REVERSE-PRACTICE-BUUCTF-7

Others 2021-02-28 11:56:27 views: null

REVERSE-PRACTICE-BUUCTF-7

Youngter-drive

exe program, after running, prompt to enter flag, there is an upx shell, after shelling, ida analyzes the
main function to get the input and copy it, open two threads to run StartAddress and sub_41119F two functions respectively, sub_411190 function verifies the input, the input is the flag
youngter-drive-logic
analysis StartAddress function, the initial value of input_index is 29, when the value of input_index is greater than -1, call the sub_41112C function, then the input_index value is reduced by 1, sleep for 100ms to
youngter-drive-startaddress
analyze the sub_41112C function (decompile this function needs to balance the stack first), first verify that the inputs are all English letters, and then distinguish between upper and lower case, the ascii code of the input content minus 38 or 96 as a subscript, take the value in the table array, and then assign it to the original position, that is, to transform the flag content, in fact It is the case conversion.
youngter-drive-sub_41112C
Return to the main function, and then analyze the sub_41119F function.
This function sleeps for 100ms, and then decrements input_index by 1. There is no change to the content of the flag,
youngter-drive-sub_41119F
so you can know that the initial value of input_index is 29, which is used as a subscript pair in the first thread. After the flag content is changed, it is reduced by 1, and the second thread is directly reduced by 1, which is equivalent to subtracting 2, and the value is 27, and then back to the first thread... So the first thread only changes the flag content when the input_index is an odd number
Write an inverse script. Since the initial value of input_index is 29, the content length of the flag is 30, but in the check (sub_411190) function, only 29 characters are compared, and the last bit is "E". The submission is successful.
youngter-drive-script

[ACTF Freshman Competition 2020] rome

exe program, prompt for input after running, exit directly if input error, no shell, ida analysis The
main logic in the func function, the
first red box is the change of the content of the flag, divided into uppercase and lowercase, the original capital letter is still uppercase after the transformation Letters, the original lowercase letters are still lowercase letters after the transformation. If a character in the content of the flag is another character, no transformation will be performed. The
second red box is a circular comparison. Verify the content of the flag.
rome-func
Write a script to get the flag.
rome-script

[FlareOn4]login

html file, after opening, prompt to enter flag and click to verify, right click -> view webpage source code. The
logic is clear, get input, input transformation, verify input. The
important thing is that the content of the flag.replace part
first judge whether a character in the flag content is capitalized or not Lowercase letters, if it is a capital letter, >= takes 90 on the left, if it is a lowercase letter, >= takes 122 on the left, and then judge the position of the character in the 26 alphabets. If the character is in the first half of the alphabet, replace it It is the character at the corresponding position in the second half of the alphabet. In the same way, if the character is in the second half of the alphabet, replace it with the character at the corresponding position in the second half of the alphabet. The case of the character does not change and
login-logic
you can write the reverse script. flag
login-script

[SUCTF2019]SignIn

elf file, no shell, ida analyzes the
main function logic clearly, first get the input, then call the sub_96A function to split the input, for example, the first character of the input string is "f", its hexadecimal ascii code is 0x66, after sub_96A Function, the result is stored in v9, there are v9[0]=0x6, v9[1]=0x6, and then the v9 array is transformed into the plaintext m of RSA, and the next step is RSA encryption and verification.
signin-logic
Online website or yafu decomposition modulus n is
written The script can get the flag
signin-script

Guess you like

Origin blog.csdn.net/weixin_45582916/article/details/114155806
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com