re题(22)BUUFCTF-[ACTF新生赛2020]rome
BUUCTF在线评测 (buuoj.cn)
放到ida,进入func函数
int func()
{int result; // eaxint v1[4]; // [esp+14h] [ebp-44h]unsigned __int8 v2; // [esp+24h] [ebp-34h] BYREFunsigned __int8 v3; // [esp+25h] [ebp-33h]unsigned __int8 v4; // [esp+26h] [ebp-32h]unsigned __int8 v5; // [esp+27h] [ebp-31h]unsigned __int8 v6; // [esp+28h] [ebp-30h]int v7; // [esp+29h] [ebp-2Fh]int v8; // [esp+2Dh] [ebp-2Bh]int v9; // [esp+31h] [ebp-27h]int v10; // [esp+35h] [ebp-23h]unsigned __int8 v11; // [esp+39h] [ebp-1Fh]char v12[29]; // [esp+3Bh] [ebp-1Dh] BYREFstrcpy(v12, "Qsw3sj_lz4_Ujw@l");printf("Please input:");scanf("%s", &v2);result = v2;if ( v2 == 65 ){result = v3;if ( v3 == 67 ){result = v4;if ( v4 == 84 ){result = v5;if ( v5 == 70 ){result = v6;if ( v6 == 123 ){result = v11;if ( v11 == 125 ){v1[0] = v7;v1[1] = v8;v1[2] = v9;v1[3] = v10;*&v12[17] = 0;while ( *&v12[17] <= 15 )\\0~15的循环{if ( *(v1 + *&v12[17]) > 64 && *(v1 + *&v12[17]) <= 90 )\\如果flag[i]是大写字母*(v1 + *&v12[17]) = (*(v1 + *&v12[17]) - 51) % 26 + 65;if ( *(v1 + *&v12[17]) > 96 && *(v1 + *&v12[17]) <= 122 )\\如果flag[i]是小写字母*(v1 + *&v12[17]) = (*(v1 + *&v12[17]) - 79) % 26 + 97;++*&v12[17];}*&v12[17] = 0;while ( *&v12[17] <= 15 )\\0~15的循环{result = v12[*&v12[17]];if ( *(v1 + *&v12[17]) != result )\\result里存的是flag,一个对比操作return result;++*&v12[17];}return printf("You are correct!");}}}}}}return result;
}清楚逻辑了,写个脚本
v15= [ 'Q','s','w','3','s','j', '_','l','z','4','_','U','j','w','@','l' ]
flag=""for i in range(16):for j in range(128):#ascii表上有127个字符,一个一个试叫做爆破,用devc爆破更快x=jif 'A'<=chr(x)<='Z':x=(x-51)%26+65if 'a'<=chr(x)<='z':x=(x-79)%26+97if chr(x)==v15[i]:flag+=chr(j)print ('flag{'+flag+'}')
Python 字符串str详解(超详细)_在idle中定义字符串变量str1,赋值为“黄沙百战穿金甲,不破楼兰终不还。”,完成以下操作: (1-CSDN博客
flag{Cae3ar_th4_Gre@t}
本题主要用到了爆破flag,遇到公式里有取余符号时,并且知道限定条件,就可以用爆破的方式,在限定条件里循环,如果成立就是flag