DDCTF2019-Confused

题目文件为一个osx的app,打开包内容可以发现Contents/MacOS里有一个xia0Crackme,很明显是要对这个文件进行分析。

IDA打开,定位到checkcode函数,对输入进行约束,前缀为DDCTF{,结尾为},中间部分长度为18,另外进入check函数。

经过分析,程序会根据下面的数组对输入进行校验。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
[0xf0,0x10,0x66,0x0,0x0,0x0,
0xf8,
0xf2,0x30,
0xf6,0xc1,
0xf0,0x10,0x63,0x0,0x0,0x0,
0xf8,
0xf2,0x31,
0xf6,0xb6,
0xf0,0x10,0x6a,0x0,0x0,0x0,
0xf8,
0xf2,0x32,
0xf6,0xab,
0xf0,0x10,0x6a,0x0,0x0,0x0,
0xf8,
0xf2,0x33,
0xf6,0xa0,
0xf0,0x10,0x6d,0x0,0x0,0x0,
0xf8,
0xf2,0x34,
0xf6,0x95,
0xf0,0x10,0x57,0x0,0x0,0x0,
0xf8,
0xf2,0x35,
0xf6,0x8a,
0xf0,0x10,0x6d,0x0,0x0,0x0,
0xf8,
0xf2,0x36,
0xf6,0x7f,
0xf0,0x10,0x73,0x0,0x0,0x0,
0xf8,
0xf2,0x37,
0xf6,0x74,
0xf0,0x10,0x45,0x0,0x0,0x0,
0xf8,
0xf2,0x38,
0xf6,0x69,
0xf0,0x10,0x6d,0x0,0x0,0x0,
0xf8,
0xf2,0x39,
0xf6,0x5e,
0xf0,0x10,0x72,0x0,0x0,0x0,
0xf8,
0xf2,0x3a,
0xf6,0x53,
0xf0,0x10,0x52,0x0,0x0,0x0,
0xf8,
0xf2,0x3b,
0xf6,0x48,
0xf0,0x10,0x66,0x0,0x0,0x0,
0xf8,
0xf2,0x3c,
0xf6,0x3d,
0xf0,0x10,0x63,0x0,0x0,0x0,
0xf8,
0xf2,0x3d,
0xf6,0x32,
0xf0,0x10,0x44,0x0,0x0,0x0,
0xf8,
0xf2,0x3e,
0xf6,0x27,
0xf0,0x10,0x6a,0x0,0x0,0x0,
0xf8,
0xf2,0x3f,
0xf6,0x1c,
0xf0,0x10,0x79,0x0,0x0,0x0,
0xf8,
0xf2,0x40,
0xf6,0x11,
0xf0,0x10,0x65,0x0,0x0,0x0,
0xf8,
0xf2,0x41,
0xf6,0x6,
0xf7,0x1,0x0,0x0,0x0,
0xf3,]

0xf0使a=0xf0后面的第二个数

0xf8使a凯撒移位2位

0xf2比较输入与a是否相等

0xf6如果相等则向下运行,否则改变程序流程

0xf7使标记successfailed的标志位为success

0xf3结束程序

加密解密不是很复杂,贴上脚本:

1
2
3
4
5
6
7
8
9
10
s=[0x66,0x63,0x6a,0x6a,0x6d,0x57,0x6d,0x73,0x45,0x6d,0x72,0x52,0x66,0x63,0x44,0x6a,0x79,0x65]
flag=''
for i in s:
if i>=ord('a') and i<=ord('z'):
flag+=chr((i-ord('a')+2)%26+ord('a'))
elif i>=ord('A') and i<=ord('Z'):
flag+=chr((i-ord('A')+2)%26+ord('A'))
else:
flag+=chr(i)
print flag
文章目录
|