AlexCTF 2017 RE2
2017-04-23 19:15
309 查看
原文地址:https://ngaoopmeo.blogspot.com/2017/02/alexctf-2017write-upre2-c-is-awesomed.html
Check file type using file command
译文:使用file命令查看文件属性
So this is a ELF 64-bit file. Let open ida64 and load it
译文:该文件是一个EFL 64位的文件,使用IDA pro 64位打开它
This is pseudo code
译文:伪代码如下:
a1 is number of parameter. So if number of parameter != 2 program will terminate
译文:al代表参数的个数.如果al不等于2,该程序将退出.
Next
译文:接下来
that code read string from keyboard to v10
译文:输入的内容存入变量v10
And
译文:并且
It compare each character in v10 and off_6020A0 [dword_6020C0[v13]]
so maybe flag is off_6020A0[dword_6020C0[v13]] with v13 is len of flag
译文:比较v10和off_6020A0 [dword_6020C0[v13],可能off_6020A0[dword_6020C0[v13]]是flag的长度
I find off_6020A0 is a string
译文:off_6020A0是一个字符串
内容是
And dword_6020C0 is an array
译文:dword_6020C0是一个数组.
数组的内容是:
And here is code to get flag
译文:解出flag的代码如下:
Flag is ALEXCTF{W3_L0v3_C_W1th_CL45535}
译文:flag为ALEXCTF{W3_L0v3_C_W1th_CL45535}
Check file type using file command
译文:使用file命令查看文件属性
re2; ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, stripped
So this is a ELF 64-bit file. Let open ida64 and load it
译文:该文件是一个EFL 64位的文件,使用IDA pro 64位打开它
This is pseudo code
译文:伪代码如下:
if ( a1 != 2 ) { v2 = *(_QWORD *)a2; LODWORD(v3) = std::operator<<<std::char_traits<char>>(6299968LL, 4198153LL); LODWORD(v4) = std::operator<<<std::char_traits<char>>(v3, v2); std::operator<<<std::char_traits<char>>(v4, 4198161LL); exit(0); }
a1 is number of parameter. So if number of parameter != 2 program will terminate
译文:al代表参数的个数.如果al不等于2,该程序将退出.
Next
译文:接下来
std::allocator<char>::allocator(&v11); std::__cxx11::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string(&v10, *(_QWORD *)(a2 + 8), &v11); std::allocator<char>::~allocator(&v11); v13 = 0;
that code read string from keyboard to v10
译文:输入的内容存入变量v10
And
译文:并且
v13 = 0; LODWORD(v5) = std::__cxx11::basic_string<char,std::char_traits<char>,std::allocator<char>>::begin(&v10); for ( i = v5; ; sub_400D7A((__int64)&i) ) { LODWORD(v6) = std::__cxx11::basic_string<char,std::char_traits<char>,std::allocator<char>>::end(&v10); v12 = v6; if ( !(unsigned __int8)sub_400D3D(&i, &v12) ) break; v7 = sub_400D9A((__int64)&i); if ( *(_BYTE *)v7 != off_6020A0[dword_6020C0[v13]] ) sub_400B56(); ++v13; }
It compare each character in v10 and off_6020A0 [dword_6020C0[v13]]
so maybe flag is off_6020A0[dword_6020C0[v13]] with v13 is len of flag
译文:比较v10和off_6020A0 [dword_6020C0[v13],可能off_6020A0[dword_6020C0[v13]]是flag的长度
I find off_6020A0 is a string
译文:off_6020A0是一个字符串
内容是
L3t_ME_T3ll_Y0u_S0m3th1ng_1mp0rtant_A_{FL4G}_W0nt_b3_3X4ctly_th4t_345y_t0_c4ptur3_H0wev3r_1T_w1ll_b3_C00l_1F_Y0u_g0t_1t
And dword_6020C0 is an array
译文:dword_6020C0是一个数组.
数组的内容是:
0x24,0x5,0x36,0x65,0x7,0x27,0x26,0x2D,0x1,0x3,0x0,0x0D,0x56,0x1,0x3,0x65,0x3,0x2D,0x16,0x2,0x15,0x3,0x65,0x0,0x29,0x44,0x44,0x1,0x44,0x2B
And here is code to get flag
译文:解出flag的代码如下:
#include <stdio.h> int main() { char *strsample = "L3t_ME_T3ll_Y0u_S0m3th1ng_1mp0rtant_A_{FL4G}_W0nt_b3_3X4ctly_th4t_345y_t0_c4ptur3_H0wev3r_1T_w1ll_b3_C00l_1F_Y0u_g0t_1t"; int data[] = {0x24,0x5,0x36,0x65,0x7,0x27,0x26,0x2D,0x1,0x3,0x0,0x0D,0x56,0x1,0x3,0x65,0x3,0x2D,0x16,0x2,0x15,0x3,0x65,0x0,0x29,0x44,0x44,0x1,0x44,0x2B}; for (int i = 0; i < sizeof(data)/sizeof(int); i++) printf("%c", strsample[data[i]]); return 0; }
Flag is ALEXCTF{W3_L0v3_C_W1th_CL45535}
译文:flag为ALEXCTF{W3_L0v3_C_W1th_CL45535}
相关文章推荐
- 0ctf 2017 babyheap writeup
- 看雪CTF2017秋季赛第五题分析
- ZCTF-2017 比赛总结
- 看雪CTF 2017 第六题设计思路和解题思路
- WHCTF 2017 逆向题 CRACKME、BABYRE、EASYHOOK 的解题思路
- PlaidCTF2017之zipper
- Xp0intCTF 2017 writeup
- 2017 429 ichunqiu ctf smallest(pwn300) writeup
- 2017-0CTF-simplesplin-write up
- SECCON CTF 2017 Powerful_Shell
- 2017_ZCTF_Reverse_QEtend
- 由看雪.Wifi万能钥匙 CTF 2017 第4题分析linux double free及unlinking漏洞
- google ctf 2017 inst_prof writeup
- SWPU CTF 2017 Web WriteUp
- NJCTF 2017 web Writeup
- NJCTF 2017 web pictures'wall(详解)
- Boston Key Party CTF 2017: prudentialv2-50
- 2017 火种CTF Writeup
- 0ctf 2017 kernel pwn knote write up
- HCTF 2017 bin Level1 Evr_Q Writeup