简单的re(零基础AI做题)
签到题一般简单,上来就是IDA(不管了,IDA!!!)
找主函数,这个题类似的做过好几个了
int __fastcall main(int argc, const char **argv, const char **envp)
{__int64 v3; // rdx__int64 v4; // rcxint v6; // [rsp+4h] [rbp-8Ch]unsigned int v7; // [rsp+8h] [rbp-88h]int v8; // [rsp+Ch] [rbp-84h]_DWORD v9[31]; // [rsp+10h] [rbp-80h] BYREF_BYTE v10[4]; // [rsp+8Ch] [rbp-4h] BYREFv9[0] = 102;v9[1] = 109;v9[2] = 99;v9[3] = 98;v9[4] = 127;v9[5] = 58;v9[6] = 85;v9[7] = 106;v9[8] = 57;v9[9] = 82;v9[10] = 122;v9[11] = 55;v9[12] = 81;v9[13] = 19;v9[14] = 51;v9[15] = 35;v9[16] = 67;v9[17] = 70;v9[18] = 41;v9[19] = 61;v9[20] = 41;v9[21] = 32;v9[22] = 127;v9[23] = 28;v9[24] = 38;v9[25] = 77;v9[26] = 49;v9[27] = 20;v9[28] = 80;v9[29] = 94;v9[30] = -24;sub_4007F8(v10, 0LL, 4LL);v7 = 0;v6 = 0;sub_400808(aFlag);do{v8 = sub_400818();v6 |= v8 ^ v7 ^ (v7 + (v7 ^ v9[v7]));v4 = v7++;}while ( v8 && v8 != 10 && v8 != -1 );if ( v6 )sub_400828(aFailed, 0LL, v3, v4);elsesub_400828(aCorrect, 0LL, v3, v4);return 0;
}
主函数的代码找到,一看一堆数据,拿AI分析代码逻辑
- 初始化一个包含 31 个整数的数组
v9,这些值是某种加密后的 flag - 调用
sub_4007F8函数读取用户输入(可能是 4 个字节) - 进入一个循环,每次迭代:
- 调用
sub_400818读取一个字符 - 进行一系列异或和加法运算,更新校验值
v6
- 调用
- 根据校验值
v6判断输入是否正确
依旧异或这一块,那就按照逻辑写脚本呗
v9 = [102, 109, 99, 98, 127, 58, 85, 106, 57, 82,122, 55, 81, 19, 51, 35, 67, 70, 41, 61,41, 32, 127, 28, 38, 77, 49, 20, 80, 94, -24
]flag = []
for v7 in range(len(v9)):# 计算 v8 = v7 ^ (v7 + (v7 ^ v9[v7]))x = v7 ^ v9[v7]y = v7 + xv8 = v7 ^ yflag.append(chr(v8 & 0xFF)) # 确保在ASCII范围内print('Flag:', ''.join(flag))
运行就是:
Flag: flag{A_s1mpLe&E4sy_RE_i5Nt_1t}overoverover!!!