reverse-XNUCA-babyfuscator
上一次线上赛的一道题目
链接:http://pan.baidu.com/s/1qY9ztKC 密码:xlr2
这是一道代码混淆的题目,因为当时还不知道angr这样一个软件,所以我就用了自己的一种思路
本体是对32位密码进行顺次加密运算的(确实是顺次,我验算过),所以我的思路就是修改源代码,进行顺次爆破
主要思想是在每一次报错的goto跳转前加上一个唯一的m变量值,并在报错的代码处用n变量来保存上一次的m值,如果m=n则说明,是同一位发生错误,继续爆破该位,若m!=n则说明,上一位正确,已经跳转到下一位,则i++开始爆破下一位。
个人觉得方法还比较简单,工作量也比较小,上代码:
// ewwe.cpp : Defines the entry point for the console application.
// #include<stdio.h>
#include<stdlib.h>
typedef char _BYTE; void main()
{
unsigned int v1; // [sp+Ch] [bp-24h]@0
unsigned __int8 v2; // [sp+14h] [bp-1Ch]@69
char v3; // [sp+16h] [bp-1Ah]@2
char v4; // [sp+16h] [bp-1Ah]@32
char v5; // [sp+16h] [bp-1Ah]@34
char v6; // [sp+17h] [bp-19h]@8
char v7; // [sp+18h] [bp-18h]@5
char v8; // [sp+18h] [bp-18h]@19
char v9; // [sp+18h] [bp-18h]@44
char v10; // [sp+19h] [bp-17h]@0
char v11; // [sp+19h] [bp-17h]@19
char v12; // [sp+1Ah] [bp-16h]@4
char v13; // [sp+1Ah] [bp-16h]@21
char v14; // [sp+1Bh] [bp-15h]@10
char v15; // [sp+1Bh] [bp-15h]@38
char v16; // [sp+1Ch] [bp-14h]@44
char v17; // [sp+1Dh] [bp-13h]@2
char v18; // [sp+1Dh] [bp-13h]@4
char v19; // [sp+1Fh] [bp-11h]@0
char v20; // [sp+1Fh] [bp-11h]@26
char table[]="abcdefghijklmnopqrstuvwxyz0123456789";
char a1[]="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
int i=;
int j=;
int m;
int n=; for(j;j<;j++){
a1[i]=table[j];
if ( v1 + 0x717BAD35 > 0xFFFFFFFF )
goto LABEL_75;
v17 = ((*(_BYTE *)a1 ^ 0x10) + ) ^ 0x12;
v3 = ((((((v17 + ) ^ 0x1B) + ) ^ 0x39) + ) ^ 0x29) + ;
if ( ((unsigned __int8)((v3 ^ 0x3B) + ) ^ 0xA) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_15;
v18 = ((*(_BYTE *)(a1 + ) ^ ) + ) ^ 0x16;
v12 = ((v18 + ) ^ 0x2F) + ;;
while ( )
{
v7 = (v12 ^ 0x32) + ;
if ( ((unsigned __int8)((((v7 ^ 0xB) + ) ^ 0x2B) + ) ^ ) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x26) + ) ^ 0x14;
v7 = ((((v18 + ) ^ ) + ) ^ ) + ;
}
do
{
v6 = v7 ^ 0x3D;
if ( ((unsigned __int8)((((v7 ^ 0x3D) + ) ^ 0x31) + ) ^ 0xC) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_83;
v18 = ((*(_BYTE *)(a1 + ) ^ 0x2F) + ) ^ 0x29;
v14 = (v18 + ) ^ 0x1F;
if ( ((unsigned __int8)(((((((v18 + ) ^ 0x27) + ) ^ 0x31) + ) ^ 0x26) + ) ^ 0x32) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_82;
v18 = *(_BYTE *)(a1 + ) ^ 0x1F;
v7 = ((((v18 + ) ^ 0x21) + ) ^ 0x27) + ;
if ( ((unsigned __int8)((((v7 ^ 0x2D) + ) ^ 0x19) + ) ^ 0x39) != )
{m=;
goto LABEL_88;}
}
while ( v1 + > 0xFFFFFFFF );
v17 = (*(_BYTE *)(a1 + ) + ) ^ 0x26;
v3 = ((((((v17 + ) ^ 0x10) + ) ^ 0x32) + ) ^ ) + ;
LABEL_15:
if ( ((unsigned __int8)((v3 ^ 0xA) + ) ^ 0x12) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_59;
if ( ((unsigned __int8)((((((((((*(_BYTE *)(a1 + ) ^ 0x17) + ) ^ 0x27) + ) ^ 0x26) + ) ^ ) + ) ^ 0x16) + ) ^ 0x1C) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_31;
v19 = *(_BYTE *)(a1 + ) ^ 0x1A;
v11 = (((((v19 + ) ^ ) + ) ^ 0x25) + ) ^ 0x30;
v8 = v11 + ;
if ( ((unsigned __int8)((((v11 + ) ^ 0x24) + ) ^ 0x2F) ^ 0x2B) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
break;
while ( )
{
if ( ((unsigned __int8)((((v8 ^ 0x39) + ) ^ 0x36) + ) ^ 0x16) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v19 = *(_BYTE *)(a1 + ) ^ 0x30;
v10 = (((((v19 + ) ^ 0x11) + ) ^ 0x13) + ) ^ 0x21;
LABEL_75:
v2 = (((v10 ^ 0x35) + ) ^ 0x19) + ;
goto LABEL_76;
}
LABEL_32:
v4 = v8 ^ 0x1B;
if ( ((unsigned __int8)((v8 ^ ) + ) ^ 0x21) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x2C) + ) ^ 0x35;
v12 = (v18 + ) ^ 0x29;
v5 = ((((v18 + ) ^ 0x21) + ) ^ 0xA) + ;
if ( ((unsigned __int8)((v5 ^ 0x26) + ) ^ 0x2D) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_42;
v17 = *(_BYTE *)(a1 + ) ^ 0x1F;
v3 = ((((v17 + ) ^ 0x3A) + ) ^ 0x27) + ;
if ( ((unsigned __int8)((v3 ^ 0x1B) + ) ^ 0x16) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_15;
v19 = *(_BYTE *)(a1 + ) ^ 0x10;
v15 = (((v19 + ) ^ 0x14) + ) ^ ;
LABEL_39:
v11 = (v15 + ) ^ 0x1E;
v4 = ((v11 + ) ^ 0x1A) + ;
if ( ((unsigned __int8)((v4 ^ 0x24) + ) ^ ) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
break;
}
while ( )
{
if ( ((unsigned __int8)((v4 ^ 0x2D) + ) ^ ) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ ) + ) ^ 0x19;
v14 = (v18 + ) ^ 0x2C;
goto LABEL_82;
}
LABEL_69:
v2 = ((((v11 + ) ^ 0x1B) + ) ^ 0x1E) + ;
if ( (v2 ^ 0x34) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
break;
LABEL_76:
if ( (v2 ^ 0x12) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_49;
v19 = *(_BYTE *)(a1 + ) ^ 0x11;
v11 = (((((v19 + ) ^ ) + ) ^ 0x15) + ) ^ 0x3E;
v4 = ((v11 + ) ^ 0xF) + ;
}
v19 = *(_BYTE *)(a1 + ) ^ 0x36;
v11 = (((((v19 + ) ^ 0x14) + ) ^ 0x3B) + ) ^ 0x24;
v8 = v11 + ;
}
v18 = ((*(_BYTE *)(a1 + ) ^ ) + ) ^ ;
v12 = v18 + ;
v5 = ((((v18 + ) ^ 0x33) + ) ^ 0x1C) + ;
LABEL_42:
if ( ((unsigned __int8)((v5 ^ 0x2A) + ) ^ 0x2D) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x20) + ) ^ 0x1D;
v16 = v18 + ;
v9 = ((((v18 + ) ^ 0x3F) + ) ^ ) + ;
if ( ((unsigned __int8)((((v9 ^ 0x23) + ) ^ 0x11) + ) ^ 0x28) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x22) + ) ^ 0x12;
v14 = (v18 + ) ^ 0xA;
if ( ((unsigned __int8)(((((((v18 + ) ^ 0x25) + ) ^ 0x29) + ) ^ 0x1F) + ) ^ 0xF) == )
{
if ( v1 + > 0xFFFFFFFF )
goto LABEL_52;
v19 = *(_BYTE *)(a1 + ) ^ 0x11;
LABEL_49:
v18 = (v19 + ) ^ 0x2E;
goto LABEL_50;
}
m=;
LABEL_88:
if(n==m)
{
goto label;
}
else
{
n=m;
i++;
j=-;
goto label; }
}
goto LABEL_62;
}
}
v18 = ((*(_BYTE *)(a1 + ) ^ 0xC) + ) ^ 0x34;
v14 = (v18 + ) ^ ;
v13 = v14 + ;
if ( ((unsigned __int8)(((((((v14 + ) ^ 0x27) + ) ^ 0x3B) + ) ^ 0x23) + ) ^ 0x16) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_56;
v17 = ((*(_BYTE *)(a1 + ) ^ 0xA) + ) ^ 0x3D;
if ( ((unsigned __int8)(((((((((v17 + ) ^ 0x37) + ) ^ 0x19) + ) ^ 0x23) + ) ^ 0x38) + ) ^ 0x29) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v20 = *(_BYTE *)(a1 + ) ^ 0xD;
LABEL_27:
v17 = (v20 + ) ^ 0x3A;
if ( ((unsigned __int8)(((((((((v17 + ) ^ 0x28) + ) ^ 0x1B) + ) ^ 0x1D) + ) ^ 0x39) + ) ^ 0x36) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x20) + ) ^ 0x3C;
if ( ((unsigned __int8)(((((((v18 + ) ^ 0x3A) + ) ^ ) + ) ^ 0x36) + ) ^ 0x29) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_50;
LABEL_31:
v19 = *(_BYTE *)(a1 + ) ^ ;
v11 = (((((v19 + ) ^ 0x2F) + ) ^ 0x38) + ) ^ 0x3F;
v8 = v11 + ;
goto LABEL_32;
}
}
while ( )
{
LABEL_59:
if ( ((unsigned __int8)(((((((((v17 + ) ^ 0x3A) + ) ^ 0x1A) + ) ^ 0xC) + ) ^ 0x28) + ) ^ 0x2A) !=
|| v1 + > 0xFFFFFFFF )
{m=;
goto LABEL_88;}
v18 = *(_BYTE *)(a1 + ) ^ 0x23;
v16 = v18 + ;
v9 = ((((v18 + ) ^ ) + ) ^ 0x1B) + ;
LABEL_62:
if ( ((unsigned __int8)((((v9 ^ 0x11) + ) ^ 0x3A) + ) ^ 0xC) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
break;
v17 = ((*(_BYTE *)(a1 + ) ^ 0x29) + ) ^ 0x18;
if ( ((unsigned __int8)(((((((v17 + ) ^ ) + ) ^ 0x22) + ) ^ 0x22) + ) ^ 0x3A) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v19 = *(_BYTE *)(a1 + ) ^ 0x2B;
v15 = (((v19 + ) ^ 0x1F) + ) ^ ;
if ( ((unsigned __int8)(((((((v15 + ) ^ 0x20) + ) ^ 0x37) + ) ^ ) + ) ^ 0x1F) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v19 = *(_BYTE *)(a1 + ) ^ ;
v11 = (((((v19 + ) ^ 0x35) + ) ^ 0x2E) + ) ^ 0xE;
goto LABEL_69;
}
goto LABEL_39;
}
}
while ( )
{
v14 = v16 ^ 0xB;
if ( ((unsigned __int8)((((((((v16 ^ 0xB) + ) ^ 0x24) + ) ^ 0x1E) + ) ^ 0x2A) + ) ^ 0x21) != )
{m=;
goto LABEL_88;}
LABEL_52:
if ( v1 + <= 0xFFFFFFFF )
{
v20 = *(_BYTE *)(a1 + ) ^ 0x3C;
if ( ((unsigned __int8)((((((((v20 + ) ^ 0x27) + ) ^ ) + ) ^ ) + ) ^ 0x36) ^ 0x27) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_27;
v18 = ((*(_BYTE *)(a1 + ) ^ 0x2C) + ) ^ 0x28;
v14 = (v18 + ) ^ 0x27;
v13 = (v18 + ) ^ 0x27;
LABEL_56:
if ( ((unsigned __int8)(((((v13 ^ 0x3A) + ) ^ ) + ) ^ 0x2F) ^ 0x1B) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v17 = ((*(_BYTE *)(a1 + ) ^ 0x33) + ) ^ 0x38;
goto LABEL_59;
}
}
LABEL_82:
v6 = (((v14 + ) ^ 0xF) + ) ^ 0x24;
LABEL_83:
if ( ((unsigned __int8)(((v6 + ) ^ ) + ) ^ 0x2E) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
if ( ((unsigned __int8)((((((((((((*(_BYTE *)(a1 + ) ^ ) + ) ^ 0x2C) + ) ^ 0x3C) + ) ^ 0x17) + ) ^ 0x30) + ) ^ 0x3C)
+ ) ^ 0x17) == )
{
printf("Congratulations!The flag is %s\n", a1);
system("pause");
}
{m=;
goto LABEL_88;}
}
LABEL_50:
v16 = v18 + ;
}
label:continue;
} }
reverse-XNUCA-babyfuscator的更多相关文章
- LeetCode 7. Reverse Integer
Reverse digits of an integer. Example1: x = 123, return 321 Example2: x = -123, return -321 Have you ...
- js sort() reverse()
数组中存在的两个方法:sort()和reverse() 直接用sort(),如下: ,,,,,,,,,,,]; console.log(array.sort());ps:[0, 1, 2, 2, 29 ...
- [LeetCode] Reverse Vowels of a String 翻转字符串中的元音字母
Write a function that takes a string as input and reverse only the vowels of a string. Example 1:Giv ...
- [LeetCode] Reverse String 翻转字符串
Write a function that takes a string as input and returns the string reversed. Example: Given s = &q ...
- [LeetCode] Reverse Linked List 倒置链表
Reverse a singly linked list. click to show more hints. Hint: A linked list can be reversed either i ...
- [LeetCode] Reverse Bits 翻转位
Reverse bits of a given 32 bits unsigned integer. For example, given input 43261596 (represented in ...
- [LeetCode] Reverse Words in a String II 翻转字符串中的单词之二
Given an input string, reverse the string word by word. A word is defined as a sequence of non-space ...
- [LeetCode] Reverse Words in a String 翻转字符串中的单词
Given an input string, reverse the string word by word. For example, Given s = "the sky is blue ...
- [LeetCode] Evaluate Reverse Polish Notation 计算逆波兰表达式
Evaluate the value of an arithmetic expression in Reverse Polish Notation. Valid operators are +, -, ...
- [LeetCode] Reverse Linked List II 倒置链表之二
Reverse a linked list from position m to n. Do it in-place and in one-pass. For example:Given 1-> ...
随机推荐
- WebRequest使用
// 待请求的地址 string url = "http://www.cnblogs.com"; // 创建 WebRequest 对象,WebRequest 是抽象类,定义了请求 ...
- C中测试时间代码
- file_get_contents微信头像等待时间过长的原因
UPDATE 2016/05/13 stackoverflow上的解决方法:http://stackoverflow.com/questions/3629504/php-file-get-conten ...
- nodejs系列(一)安装和介绍
一.安装nodejs http://www.nodejs.org/download/.进入release/选择想要安装的文件,win下安装选择mis和exe的比较方便,安装完毕重新打开cmd命令行,p ...
- winform自定义按钮菜单
//填写其他报表按钮 private void btnWriteRep_Click(object sender, EventArgs e) { try ...
- STM32学习笔记(四) RCC外设的学习和理解
RCC时钟模块并不好理解,初次接触我也是一头雾水,而且我真正掌握它的时候也比较晚,是我在学习uC/os-II,需要分析时钟时才有了深刻认识.但在学习中我却一定要把放在了前列,因为这是整个嵌入式最重要的 ...
- CSS 3 盒子属性
#box1{ width: 100px;height: 40px; border: 1px solid black;(1)内容沾满盒子的处理方式 所有的都要添加前缀,以便更好的浏览器兼容 1,ove ...
- Python_Day2_基础2
python基础之数据类型与变量 一.变量 变量作用:保存状态(程序的运行本质是一系列状态的变化,变量的目的就是用来保存状态,变量值的变化就构成了程序运行的不同结果.) Age=10 ----> ...
- kafka集群zookeeper集群详细配置
http://www.cnblogs.com/luotianshuai/p/5206662.html
- android mvvm
android studio 需要gradle 1.5.0以上才支持 dependencies { classpath 'com.android.tools.build:gradle:1.5.0'} ...