Bugku_ reverse _Love

Enterprise 2019-05-31 08:34:51 views: null

https://ctf.bugku.com/challenges#love

After downloading the file to run it and see
Bugku_ reverse _Love
just input a 123 look at
Bugku_ reverse _Love
problem-solving ideas:
very common program flow is to compare the input string string in the program to output the results, this time we have two choices.
1. Write a script to blasting. This is not the way, extremely inefficient and unreliable, and in some cases is the only way, but it is not necessary in this question, it is discarded.
2. Use the software to debug code, or directly to anti-compiler to obtain the source code, where I used to OllyDbg debugger.
Problem-solving process:
to get the file to check first shell
Bugku_ reverse _Love
without a shell, is the common c ++ compiled file, open the file using OllyDbg
Bugku_ reverse _Love

No clue, right click and choose Chinese search engine -> 3 intelligent search
Bugku_ reverse _Love
There are several very familiar
Bugku_ reverse _Love

It is not that we enter the string you string prompt, point to go see

Bugku_ reverse _Love
You can see there is a jump at 1,035,840 to 1,035,842 inferred push the string, the function call is 1035847 printf function is similar to, that is jump 1,035,840 determines the output is "wrong flag" or " right flag ", we continue to look up, look for what is the key to control the jump execution. Obviously, it called strncmp function 103582e place, and in which, pressed into a strange string into the stack, according to guess the beginning of program functions, either, this is the program we want to string input. Either is a comparison of the string we enter the encrypted string. Strncmp the result of the decision to perform the key to jump or not. We have a break in strncmp, run the program, enter 1234567890.
Bugku_ reverse _Love
Contrast the stack of data can be drawn, ecx string is stored in an encrypted string we enter, eax stores in comparison to the number of characters that we continue to turn up, look what our character is input string (i.e., ECX) encryption.
Bugku_ reverse _Love
On which is not far, we have found some very suspicious code, we breakpoint, re-run the program in place 10357d0, again enter 1234567890
Bugku_ reverse _Love

After the breakpoint, see the memory space near ebp-0xac, we found some base64 Code
Bugku_ reverse _Love

That is our input string

This encrypted code analysis
Bugku_ reverse _Love

Is then constructed by this script python assembler code and a comparison string "e3nifIH9b_C @ n @ dH"
Bugku_ reverse _Love
obtained In Flag
Bugku_ reverse _Love
End

Guess you like

Origin blog.51cto.com/13992485/2402916
Recommended
The sixth meeting of openKylin Community Ecology Committee was successfully held
Alibaba Cloud officially releases Tongyi Qianwen 2.5
Python 3.13 releases first Beta: experimental free-threading mode and JIT, improved interactive interpreter
Stack Overflow used my code to train large AI models and banned my account.
Pop!_OS’s COSMIC desktop completes App Store listing
Report: Django is still the first choice for 74% of developers
"Internet Investment and Financing Operation in the First Quarter of 2024" Research Report
15 years ago, he was on the "FFmpeg pillar of shame", and today he still has to thank us - Tencent QQPlayer avenges its shame?
Ranking
Python handwritten digit recognition, the corresponding mathematical formulas and Detailed procedures
Der M-Chip-Mac implementiert mehrere Android-Emulatoren
CentOS 명령줄 모드에서 화면이 항상 켜져 있도록 설정 ---- 예상한 효과를 얻지 못했습니다.
Teach you step by step how to use GDB to debug programs: a comprehensive guide from entry to mastery
python3 pip ipython installation
A lot of python crawler source code sharing -- talk about the little thing about python crawler
Agile Sprint in Alpha Stage (7)
Access URL in Unity
FunctoinDemo form
MS SQL common SQL statements (6): create, modify, delete triggers and other operations sq
Daily
More
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)

Code World

© 2018 codetd.com