:::danger
用最新版的Ubuntu20.04 LTS,有些32-bits binary會無法執行,請注意
:::
file
指令觀察資訊
ghidra
,看看逆出來的高階語言作分析
main
function,逆出來的source code如下
local_18
裡,若local_18
= 0x12b9b0a1
,則會對local_35
做處理接著print出來0x12b9b0a1
換成十進位接著輸入,flag就被print出來了
0x12b9b0a1
= 314159265
main
,可以針對該變數改名Rename Variable
main
+1
,接著做字串比對UIJT.JT.ZPVS.GMBH
的每個ascii值-1,作比對之後就得知值是多少FUN_00400710
蠻可疑的,來分析一下FUN_004008c0
function做檢查,若檢查成功,則puts("Good flag for you.")FUN_004008c0
arr[0] = DATA[0]
//已經融合再v3_中,
arr[1] + arr[0] = DATA[1]
arr[2] + arr[1] + arr[0] = DATA[2]
....
DATA
arr[0] = DATA[0]
//已經融合再v3_中,
arr[1] = DATA[1] - DATA[0]
arr[2] = DATA[2] - DATA[1] - DATA[0]
a = [ 0xC3, 0xFF, 0x1ED, 0x248, 0x31F, 0x3A1, 0x3B2, 0x43E, 0x49C, 0x4A0, 0x58D, 0x63B, 0x70D, 0x736, 0x821, 0x910, 0x97E, 0xA2D, 0xAA7, 0xB9C, 0xC8D, 0xD4B, 0xD5A, 0xE41, 0xE80, 0xF6E, 0xF95, 0x1061, 0x1084, 0x112A, 0x11AB, 0x1210, 0x1262, 0x1347, 0x1387, 0x13D0, 0x13F2, 0x14AB, 0x1586, 0x15A0, 0x160C, 0x1677, 0x1769, 0x17E6, 0x17EE, 0x1836, 0x1843, 0x190A, 0x1945, 0x19D1, 0x19F7, 0x1A60, 0x1B42, 0x1B62, 0x1B8D, 0x1BC2, 0x1C6A, 0x1D2C, 0x1D8B, 0x1DF9, 0x1E1A, 0x1F14, 0x1FD2, 0x1FFB, 0x2041, 0x208D, 0x20CE, 0x2115, 0x2190, 0x21C0, 0x21F5, 0x2226, 0x2259, 0x228C, 0x22C5, 0x22F9, 0x232F, 0x2366, 0x2399, 0x23C9, 0x23FF, 0x2465, 0x249E, 0x24D5, 0x250B, 0x2544, 0x2577, 0x25AC, 0x25DC, 0x260D, 0x2640, 0x2676, 0x26D8, 0x270C, 0x273D, 0x27A0, 0x27D3, 0x2806, 0x2836, 0x286E, 0x28A2, 0x28D2, 0x2937, 0x299C, 0x29FE, 0x2A61, 0x2AC2, 0x2B25, 0x2B58, 0x2B8B, 0x2BC2, 0x2C28, 0x2C59, 0x2CBB, 0x2CF3, 0x2D55, 0x2D85, 0x2DE9, 0x2E4C, 0x2E7C, 0x2EAF, 0x2F14, 0x2F49, 0x2F81, 0x2FE3, 0x3048, 0x3079, 0x30AD, 0x3113, 0x3178, 0x31AE, 0x31E7, 0x3217, 0x3279, 0x32AA, 0x32DC, 0x330F, 0x3375, 0x33AB, 0x33DC, 0x343E, 0x346E, 0x34D1, 0x3501, 0x3563, 0x3596, 0x35CB, 0x3631, 0x3694, 0x36CD, 0x3700, 0x3763, 0x37C6, 0x3829, 0x3860, 0x3892, 0x38C3, 0x38F3, 0x3923, 0x3957, 0x398C, 0x39C5, 0x39F8, 0x3A2E, 0x3A67, 0x3ACC, 0x3B32, 0x3B6A, 0x3B9F, 0x3BD2, 0x3C03, 0x3C64, 0x3C95, 0x3CFA, 0x3D32, 0x3D93, 0x3DCA, 0x3E2C, 0x3E60, 0x3E92, 0x3ECB, 0x3F04, 0x3F69, 0x3FA0, 0x4002, 0x403B, 0x409F, 0x40D8, 0x410F, 0x413F, 0x41A1, 0x41DA, 0x423B, 0x426D, 0x42A0, 0x4301, 0x4362, 0x43DF ]
for i in range(1,len(a)):
print(chr(a[i] - a[i-1]),end='')