[UTCTF2020]babymips

  • 开发
  • 21

水一篇

32位

c++写的,长得比较丑陋

进入sub-401164函数

V7的数据可以得到

unsigned char ida_chars[] =
{
  0x62, 0x6C, 0x7F, 0x76, 0x7A, 0x7B, 0x66, 0x73, 0x76, 0x50, 
  0x52, 0x7D, 0x40, 0x54, 0x55, 0x79, 0x40, 0x49, 0x47, 0x4D, 
  0x74, 0x19, 0x7B, 0x6A, 0x42, 0x0A, 0x4F, 0x52, 0x7D, 0x69, 
  0x4F, 0x53, 0x0C, 0x64, 0x10, 0x0F, 0x1E, 0x4A, 0x67, 0x03, 
  0x7C, 0x67, 0x02, 0x6A, 0x31, 0x67, 0x61, 0x37, 0x7A, 0x62, 
  0x2C, 0x2C, 0x0F, 0x6E, 0x17, 0x00, 0x16, 0x0F, 0x16, 0x0A, 
  0x6D, 0x62, 0x73, 0x25, 0x39, 0x76, 0x2E, 0x1C, 0x63, 0x78, 
  0x2B, 0x74, 0x32, 0x16, 0x20, 0x22, 0x44, 0x19, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x4E
};

大概意思应该是异或那里相等

V7传到形式参数a1里面

 

 我不知道他为什么没有后面那一半

#include<stdio.h>
#include<string.h>
int main()
{
	char str[] =
	{
  0x62, 0x6C, 0x7F, 0x76, 0x7A, 0x7B, 0x66, 0x73, 0x76, 0x50, 
  0x52, 0x7D, 0x40, 0x54, 0x55, 0x79, 0x40, 0x49, 0x47, 0x4D, 
  0x74, 0x19, 0x7B, 0x6A, 0x42, 0x0A, 0x4F, 0x52, 0x7D, 0x69, 
  0x4F, 0x53, 0x0C, 0x64, 0x10, 0x0F, 0x1E, 0x4A, 0x67, 0x03, 
  0x7C, 0x67, 0x02, 0x6A, 0x31, 0x67, 0x61, 0x37, 0x7A, 0x62, 
  0x2C, 0x2C, 0x0F, 0x6E, 0x17, 0x00, 0x16, 0x0F, 0x16, 0x0A, 
  0x6D, 0x62, 0x73, 0x25, 0x39, 0x76, 0x2E, 0x1C, 0x63, 0x78, 
  0x2B, 0x74, 0x32, 0x16, 0x20, 0x22, 0x44, 0x19
	};
	char flag[500];
	int i;
	for(i=0;i<strlen(str);i++)
	{
		flag[i]=str[i]^(i+23);
		printf("%c",flag[i]);
	}
	
	return 0;
}
//utflag{mips_cpp_gang_5VDm:~`N]ze;\)5%vZ=C'C(r#$q=*efD"Z

 我知道了

数据用unsigned char,求数组长度用sizeof


#include<stdio.h>
#include<string.h>
int main()
{
	unsigned char str[] =
	{
  0x62, 0x6C, 0x7F, 0x76, 0x7A, 0x7B, 0x66, 0x73, 0x76, 0x50, 
  0x52, 0x7D, 0x40, 0x54, 0x55, 0x79, 0x40, 0x49, 0x47, 0x4D, 
  0x74, 0x19, 0x7B, 0x6A, 0x42, 0x0A, 0x4F, 0x52, 0x7D, 0x69, 
  0x4F, 0x53, 0x0C, 0x64, 0x10, 0x0F, 0x1E, 0x4A, 0x67, 0x03, 
  0x7C, 0x67, 0x02, 0x6A, 0x31, 0x67, 0x61, 0x37, 0x7A, 0x62, 
  0x2C, 0x2C, 0x0F, 0x6E, 0x17, 0x00, 0x16, 0x0F, 0x16, 0x0A, 
  0x6D, 0x62, 0x73, 0x25, 0x39, 0x76, 0x2E, 0x1C, 0x63, 0x78, 
  0x2B, 0x74, 0x32, 0x16, 0x20, 0x22, 0x44, 0x19
	};
	char flag[500];
	int i;
	for(i=0;i<sizeof(str);i++)
	{
		flag[i]=str[i]^(i+23);
		printf("%c",flag[i]);
	}
	
	return 0;
}
//utflag{mips_cpp_gang_5VDm:~`N]ze;\)5%vZ=C'C(r#$q=*efD"ZNY_GX>6&sn.wF8$v*mvA@'}

阅读全部

相关推荐

  2. [UTCTF 2024] crypto 部分

    2024-07-14 23:58:02       24 阅读

  3. [UUCTF 2022 新生赛]ezsql

    2024-07-14 23:58:02       29 阅读

  5. [UUCTF 2022 新生赛]ez_unser

    2024-07-14 23:58:02       29 阅读

最近更新

  3. docker php8.1+nginx base 镜像 dockerfile 配置

    2024-07-14 23:58:02       67 阅读

  4. Could not load dynamic library ‘cudart64_100.dll‘

    2024-07-14 23:58:02       71 阅读

  9. 在Django里面运行非项目文件

    2024-07-14 23:58:02       58 阅读

  19. Python语言-面向对象

    2024-07-14 23:58:02       69 阅读

  20. 如何分清楚常见的 Git 分支管理策略Git Flow、GitHub Flow 和 GitLab Flow

    2024-07-14 23:58:02       64 阅读

热门阅读

  6. 分析 Android 应用中的日志信息应遵循的原则

    2024-07-14 23:58:02       20 阅读

  7. 牛客周赛51 F(静态区间最大连续子段和)

    2024-07-14 23:58:02       21 阅读

  9. 解锁Postman的API参数化:动态请求的秘诀

    2024-07-14 23:58:02       20 阅读

  14. 如何理解electron 的预加载脚本

    2024-07-14 23:58:02       19 阅读

  18. 力扣题解(回文子串)

    2024-07-14 23:58:02       21 阅读

  25. 题解:P9999 [Ynoi2000] tmostnrq

    2024-07-14 23:58:02       20 阅读