1.re1
运行一下,找flag
分析一下
无壳,拉入32位ida,F5查看伪代码
int __cdecl main(int argc, const char **argv, const char **envp)
{
int v3; // eax
__int128 v5; // [esp+0h] [ebp-44h]
__int64 v6; // [esp+10h] [ebp-34h]
int v7; // [esp+18h] [ebp-2Ch]
__int16 v8; // [esp+1Ch] [ebp-28h]
char v9; // [esp+20h] [ebp-24h]
_mm_storeu_si128((__m128i *)&v5, _mm_loadu_si128((const __m128i *)&xmmword_413E34));
v7 = 0;
v6 = qword_413E44;
v8 = 0;
printf(&byte_413E4C);
printf(&byte_413E60);
printf(&byte_413E80);
scanf("%s", &v9);
v3 = strcmp((const char *)&v5, &v9);
if ( v3 )
v3 = -(v3 < 0) | 1;
if ( v3 )
printf(aFlag);
else
printf((const char *)&unk_413E90);
system("pause");
return 0;
}
发现v5与v9比较,v9位输入的flag,找到v5的地址,看到两串数字,转换成ascll码
3074656D30633165577B465443545544h=0tem0c1eW{FTCTUDh
7D465443545544h=}FTCTUDh
反过来**hDUTCTF{We1c0met0hDUTCTF}**就是flag