sus-bitx

题目地址

拖进ida,主函数一目了然,直接进入验证函数:

1
2
3
4
5
6
for ( i = 0; *(_BYTE *)(i + a1) && *(_BYTE *)(i + 0x804A040); ++i )
{
if ( *(_BYTE *)(i + a1) + 9 != ((unsigned __int8)((*(_BYTE *)(i + 0x804A040) & 0xAA) >> 1) | (unsigned __int8)(2 * (*(_BYTE *)(i + 0x804A040) & 0x55))) )
return 0;
}
return 1;

将输入与0x804a040处的值经过一系列运算后比较
若不相等则gg,直接写脚本:

1
2
3
4
5
6
final=[0x8F,0x0AA,0x85,0x0A0,0x48,0x0AC,0x40,0x95,0x0B6,0x16,0x0BE,0x40,0x0B4,0x16,0x97,0x0B1,0x0BE,0x0BC,0x16,0x0B1,0x0BC,0x16,0x9D,0x95,0x0BC,0x41,0x16,0x36,0x42,0x95,0x95,0x16,0x40,0x0B1,0x0BE,0x0B2,0x16,0x36,0x42,0x3D,0x3D,0x49]
flag=final
for i in range(len(final)):
flag[i]=((final[i]&0xaa)>>1|2*(final[i]&0x55) )-9
out=''.join([chr(i) for i in flag])
print out

flag get

文章目录
|