BUUCTF/SimpleRev

I had a great time doing this question today, so I wanted to take it out and write down my thoughts.

First open it with IDA and view the main function

 The first is that the program will determine whether you will enter this game. It is easy to see that the Decry() function is important. Click to enter.

Leave the declarations of various initial variables for now and look directly at the following parts.

If you click on the join function in the picture, you will find that it actually combines two strings into one.

So what we did above was to synthesize the initial key and flag (!! Note that this is little-endian storage!!)

Then watch the next part

It is also easy to understand here. In fact, it is to change all the key strings from uppercase to lowercase.

to here

text=killshadow

key=adsfkndcls

At the bottom, you are asked to enter the flag.

printf("Please input your flag:");
  while ( 1 )
  {
    v1 = getchar();
    if ( v1 == 10 )
      break;
    if ( v1 == 32 )
    {
      ++v2;
    }
    else
    {
      if ( v1 <= 96 || v1 > 122 )
      {
        if ( v1 > 64 && v1 <= 90 )
        {
          str2[v2] = (v1 - 39 - key[v3 % v5] + 97) % 26 + 97;
          ++v3;
        }
      }
      else
      {
        str2[v2] = (v1 - 39 - key[v3 % v5] + 97) % 26 + 97;
        ++v3;
      }
      if ( !(v3 % v5) )
        putchar(32);
      ++v2;
    }
  }
  if ( !strcmp(text, str2) )
    puts("Congratulation!\n");
  else
    puts("Try again!\n");
  return __readfsqword(0x28u) ^ v11;

 A whole while loop, first performs a series of processing on the characters you input, and then transfers them to str2. Finally, if str2 is the same as text, the input is correct.

Look at the core code again

It is found that except for characters with ascii code 32, no matter what characters you enter, it will

 str2[v2] = (v1 - 39 - key[v3 % v5] + 97) % 26 + 97;

This operation

But this is a remainder operation. There is no way to effectively reverse the calculation and can only be blasted.

I assume here that all the input letters are uppercase letters. If there is a certain uppercase letter that meets the above conditions, a character of the flag will be generated.

The script is attached below~~

#include <iostream>
#include <algorithm>
#include <cstring>
#include <queue>
using namespace std;
int main(){
    string key = "adsfkndcls";
    string text = "killshadow";
    char res[10];
    for(int i=0;i<10;i++){
        for(int j=65;j<=90;j++){
            if(text[i]==(j-39-key[i]+97)%26+97){
                res[i]=j;
                break;
            }
        }
    }
    cout<<res<<endl;
    system("pause");
    return 0;
}

 Finally get flag{KLDQCUDFZO}