += 36;
  ++cmp_addr;
}
while ( input_1 != &input[64] );            // 循环8次,将对应数据按格式存储
input_1 = input;
v8 = v32;
cmp_addr = &cmp_data;
cmp_dest = v32;
std::operator<<<std::char_traits<char>>((std::ostream *)off_4A68E0, "Are You Sure You Want To Keep Waiting...\n");
input_dest = input_dest_1;
v12 = input_dest_1;
do
{
  hex_data = take_eight_to_hex(input_1, 8); // 8个字节当作16进制数据
  *((_BYTE *)input_dest + 8) = 0;
  input_dest[1] = hex_data;
  tmp = 4i64;                               // 判断总共有多少个有效16进制数据
  while ( 1 )
  {
    data_len = tmp;
    if ( *((_BYTE *)input_dest + tmp + 3) )
      break;
    if ( !--tmp )
    {
      data_len = 0;
      break;
    }
  }
  *input_dest = data_len;
  v16 = *cmp_addr;
  cmp_dest[8] = 0;
  *((_DWORD *)cmp_dest + 1) = v16;
  cmp_data_len = 4i64;
  while ( 1 )
  {
    cmp_data_len_1 = cmp_data_len;
    if ( cmp_dest[cmp_data_len + 3] )
      break;
    if ( !--cmp_data_len )
    {
      cmp_data_len_1 = 0;
      break;
    }
  }
  input_1 += 8;                             // 输入字符串的地址偏移8字节
  *(_DWORD *)cmp_dest = cmp_data_len_1;
  input_dest += 36;
  cmp_dest += 36;
  ++cmp_addr;
}
while ( input_1 != &input[64] );            // 循环8次,将对应数据按格式存储
 
tmp = 4i64;                               // 判断总共有多少个有效16进制数据
      while ( 1 )
      {
        data_len = tmp;
        if ( *((_BYTE *)input_dest + tmp + 3) )
          break;
        if ( !--tmp )
        {
          data_len = 0;
          break;
        }
      }
      *input_dest = data_len;
tmp = 4i64;                               // 判断总共有多少个有效16进制数据
      while ( 1 )
      {
        data_len = tmp;
        if ( *((_BYTE *)input_dest + tmp + 3) )
          break;
        if ( !--tmp )
        {
          data_len = 0;
          break;
        }
      }
      *input_dest = data_len;
 
data_len
data
data_len
data
 
create((__int64)key, 13i64);
create((__int64)&v29, 14i64);
create((__int64)&v30, 15i64);
create((__int64)&v31, 16i64);               // 根据第二个参数传入的值,生成一个数并判断其hex共多少字节
                                            // 传入13,14,15,16生成对应的四个key
create((__int64)key, 13i64);
create((__int64)&v29, 14i64);
create((__int64)&v30, 15i64);
create((__int64)&v31, 16i64);               // 根据第二个参数传入的值,生成一个数并判断其hex共多少字节
                                            // 传入13,14,15,16生成对应的四个key
part_key_len
key
part_key_len
key
 
 
 
 
(((1 << (i-1)) - 1) << 4)+13
(((1 << (i-1)) - 1) << 4)+13
xtea(input_dest_1, key);
xtea(v25, key);
tea(v26, key);
tea(v27, key);
xtea(input_dest_1, key);
xtea(v25, key);
tea(v26, key);
tea(v27, key);
sum = 0;
  do
  {
    left((__int64)v71, &v1, 4);
    right(v72, &v1, 5i64);
    xor(v73, v71, v72);
    add(v74, v73, &v1);                         // (((v1 << 4) ^ (v1 >> 5)) + v1)
    v57 = 0;
    v14 = 4i64;
    v56 = sum;
    while ( 1 )
    {
      v15 = v14;
      if ( *((_BYTE *)&sum_1 + v14 + 3) )
        break;
      if ( !--v14 )
      {
        v15 = 0;
        break;
      }
    }
    sum_1 = v15;
    v16 = sum & 3;
    sum -= 0x70C88617;
    add(v75, &sum_1, &key_1[9 * v16]);          // sum + key[sum & 3]
    xor(v76, v74, v75);                         // (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3])
    add(&v0, &v0, v76);                         // v0 +=
    left((__int64)v77, &v0, 4);
    right(v78, &v0, 5i64);
    xor(v79, v77, v78);
    add(v80, v79, &v0);                         // (((v0 << 4) ^ (v0 >> 5)) + v0)
    v57 = 0;
    v17 = 4i64;
    v56 = sum;
    while ( 1 )
    {
      v18 = v17;
      if ( *((_BYTE *)&sum_1 + v17 + 3) )
        break;
      if ( !--v17 )
      {
        v18 = 0;
        break;
      }
    }
    sum_1 = v18;
    add(xor_data1_1, &sum_1, &key_1[9 * ((sum >> 11) & 3)]);// (sum + key[(sum>>11) & 3])
    xor(xor_data2_1, v80, xor_data1_1);         // (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3])
    add(&v1, &v1, xor_data2_1);                 // v1 +=
  }
  while ( sum != 0xE6EF3D20 );
  xor_data1 = fun(3, 5);
  v82 = 0;
  xor_data1_1[1] = xor_data1;
  v20 = 4i64;
  while ( 1 )
  {
    v21 = v20;
    if ( *((_BYTE *)xor_data1_1 + v20 + 3) )
      break;
    if ( !--v20 )
    {
      v21 = 0;
      break;
    }
  }
  xor_data1_1[0] = v21;
  xor(&v0, &v0, xor_data1_1);                   // 注意最后还加了一步异或
  v22 = v0;                                     // v0 = v0 ^ fun(5)
  if ( v0 > 32 )
  {
    *a1 = 32;
    v22 = 32i64;
LABEL_108:
    *(_QWORD *)((char *)v50 + v22 - 8) = *(_QWORD *)((char *)&v52[-2] + v22);
    v45 = v22 - 1;
    if ( v45 >= 8 )
    {
      v46 = v45 & 0xFFFFFFFFFFFFFFF8ui64;
      v47 = 0i64;
      do
      {
        *(_QWORD *)&v50[v47 / 4] = *(_QWORD *)&v52[v47 / 4];
        v47 += 8i64;
      }
      while ( v47 < v46 );
    }
    goto LABEL_66;
  }
  *a1 = v0;
  if ( v22 >= 8 )
    goto LABEL_108;
  if ( (v22 & 4) != 0 )
  {
    a1[1] = v52[0];
    *(int *)((char *)v50 + v22 - 4) = *(_DWORD *)((char *)&v52[-1] + v22);
  }
  else if ( v22 )
  {
    *((_BYTE *)a1 + 4) = v52[0];
    if ( (v22 & 2) != 0 )
      *(_WORD *)((char *)v50 + v22 - 2) = *(_WORD *)((char *)&v0 + v22 + 2);
  }
LABEL_66:
  xor_data2 = fun(3, 6);
  v84 = 0;
  xor_data2_1[1] = xor_data2;
  v24 = 4i64;
  while ( 1 )
  {
    v25 = v24;
    if ( *((_BYTE *)xor_data2_1 + v24 + 3) )
      break;
    if ( !--v24 )
    {
      v25 = 0;
      break;
    }
  }
  xor_data2_1[0] = v25;
  xor(&v1, &v1, xor_data2_1);                   // v1 = v1 ^ xor_data2
sum = 0;
  do
  {
    left((__int64)v71, &v1, 4);
    right(v72, &v1, 5i64);
    xor(v73, v71, v72);
    add(v74, v73, &v1);                         // (((v1 << 4) ^ (v1 >> 5)) + v1)
    v57 = 0;
    v14 = 4i64;
    v56 = sum;
    while ( 1 )
    {
      v15 = v14;
      if ( *((_BYTE *)&sum_1 + v14 + 3) )
        break;
      if ( !--v14 )
      {
        v15 = 0;
        break;
      }
    }
    sum_1 = v15;
    v16 = sum & 3;
    sum -= 0x70C88617;
    add(v75, &sum_1, &key_1[9 * v16]);          // sum + key[sum & 3]
    xor(v76, v74, v75);                         // (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3])
    add(&v0, &v0, v76);                         // v0 +=
    left((__int64)v77, &v0, 4);
    right(v78, &v0, 5i64);
    xor(v79, v77, v78);
    add(v80, v79, &v0);                         // (((v0 << 4) ^ (v0 >> 5)) + v0)
    v57 = 0;
    v17 = 4i64;
    v56 = sum;
    while ( 1 )
    {
      v18 = v17;
      if ( *((_BYTE *)&sum_1 + v17 + 3) )
        break;
      if ( !--v17 )
      {
        v18 = 0;
        break;
      }
    }
    sum_1 = v18;
    add(xor_data1_1, &sum_1, &key_1[9 * ((sum >> 11) & 3)]);// (sum + key[(sum>>11) & 3])
    xor(xor_data2_1, v80, xor_data1_1);         // (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3])
    add(&v1, &v1, xor_data2_1);                 // v1 +=
  }
  while ( sum != 0xE6EF3D20 );
  xor_data1 = fun(3, 5);
  v82 = 0;

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

最后于 2021-6-23 16:22 被SYJ-Re编辑 ,原因:
上传的附件:
收藏
免费 5
支持
分享
最新回复 (5)
雪    币: 12
能力值: ( LV1,RANK:0 )
在线值:
发帖
回帖
粉丝
2
19、20行是不是应该是v[0] = v0 ^ fun(5);    v[1] = v1 ^ fun(6);     //在后面添加了异或
2021-6-23 11:05
0
雪    币: 3668
活跃值: (9335)
能力值: ( LV9,RANK:319 )
在线值:
发帖
回帖
粉丝
3
感谢提醒,由于加密步骤解密并没有用到,下次注意
2021-6-23 16:22
0
雪    币: 11
活跃值: (95)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
感谢分享
2021-7-2 17:17
0
雪    币: 39
活跃值: (169)
能力值: ( LV3,RANK:38 )
在线值:
发帖
回帖
粉丝
5
解题的话第30行感觉应该是加,题目里面的sum运算和标准的是相反的
2021-7-3 15:09
0
雪    币: 3668
活跃值: (9335)
能力值: ( LV9,RANK:319 )
在线值:
发帖
回帖
粉丝
6
不知为何这道与津门杯的GoodRE很相似 
2021-7-16 23:15
0
游客
登录 | 注册 方可回帖
返回
//