-
-
[原创]KCTF2023第二题 CN星际基地
-
发表于: 2023-9-5 09:02 9268
-
然后就是写脚本瞎跑,1天也没跑出来。然后看到网页里有提示。。
[作者提示:序列号转换后的数值数组:
1、列向量组里不存在相反值,如[1,-1,1,0]与[-1,1,-1,0]不能同时存在
2、每个行向量里的 0 的数量 占 1/3
2023/9/3 20:55
]
根据提示重新写脚本跑数据
if
( input_len !
=
156
)
/
/
输入长度
156
{
LABEL_16:
v12
=
fun_printf(std::cout,
"fail"
);
std::basic_ostream<char,std::char_traits<char>>::operator<<(v12, sub_1400030E0);
goto LABEL_233;
}
if
( input_len !
=
156
)
/
/
输入长度
156
{
LABEL_16:
v12
=
fun_printf(std::cout,
"fail"
);
std::basic_ostream<char,std::char_traits<char>>::operator<<(v12, sub_1400030E0);
goto LABEL_233;
}
v20
=
errno();
v21
=
v20;
v22
=
(const char
*
)&
Str
;
if
( v149 >
=
0x10
)
v22
=
Str
;
*
v20
=
0
;
n4First
=
strtol(v22, &EndPtr,
10
);
v20
=
errno();
v21
=
v20;
v22
=
(const char
*
)&
Str
;
if
( v149 >
=
0x10
)
v22
=
Str
;
*
v20
=
0
;
n4First
=
strtol(v22, &EndPtr,
10
);
if
( !MaxCount || (v27
=
memchr(v24,
'2'
, MaxCount))
=
=
0i64
|| v27
-
(_BYTE
*
)v24
=
=
-
1
)
{
v28
=
errno();
v29
=
v28;
v30
=
(const char
*
)&
Str
;
if
( v149 >
=
0x10
)
v30
=
Str
;
*
v28
=
0
;
v31
=
strtol(v30, &v146,
2
);
/
/
if
( v30
=
=
v146 )
goto LABEL_245;
if
(
*
v29
=
=
34
)
{
std::_Xout_of_range(
"stoi argument out of range"
);
__debugbreak();
LABEL_245:
std::_Xinvalid_argument(
"invalid stoi argument"
);
__debugbreak();
LABEL_246:
std::_Xout_of_range(
"stoi argument out of range"
);
__debugbreak();
LABEL_247:
std::_Xinvalid_argument(
"invalid stoi argument"
);
__debugbreak();
LABEL_248:
sub_1400012C0(
0x80004005
);
}
if
( v31
=
=
15
)
{
v126
=
fun_printf(std::cout,
"Fail"
);
std::basic_ostream<char,std::char_traits<char>>::operator<<(v126, sub_1400030E0);
goto LABEL_228;
}
v26
=
v149;
v25
=
Str
;
}
if
( !MaxCount || (v27
=
memchr(v24,
'2'
, MaxCount))
=
=
0i64
|| v27
-
(_BYTE
*
)v24
=
=
-
1
)
{
v28
=
errno();
v29
=
v28;
v30
=
(const char
*
)&
Str
;
if
( v149 >
=
0x10
)
v30
=
Str
;
*
v28
=
0
;
v31
=
strtol(v30, &v146,
2
);
/
/
if
( v30
=
=
v146 )
goto LABEL_245;
if
(
*
v29
=
=
34
)
{
std::_Xout_of_range(
"stoi argument out of range"
);
__debugbreak();
LABEL_245:
std::_Xinvalid_argument(
"invalid stoi argument"
);
__debugbreak();
LABEL_246:
std::_Xout_of_range(
"stoi argument out of range"
);
__debugbreak();
LABEL_247:
std::_Xinvalid_argument(
"invalid stoi argument"
);
__debugbreak();
LABEL_248:
sub_1400012C0(
0x80004005
);
}
if
( v31
=
=
15
)
{
v126
=
fun_printf(std::cout,
"Fail"
);
std::basic_ostream<char,std::char_traits<char>>::operator<<(v126, sub_1400030E0);
goto LABEL_228;
}
v26
=
v149;
v25
=
Str
;
}
v41
=
memchr(str4First_1,
'2'
, MaxCount);
/
/
又查找
2
。。。
if
( v41 )
{
if
( v41
-
(_BYTE
*
)str4First_1 !
=
-
1
)
{
v42
=
0
;
v43
=
0
;
v44
=
*
((signed
int
*
)Unicode4First
-
4
);
LODWORD(v45)
=
0
;
if
( (signed
int
)v44 <
=
0
)
{
v13
=
v134;
}
else
{
do
{
v46
=
(signed
int
)v45;
if
( Unicode4First[v46]
=
=
'2'
)
{
if
( !v43 )
{
v43
=
1
;
if
( ((
1
-
*
((_DWORD
*
)Unicode4First
-
2
)) | (
*
((_DWORD
*
)Unicode4First
-
3
)
-
(signed
int
)v44)) <
0
)
{
sub_140002D70(&v150, v44);
Unicode4First
=
v150;
}
}
Unicode4First[v46]
=
'1'
;
+
+
v42;
}
v45
=
(v46
*
2
+
2
) >>
1
;
}
while
( (signed
int
)v45 < (signed
int
)v44 );
n4First
=
v138;
if
( v43 )
{
if
( (signed
int
)v44 >
*
((_DWORD
*
)Unicode4First
-
3
) )
sub_1400012C0(
0x80070057
);
*
((_DWORD
*
)Unicode4First
-
4
)
=
v44;
Unicode4First[v44]
=
0
;
}
if
( v42
=
=
4
)
{
v62
=
fun_printf(std::cout,
"Fail"
);
std::basic_ostream<char,std::char_traits<char>>::operator<<(v62, sub_1400030E0);
goto LABEL_225;
}
v13
=
v134;
}
}
v41
=
memchr(str4First_1,
'2'
, MaxCount);
/
/
又查找
2
。。。
if
( v41 )
{
if
( v41
-
(_BYTE
*
)str4First_1 !
=
-
1
)
{
v42
=
0
;
v43
=
0
;
v44
=
*
((signed
int
*
)Unicode4First
-
4
);
LODWORD(v45)
=
0
;
if
( (signed
int
)v44 <
=
0
)
{
v13
=
v134;
}
else
{
do
{
v46
=
(signed
int
)v45;
if
( Unicode4First[v46]
=
=
'2'
)
{
if
( !v43 )
{
v43
=
1
;
if
( ((
1
-
*
((_DWORD
*
)Unicode4First
-
2
)) | (
*
((_DWORD
*
)Unicode4First
-
3
)
-
(signed
int
)v44)) <
0
)
{
sub_140002D70(&v150, v44);
Unicode4First
=
v150;
}
}
Unicode4First[v46]
=
'1'
;
+
+
v42;
}
v45
=
(v46
*
2
+
2
) >>
1
;
}
while
( (signed
int
)v45 < (signed
int
)v44 );
n4First
=
v138;
if
( v43 )
{
if
( (signed
int
)v44 >
*
((_DWORD
*
)Unicode4First
-
3
) )
sub_1400012C0(
0x80070057
);
*
((_DWORD
*
)Unicode4First
-
4
)
=
v44;
Unicode4First[v44]
=
0
;
}
if
( v42
=
=
4
)
{
v62
=
fun_printf(std::cout,
"Fail"
);
std::basic_ostream<char,std::char_traits<char>>::operator<<(v62, sub_1400030E0);
goto LABEL_225;
}
v13
=
v134;
}
}
if
( n4First <
=
n4FirstLast )
break
;
if
( n4First <
=
n4FirstLast )
break
;
if
(
+
+
v0 >
=
39
)
/
/
v0进来是
0
,所以说实质上,是遍历
39
轮,每轮处理
4
字节
{
v57
=
0
;
if
( input_len_1 )
{
v58
=
0i64
;
do
{
v59
=
v57
/
39
;
/
/
0
1
2
3
v60
=
v57
%
39
;
/
/
0
1
2
...
38
v61
=
input_2;
if
( v153 >
=
0x10
)
v61
=
(void
*
*
)input_2[
0
];
switch (
*
((_BYTE
*
)v61
+
v58) )
{
case
0x30
:
*
(_DWORD
*
)(
*
(_QWORD
*
)(qword_1400098A8
+
8i64
*
v59)
+
4i64
*
v60)
=
0
;
break
;
case
0x31
:
*
(_DWORD
*
)(
*
(_QWORD
*
)(qword_1400098A8
+
8i64
*
v59)
+
4i64
*
v60)
=
1
;
break
;
case
0x32
:
*
(_DWORD
*
)(
*
(_QWORD
*
)(qword_1400098A8
+
8i64
*
v59)
+
4i64
*
v60)
=
-
1
;
break
;
default:
goto LABEL_16;
}
+
+
v57;
+
+
v58;
}
while
( v57 < input_len_1 );
}
if
(
+
+
v0 >
=
39
)
/
/
v0进来是
0
,所以说实质上,是遍历
39
轮,每轮处理
4
字节
{
v57
=
0
;
if
( input_len_1 )
{
v58
=
0i64
;
do
{
v59
=
v57
/
39
;
/
/
0
1
2
3
v60
=
v57
%
39
;
/
/
0
1
2
...
38
v61
=
input_2;
if
( v153 >
=
0x10
)
v61
=
(void
*
*
)input_2[
0
];
switch (
*
((_BYTE
*
)v61
+
v58) )
{
case
0x30
:
*
(_DWORD
*
)(
*
(_QWORD
*
)(qword_1400098A8
+
8i64
*
v59)
+
4i64
*
v60)
=
0
;
break
;
case
0x31
:
*
(_DWORD
*
)(
*
(_QWORD
*
)(qword_1400098A8
+
8i64
*
v59)
+
4i64
*
v60)
=
1
;
break
;
case
0x32
:
*
(_DWORD
*
)(
*
(_QWORD
*
)(qword_1400098A8
+
8i64
*
v59)
+
4i64
*
v60)
=
-
1
;
break
;
default:
goto LABEL_16;
}
+
+
v57;
+
+
v58;
}
while
( v57 < input_len_1 );
}
if
( v65
=
=
v66 )
/
/
他们俩为啥都是
0
呢
{
*
*
(_DWORD
*
*
)(v64
+
qword_1400098B8)
=
0
;
}
else
{
v96
=
-
1
;
if
( v65 < v66 )
v96
=
1
;
*
*
(_DWORD
*
*
)(v64
+
qword_1400098B8)
=
v96;
}
if
( v67 )
/
/
这里还是要求每行
1
和
2
的数量相等
goto LABEL_16;
if
( v65
=
=
v66 )
/
/
他们俩为啥都是
0
呢
{
*
*
(_DWORD
*
*
)(v64
+
qword_1400098B8)
=
0
;
}
else
{
v96
=
-
1
;
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
赞赏
他的文章
- 2024KCTF_第九题 第一次接触-提交题目 1799
- [原创]KCTF2023 第十二题深入内核 3586
- [原创]KCTF2023 第八题AI核心地带 9880
- [原创]KCTF2023 第六题 至暗时刻 9662
- [原创]KCTF2023 第五题 争分夺秒 8588
看原图
赞赏
雪币:
留言: