能力值:
( LV15,RANK:2473 )
|
-
-
2 楼
|
能力值:
( LV15,RANK:2473 )
|
-
-
3 楼
理论上应该用辗转相除法解一元二次不定方程
|
能力值:
![]()
(RANK:570 )
|
-
-
4 楼
你的EXPLOIT有点问题吧,最后占用了ECX,导致程序出现一些不可知的错误
2K下正常通过
XP下在OK窗口出来之后,点确定就立刻退出了
|
能力值:
( LV15,RANK:2473 )
|
-
-
5 楼
|
能力值:
![]()
(RANK:570 )
|
-
-
6 楼
验证通过~~
|
能力值:
![]()
(RANK:570 )
|
-
-
7 楼
130.53469322555196014526574329453
|
能力值:
( LV15,RANK:2473 )
|
-
-
8 楼
此题可以公开
还有当时用到的一段代码,现在已经忘了什么意思了
UINT64 r0; //特解
UINT64 r[0x10];
/*
因为
L = (0x78CC02A869948F1B * X) % 0x10000000000000000
L % 0x5BE6FF82A5164785 = 0x????????????000D
所以
L = 0x????????????000D + 0x5BE6FF82A5164785 * i (i=0,1,2)
由
0x78CC02A869948F1B * X - 0x10000000000000000 * K = L
辗转相除法得到
X = 0x090B22DD80D53313 * L
*/
//求特解0x78CC02A869948F1B * X - 0x10000000000000000 * K = 1
UINT64 Solve0()
{
int i,Steps;
UINT64 a,b,x,y;
UINT64 R[0x200];
//辗转相除法
//由于0x10000000000000000超出UINT64范围,所以为了简便第一项自己手工计算了
//0x10000000000000000 / 0x78CC02A869948F1B = 2
//0x10000000000000000 % 0x78CC02A869948F1B = 0xE67FAAF2CD6E1CA
a = 0x78CC02A869948F1B;
b = 0xE67FAAF2CD6E1CA;
R[0] = 2;
R[1] = b;
//从第二项开始辗转相除法
for (i=1;i<0x100;i++)
{
R[i*2] = a / b;
R[i*2+1] = a % b;
if (R[i*2+1] == 1)
{
Steps = i;
break;
}
a = b;
b = R[i*2+1];
}
//求特解
x = 1;
y = R[Steps*2];
for(i=Steps-1;i>=0;i--)
{
if (i%2 == 0)
{
x += y * R[i*2];
}
else
{
y += x * R[i*2];
}
}
return x; //得到特解 = 0x090B22DD80D53313
}
//因为和长度有关的部分000D是和低两字节相关的
//在乘法的作用以后下面得到的解中只需要用到前两个字节
//r[0] = F7 97 D3 8A 3F C5 90 75 //经验证可用
//r[1] = D6 65 63 3D F2 A9 4D 70 //经验证不可用
//r[2] = B5 33 F3 EF A4 8E 0A 6B //经验证可用
DWORD test()
{
UINT64 r0;
r0 = Solve0();
r[0] = r0 * (0x0000000D+0x5BE6FF82A5164785*0);
r[1] = r0 * (0x0000000D+0x5BE6FF82A5164785*1);
r[2] = r0 * (0x0000000D+0x5BE6FF82A5164785*2);
return 1;
}
|
|
|
|
