1. IDA starts
Enter the page after opening:
New is to disassemble a new file, Go is to continue the previous work, and Previous is to load the previous disassembly task.
After entering the main interface:
There is a colored block under the menu bar to locate the code. Among them: blue represents the code segment, red represents the kernel, brown represents the data segment, and black represents the output window.
The Funtion windows on the left shows a list of all functions. After double-clicking, you can view the detailed information, and the code logic is presented in the main position on the right:
In the main interface on the right, you can display IDA view-A, hexadecimal view, structure, enumeration, input, and output (you can switch at the top):
- IDA View-A represents the icon structure of a function, which can display the program structure very friendly and easy for users to analyze the code.
- The hexadecimal view can view the hexadecimal code, which is convenient for locating the code.
- The program structure can be viewed in the structure view, which provides a ready-made reference for the layout of standard data structures, and also provides support for independently creating module data structures for memory layout.
- Enumerations can display enumeration information, and if IDA detects standard enumeration datatypes, the datatypes will be listed in the enumeration window.
- Output functions can be viewed in the output table.
- Input functions can be viewed in the input table.
2. Actual combat
Code:
#include<stdio.h>
#include<string.h>
int main()
{
int i;
int len;
char key[20];
char res[20];
char *num = "qianli"; //密钥
char *right = "123456789"; //正确值
//请输入正确的密码
printf("please input the key:");
scanf("%s", &key);
//判断
len = strlen(key);
if(len<6 || len>10) {
printf("Error, The length of the key is 6~10\n");
}
else {
//加密
for(i=0; i<len; i++) {
res[i] = (key[i]^num[i]); //异或加密
}
//printf("%s\n", res);
if(strcmp(res, right)==0) {
printf("You are right, Success.\n");
} else {
printf("Error, please input the right key.\n");
}
}
return 0;
}Compile the generated exe and open it with ida:
View String Display Window
The View of the menu bar in the IDA Pro tool has several buttons that are important for positioning the code, as shown in the following figure:
- Open exports window
- Open import window
- Open names window Named list of functions and parameters
- All function windows called by the Open functions window program
- Open strings window Open strings display window
Double-click Strings to display all the strings in the program. This window will help you reverse the corresponding code snippet through the running output of the program, such as the string and the corresponding Address in the following figure.
Double-click to jump to the specified address:
F5 can decompile the source code:
The basic logic of this code is to input the string Str, and then loop XOR encryption with the aQianli variable, and the output is the Str1 variable. When the encrypted Str1 variable value is "123456789", the decryption succeeds, otherwise it fails. So, what is the value of the aQianli_ variable?
Double-click aQianli to jump to the variable address:
According to the encryption idea, write the decryption code:
#include<stdio.h>
#include<string.h>
int main()
{
int i;
int len;
char res[9];
char *num = "qianli"; //密钥
char *right = "123456789"; //正确值
//判断 TS@@XYBVM
len = strlen(num);
for(i=0; i<len; i++) {
res[i] = (right[i]^num[i]); //异或加密
}
res[i] = 0;
printf("The right key is: %s\n", res);
return 0;
}The decryption key is obtained as: @[RZY_