[原创]看雪CTF 攻防战-2019q2-第一题：神秘来信WriteUp-CTF对抗-看雪-安全社区|安全招聘|kanxue.com

[原创]看雪CTF 攻防战-2019q2-第一题：神秘来信WriteUp

发表于: 2019-6-24 11:45 3049

[原创]看雪CTF 攻防战-2019q2-第一题：神秘来信WriteUp

igxk

2019-6-24 11:45

3049

看雪CTF 攻防战-2019q2-第一题：神秘来信WriteUp

6f7K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6%4M7i4y4W2L8h3y4Q4x3V1k6C8j5h3&6^5N6h3g2Q4x3X3c8U0N6r3j5J5x3o6p5&6M7e0u0Q4x3V1k6T1L8r3!0T1i4K6u0r3L8h3q4K6N6r3g2J5i4K6u0r3x3f1#2&6M7%4c8W2M7X3W2G2N6i4y4x3k6i4c8@1k6i4t1J5i4K6u0W2P5X3W2H3

1、ida打开，快捷键F5转成C源代码，关键部分如下：

unsigned __int8 v9; // [esp+10h] [ebp-3Ch]

unsigned __int8 v10; // [esp+11h] [ebp-3Bh]

unsigned __int8 v11; // [esp+12h] [ebp-3Ah]

char v12; // [esp+13h] [ebp-39h]

char v13; // [esp+14h] [ebp-38h]

char v14; // [esp+15h] [ebp-37h]

v4 = strlen((const char *)&v9);

if ( v4 < 7 && v14 == 51 && v13 == 53 && v12 == 51 && v11 + v10 + v9 == 149 )

{// ) + )

v6 = 0;

if ( v4 )

{

v3 = *(&v9 + v6++) + 16 * v3 - 48;

while ( v6 < v4 );

}

所以末3位分别为 51-48，53-48，51-48，即后3位数字为353。

2、for循环进行遍历，前3位ascii码相加为149时打印。

printf("return %d,v9=%d,v10=%d,v11=%d,%c%c%c353 \n",v3,v9,v10,v11,v9,v10,v11);

return -2961972,v9=48,v10=48,v11=53,005353

return -2961972,v9=48,v10=49,v11=52,014353

return -2961972,v9=48,v10=50,v11=51,023353

return -2961972,v9=48,v10=51,v11=50,032353

return -2961972,v9=48,v10=52,v11=49,041353

return -2961972,v9=48,v10=53,v11=48,050353

return -1913396,v9=49,v10=48,v11=52,104353

return -1913396,v9=49,v10=49,v11=51,113353

return -1913396,v9=49,v10=50,v11=50,122353

return -1913396,v9=49,v10=51,v11=49,131353

return -1913396,v9=49,v10=52,v11=48,140353

return -864820,v9=50,v10=48,v11=51,203353

return -864820,v9=50,v10=49,v11=50,212353

return -864820,v9=50,v10=50,v11=49,221353

return -864820,v9=50,v10=51,v11=48,230353

return 183756,v9=51,v10=48,v11=50,302353

return 183756,v9=51,v10=49,v11=49,311353

return 183756,v9=51,v10=50,v11=48,320353

return 1232332,v9=52,v10=48,v11=49,401353

return 1232332,v9=52,v10=49,v11=48,410353

return 2280908,v9=53,v10=48,v11=48,500353

3、穷举如上21个迷，答案为401353

PS C:\1kctf2019q2\1MysteriousLetter2> .\MysteriousLetter2.exe

请输入序列号:

311353

error!

PS C:\1kctf2019q2\1MysteriousLetter2> .\MysteriousLetter2.exe

请输入序列号:

320353

error!

PS C:\1kctf2019q2\1MysteriousLetter2> .\MysteriousLetter2.exe

请输入序列号:

401353

success!

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・0

免费・0

支持