[Zer0pts2020]easy strcmp
step
- Routine inspection, 64-bit program
- 64-bit ida is open. A
very simple program that compares the a2 array with thezer0pts{********CENSORED********}
same prompt correct!
Then you need to know what operations a2 has gone through before entering the main function. It should be because it is not an exe file. I can’t adjust it. Normally, I need to adjust it to find out where to perform the incoming string a2. Operation, I took a look at the function list next to me, and found that the function with the a2 parameter is
shifted to the right by 3 digits, which is equivalent to dividing the string into 8 groups, and the corresponding value of qword_201060 is subtracted. Getzer0pts{********CENSORED********}
Note: The memory is stored as little-endian storage, so we need to reverse the order after converting the string to ascii
enc = "********CENSORED********"
m = [0x410A4335494A0942, 0x0B0EF2F50BE619F0, 0x4F0A3A064A35282B]
import binascii
flag =b"" #由于是字节操作,需要在前面加上b
for i in range(3):
p = enc[i*8:(i+1)*8] #将enc字符串8位一组分开
print(p)
a = binascii.b2a_hex(p.encode('ascii')[::-1]) #将分开后的字符串转每一位转换成ascii,然后逆序
print(a)
b = binascii.a2b_hex(hex(int(a,16) + m[i])[2:])[::-1] #(enc[i]的ascii+m[i])的结果是16进制,[2::]是舍弃开头的0x,然后[::-1]逆序
print(b)
print('\n')
flag += b #拼凑每组还原后的结果
print (flag)