re--[HDCTF 2023]double_code&[MoeCTF 2022]fake_key&[HNCTF 2022 WEEK3]Try2debugPlusPlus
Re练题
[HDCTF 2023]double_code
0x48,0x67,0x45,0x51,0x42,0x7b,0x70,0x6a,0x30,0x68,0x6c,0x60,0x32,0x61,0x61,0x5f,0x42,0x70,0x61,0x5b,0x30,0x53,0x65,0x6c,0x60,0x65,0x7c,0x63,0x69,0x2d,0x5f,0x46,0x35,0x70,0x75,0x7d
alloc:%p 的日志输出在这里的作用是记录某个内存分配操作的结果。它可能是为了调试、日志记录或安全检查的目的。具体来说,它记录了 sub_1400110FA 函数分配的内存地址
所以我们跟进sub_14001F000函数
V5与 0x23 进行异或操作
逆向
| code=[0x48,0x67,0x45,0x51,0x42,0x7b,0x70,0x6a,0x30,0x68,0x6c,0x60,0x32,0x61,0x61,0x5f,0x42,0x70,0x61,0x5b,0x30,0x53,0x65,0x6c,0x60,0x65,0x7c,0x63,0x69,0x2d,0x5f,0x46,0x35,0x70,0x75,0x7d] |
HDCTF{Sh3llC0de_and_0pcode_al1_e3sy}
[MoeCTF 2022]fake_key
动调
Shift+e导出数据
这是密钥
121, 117, 110, 122, 104, 49, 106, 117, 110, 84,
67, 76, 44, 116, 114, 97, 99, 107, 89, 89,
68, 83
这是加密后的数据
0x15, 0x21, 0x0F, 0x19, 0x25, 0x5B, 0x19, 0x39, 0x5F, 0x3A,
0x3B, 0x30, 0x74, 0x07, 0x43, 0x3F, 0x09, 0x5A, 0x34, 0x0C,
0x74, 0x3F, 0x1E, 0x2D, 0x27, 0x21, 0x12, 0x16, 0x1F
1 7 4 0 9 4 8 8 2 4 5 5 1 7 1 1 5 2 7 6 1 4 2 3 2 2 1 6 8
| enflag = [0x15, 0x21, 0x0F, 0x19, 0x25, 0x5B, 0x19, 0x39, 0x5F, 0x3A, |
moectf{D3bug_t0_g3t_7he_Key!}
[HNCTF 2022 WEEK3]Try2debugPlusPlus
Tea加密
动调
把exit nop掉,不然会退出
之后一直f8等到程序打印出新的key值
再看tea函数
点进去看看
0x0DAD5B6C5, 0x0CE5F717, 0x8BE8AF6B, 0x0D74C6EB4, 0x0EEB8B5A0, 0x0A07618E0, 0x1B425FD0, 0x0C0B77641, 0x0A30FA9BE,0x0CB4F5089, 0x0EBF9EC1D, 0x0F870EF3D
这是delta值,写代码
| #include #include #include int main(void) { unsigned int a1[]={0x0DAD5B6C5, 0x0CE5F717, 0x8BE8AF6B, 0x0D74C6EB4, 0x0EEB8B5A0, 0x0A07618E0, 0x1B425FD0, 0x0C0B77641, 0x0A30FA9BE,0x0CB4F5089, 0x0EBF9EC1D, 0x0F870EF3D}; int a2[] = {0x91,0x71,0x11,0xbb}; unsigned int v0,v1,i; for (int k = 0; k < 12; k += 2) { v0 = a1[k]; v1 = a1[k + 1]; long delta = 0x79B99E37; long sum = (32 * delta); for (i = 0; i <= 31; ++i) { v1 -= (((v0 * 16) ^ (v0 >> 5)) + v0) ^ (sum + a2[(sum >> 11 ) & 3]); sum -= delta; v0 -= (((v1 * 16) ^ (v1 >> 5)) + v1) ^ (sum + a2[(sum & 3)]);
} a1[k] = v0; a1[k+1] = v1; } for (i = 0; i < 12; i++) { printf("%c",a1[i]); } } |
#_Ant!+Debu9