原题出现在alexctf-2017
题目下载:点此下载
首先UPX脱壳
IDA载入。IDA关闭
IDAPython脚本:
start=0x0804829C
end=0x08060B32
flag = ""
while start<end:
if (Byte(start) <= ord('9') and Byte(start)>=ord('0')) or (Byte(start)<=ord('z') and Byte(start)>=ord('a')) or (Byte(start)<=ord('Z') and Byte(start)>=ord('A')) or (Byte(start) == ord('}')) or (Byte(start) == ord('{')) or (Byte(start) == ord('_')) or (Byte(start) == ord('@')) or (Byte(start) == ord('!')) or (Byte(start) == ord('#')) or (Byte(start) == ord('&')) or (Byte(start) == ord('*')):
if Byte(start) and (Byte(start+1)==0) and (Byte(start+2)==0) and (Byte(start+3)==0):
print(chr(Byte(start)))
flag += chr(Byte(start))
start += 1
print(flag)
程序运行结果:2ALEXCTF{M0Vfusc4t0r_w0rk5_l1ke_m4g1c}
开通的2不是,去掉得到flag
ALEXCTF{M0Vfusc4t0r_w0rk5_l1ke_m4g1c}
