2024_Hgame_week1_re

ezASM

ezasm

  • 由图可以看出进行了flag和 0x22 的异或

  • 于是写脚本进行逆向

    • 运行得到flag
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
#include<stdio.h>
#include<stdlib.h>
int main()
{
int arr[]={ 74 , 69 , 67 , 79 , 71 , 89 , 99 , 113 , 111 , 125 , 107 , 81 , 125 ,
107 , 79 , 82 , 18 , 80 , 86 , 22 , 76 , 86 , 125 , 22 , 125 , 112 , 71 , 84 , 17 , 80 ,
81 , 17 , 95 , 34 };
int arr2[ 34 ];
int i= 0 ;
for(;i<sizeof(arr);i++)
{
arr2[i]=arr[i]^0x22;
printf("%c",arr2[i]);
}
system("pause");
return 0 ;
}
1
hgame{ASM_Is_Imp0rt4nt_4_Rev3rs3}

ezUPX

  • 首先把upx壳给去掉
1
upx -d $文件$
  • 然后打开IDA查看

ezupx

  • 能看到一个很明显的加密函数,只需要对这串数字进行异或就能解出答案
  • 写一个脚本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#include <iostream>
#include<stdio.h>
using namespace std;
int main()
{
int n[ 46 ]=
{0x64,0x7B,0x76,0x73,0x60,0x49,0x65,0x5D,0x45,0x13,0x6B,0x2,0x47,0x6D,0x59, 0x5C,0x2,0x45,0x6D,0x6,0x6D,
0x6D,0x5E,0x03,0x46,0x46,0x5E,0x01,0x6D,0x02,0x54,0x6D,0x67,0x62,0x6A,0x13,0x4F,0x32,0x0B};
int m[ 100 ];
int i;
for(i= 0 ;i< 100 ;i++)
{
m[i]=n[i]^0x32;
}
for (int i = 0 ; i < 100 ; i++)
{
printf("%c", m[i]);
}
cout << endl;
return 0 ;
}
  • 运行就能得到答案
1
VIDAR{Wow!Y0u_kn0w_4__l1ttl3_0f_UPX!}
CTF_Re > Hgame
#CTF_wps
2024_Hgame_week1_re
http://example.com/2024/04/14/2024-Hgame-week1-re/
作者
Tsglz
发布于
2024年4月14日
许可协议