Offense and defense in the world reverse babymips

babymips   XCTF 4th-QCTF-2018

mips, you want to decompile in ida of the need to install plug-ins, this problem is not complicated look directly mips assembler also no difficulty, here I used ghidra, decompile can be viewed directly.

 1 void FUN_004009a8(void)
 2 
 3 {
 4   int iVar1;
 5   int i;
 6   byte input [36];
 7   
 8   setbuf(stdout,(char *)0x0);
 9   setbuf(stdin,(char *)0x0);
10   printf("Give me your flag:");
11   scanf("%32s",input);
12   i = 0;
13   the while (I < 0x20 ) {
 14      INPUT [I] = INPUT [I] ^ 0x20U - ( char ) I; // this input is XORed (0x20-I)
 15      I = I + . 1 ;
 16    }
 . 17    iVar1 = a strncmp (( char *) iNPUT, _fdata, 5 ); // 5 bytes before input into a " Q | J {G " 
18 is  IF (iVar1 == 0 ) { 
. 19  　　F_5-end_004007f0 (( char * ) iNPUT) ; // conversion result of the processing to the next step 
20 is  } 
21 is  the else { 
22 is  　　the puts ( " Wrong");
23  } 
24 return; 
25 }

 

[5:] Processing section:

 1 void f_5-end_004007f0(char *op_str)
 2 
 3 {
 4   size_t lens;
 5   int iVar1;
 6   uint i;
 7   
 8   i = 5;
 9   while (lens = strlen(op_str), i < lens) {
10     if ((i & 1) == 0) {    //偶数时
11       op_str[i] = (byte)((uint)((int)op_str[i] << 0x1a) >> 0x18) | op_str[i] >> 6; // High 2 becomes lower right 6 2, lower left 2 6 6 corresponds to a high byte rotated left 2
 12 is      }
 13 is      the else when odd {//
 14        op_str [I] op_str = [I] >> 2 | ( byte ) (( uint ) (( int ) op_str [I] << 0x1e ) >> 0x18 ); // upper 6 bits right by 2 bits 6 to a low, low-2 6 left 2 corresponds to a high Rotate right 2
 15      }
 16      I = I + . 1 ;
 . 17    }
 18 is    iVar1 = a strncmp (op_str + . 5 , PTR_ARRAY_00410d04, 0x1b );
 . 19    IF (iVar1 == 0 ) {
 20 is      the puts ( "Right!");
21   }
22   else {
23     puts("Wrong!");
24   }
25   return;
26 }

wp:

. 1 part1 = B ' Q | J {G ' 
2 Part2 = ' 52 is FD 16 A4 89 BD 92 80 13 is 41 is 54 is A0 8D 45 18 is 81 de FC 95 F0 16 79. 1A 15 5B 75 1F ' 
. 3 Part2 = List (bytes. fromhex (Part2))
 . 4  for I in Range (. 5, len (Part2) +5 ):
 . 5      T = Part2 [I-. 5 ]
 . 6      IF I & 1 == 0:    # is even & 1 0 
. 7          Part2 [I-. 5] = (T & 0x3) <<. 6 | (T & 0xFC) >> 2    # lower two left 6, 6 bits right by 2 bits corresponds to Rotate right 2 
. 8      the else :
 . 9          Part2 [I-. 5] = (T & 0x3F ) << 2 | (t & 0xc0) >> 6   #6 two lower left, upper two bits of shift right rotate left corresponds 6 2 
10  
. 11 TEMP = List (part1) + Part2
 12 is In Flag = '' 
13 is  for I in Range (len (TEMP)):
 14      + = CHR In Flag (TEMP [I] 0x20 ^ - I)
 15  Print (In Flag)

 

 

 

qctf{ReA11y_4_B@89_mlp5_4_XmAn_}