[原创] 看雪 2022 KCTF 秋季赛第六题病疫先兆-CTF对抗-看雪-安全社区|安全招聘|kanxue.com

[原创] 看雪 2022 KCTF 秋季赛第六题病疫先兆

发表于: 2022-11-28 12:54 7535

[原创] 看雪 2022 KCTF 秋季赛第六题病疫先兆

mb_mgodlfyn 活跃值

2022-11-28 12:54

7535

题目的顺序安排很讲究，卡了一整周做不出题，感谢主办方这时候放出一道比签到题难度还低的题目重拾信心。

IDA打开，题目逻辑简单到难以置信：输入长度14，分成5-4-5，中间4个字符是"KCTF"，前后的5个字符分别atoi转成整数，用作自定义rand的随机数种子生成20个随机数，比较一致即通过。

实在是不敢相信题目表面，在IDA里看了很久没找到坑，在12:25时看了一眼提交发现前两血都出了，确认没有坑，果断把rand和srand抄出来开始写爆破。

太久没写C手生，调对题目提交已经12:41了，前面的提交人数从2涨到了6……

#include <stdio.h>
 
static unsigned int global_seed = 0;
 
void mysrand(unsigned int Seed) {
  global_seed = Seed;
}
 
int myrand() {
  int v0; // ecx
  unsigned int v1; // eax
  v1 = 214013 * global_seed + 2531011;
  global_seed = v1;
  return (v1 >> 16) & 0x7FFF;
}
 
int dword_40F000[20] = { 0x3BFC, 0x2173, 0x25BB, 0x380B, 0x2C13, 0x75BE, 0x7366, 0x46A3,
                        0x13C1, 0x159B, 0x5B5F, 0x534F, 0x4E37, 0x3A04, 0x1301, 0x5D0C,
                        0x4155, 0x48E9, 0x61D2, 0x6158 };
 
int dword_40F050[20] = {0x2BB6, 0x6B5A, 0x3D4, 0x152B, 0x6E04, 0x254C, 0x40AE, 0x56CA,
                        0x17E1, 0x55C7, 0x3641, 0x2D3C, 0x0A41, 0x4BC5, 0x6233, 0x1FE7,
                        0x6E05, 0x0F6E, 0x6398, 0x6AD7 };
 
int find(int *arr, int len) {
    int try = 0;
    int succ = -1;
    for (try = 0; try < 0x100000; try++) {
        mysrand(try);
        succ = try;
        // printf("%d\n", try);
        for (int j = 0; j < len*0+5; j++) {
            if (myrand() != arr[j]) {
                succ = -1;
                break;
            }
        }
        if (succ != -1) {
            break;
        }
    }
    return succ;
}
 
int main(void) {
    int a = find(dword_40F000, 20);
    int b = find(dword_40F050, 20);
    printf("%dKCTF%d\n", a, b);
    return 0;
}