-
-
[原创]BUUCTF逆向题:[MRCTF2020]hello_world_go
-
发表于: 2022-3-24 20:37 5348
-
1.基本信息探查:
1.EXEinfo:
64位,无壳,ELF文件
2.运行一下:
2.IDA分析:
先look一下主函数:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 | void __cdecl main_main() { int v0; / / edi __int64 v1; / / rsi __int64 v2; / / r8 __int64 v3; / / r9 __int64 v4; / / r8 __int64 v5; / / r9 int v6; / / edx __int64 v7; / / r8 __int64 v8; / / r9 __int64 v9; / / rcx __int64 v10; / / rax int v11; / / edx __int64 v12; / / rax __int64 * v13; / / [rsp + 8h ] [rbp - A8h] char v14; / / [rsp + 18h ] [rbp - 98h ] __int64 v15; / / [rsp + 20h ] [rbp - 90h ] __int64 v16; / / [rsp + 28h ] [rbp - 88h ] __int64 v17; / / [rsp + 58h ] [rbp - 58h ] __int64 * v18; / / [rsp + 60h ] [rbp - 50h ] __int128 v19; / / [rsp + 68h ] [rbp - 48h ] BYREF void * v20; / / [rsp + 78h ] [rbp - 38h ] BYREF void * * v21; / / [rsp + 80h ] [rbp - 30h ] BYREF __int128 v22; / / [rsp + 88h ] [rbp - 28h ] BYREF __int128 v23; / / [rsp + 98h ] [rbp - 18h ] BYREF if ( (unsigned __int64)&v21 < = * (_QWORD * )(__readfsqword( 0xFFFFFFF8 ) + 16 ) ) runtime_morestack_noctxt(); runtime_newobject(v0, v1); v18 = v13; * (_QWORD * )&v23 = &unk_4AC9C0; * ((_QWORD * )&v23 + 1 ) = &off_4EA530; fmt_Fprint( v0, v1, (unsigned int )&v23, (unsigned int )&unk_4AC9C0, v2, v3, (__int64)&go_itab__os_File_io_Writer, os_Stdout, (__int64)&v23); * (_QWORD * )&v22 = &unk_4A96A0; * ((_QWORD * )&v22 + 1 ) = v18; fmt_Fscanf( v0, v1, (unsigned int )&go_itab__os_File_io_Reader, (unsigned int )&v22, v4, v5, (__int64)&go_itab__os_File_io_Reader, os_Stdin, (__int64)&unk_4D07C9, 2LL , (__int64)&v22, 1LL ); v9 = v18[ 1 ]; v10 = * v18; if ( v9 ! = 24 ) goto LABEL_3; v17 = * v18; runtime_memequal(v0, v1, v6, (unsigned int )&unk_4D3C58, v7, v8, (__int64)&unk_4D3C58, v10); if ( !v14 ) { LOBYTE(v10) = v17; LODWORD(v9) = 24 ; LABEL_3: runtime_cmpstring(v0, v1, (unsigned int )&unk_4D3C58, v9, v7, v8, (__int64)&unk_4D3C58, 24LL , v10); if ( v15 > = 0 ) v12 = 1LL ; else v12 = - 1LL ; goto LABEL_5; } v12 = 0LL ; LABEL_5: if ( v12 ) { * (_QWORD * )&v19 = &unk_4AC9C0; * ((_QWORD * )&v19 + 1 ) = &off_4EA550; fmt_Fprintln( v0, v1, v11, (unsigned int )&go_itab__os_File_io_Writer, v7, v8, (__int64)&go_itab__os_File_io_Writer, os_Stdout, (__int64)&v19, 1LL , 1LL , v16); } else { v20 = &unk_4AC9C0; v21 = &off_4EA540; fmt_Fprintln( v0, v1, v11, (unsigned int )&go_itab__os_File_io_Writer, v7, v8, (__int64)&go_itab__os_File_io_Writer, os_Stdout, (__int64)&v20, 1LL , 1LL , v16); } } |
这是一个用go语言编写的程序,go语言编写的程序用的是静态链接的方法所以程序都很大,而且反汇编后的伪代码也很麻烦,所以这里直接看69行的字符串比较函数的地址有没有什么东西:
这里直接就给出了flag,都没有进行任何加密,Shift+E直接提取
flag{hello_world_gogogo}
这个题可能就是想让我们了解一下go语言把。
赞赏
他的文章
- 关于迷宫题的一些求解思路 11128
- [原创]攻防世界PWN新手区:int_overflow 7821
- [原创]攻防世界PWN新手区:guess_num 11534
- [原创]攻防世界PWN新手区:level2 11815
- [原创]攻防世界PWN新手区:level0 6107
看原图
赞赏
雪币:
留言: