reverse-XNUCA-babyfuscator
上一次线上赛的一道题目
链接:http://pan.baidu.com/s/1qY9ztKC 密码:xlr2
这是一道代码混淆的题目,因为当时还不知道angr这样一个软件,所以我就用了自己的一种思路
本体是对32位密码进行顺次加密运算的(确实是顺次,我验算过),所以我的思路就是修改源代码,进行顺次爆破
主要思想是在每一次报错的goto跳转前加上一个唯一的m变量值,并在报错的代码处用n变量来保存上一次的m值,如果m=n则说明,是同一位发生错误,继续爆破该位,若m!=n则说明,上一位正确,已经跳转到下一位,则i++开始爆破下一位。
个人觉得方法还比较简单,工作量也比较小,上代码:
// ewwe.cpp : Defines the entry point for the console application.
// #include<stdio.h>
#include<stdlib.h>
typedef char _BYTE; void main()
{
unsigned int v1; // [sp+Ch] [bp-24h]@0
unsigned __int8 v2; // [sp+14h] [bp-1Ch]@69
char v3; // [sp+16h] [bp-1Ah]@2
char v4; // [sp+16h] [bp-1Ah]@32
char v5; // [sp+16h] [bp-1Ah]@34
char v6; // [sp+17h] [bp-19h]@8
char v7; // [sp+18h] [bp-18h]@5
char v8; // [sp+18h] [bp-18h]@19
char v9; // [sp+18h] [bp-18h]@44
char v10; // [sp+19h] [bp-17h]@0
char v11; // [sp+19h] [bp-17h]@19
char v12; // [sp+1Ah] [bp-16h]@4
char v13; // [sp+1Ah] [bp-16h]@21
char v14; // [sp+1Bh] [bp-15h]@10
char v15; // [sp+1Bh] [bp-15h]@38
char v16; // [sp+1Ch] [bp-14h]@44
char v17; // [sp+1Dh] [bp-13h]@2
char v18; // [sp+1Dh] [bp-13h]@4
char v19; // [sp+1Fh] [bp-11h]@0
char v20; // [sp+1Fh] [bp-11h]@26
char table[]="abcdefghijklmnopqrstuvwxyz0123456789";
char a1[]="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
int i=;
int j=;
int m;
int n=; for(j;j<;j++){
a1[i]=table[j];
if ( v1 + 0x717BAD35 > 0xFFFFFFFF )
goto LABEL_75;
v17 = ((*(_BYTE *)a1 ^ 0x10) + ) ^ 0x12;
v3 = ((((((v17 + ) ^ 0x1B) + ) ^ 0x39) + ) ^ 0x29) + ;
if ( ((unsigned __int8)((v3 ^ 0x3B) + ) ^ 0xA) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_15;
v18 = ((*(_BYTE *)(a1 + ) ^ ) + ) ^ 0x16;
v12 = ((v18 + ) ^ 0x2F) + ;;
while ( )
{
v7 = (v12 ^ 0x32) + ;
if ( ((unsigned __int8)((((v7 ^ 0xB) + ) ^ 0x2B) + ) ^ ) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x26) + ) ^ 0x14;
v7 = ((((v18 + ) ^ ) + ) ^ ) + ;
}
do
{
v6 = v7 ^ 0x3D;
if ( ((unsigned __int8)((((v7 ^ 0x3D) + ) ^ 0x31) + ) ^ 0xC) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_83;
v18 = ((*(_BYTE *)(a1 + ) ^ 0x2F) + ) ^ 0x29;
v14 = (v18 + ) ^ 0x1F;
if ( ((unsigned __int8)(((((((v18 + ) ^ 0x27) + ) ^ 0x31) + ) ^ 0x26) + ) ^ 0x32) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_82;
v18 = *(_BYTE *)(a1 + ) ^ 0x1F;
v7 = ((((v18 + ) ^ 0x21) + ) ^ 0x27) + ;
if ( ((unsigned __int8)((((v7 ^ 0x2D) + ) ^ 0x19) + ) ^ 0x39) != )
{m=;
goto LABEL_88;}
}
while ( v1 + > 0xFFFFFFFF );
v17 = (*(_BYTE *)(a1 + ) + ) ^ 0x26;
v3 = ((((((v17 + ) ^ 0x10) + ) ^ 0x32) + ) ^ ) + ;
LABEL_15:
if ( ((unsigned __int8)((v3 ^ 0xA) + ) ^ 0x12) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_59;
if ( ((unsigned __int8)((((((((((*(_BYTE *)(a1 + ) ^ 0x17) + ) ^ 0x27) + ) ^ 0x26) + ) ^ ) + ) ^ 0x16) + ) ^ 0x1C) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_31;
v19 = *(_BYTE *)(a1 + ) ^ 0x1A;
v11 = (((((v19 + ) ^ ) + ) ^ 0x25) + ) ^ 0x30;
v8 = v11 + ;
if ( ((unsigned __int8)((((v11 + ) ^ 0x24) + ) ^ 0x2F) ^ 0x2B) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
break;
while ( )
{
if ( ((unsigned __int8)((((v8 ^ 0x39) + ) ^ 0x36) + ) ^ 0x16) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v19 = *(_BYTE *)(a1 + ) ^ 0x30;
v10 = (((((v19 + ) ^ 0x11) + ) ^ 0x13) + ) ^ 0x21;
LABEL_75:
v2 = (((v10 ^ 0x35) + ) ^ 0x19) + ;
goto LABEL_76;
}
LABEL_32:
v4 = v8 ^ 0x1B;
if ( ((unsigned __int8)((v8 ^ ) + ) ^ 0x21) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x2C) + ) ^ 0x35;
v12 = (v18 + ) ^ 0x29;
v5 = ((((v18 + ) ^ 0x21) + ) ^ 0xA) + ;
if ( ((unsigned __int8)((v5 ^ 0x26) + ) ^ 0x2D) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_42;
v17 = *(_BYTE *)(a1 + ) ^ 0x1F;
v3 = ((((v17 + ) ^ 0x3A) + ) ^ 0x27) + ;
if ( ((unsigned __int8)((v3 ^ 0x1B) + ) ^ 0x16) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_15;
v19 = *(_BYTE *)(a1 + ) ^ 0x10;
v15 = (((v19 + ) ^ 0x14) + ) ^ ;
LABEL_39:
v11 = (v15 + ) ^ 0x1E;
v4 = ((v11 + ) ^ 0x1A) + ;
if ( ((unsigned __int8)((v4 ^ 0x24) + ) ^ ) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
break;
}
while ( )
{
if ( ((unsigned __int8)((v4 ^ 0x2D) + ) ^ ) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ ) + ) ^ 0x19;
v14 = (v18 + ) ^ 0x2C;
goto LABEL_82;
}
LABEL_69:
v2 = ((((v11 + ) ^ 0x1B) + ) ^ 0x1E) + ;
if ( (v2 ^ 0x34) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
break;
LABEL_76:
if ( (v2 ^ 0x12) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_49;
v19 = *(_BYTE *)(a1 + ) ^ 0x11;
v11 = (((((v19 + ) ^ ) + ) ^ 0x15) + ) ^ 0x3E;
v4 = ((v11 + ) ^ 0xF) + ;
}
v19 = *(_BYTE *)(a1 + ) ^ 0x36;
v11 = (((((v19 + ) ^ 0x14) + ) ^ 0x3B) + ) ^ 0x24;
v8 = v11 + ;
}
v18 = ((*(_BYTE *)(a1 + ) ^ ) + ) ^ ;
v12 = v18 + ;
v5 = ((((v18 + ) ^ 0x33) + ) ^ 0x1C) + ;
LABEL_42:
if ( ((unsigned __int8)((v5 ^ 0x2A) + ) ^ 0x2D) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x20) + ) ^ 0x1D;
v16 = v18 + ;
v9 = ((((v18 + ) ^ 0x3F) + ) ^ ) + ;
if ( ((unsigned __int8)((((v9 ^ 0x23) + ) ^ 0x11) + ) ^ 0x28) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x22) + ) ^ 0x12;
v14 = (v18 + ) ^ 0xA;
if ( ((unsigned __int8)(((((((v18 + ) ^ 0x25) + ) ^ 0x29) + ) ^ 0x1F) + ) ^ 0xF) == )
{
if ( v1 + > 0xFFFFFFFF )
goto LABEL_52;
v19 = *(_BYTE *)(a1 + ) ^ 0x11;
LABEL_49:
v18 = (v19 + ) ^ 0x2E;
goto LABEL_50;
}
m=;
LABEL_88:
if(n==m)
{
goto label;
}
else
{
n=m;
i++;
j=-;
goto label; }
}
goto LABEL_62;
}
}
v18 = ((*(_BYTE *)(a1 + ) ^ 0xC) + ) ^ 0x34;
v14 = (v18 + ) ^ ;
v13 = v14 + ;
if ( ((unsigned __int8)(((((((v14 + ) ^ 0x27) + ) ^ 0x3B) + ) ^ 0x23) + ) ^ 0x16) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_56;
v17 = ((*(_BYTE *)(a1 + ) ^ 0xA) + ) ^ 0x3D;
if ( ((unsigned __int8)(((((((((v17 + ) ^ 0x37) + ) ^ 0x19) + ) ^ 0x23) + ) ^ 0x38) + ) ^ 0x29) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v20 = *(_BYTE *)(a1 + ) ^ 0xD;
LABEL_27:
v17 = (v20 + ) ^ 0x3A;
if ( ((unsigned __int8)(((((((((v17 + ) ^ 0x28) + ) ^ 0x1B) + ) ^ 0x1D) + ) ^ 0x39) + ) ^ 0x36) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x20) + ) ^ 0x3C;
if ( ((unsigned __int8)(((((((v18 + ) ^ 0x3A) + ) ^ ) + ) ^ 0x36) + ) ^ 0x29) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_50;
LABEL_31:
v19 = *(_BYTE *)(a1 + ) ^ ;
v11 = (((((v19 + ) ^ 0x2F) + ) ^ 0x38) + ) ^ 0x3F;
v8 = v11 + ;
goto LABEL_32;
}
}
while ( )
{
LABEL_59:
if ( ((unsigned __int8)(((((((((v17 + ) ^ 0x3A) + ) ^ 0x1A) + ) ^ 0xC) + ) ^ 0x28) + ) ^ 0x2A) !=
|| v1 + > 0xFFFFFFFF )
{m=;
goto LABEL_88;}
v18 = *(_BYTE *)(a1 + ) ^ 0x23;
v16 = v18 + ;
v9 = ((((v18 + ) ^ ) + ) ^ 0x1B) + ;
LABEL_62:
if ( ((unsigned __int8)((((v9 ^ 0x11) + ) ^ 0x3A) + ) ^ 0xC) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
break;
v17 = ((*(_BYTE *)(a1 + ) ^ 0x29) + ) ^ 0x18;
if ( ((unsigned __int8)(((((((v17 + ) ^ ) + ) ^ 0x22) + ) ^ 0x22) + ) ^ 0x3A) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v19 = *(_BYTE *)(a1 + ) ^ 0x2B;
v15 = (((v19 + ) ^ 0x1F) + ) ^ ;
if ( ((unsigned __int8)(((((((v15 + ) ^ 0x20) + ) ^ 0x37) + ) ^ ) + ) ^ 0x1F) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v19 = *(_BYTE *)(a1 + ) ^ ;
v11 = (((((v19 + ) ^ 0x35) + ) ^ 0x2E) + ) ^ 0xE;
goto LABEL_69;
}
goto LABEL_39;
}
}
while ( )
{
v14 = v16 ^ 0xB;
if ( ((unsigned __int8)((((((((v16 ^ 0xB) + ) ^ 0x24) + ) ^ 0x1E) + ) ^ 0x2A) + ) ^ 0x21) != )
{m=;
goto LABEL_88;}
LABEL_52:
if ( v1 + <= 0xFFFFFFFF )
{
v20 = *(_BYTE *)(a1 + ) ^ 0x3C;
if ( ((unsigned __int8)((((((((v20 + ) ^ 0x27) + ) ^ ) + ) ^ ) + ) ^ 0x36) ^ 0x27) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_27;
v18 = ((*(_BYTE *)(a1 + ) ^ 0x2C) + ) ^ 0x28;
v14 = (v18 + ) ^ 0x27;
v13 = (v18 + ) ^ 0x27;
LABEL_56:
if ( ((unsigned __int8)(((((v13 ^ 0x3A) + ) ^ ) + ) ^ 0x2F) ^ 0x1B) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v17 = ((*(_BYTE *)(a1 + ) ^ 0x33) + ) ^ 0x38;
goto LABEL_59;
}
}
LABEL_82:
v6 = (((v14 + ) ^ 0xF) + ) ^ 0x24;
LABEL_83:
if ( ((unsigned __int8)(((v6 + ) ^ ) + ) ^ 0x2E) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
if ( ((unsigned __int8)((((((((((((*(_BYTE *)(a1 + ) ^ ) + ) ^ 0x2C) + ) ^ 0x3C) + ) ^ 0x17) + ) ^ 0x30) + ) ^ 0x3C)
+ ) ^ 0x17) == )
{
printf("Congratulations!The flag is %s\n", a1);
system("pause");
}
{m=;
goto LABEL_88;}
}
LABEL_50:
v16 = v18 + ;
}
label:continue;
} }
reverse-XNUCA-babyfuscator的更多相关文章
- LeetCode 7. Reverse Integer
Reverse digits of an integer. Example1: x = 123, return 321 Example2: x = -123, return -321 Have you ...
- js sort() reverse()
数组中存在的两个方法:sort()和reverse() 直接用sort(),如下: ,,,,,,,,,,,]; console.log(array.sort());ps:[0, 1, 2, 2, 29 ...
- [LeetCode] Reverse Vowels of a String 翻转字符串中的元音字母
Write a function that takes a string as input and reverse only the vowels of a string. Example 1:Giv ...
- [LeetCode] Reverse String 翻转字符串
Write a function that takes a string as input and returns the string reversed. Example: Given s = &q ...
- [LeetCode] Reverse Linked List 倒置链表
Reverse a singly linked list. click to show more hints. Hint: A linked list can be reversed either i ...
- [LeetCode] Reverse Bits 翻转位
Reverse bits of a given 32 bits unsigned integer. For example, given input 43261596 (represented in ...
- [LeetCode] Reverse Words in a String II 翻转字符串中的单词之二
Given an input string, reverse the string word by word. A word is defined as a sequence of non-space ...
- [LeetCode] Reverse Words in a String 翻转字符串中的单词
Given an input string, reverse the string word by word. For example, Given s = "the sky is blue ...
- [LeetCode] Evaluate Reverse Polish Notation 计算逆波兰表达式
Evaluate the value of an arithmetic expression in Reverse Polish Notation. Valid operators are +, -, ...
- [LeetCode] Reverse Linked List II 倒置链表之二
Reverse a linked list from position m to n. Do it in-place and in one-pass. For example:Given 1-> ...
随机推荐
- HTML中一些基本的标签用法
姓名输入框:<input type="text" value="默认有值"/> 密码输入框:<input type="text&qu ...
- nwjs如何打包文件为exe文件并修改exe图标
1.下载nw.js,如果是SDK版的可以调试页面,打包后可不可以调试还没有试,不是SDK的话没有调试选项,试了一下,打包后的文件也一样调试不了. 2.把要打包的文件和package.json都放在nw ...
- document.compatMode属性和获取鼠标的位置
document.compatMode属性 document.compatMode用来判断当前浏览器采用的渲染方式. 官方解释: BackCompat:标准兼容模式关闭.CSS1Compat:标准兼容 ...
- linux环境下安装mysql数据库遇到的问题
总结一句话: 安装完mysql数据库记得授权远程登录. 坑的现象: ERROR 1045 (28000): Access denied for user 'guoxp'@'localhost' ( ...
- Web页面速度测试工具
开发框架的时间,想测试单例和多例下对性能的影响,找了下没有特别简单易用的测试工具. 估摸着搞了一个小工具. 针对.net Framework的2.0,3.5,4.0版本. WebHttpTest2.0 ...
- Hibernate不能自动建数据表解决办法
首先自己要注意自己的MYSQL版本,然后设置对应的方言 兼容性模式 <property name="hibernate.dialect">org.hibernate.d ...
- 下载SRA文件
sratoolkit.2.6.2-centos_linux64/bin/prefetch 下载SRA文件 fastq-dump --split-3 SRR2923014.sra 转 ...
- Android NDK开发入门实例
AndroidNDK是能使Android应用开发者把从c/c++编译而来的本地代码嵌入到应用包中的一系列工具的组合. 注意: AndroidNDK只能用于Android1.5及以上版本中. I. An ...
- psd切图
打开UI设计师给你的PSD文件,我们以下图为例,截产品超市前面的购物车 1.按v选择移动工具,然后在上面的选项栏中勾选自动选择,在再右边选择图层 2.这时候用鼠标选中产品超市前面的购物车,就能在右边的 ...
- STM32学习笔记(四) RCC外设的学习和理解
RCC时钟模块并不好理解,初次接触我也是一头雾水,而且我真正掌握它的时候也比较晚,是我在学习uC/os-II,需要分析时钟时才有了深刻认识.但在学习中我却一定要把放在了前列,因为这是整个嵌入式最重要的 ...