時間飛逝,已到第14天了
明天就一半ㄌ,好感動眼睛流汗
今天我們要幹大事!!!
要來解 REVERSE
先來介紹一下 REVERSE
需要具備組合語言,惡意程式,動態靜態 Debugger
目前我打的這些我都不會
我跟讀者一樣是逆向新手
還再學習,小菜雞是我,請大家多包容(飛吻
介紹一下台灣逆向界大神 aka 喊水會結凍
ADR (馬聖豪) . Inndy (木棍) . TerryNiNi (尼尼) . ss8651twtw (林思辰)
我在趕死線,就沒放他們的blog
大家有興趣自己找喔

YT 學習資源:
SCIST YT Channel
https://www.youtube.com/c/OfficialSCIST

台科資安社
https://www.youtube.com/channel/UC4-PD2BdlYWd807BhJZkjIg/videos

PS.這週四 9/30 有線上社課,飛飛社長講資安概論
歡迎大家來參加,填寫表單
https://docs.google.com/forms/d/e/1FAIpQLSdHZURzU0jMHhKiOL4QyRbxzGjsvq0iZRFmysL666a72hNG_w/viewform

台科資安社臉書粉專
請多多按讚追蹤,社課活動資訊不錯過
https://www.facebook.com/ntust.hacking

好啦,開始今天的題目

vault-door-training (50 points)

Your mission is to enter Dr. Evil's laboratory and retrieve the blueprints for his Doomsday Project. The laboratory is protected by a series of locked vault doors. Each door is controlled by a computer and requires a password to open. Unfortunately, our undercover agents have not been able to obtain the secret passwords for the vault doors, but one of our junior agents obtained the source code for each vault's computer! You will need to read the source code for each level to figure out what the password is for that vault door. As a warmup, we have created a replica vault in our training facility. The source code for the training

vault is here: VaultDoorTraining.java

Hints
The password is revealed in the program's source code.

這題不需要任何逆向技巧,只要你勇敢看完好長的題目
重點在Hints password 在 program source 中
你敢看完ㄇ?
我們一起,不要怕

這是下載的 program source

import java.util.*;

class VaultDoorTraining {
    public static void main(String args[]) {
        VaultDoorTraining vaultDoor = new VaultDoorTraining();
        Scanner scanner = new Scanner(System.in); 
        System.out.print("Enter vault password: ");
        String userInput = scanner.next();
	String input = userInput.substring("picoCTF{".length(),userInput.length()-1);
	if (vaultDoor.checkPassword(input)) {
	    System.out.println("Access granted.");
	} else {
	    System.out.println("Access denied!");
	}
   }

    // The password is below. Is it safe to put the password in the source code?
    // What if somebody stole our source code? Then they would know what our
    // password is. Hmm... I will think of some ways to improve the security
    // on the other doors.
    //
    // -Minion #9567
    public boolean checkPassword(String password) {
        return password.equals("w4rm1ng_Up_w1tH_jAv4_eec0716b713");
    }
}

嘿嘿 有看到最後一行ㄇ
flag 在和你打招呼了

picoCTF{w4rm1ng_Up_w1tH_jAv4_eec0716b713}

Reverse 小入門舒服ㄇ

我們明天繼續

晚安