BUUCTF Reverse reverse3
一天一道CTF题目,能多不能少
下载文件,无壳,直接使用ida(32)打开,找到主函数:
看上去简单易懂,输入一个字符串然后经过sub_4110BE函数进行加密
然后再通过一个for循环进行变换,然后与str进行比较
直接查看Str2的字符串:
可以~继续查看加密的函数:
while ( v11 > 0 ){byte_41A144[2] = 0;byte_41A144[1] = 0;byte_41A144[0] = 0;for ( i = 0; i < 3 && v11 >= 1; ++i ){byte_41A144[i] = *v13;--v11;++v13;}if ( !i )break;switch ( i ){case 1:*((_BYTE *)Dst + v7) = aAbcdefghijklmn[(signed int)(unsigned __int8)byte_41A144[0] >> 2];v4 = v7 + 1;*((_BYTE *)Dst + v4++) = aAbcdefghijklmn[((byte_41A144[1] & 0xF0) >> 4) | 16 * (byte_41A144[0] & 3)];*((_BYTE *)Dst + v4++) = aAbcdefghijklmn[64];*((_BYTE *)Dst + v4) = aAbcdefghijklmn[64];v7 = v4 + 1;break;case 2:*((_BYTE *)Dst + v7) = aAbcdefghijklmn[(signed int)(unsigned __int8)byte_41A144[0] >> 2];v5 = v7 + 1;*((_BYTE *)Dst + v5++) = aAbcdefghijklmn[((byte_41A144[1] & 0xF0) >> 4) | 16 * (byte_41A144[0] & 3)];*((_BYTE *)Dst + v5++) = aAbcdefghijklmn[((byte_41A144[2] & 0xC0) >> 6) | 4 * (byte_41A144[1] & 0xF)];*((_BYTE *)Dst + v5) = aAbcdefghijklmn[64];v7 = v5 + 1;break;case 3:*((_BYTE *)Dst + v7) = aAbcdefghijklmn[(signed int)(unsigned __int8)byte_41A144[0] >> 2];v6 = v7 + 1;*((_BYTE *)Dst + v6++) = aAbcdefghijklmn[((byte_41A144[1] & 0xF0) >> 4) | 16 * (byte_41A144[0] & 3)];*((_BYTE *)Dst + v6++) = aAbcdefghijklmn[((byte_41A144[2] & 0xC0) >> 6) | 4 * (byte_41A144[1] & 0xF)];*((_BYTE *)Dst + v6) = aAbcdefghijklmn[byte_41A144[2] & 0x3F];v7 = v6 + 1;break;}}*((_BYTE *)Dst + v7) = 0;
这一段看上去挺像base64加密的函数的,由3个字符变成4个字符
还有移位啥的~~
查看一下aAbcdefghijklmn这个变量:
那应该是base64加密了~
直接编写解题脚本:
import base64s = "e3nifIH9b_C@n@dH"x = ""for i in range(0,len(s)):x += chr(ord(s[i]) - i)print(base64.b64decode(x))
得到:
得到fla为:flag{i_l0ve_you}