首页
社区
课程
招聘
[原创]KCTF2023第二题 CN星际基地
发表于: 2023-9-5 09:02 9268

[原创]KCTF2023第二题 CN星际基地

2023-9-5 09:02
9268

然后就是写脚本瞎跑,1天也没跑出来。然后看到网页里有提示。。
[作者提示:序列号转换后的数值数组:
1、列向量组里不存在相反值,如[1,-1,1,0]与[-1,1,-1,0]不能同时存在
2、每个行向量里的 0 的数量 占 1/3
2023/9/3 20:55
]

根据提示重新写脚本跑数据

  if ( input_len != 156 )                       // 输入长度156
  {
LABEL_16:
    v12 = fun_printf(std::cout, "fail");
    std::basic_ostream<char,std::char_traits<char>>::operator<<(v12, sub_1400030E0);
    goto LABEL_233;
  }
  if ( input_len != 156 )                       // 输入长度156
  {
LABEL_16:
    v12 = fun_printf(std::cout, "fail");
    std::basic_ostream<char,std::char_traits<char>>::operator<<(v12, sub_1400030E0);
    goto LABEL_233;
  }
v20 = errno();
v21 = v20;
v22 = (const char *)&Str;
if ( v149 >= 0x10 )
  v22 = Str;
*v20 = 0;
n4First = strtol(v22, &EndPtr, 10);
v20 = errno();
v21 = v20;
v22 = (const char *)&Str;
if ( v149 >= 0x10 )
  v22 = Str;
*v20 = 0;
n4First = strtol(v22, &EndPtr, 10);
    if ( !MaxCount || (v27 = memchr(v24, '2', MaxCount)) == 0i64 || v27 - (_BYTE *)v24 == -1 )
    {
      v28 = errno();
      v29 = v28;
      v30 = (const char *)&Str;
      if ( v149 >= 0x10 )
        v30 = Str;
      *v28 = 0;
      v31 = strtol(v30, &v146, 2);              //
      if ( v30 == v146 )
        goto LABEL_245;
      if ( *v29 == 34 )
      {
        std::_Xout_of_range("stoi argument out of range");
        __debugbreak();
LABEL_245:
        std::_Xinvalid_argument("invalid stoi argument");
        __debugbreak();
LABEL_246:
        std::_Xout_of_range("stoi argument out of range");
        __debugbreak();
LABEL_247:
        std::_Xinvalid_argument("invalid stoi argument");
        __debugbreak();
LABEL_248:
        sub_1400012C0(0x80004005);
      }
      if ( v31 == 15 )
      {
        v126 = fun_printf(std::cout, "Fail");
        std::basic_ostream<char,std::char_traits<char>>::operator<<(v126, sub_1400030E0);
        goto LABEL_228;
      }
      v26 = v149;
      v25 = Str;
    }
    if ( !MaxCount || (v27 = memchr(v24, '2', MaxCount)) == 0i64 || v27 - (_BYTE *)v24 == -1 )
    {
      v28 = errno();
      v29 = v28;
      v30 = (const char *)&Str;
      if ( v149 >= 0x10 )
        v30 = Str;
      *v28 = 0;
      v31 = strtol(v30, &v146, 2);              //
      if ( v30 == v146 )
        goto LABEL_245;
      if ( *v29 == 34 )
      {
        std::_Xout_of_range("stoi argument out of range");
        __debugbreak();
LABEL_245:
        std::_Xinvalid_argument("invalid stoi argument");
        __debugbreak();
LABEL_246:
        std::_Xout_of_range("stoi argument out of range");
        __debugbreak();
LABEL_247:
        std::_Xinvalid_argument("invalid stoi argument");
        __debugbreak();
LABEL_248:
        sub_1400012C0(0x80004005);
      }
      if ( v31 == 15 )
      {
        v126 = fun_printf(std::cout, "Fail");
        std::basic_ostream<char,std::char_traits<char>>::operator<<(v126, sub_1400030E0);
        goto LABEL_228;
      }
      v26 = v149;
      v25 = Str;
    }
v41 = memchr(str4First_1, '2', MaxCount); // 又查找2。。。
      if ( v41 )
      {
        if ( v41 - (_BYTE *)str4First_1 != -1 )
        {
          v42 = 0;
          v43 = 0;
          v44 = *((signed int *)Unicode4First - 4);
          LODWORD(v45) = 0;
          if ( (signed int)v44 <= 0 )
          {
            v13 = v134;
          }
          else
          {
            do
            {
              v46 = (signed int)v45;
              if ( Unicode4First[v46] == '2' )
              {
                if ( !v43 )
                {
                  v43 = 1;
                  if ( ((1 - *((_DWORD *)Unicode4First - 2)) | (*((_DWORD *)Unicode4First - 3) - (signed int)v44)) < 0 )
                  {
                    sub_140002D70(&v150, v44);
                    Unicode4First = v150;
                  }
                }
                Unicode4First[v46] = '1';
                ++v42;
              }
              v45 = (v46 * 2 + 2) >> 1;
            }
            while ( (signed int)v45 < (signed int)v44 );
            n4First = v138;
            if ( v43 )
            {
              if ( (signed int)v44 > *((_DWORD *)Unicode4First - 3) )
                sub_1400012C0(0x80070057);
              *((_DWORD *)Unicode4First - 4) = v44;
              Unicode4First[v44] = 0;
            }
            if ( v42 == 4 )
            {
              v62 = fun_printf(std::cout, "Fail");
              std::basic_ostream<char,std::char_traits<char>>::operator<<(v62, sub_1400030E0);
              goto LABEL_225;
            }
            v13 = v134;
          }
        }
v41 = memchr(str4First_1, '2', MaxCount); // 又查找2。。。
      if ( v41 )
      {
        if ( v41 - (_BYTE *)str4First_1 != -1 )
        {
          v42 = 0;
          v43 = 0;
          v44 = *((signed int *)Unicode4First - 4);
          LODWORD(v45) = 0;
          if ( (signed int)v44 <= 0 )
          {
            v13 = v134;
          }
          else
          {
            do
            {
              v46 = (signed int)v45;
              if ( Unicode4First[v46] == '2' )
              {
                if ( !v43 )
                {
                  v43 = 1;
                  if ( ((1 - *((_DWORD *)Unicode4First - 2)) | (*((_DWORD *)Unicode4First - 3) - (signed int)v44)) < 0 )
                  {
                    sub_140002D70(&v150, v44);
                    Unicode4First = v150;
                  }
                }
                Unicode4First[v46] = '1';
                ++v42;
              }
              v45 = (v46 * 2 + 2) >> 1;
            }
            while ( (signed int)v45 < (signed int)v44 );
            n4First = v138;
            if ( v43 )
            {
              if ( (signed int)v44 > *((_DWORD *)Unicode4First - 3) )
                sub_1400012C0(0x80070057);
              *((_DWORD *)Unicode4First - 4) = v44;
              Unicode4First[v44] = 0;
            }
            if ( v42 == 4 )
            {
              v62 = fun_printf(std::cout, "Fail");
              std::basic_ostream<char,std::char_traits<char>>::operator<<(v62, sub_1400030E0);
              goto LABEL_225;
            }
            v13 = v134;
          }
        }
if ( n4First <= n4FirstLast )
  break;
if ( n4First <= n4FirstLast )
  break;
if ( ++v0 >= 39 )                           // v0进来是0,所以说实质上,是遍历39轮,每轮处理4字节
 {
   v57 = 0;
   if ( input_len_1 )
   {
     v58 = 0i64;
     do
     {
       v59 = v57 / 39;                       // 0 1 2 3
       v60 = v57 % 39;                       // 0 1 2 ... 38
       v61 = input_2;
       if ( v153 >= 0x10 )
         v61 = (void **)input_2[0];
       switch ( *((_BYTE *)v61 + v58) )
       {
         case 0x30:
           *(_DWORD *)(*(_QWORD *)(qword_1400098A8 + 8i64 * v59) + 4i64 * v60) = 0;
           break;
         case 0x31:
           *(_DWORD *)(*(_QWORD *)(qword_1400098A8 + 8i64 * v59) + 4i64 * v60) = 1;
           break;
         case 0x32:
           *(_DWORD *)(*(_QWORD *)(qword_1400098A8 + 8i64 * v59) + 4i64 * v60) = -1;
           break;
         default:
           goto LABEL_16;
       }
       ++v57;
       ++v58;
     }
     while ( v57 < input_len_1 );
   }
if ( ++v0 >= 39 )                           // v0进来是0,所以说实质上,是遍历39轮,每轮处理4字节
 {
   v57 = 0;
   if ( input_len_1 )
   {
     v58 = 0i64;
     do
     {
       v59 = v57 / 39;                       // 0 1 2 3
       v60 = v57 % 39;                       // 0 1 2 ... 38
       v61 = input_2;
       if ( v153 >= 0x10 )
         v61 = (void **)input_2[0];
       switch ( *((_BYTE *)v61 + v58) )
       {
         case 0x30:
           *(_DWORD *)(*(_QWORD *)(qword_1400098A8 + 8i64 * v59) + 4i64 * v60) = 0;
           break;
         case 0x31:
           *(_DWORD *)(*(_QWORD *)(qword_1400098A8 + 8i64 * v59) + 4i64 * v60) = 1;
           break;
         case 0x32:
           *(_DWORD *)(*(_QWORD *)(qword_1400098A8 + 8i64 * v59) + 4i64 * v60) = -1;
           break;
         default:
           goto LABEL_16;
       }
       ++v57;
       ++v58;
     }
     while ( v57 < input_len_1 );
   }
if ( v65 == v66 )                       // 他们俩为啥都是0
{
  **(_DWORD **)(v64 + qword_1400098B8) = 0;
}
else
{
  v96 = -1;
  if ( v65 < v66 )
    v96 = 1;
  **(_DWORD **)(v64 + qword_1400098B8) = v96;
}
if ( v67 )                              // 这里还是要求每行 12的数量相等
  goto LABEL_16;
if ( v65 == v66 )                       // 他们俩为啥都是0
{
  **(_DWORD **)(v64 + qword_1400098B8) = 0;
}
else
{
  v96 = -1;

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 2
支持
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
返回
//