Buuctf-Reverse-Happy New Year Solution & Summary of Ideas

Language 2023-12-17 13:45:27 views: null

download file

 When opening a file, no matter what is entered, there is no response. 

1. Check the shell (found a UPX shell)

Introduction to UPX

. . . If we put the shelled file directly into ida for analysis

 There are only two functions here

 . . . Unable to obtain valid information

2. Use unpacking software to unpack

 After clicking Unpack, a newly unpacked file will be generated on the desktop.

 3. Put this unpacked file into ida32 for analysis

 Shif+F12 View string (find keywords) 

Double-click a string to see where it is referenced 

Double-click the location referencing the string to enter the flow chart

 Press F5 directly to view the pseudo code

strcpy(Str2, "HappyNewYear!");

——>HappyNewYear! Copy this string to Str2
Strlen(Str2)

——>Return the length of string Str2

strncmp(Str1, Str2, strlen(Str2))

——> Compare the string Str1 and the string Str2, up to the length before comparison (the length of the string Str2). When str1=str2, the return value=0

if ( !strncmp(Str1, Str2, strlen(Str2)) )

——>Suppose a=strncmp(Str1, Str2, strlen(Str2)), the original formula can be converted into if(!a), only when !a is true (a is 0 at this time), the if condition is established and returns puts(aThisIsTrueFlag)

Double-click puts(aThisIsTrueFlag), you can see that the string output by puts is this is true flag!​ 

Because the last output string is this is true flag! , so it can be concluded that Str1 and Str2 are equal, and the content of the Str2 string isHappyNewYear!

得到flag:flag{ HappyNewYear!}

Process summary

Question conditions:

  1. PE file (exe file is a type of PE file)

Steps to do the question:

  1. Double-click the exe file to see if there is any information
  2. Use the shell checking software to check the shell and find out how many bits the program is (64-bit or 32-bit)
  3. If there is a shell file, remove it first.
  4. Use ida to analyze (use Shift+F12 to check the string and look for keywords (such as flag, etc.))

ida analysis process:

  1. Shift+F12 check the string and look for keywords (such as flag, etc.). If there are no keywords, search for information in the main function.
  2. Double-click a string to see where it is contained
  3. View the detailed address referencing the string
  4. Use F5 to disassemble and view pseudocode
  5. Analyze pseudocode (after selecting a number, press the "R" key on the keyboard to convert the number into a character; after selecting a variable, press the "X" key on the keyboard to view the cross-reference of the variable)

Supongo que te gusta

Origin blog.csdn.net/m0_62239233/article/details/130179136
Recomendado
Clasificación
Diario
Más
2024-04-28(9)
2024-04-27(28)
2024-04-26(22)
2024-04-25(34)
2024-04-24(31)
2024-04-23(29)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)

Code World

© 2018 codetd.com