elf文件用ida打开
main函数F5,判断条件为
if ( sub_8048451() == 1 )
{
sub_80484F7(); //输出correct!
result = 0;
}
else
{
write(1, "Wrong\n", 6u);
result = 0;
}
故只要sub_8048451()==1即可,查看这个函数
int sub_8048451()
{
int result; // eax@2
if ( byte_804A021 == 49 )
{
byte_804A020 ^= 0x34u;
byte_804A022 ^= 0x32u;
byte_804A023 ^= 0x88u;
if ( byte_804A024 == 88 )
{
if ( byte_804A025 )
{
result = 0;
}
else if ( byte_804A022 == 124 )
{
if ( byte_804A020 == 120 )
result = byte_804A023 == -35;
else
result = 0;
}
else
{
result = 0;
}
}
else
{
result = 0;
}
}
else
{
result = 0;
}
return result;
}然后找到byte_804A020看看这是什么东西
.bss:0804A020 byte_804A020 db ? ; DATA XREF: sub_8048434+Bo
.bss:0804A020 ; sub_8048451:loc_8048469r ...
.bss:0804A021 byte_804A021 db ? ; DATA XREF: sub_8048451+3r
.bss:0804A022 byte_804A022 db ? ; DATA XREF: sub_8048451+27r
.bss:0804A022 ; sub_8048451+31w ...
.bss:0804A023 byte_804A023 db ? ; DATA XREF: sub_8048451+36r
.bss:0804A023 ; sub_8048451+40w ...
.bss:0804A024 byte_804A024 db ? ; DATA XREF: sub_8048451+45r
.bss:0804A025 byte_804A025 db ? ; DATA XREF: sub_8048451:loc_80484A8r看sub_8048434()函数
int sub_8048434()
{
return __isoc99_scanf();
}即是输入的字符串
写个c
#include <stdio.h>
int main ()
{
char s[5]={0,'1',0,0,'X'};
s[0]=0x34^120;
s[2]=0x32^124;
s[3]=0x88^-35;
s[5]=0;
printf("%s",s);
}
答案为L1NUX,提交,正确