reverse-XNUCA-babyfuscator
上一次线上赛的一道题目
链接:http://pan.baidu.com/s/1qY9ztKC 密码:xlr2
这是一道代码混淆的题目,因为当时还不知道angr这样一个软件,所以我就用了自己的一种思路
本体是对32位密码进行顺次加密运算的(确实是顺次,我验算过),所以我的思路就是修改源代码,进行顺次爆破
主要思想是在每一次报错的goto跳转前加上一个唯一的m变量值,并在报错的代码处用n变量来保存上一次的m值,如果m=n则说明,是同一位发生错误,继续爆破该位,若m!=n则说明,上一位正确,已经跳转到下一位,则i++开始爆破下一位。
个人觉得方法还比较简单,工作量也比较小,上代码:
// ewwe.cpp : Defines the entry point for the console application.
// #include<stdio.h>
#include<stdlib.h>
typedef char _BYTE; void main()
{
unsigned int v1; // [sp+Ch] [bp-24h]@0
unsigned __int8 v2; // [sp+14h] [bp-1Ch]@69
char v3; // [sp+16h] [bp-1Ah]@2
char v4; // [sp+16h] [bp-1Ah]@32
char v5; // [sp+16h] [bp-1Ah]@34
char v6; // [sp+17h] [bp-19h]@8
char v7; // [sp+18h] [bp-18h]@5
char v8; // [sp+18h] [bp-18h]@19
char v9; // [sp+18h] [bp-18h]@44
char v10; // [sp+19h] [bp-17h]@0
char v11; // [sp+19h] [bp-17h]@19
char v12; // [sp+1Ah] [bp-16h]@4
char v13; // [sp+1Ah] [bp-16h]@21
char v14; // [sp+1Bh] [bp-15h]@10
char v15; // [sp+1Bh] [bp-15h]@38
char v16; // [sp+1Ch] [bp-14h]@44
char v17; // [sp+1Dh] [bp-13h]@2
char v18; // [sp+1Dh] [bp-13h]@4
char v19; // [sp+1Fh] [bp-11h]@0
char v20; // [sp+1Fh] [bp-11h]@26
char table[]="abcdefghijklmnopqrstuvwxyz0123456789";
char a1[]="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
int i=;
int j=;
int m;
int n=; for(j;j<;j++){
a1[i]=table[j];
if ( v1 + 0x717BAD35 > 0xFFFFFFFF )
goto LABEL_75;
v17 = ((*(_BYTE *)a1 ^ 0x10) + ) ^ 0x12;
v3 = ((((((v17 + ) ^ 0x1B) + ) ^ 0x39) + ) ^ 0x29) + ;
if ( ((unsigned __int8)((v3 ^ 0x3B) + ) ^ 0xA) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_15;
v18 = ((*(_BYTE *)(a1 + ) ^ ) + ) ^ 0x16;
v12 = ((v18 + ) ^ 0x2F) + ;;
while ( )
{
v7 = (v12 ^ 0x32) + ;
if ( ((unsigned __int8)((((v7 ^ 0xB) + ) ^ 0x2B) + ) ^ ) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x26) + ) ^ 0x14;
v7 = ((((v18 + ) ^ ) + ) ^ ) + ;
}
do
{
v6 = v7 ^ 0x3D;
if ( ((unsigned __int8)((((v7 ^ 0x3D) + ) ^ 0x31) + ) ^ 0xC) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_83;
v18 = ((*(_BYTE *)(a1 + ) ^ 0x2F) + ) ^ 0x29;
v14 = (v18 + ) ^ 0x1F;
if ( ((unsigned __int8)(((((((v18 + ) ^ 0x27) + ) ^ 0x31) + ) ^ 0x26) + ) ^ 0x32) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_82;
v18 = *(_BYTE *)(a1 + ) ^ 0x1F;
v7 = ((((v18 + ) ^ 0x21) + ) ^ 0x27) + ;
if ( ((unsigned __int8)((((v7 ^ 0x2D) + ) ^ 0x19) + ) ^ 0x39) != )
{m=;
goto LABEL_88;}
}
while ( v1 + > 0xFFFFFFFF );
v17 = (*(_BYTE *)(a1 + ) + ) ^ 0x26;
v3 = ((((((v17 + ) ^ 0x10) + ) ^ 0x32) + ) ^ ) + ;
LABEL_15:
if ( ((unsigned __int8)((v3 ^ 0xA) + ) ^ 0x12) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_59;
if ( ((unsigned __int8)((((((((((*(_BYTE *)(a1 + ) ^ 0x17) + ) ^ 0x27) + ) ^ 0x26) + ) ^ ) + ) ^ 0x16) + ) ^ 0x1C) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_31;
v19 = *(_BYTE *)(a1 + ) ^ 0x1A;
v11 = (((((v19 + ) ^ ) + ) ^ 0x25) + ) ^ 0x30;
v8 = v11 + ;
if ( ((unsigned __int8)((((v11 + ) ^ 0x24) + ) ^ 0x2F) ^ 0x2B) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
break;
while ( )
{
if ( ((unsigned __int8)((((v8 ^ 0x39) + ) ^ 0x36) + ) ^ 0x16) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v19 = *(_BYTE *)(a1 + ) ^ 0x30;
v10 = (((((v19 + ) ^ 0x11) + ) ^ 0x13) + ) ^ 0x21;
LABEL_75:
v2 = (((v10 ^ 0x35) + ) ^ 0x19) + ;
goto LABEL_76;
}
LABEL_32:
v4 = v8 ^ 0x1B;
if ( ((unsigned __int8)((v8 ^ ) + ) ^ 0x21) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x2C) + ) ^ 0x35;
v12 = (v18 + ) ^ 0x29;
v5 = ((((v18 + ) ^ 0x21) + ) ^ 0xA) + ;
if ( ((unsigned __int8)((v5 ^ 0x26) + ) ^ 0x2D) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_42;
v17 = *(_BYTE *)(a1 + ) ^ 0x1F;
v3 = ((((v17 + ) ^ 0x3A) + ) ^ 0x27) + ;
if ( ((unsigned __int8)((v3 ^ 0x1B) + ) ^ 0x16) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_15;
v19 = *(_BYTE *)(a1 + ) ^ 0x10;
v15 = (((v19 + ) ^ 0x14) + ) ^ ;
LABEL_39:
v11 = (v15 + ) ^ 0x1E;
v4 = ((v11 + ) ^ 0x1A) + ;
if ( ((unsigned __int8)((v4 ^ 0x24) + ) ^ ) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
break;
}
while ( )
{
if ( ((unsigned __int8)((v4 ^ 0x2D) + ) ^ ) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ ) + ) ^ 0x19;
v14 = (v18 + ) ^ 0x2C;
goto LABEL_82;
}
LABEL_69:
v2 = ((((v11 + ) ^ 0x1B) + ) ^ 0x1E) + ;
if ( (v2 ^ 0x34) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
break;
LABEL_76:
if ( (v2 ^ 0x12) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_49;
v19 = *(_BYTE *)(a1 + ) ^ 0x11;
v11 = (((((v19 + ) ^ ) + ) ^ 0x15) + ) ^ 0x3E;
v4 = ((v11 + ) ^ 0xF) + ;
}
v19 = *(_BYTE *)(a1 + ) ^ 0x36;
v11 = (((((v19 + ) ^ 0x14) + ) ^ 0x3B) + ) ^ 0x24;
v8 = v11 + ;
}
v18 = ((*(_BYTE *)(a1 + ) ^ ) + ) ^ ;
v12 = v18 + ;
v5 = ((((v18 + ) ^ 0x33) + ) ^ 0x1C) + ;
LABEL_42:
if ( ((unsigned __int8)((v5 ^ 0x2A) + ) ^ 0x2D) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x20) + ) ^ 0x1D;
v16 = v18 + ;
v9 = ((((v18 + ) ^ 0x3F) + ) ^ ) + ;
if ( ((unsigned __int8)((((v9 ^ 0x23) + ) ^ 0x11) + ) ^ 0x28) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x22) + ) ^ 0x12;
v14 = (v18 + ) ^ 0xA;
if ( ((unsigned __int8)(((((((v18 + ) ^ 0x25) + ) ^ 0x29) + ) ^ 0x1F) + ) ^ 0xF) == )
{
if ( v1 + > 0xFFFFFFFF )
goto LABEL_52;
v19 = *(_BYTE *)(a1 + ) ^ 0x11;
LABEL_49:
v18 = (v19 + ) ^ 0x2E;
goto LABEL_50;
}
m=;
LABEL_88:
if(n==m)
{
goto label;
}
else
{
n=m;
i++;
j=-;
goto label; }
}
goto LABEL_62;
}
}
v18 = ((*(_BYTE *)(a1 + ) ^ 0xC) + ) ^ 0x34;
v14 = (v18 + ) ^ ;
v13 = v14 + ;
if ( ((unsigned __int8)(((((((v14 + ) ^ 0x27) + ) ^ 0x3B) + ) ^ 0x23) + ) ^ 0x16) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_56;
v17 = ((*(_BYTE *)(a1 + ) ^ 0xA) + ) ^ 0x3D;
if ( ((unsigned __int8)(((((((((v17 + ) ^ 0x37) + ) ^ 0x19) + ) ^ 0x23) + ) ^ 0x38) + ) ^ 0x29) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v20 = *(_BYTE *)(a1 + ) ^ 0xD;
LABEL_27:
v17 = (v20 + ) ^ 0x3A;
if ( ((unsigned __int8)(((((((((v17 + ) ^ 0x28) + ) ^ 0x1B) + ) ^ 0x1D) + ) ^ 0x39) + ) ^ 0x36) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x20) + ) ^ 0x3C;
if ( ((unsigned __int8)(((((((v18 + ) ^ 0x3A) + ) ^ ) + ) ^ 0x36) + ) ^ 0x29) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_50;
LABEL_31:
v19 = *(_BYTE *)(a1 + ) ^ ;
v11 = (((((v19 + ) ^ 0x2F) + ) ^ 0x38) + ) ^ 0x3F;
v8 = v11 + ;
goto LABEL_32;
}
}
while ( )
{
LABEL_59:
if ( ((unsigned __int8)(((((((((v17 + ) ^ 0x3A) + ) ^ 0x1A) + ) ^ 0xC) + ) ^ 0x28) + ) ^ 0x2A) !=
|| v1 + > 0xFFFFFFFF )
{m=;
goto LABEL_88;}
v18 = *(_BYTE *)(a1 + ) ^ 0x23;
v16 = v18 + ;
v9 = ((((v18 + ) ^ ) + ) ^ 0x1B) + ;
LABEL_62:
if ( ((unsigned __int8)((((v9 ^ 0x11) + ) ^ 0x3A) + ) ^ 0xC) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
break;
v17 = ((*(_BYTE *)(a1 + ) ^ 0x29) + ) ^ 0x18;
if ( ((unsigned __int8)(((((((v17 + ) ^ ) + ) ^ 0x22) + ) ^ 0x22) + ) ^ 0x3A) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v19 = *(_BYTE *)(a1 + ) ^ 0x2B;
v15 = (((v19 + ) ^ 0x1F) + ) ^ ;
if ( ((unsigned __int8)(((((((v15 + ) ^ 0x20) + ) ^ 0x37) + ) ^ ) + ) ^ 0x1F) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v19 = *(_BYTE *)(a1 + ) ^ ;
v11 = (((((v19 + ) ^ 0x35) + ) ^ 0x2E) + ) ^ 0xE;
goto LABEL_69;
}
goto LABEL_39;
}
}
while ( )
{
v14 = v16 ^ 0xB;
if ( ((unsigned __int8)((((((((v16 ^ 0xB) + ) ^ 0x24) + ) ^ 0x1E) + ) ^ 0x2A) + ) ^ 0x21) != )
{m=;
goto LABEL_88;}
LABEL_52:
if ( v1 + <= 0xFFFFFFFF )
{
v20 = *(_BYTE *)(a1 + ) ^ 0x3C;
if ( ((unsigned __int8)((((((((v20 + ) ^ 0x27) + ) ^ ) + ) ^ ) + ) ^ 0x36) ^ 0x27) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_27;
v18 = ((*(_BYTE *)(a1 + ) ^ 0x2C) + ) ^ 0x28;
v14 = (v18 + ) ^ 0x27;
v13 = (v18 + ) ^ 0x27;
LABEL_56:
if ( ((unsigned __int8)(((((v13 ^ 0x3A) + ) ^ ) + ) ^ 0x2F) ^ 0x1B) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v17 = ((*(_BYTE *)(a1 + ) ^ 0x33) + ) ^ 0x38;
goto LABEL_59;
}
}
LABEL_82:
v6 = (((v14 + ) ^ 0xF) + ) ^ 0x24;
LABEL_83:
if ( ((unsigned __int8)(((v6 + ) ^ ) + ) ^ 0x2E) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
if ( ((unsigned __int8)((((((((((((*(_BYTE *)(a1 + ) ^ ) + ) ^ 0x2C) + ) ^ 0x3C) + ) ^ 0x17) + ) ^ 0x30) + ) ^ 0x3C)
+ ) ^ 0x17) == )
{
printf("Congratulations!The flag is %s\n", a1);
system("pause");
}
{m=;
goto LABEL_88;}
}
LABEL_50:
v16 = v18 + ;
}
label:continue;
} }
reverse-XNUCA-babyfuscator的更多相关文章
- LeetCode 7. Reverse Integer
Reverse digits of an integer. Example1: x = 123, return 321 Example2: x = -123, return -321 Have you ...
- js sort() reverse()
数组中存在的两个方法:sort()和reverse() 直接用sort(),如下: ,,,,,,,,,,,]; console.log(array.sort());ps:[0, 1, 2, 2, 29 ...
- [LeetCode] Reverse Vowels of a String 翻转字符串中的元音字母
Write a function that takes a string as input and reverse only the vowels of a string. Example 1:Giv ...
- [LeetCode] Reverse String 翻转字符串
Write a function that takes a string as input and returns the string reversed. Example: Given s = &q ...
- [LeetCode] Reverse Linked List 倒置链表
Reverse a singly linked list. click to show more hints. Hint: A linked list can be reversed either i ...
- [LeetCode] Reverse Bits 翻转位
Reverse bits of a given 32 bits unsigned integer. For example, given input 43261596 (represented in ...
- [LeetCode] Reverse Words in a String II 翻转字符串中的单词之二
Given an input string, reverse the string word by word. A word is defined as a sequence of non-space ...
- [LeetCode] Reverse Words in a String 翻转字符串中的单词
Given an input string, reverse the string word by word. For example, Given s = "the sky is blue ...
- [LeetCode] Evaluate Reverse Polish Notation 计算逆波兰表达式
Evaluate the value of an arithmetic expression in Reverse Polish Notation. Valid operators are +, -, ...
- [LeetCode] Reverse Linked List II 倒置链表之二
Reverse a linked list from position m to n. Do it in-place and in one-pass. For example:Given 1-> ...
随机推荐
- ContentProvider总结
一.使用ContentProvider(内容提供者)共享数据 ContentProvider在android中的作用是对外共享数据,也就是说你可以通过ContentProvider把应用中的数据共享给 ...
- 编译android源码官方教程(6)编译内核
Building Kernels IN THIS DOCUMENT Selecting a kernel Identifying kernel version Downloading sources ...
- 利用excel拆分数据
要求:将sheet1中的数据按照公司名称拆分到不同的工作表 使用VBA: 1:打开sheet1的查看代码 2:运行 ·········································· ...
- 学习c++
慢慢的滑向无边无际的没有回头路的程序猿道路.坚持就是胜利. 致渣渣
- Java中的static关键字解析 转载
原文链接:http://www.cnblogs.com/dolphin0520/p/3799052.html Java中的static关键字解析 static关键字是很多朋友在编写代码和阅读代码时碰到 ...
- My97日期控件 选择日期区间
<script language="javascript" type="text/javascript" src="My97DatePicker ...
- 将php网站移到CentOS 6.7上[一]:yum安装lamp环境
最近应老师要求,将一个网站从51php上转移到学校提供的服务器上,之前对Linux没有了解,一切都在百度百度百度.于是发现很多步骤自己做过后就忘了,现将有效步骤记录下来,以供下次参考. 原51php上 ...
- Apache—DBUtils框架
1.所需要jar包 commons-collections-2.1.1.jarmchange-commons-java-0.2.11.jarmysql-connector-java-5.1.18-bi ...
- redis 数据导出
一.导出所有的keys echo "keys 201*" |./redis-cli -h localhost -p 6379 -a password >> 1.txt ...
- 正则神器,RegexBuddy
解释 转换 测试匹配 使用帮助 正则图书馆 转为PHP案例 功能强大,虽然是英文的!挺不错的~