L00k_at_h3r3
使用Nspack脱壳
ida中持续跟进找到关键函数
int __cdecl main_0(int argc, const char **argv, const char **envp)
{
char v4; // [esp+0h] [ebp-190h]
size_t ii; // [esp+D0h] [ebp-C0h]
size_t n; // [esp+DCh] [ebp-B4h]
size_t m; // [esp+E8h] [ebp-A8h]
size_t k; // [esp+F4h] [ebp-9Ch]
size_t j; // [esp+100h] [ebp-90h]
int v10; // [esp+10Ch] [ebp-84h]
size_t i; // [esp+118h] [ebp-78h]
char v12[104]; // [esp+124h] [ebp-6Ch] BYREF
__CheckForDebuggerJustMyCode(&word_41C00E);
j_memset(v12, 0, 0x64u);
for ( i = 0; i < j_strlen(Str); ++i )
Str[i] ^= 0xAu;
sub_4110DC(aLookAtH3r3S, (char)Str);
sub_411037(aS, (char)v12);
v10 = 0;
for ( j = 0; j < j_strlen(aNqt); ++j )
{
v12[v10] ^= 0xBu;
if ( aNqt[j] != v12[v10] )
{
LABEL_25:
sub_4110DC(aByebye, v4);
return 0;
}
++v10;
}
for ( k = 0; k < j_strlen(aKixs); ++k )
{
v12[v10] ^= 0xCu;
if ( aKixs[k] != v12[v10] )
goto LABEL_25;
++v10;
}
for ( m = 0; m < j_strlen(aKa9jr); ++m )
{
v12[v10] ^= 0xDu;
if ( aKa9jr[m] != v12[v10] )
goto LABEL_25;
++v10;
}
for ( n = 0; n < j_strlen(aHCq); ++n )
{
v12[v10] ^= 0xEu;
if ( aHCq[n] != v12[v10] )
goto LABEL_25;
++v10;
}
for ( ii = 0; ii < j_strlen(aG); ++ii )
{
v12[v10] ^= 0xFu;
if ( aG[ii] != v12[v10] )
goto LABEL_25;
++v10;
}
sub_4110DC(aNice, v4);
return 0;
}
script:
#include<stdio.h>
#include<string.h>
int main(){
char s0[]="lfkmqw";
char s1[]="nqT";
char s2[]="kixS";
char s3[]="ka9jR";
char s4[]= "h|>cQ";
char s5[]="g<}<";
for (int i=0;i<strlen(s0);i++){
s0[i] ^= 0xAu;
}
for (int i=0;i<strlen(s1);i++){
s1[i] ^= 0xBu;
}
for (int i=0;i<strlen(s2);i++){
s2[i] ^= 0xcu;
}
for (int i=0;i<strlen(s3);i++){
s3[i] ^= 0xdu;
}
for (int i=0;i<strlen(s4);i++){
s4[i] ^= 0xeu;
}
for (int i=0;i<strlen(s5);i++){
s5[i] ^= 0xfu;
}
printf("%s%s%s%s%s%s",s0,s1,s2,s3,s4,s5);
}
//flag{ez_get_fl4g_fr0m_h3r3}
//flag{78d7fd988b36958c1a798ee041fac43a}
浙公网安备 33010602011771号