流浪者

  1. int __thiscall sub_401890(CWnd *this)
  2. {
  3.   struct CString *v1; // ST08_4
  4.   CWnd *v2; // eax
  5.   int v3; // eax
  6.   int v5[26]; // [esp+4Ch] [ebp-74h]
  7.   int i; // [esp+B4h] [ebp-Ch]
  8.   char *Str; // [esp+B8h] [ebp-8h]
  9.   CWnd *v8; // [esp+BCh] [ebp-4h]
  10.  
  11.   v8 = this;
  12.   v1 = (CWnd *)((char *)this + 100);
  13.   v2 = CWnd::GetDlgItem(this, 1002);
  14.   CWnd::GetWindowTextA(v2, v1);
  15.   v3 = sub_401A30((char *)v8 + 100);
  16.   Str = CString::GetBuffer((CWnd *)((char *)v8 + 100), v3);
  17.   if ( !strlen(Str) )
  18.     return CWnd::MessageBoxA(v8, "请输入pass!", 0, 0);
  19.   for ( i = 0; Str[i]; ++i )
  20.   {
  21.     if ( Str[i] > 57 || Str[i] < 48 )
  22.     {
  23.       if ( Str[i] > 122 || Str[i] < 97 )
  24.       {
  25.         if ( Str[i] > 90 || Str[i] < 65 )
  26.           sub_4017B0();                         // 错误
  27.         else                                    // 65-90  +29
  28.           v5[i] = Str[i] - 29;                  // 大写
  29.       }
  30.       else
  31.       {                                         // 97-122   +87
  32.         v5[i] = Str[i] - 87;                    // 小写
  33.       }
  34.     }
  35.     else
  36.     {                                           // 48-57   +48
  37.       v5[i] = Str[i] - 48;                      // 数字-'0'
  38.     }
  39.   }
  40.   return sub_4017F0(v5);
  41. }

sub_4017F0(v5)

  1. BOOL __cdecl sub_4017F0(int *a1)
  2. {
  3.   BOOL result; // eax
  4.   char Str1[28]; // [esp+D8h] [ebp-24h]
  5.   int v3; // [esp+F4h] [ebp-8h]
  6.   int i; // [esp+F8h] [ebp-4h]
  7.  
  8.   i = 0;
  9.   v3 = 0;
  10.   while ( a1[i] < 0x3E && a1[i] >= 0 )
  11.   {
  12.     Str1[i] = aAbcdefghiabcde[a1[i]];
  13.     ++i;
  14.   }
  15.   Str1[i] = 0;
  16.   if ( !strcmp(Str1, "KanXueCTF2019JustForhappy") )
  17.     result = sub_401770();                      // 正确
  18.   else
  19.     result = sub_4017B0();                      // 错误
  20.   return result;
  21. }

wp

  1. tab='abcdefghiABCDEFGHIJKLMNjklmn0123456789opqrstuvwxyzOPQRSTUVWXYZ'
  2. tg='KanXueCTF2019JustForhappy'
  3. temp=[]
  4. for i in range(len(tg)):
  5.     temp.append(tab.index(tg[i]))
  6. flag=''
  7. for c in temp:
  8.     if c>=65-29 and c<=90-29:
  9.         c+=29
  10.     elif c>=97-87 and c<=122-87:
  11.         c+=87
  12.     elif c>=48-48 and c<=57-48:
  13.         c+=48
  14.     flag+=chr(c)
  15. print flag

j0rXI4bTeustBiIGHeCF70DDM

flag{j0rXI4bTeustBiIGHeCF70DDM}

攻防世界 reverse 流浪者的更多相关文章

  1. 攻防世界 reverse 进阶 10 Reverse Box

    攻防世界中此题信息未给全,题目来源为[TWCTF-2016:Reverse] Reverse Box 网上有很多wp是使用gdb脚本,这里找到一个本地还原关键算法,然后再爆破的 https://www ...

  2. 攻防世界 reverse evil

    这是2017 ddctf的一道逆向题, 挑战:<恶意软件分析> 赛题背景: 员工小A收到了一封邮件,带一个文档附件,小A随手打开了附件.随后IT部门发现小A的电脑发出了异常网络访问请求,进 ...

  3. 攻防世界 reverse tt3441810

    tt3441810 tinyctf-2014 附件给了一堆数据,将十六进制数据部分提取出来, flag应该隐藏在里面,(这算啥子re,) 保留可显示字符,然后去除填充字符(找规律 0.0) 处理脚本: ...

  4. 攻防世界 reverse 进阶 APK-逆向2

    APK-逆向2 Hack-you-2014 (看名以为是安卓逆向呢0.0,搞错了吧) 程序是.net写的,直接祭出神器dnSpy 1 using System; 2 using System.Diag ...

  5. 攻防世界 reverse Windows_Reverse2

    Windows_Reverse2   2019_DDCTF 查壳: 寻找oep-->dump-->iat修复   便可成功脱壳 int __cdecl main(int argc, con ...

  6. 攻防世界 reverse BabyXor

    BabyXor     2019_UNCTF 查壳 脱壳 dump 脱壳后 IDA静态分析 int main_0() { void *v0; // eax int v1; // ST5C_4 char ...

  7. 攻防世界 reverse parallel-comparator-200

    parallel-comparator-200 school-ctf-winter-2015 https://github.com/ctfs/write-ups-2015/tree/master/sc ...

  8. 攻防世界 reverse 进阶 8-The_Maya_Society Hack.lu-2017

    8.The_Maya_Society Hack.lu-2017 在linux下将时间调整为2012-12-21,运行即可得到flag. 下面进行分析 1 signed __int64 __fastca ...

  9. 攻防世界 reverse easy_Maze

    easy_Maze 从题目可得知是简单的迷宫问题 int __cdecl main(int argc, const char **argv, const char **envp) { __int64 ...

随机推荐

  1. SQLite在C#的使用

    SQLite在C#的使用 http://www.cnblogs.com/SharkBin/archive/2012/11/03/2752277.html System.Data.SQLite.DLL的 ...

  2. CSS pseudo classes All In One

    CSS pseudo classes All In One CSS 伪类 https://developer.mozilla.org/en-US/docs/Web/CSS/Pseudo-classes ...

  3. React 17 All In One

    React 17 All In One v17.0.1 https://reactjs.org/blog/2020/10/20/react-v17.html https://reactjs.org/b ...

  4. Chrome blocked third-party cookies

    Chrome blocked third-party cookies Chrome Incognito Chrome 无痕模式 https://support.google.com/chrome/an ...

  5. UI Design & App & Free Icons

    UI Design & App & Free Icons icons8 https://icons8.com https://icons8.com/ouch Ouch可以帮助那些不进行 ...

  6. base 64 & blob & image url

    base 64 & blob & image url base 64 image & e.clipboardData.items[1] https://codepen.io/x ...

  7. Flutter 1.5

    Flutter 1.5 Flutter SDK https://flutter.dev/docs/get-started/install/windows Android SDK This instal ...

  8. GitHub Learning Lab

    GitHub Learning Lab https://lab.github.com/ https://github.community/t5/GitHub-Learning-Lab/bd-p/lea ...

  9. Nginx之Location匹配规则

    概述 经过多年发展,nginx凭借其优异的性能征服了互联网界,成为了各个互联网公司架构设计中不可获取的要素.Nginx是一门大学问,但是对于Web开发者来说,最重要的是需要能捋的清楚Nginx的请求路 ...

  10. cartographer 调参(1)-lua文件配置参考文档

    cartographer 调参(1)-lua文件配置参考文档 https://blog.csdn.net/SimileciWH/article/details/84861718 Lua configu ...