1. Check the shell,
2. Drag it into ida, and analyze. It is
completely clueless to search the string directly . Only after looking at the wp of the big guy, I found it. The key function.
Obviously, the String is the flag we requested, and we need to start analyzing the program.
The length of the string is 8, at the same time this function has processed the string, click into it, the thief is complicated, drag it into the compiler to execute, see
#include<bits/stdc++.h>
using namespace std;
char a[]={'Z', 'J','S','E','C','a','N','H','3','n','g'};
int sub_4010F0(char a[], int a2, int a3)
{
int result; // eax
int i; // esi
int v5; // ecx
int v6; // edx
result = a3;
for ( i = a2; i <= a3; a2 = i )
{
v5 = 4 * i;
v6 =a[4*i];
if ( a2 < result && i < result )
{
do
{
if ( v6 > a[4*result] )
{
if ( i >= result )
break;
++i;
a[v5] =a[4*result];
if ( i >= result )
break;
while (a[4*i] <= v6 )
{
if ( ++i >= result )
goto LABEL_13;
}
if ( i >= result )
break;
v5 = 4 * i;
a[4*result] = a[4*i];
}
--result;
}
while ( i < result );
}
LABEL_13:
a[4*result] = v6;
sub_4010F0(a, a2, i - 1);
result = a3;
++i;
}
return result;
}
int main()
{
sub_4010F0(a,0,10);
for(int i=0;i<10;i++)
{
printf("%c",a[i]);
}
}
After execution, it was found that this became
3, C, E, H, J, N, S, Z, a, g
3. Analyze the next function.
These lines are the base64 encoding of the 345-bit and 678-bit character strings, so familiarity with encryption algorithms is necessary.
IV. To see if
According to this sentence, basically drawn seven strings, JWP1jMp
first character does not know, but can burst ah, 26 letters, right, is U, it is ok to submit
a
