During the 2020 outbreak of war college "plague" of network security shared game, made under the RE did not do it, then do it MISC point, the results only to make a point MISC.
MISC
2019-peak
Title flag sign as follows:
flag {shijiejiayou}
Simple MISC
Tip a simple steganography. Annex a jpg image and called flag.zip encrypted archive, it is clear that we use jpg obtain a password-extracting archive.
We suspect there may be .txt files saved passwords this image, verify that the suspect hex viewer to view the next.
Utilizing kali binwalk separated out and view the
resulting Morse code, code decoded, decoding compressed to give flag.txt, base64 code string which is obtained by decoding flag
Th1s_is_FlaG_you_aRE_rigHT
Reverse
cyclegraph
This question is, are not used to eating a look at the compilation of loss, always Sike pseudo-code IDA, and too dependent pseudo-code, if earlier compilation and pseudo-code combination would not look at it took so long.
We note that the second do-while loop to determine if the two conditions, as long as you look closely, you will find this is very obvious characteristics, the first is to determine the value of the expression on the left of the loop, so we can get the first a correct input (of course flag {} the first input of curly braces), then a condition based on the first cycle, we can get the second cycle a second input the correct character, and so on, until end of the cycle. I'm stuck here for a long time, and I will speak my tortuous experience. At first I always think of ways to calculate the value of the left expression, calculate the math, according to the initialization data count, but there have been problems, could not possibly have been, knowing that this cycle but do not get that flag, was very upset, Frankenstein also silly, if look compilation, IDA has long been considered good for you. Like the following: Expression determine if the two conditions, as compiled separately for the left in the form of EAX and ESI, let the program go to that was it.
A breakpoint observed two statements CMP EAX, ESI value change, and recorded. You can get a flag, as follows: