[原创]第七题解题-CTF对抗-看雪-安全社区|安全招聘|kanxue.com

[原创]第七题解题

发表于: 2022-5-23 21:37 4397

[原创]第七题解题

QueenOfSpade 活跃值

2022-5-23 21:37

4397

go语言逆向，查看main_main

// main.main
// local variable allocation has failed, the output may be wrong!
void __cdecl __noreturn main_main()
{
  //
  v9 = &RTYPE_string;
  v10 = &off_4F7220;
  v11 = &v9;
  v12 = 1LL;
  v13 = 1LL;
 
  fmt_Println((__int64)&v9, 1LL, 1LL);
  input = bufio_NewReader(go_itab__os_File_io_Reader, os_Stdin);
  while ( 1 )
  {
    while ( 1 )
    {
      v9 = &RTYPE_string;
      v10 = &off_4F7230;
      v23 = &v9;
      v24 = 1LL;
      v25 = 1LL;
      fmt_Print(&v9, 1LL);                      // step1:init matrix
      v8 = 0LL;
      LOBYTE(a2_8) = 10;
 
      *(_QWORD *)&a3 = bufio__ptr_Reader_ReadString(input, a2_8);// step2:fill the matrix with 7 digit
      v8 = a3;
      *(_OWORD *)v6 = a3;
      v4 = strings_Count(a3, *((__int64 *)&a3 + 1), 0LL, 0LL);// step3: check length
      if ( v4 == 10 )
        break;
 
      v9 = &RTYPE_string;
      v10 = &off_4F7240;
      v20 = &v9;
      v21 = 1LL;
      v22 = 1LL;
      fmt_Println((__int64)&v9, 1LL, 1LL);
    }
    for ( i = 0LL; ; ++i )
    {
      if ( (__int64)i >= v4 - 3 )
        goto LABEL_11;
 
      if ( i >= v7 )
        runtime_panicIndex();
      v2 = *(_BYTE *)(i + *(_QWORD *)v6) < '0'; // step4: check digit
      if ( *(_BYTE *)(i + *(_QWORD *)v6) >= '0' )
      {
        if ( i >= v7 )
          runtime_panicIndex();
        v2 = *(_BYTE *)(i + *(_QWORD *)v6) > '9';
      }
      if ( v2 )
        break;
    }
    v9 = &RTYPE_string;
    v10 = &off_4F7250;
    v17 = &v9;
    v18 = 1LL;
    v19 = 1LL;
    fmt_Println((__int64)&v9, 1LL, 1LL);
LABEL_11:
    v9 = &RTYPE_string;
    v10 = &off_4F7260;
    v14 = &v9;
    v15 = 1LL;
    v16 = 1LL;
    fmt_Println_0((__int64)&v9, 1LL, 1LL);      // step5: matrix 4*4 check
  }
}

step1.matrix init

// fmt.Print
__int64 __golang fmt_Print(__int64 a1, __int64 a2)
{
  __int64 result; // [rsp+60h] [rbp+18h]
 
  data[0] = 0LL;
  data[1] = 3LL;
  data[2] = 1LL;
  data[3] = 0LL;
  data[4] = 1LL;
  *(_OWORD *)&data[5] = 0LL;
  data[7] = 3LL;
  data[8] = 2LL;
  data[9] = 0LL;
  data[10] = 3LL;
  data[11] = 4LL;
  data[12] = 0LL;
  data[13] = 4LL;
  data[14] = 2LL;
  data[15] = 0LL;
  fmt_Fprint((__int64)&go_itab__os_File_io_Writer, os_Stdout, a1, a2, result);
  return result;
}

step2.fill the matrix with 7 digit

// bufio.(*Reader).ReadString
__int64 __usercall bufio__ptr_Reader_ReadString@<rax>(__int64 a1, char a2)
{
//
  if ( v32 == 9 )
  {
    for ( j = 0LL; j < 7; ++j )
    {
      if ( v42 <= j )
        runtime_panicIndex();
      v22 = *(_BYTE *)(j + v14);
      if ( v22 < '0' || v22 > '9' )
        break;
      v17 = 0LL;
      v21 = 0LL;
      while ( v17 < 4 )
      {
        for ( k = 0LL; k < 4; ++k )
        {
          v18 = v17;
          v19 = &data[4 * v17];
          if ( v19[k] <= 0 )
          {
            v19[k] = (unsigned __int8)(*(_BYTE *)(j + v14) - 0x30);
            v20 = 1LL;
            goto LABEL_21;
          }
          v17 = v18;
        }
        v18 = v17;
        v20 = v21;
LABEL_21:
        if ( v20 == 1 )
          break;
        v21 = v20;
        v17 = v18 + 1;
      }
    }
    //
}

3.check length

4.check digit

5.check matrix

// fmt.Fprintln
void __golang fmt_Fprintln_0(__int64 a1, __int64 a2, __int64 a3, __int64 a4, char *a5)
{
  //
  v5 = data[3] + data[2] + data[1] + data[0] == 10;
  if ( data[7] + data[6] + data[5] + data[4] != 10 )
    v5 = 0LL;
  if ( data[11] + data[10] + data[9] + data[8] != 10 )
    v5 = 0LL;
  if ( data[15] + data[14] + data[13] + data[12] != 10 )
    v5 = 0LL;
  if ( data[12] + data[8] + data[4] + data[0] != 10 )
    v5 = 0LL;
  if ( data[13] + data[9] + data[5] + data[1] != 10 )
    v5 = 0LL;
  if ( data[14] + data[10] + data[6] + data[2] != 10 )
    v5 = 0LL;
  if ( data[15] + data[11] + data[7] + data[3] != 10 )
    v5 = 0LL;
  if ( data[5] + data[1] + data[0] + data[4] != 10 )
    v5 = 0LL;
  if ( data[7] + data[6] + data[2] + data[3] != 10 )
    v5 = 0LL;
  if ( data[13] + data[12] + data[9] + data[8] != 10 )
    v5 = 0LL;
  if ( data[15] + data[14] + data[11] + data[10] != 10 )
    v5 = 0LL;
 
  if ( v5 )
  {
   //
  }
}