-
-
[原创]2022KCTF春季赛-第七题-一触即发-Writeup
-
2022-5-23 14:06 7764
-
1、定位到逻辑在fmt_Fprintln_0中(0xF932E0)
分析逻辑
2、把代码扒下来
3、直接爆破7位数字
flag : 4224131
代码如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 | #include <windows.h> #include <iostream> / / { 3 , 1 , 1 , 3 , 2 , 3 , 4 , 4 , 2 }; #define _QWORD unsigned long long unsigned long long arr_1111111 = 3 ; unsigned long long arr_2222222 = 1 ; unsigned long long arr_3333333 = 1 ; unsigned long long arr_4444444 = 3 ; unsigned long long arr_5555555 = 2 ; unsigned long long arr_6666666 = 3 ; unsigned long long arr_7777777 = 4 ; unsigned long long arr_8888888 = 4 ; unsigned long long arr_9999999 = 2 ; bool func1(unsigned long long * arr) { unsigned long long key_1 = arr[ 0 ]; unsigned long long key_2 = arr[ 1 ]; unsigned long long key_3 = arr[ 2 ]; unsigned long long key_4 = arr[ 3 ]; unsigned long long key_5 = arr[ 4 ]; unsigned long long key_6 = arr[ 5 ]; unsigned long long key_7 = arr[ 6 ]; int v13; / / edi __int64 v14; / / r8 __int64 result; / / ra __int64 v58; / / [rsp + 80h ] [rbp - 58h ] BYREF __int64 v59; / / [rsp + 88h ] [rbp - 50h ] bool v12; / / rsi v59 = arr_1111111 + key_1; v58 = key_2; v12 = key_2 + arr_2222222 + arr_1111111 + key_1 = = 0xA ; if (arr_4444444 + key_4 + key_3 + arr_3333333 ! = 0xA ) v12 = 0LL ; if (arr_7777777 + arr_6666666 + key_5 + arr_5555555 ! = 0xA ) v12 = 0LL ; v13 = arr_8888888; if (key_7 + arr_9999999 + arr_8888888 + key_6 ! = 0xA ) v12 = 0LL ; if (key_6 + arr_5555555 + arr_3333333 + key_1 ! = 0xA ) v12 = 0LL ; if (arr_8888888 + key_5 + key_3 + arr_1111111 ! = 0xA ) v12 = 0LL ; if (arr_9999999 + arr_6666666 + key_4 + arr_2222222 ! = 0xA ) v12 = 0LL ; if (key_7 + arr_7777777 + arr_4444444 + v58 ! = 0xA ) v12 = 0LL ; v14 = key_3 + v59 + arr_3333333; if (v14 ! = 0xA ) v12 = 0LL ; if (arr_4444444 + key_4 + arr_2222222 + v58 ! = 0xA ) v12 = 0LL ; if (arr_8888888 + key_6 + key_5 + arr_5555555 ! = 0xA ) v12 = 0LL ; result = key_7 + arr_9999999 + arr_7777777 + arr_6666666; if (result ! = 0xA ) v12 = 0LL ; return v12; } int main() { unsigned long long text[] = { 0 , 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 }; unsigned long long arr[ 7 ] = { 0 }; for ( int i1 = 0 ; i1 < _countof(text); i1 + + ) { arr[ 0 ] = text[i1]; for ( int i2 = 0 ; i2 < _countof(text); i2 + + ) { arr[ 1 ] = text[i2]; for ( int i3 = 0 ; i3 < _countof(text); i3 + + ) { arr[ 2 ] = text[i3]; for ( int i4 = 0 ; i4 < _countof(text); i4 + + ) { arr[ 3 ] = text[i4]; for ( int i5 = 0 ; i5 < _countof(text); i5 + + ) { arr[ 4 ] = text[i5]; for ( int i6 = 0 ; i6 < _countof(text); i6 + + ) { arr[ 5 ] = text[i6]; for ( int i7 = 0 ; i7 < _countof(text); i7 + + ) { arr[ 6 ] = text[i7]; if (func1(arr)) { std::cout << arr[ 0 ]; std::cout << arr[ 1 ]; std::cout << arr[ 2 ]; std::cout << arr[ 3 ]; std::cout << arr[ 4 ]; std::cout << arr[ 5 ]; std::cout << arr[ 6 ]; std::cout << "\n" ; } } } } } } } } system( "pause" ); return 0 ; } |
[CTF入门培训]顶尖高校博士及硕士团队亲授《30小时教你玩转CTF》,视频+靶场+题目!助力进入CTF世界
最后于 2022-5-23 14:08
被wx_孤城编辑
,原因:
赞赏
他的文章
看原图