reverse-XNUCA-babyfuscator
上一次线上赛的一道题目
链接:http://pan.baidu.com/s/1qY9ztKC 密码:xlr2
这是一道代码混淆的题目,因为当时还不知道angr这样一个软件,所以我就用了自己的一种思路
本体是对32位密码进行顺次加密运算的(确实是顺次,我验算过),所以我的思路就是修改源代码,进行顺次爆破
主要思想是在每一次报错的goto跳转前加上一个唯一的m变量值,并在报错的代码处用n变量来保存上一次的m值,如果m=n则说明,是同一位发生错误,继续爆破该位,若m!=n则说明,上一位正确,已经跳转到下一位,则i++开始爆破下一位。
个人觉得方法还比较简单,工作量也比较小,上代码:
// ewwe.cpp : Defines the entry point for the console application.
// #include<stdio.h>
#include<stdlib.h>
typedef char _BYTE; void main()
{
unsigned int v1; // [sp+Ch] [bp-24h]@0
unsigned __int8 v2; // [sp+14h] [bp-1Ch]@69
char v3; // [sp+16h] [bp-1Ah]@2
char v4; // [sp+16h] [bp-1Ah]@32
char v5; // [sp+16h] [bp-1Ah]@34
char v6; // [sp+17h] [bp-19h]@8
char v7; // [sp+18h] [bp-18h]@5
char v8; // [sp+18h] [bp-18h]@19
char v9; // [sp+18h] [bp-18h]@44
char v10; // [sp+19h] [bp-17h]@0
char v11; // [sp+19h] [bp-17h]@19
char v12; // [sp+1Ah] [bp-16h]@4
char v13; // [sp+1Ah] [bp-16h]@21
char v14; // [sp+1Bh] [bp-15h]@10
char v15; // [sp+1Bh] [bp-15h]@38
char v16; // [sp+1Ch] [bp-14h]@44
char v17; // [sp+1Dh] [bp-13h]@2
char v18; // [sp+1Dh] [bp-13h]@4
char v19; // [sp+1Fh] [bp-11h]@0
char v20; // [sp+1Fh] [bp-11h]@26
char table[]="abcdefghijklmnopqrstuvwxyz0123456789";
char a1[]="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
int i=;
int j=;
int m;
int n=; for(j;j<;j++){
a1[i]=table[j];
if ( v1 + 0x717BAD35 > 0xFFFFFFFF )
goto LABEL_75;
v17 = ((*(_BYTE *)a1 ^ 0x10) + ) ^ 0x12;
v3 = ((((((v17 + ) ^ 0x1B) + ) ^ 0x39) + ) ^ 0x29) + ;
if ( ((unsigned __int8)((v3 ^ 0x3B) + ) ^ 0xA) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_15;
v18 = ((*(_BYTE *)(a1 + ) ^ ) + ) ^ 0x16;
v12 = ((v18 + ) ^ 0x2F) + ;;
while ( )
{
v7 = (v12 ^ 0x32) + ;
if ( ((unsigned __int8)((((v7 ^ 0xB) + ) ^ 0x2B) + ) ^ ) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x26) + ) ^ 0x14;
v7 = ((((v18 + ) ^ ) + ) ^ ) + ;
}
do
{
v6 = v7 ^ 0x3D;
if ( ((unsigned __int8)((((v7 ^ 0x3D) + ) ^ 0x31) + ) ^ 0xC) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_83;
v18 = ((*(_BYTE *)(a1 + ) ^ 0x2F) + ) ^ 0x29;
v14 = (v18 + ) ^ 0x1F;
if ( ((unsigned __int8)(((((((v18 + ) ^ 0x27) + ) ^ 0x31) + ) ^ 0x26) + ) ^ 0x32) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_82;
v18 = *(_BYTE *)(a1 + ) ^ 0x1F;
v7 = ((((v18 + ) ^ 0x21) + ) ^ 0x27) + ;
if ( ((unsigned __int8)((((v7 ^ 0x2D) + ) ^ 0x19) + ) ^ 0x39) != )
{m=;
goto LABEL_88;}
}
while ( v1 + > 0xFFFFFFFF );
v17 = (*(_BYTE *)(a1 + ) + ) ^ 0x26;
v3 = ((((((v17 + ) ^ 0x10) + ) ^ 0x32) + ) ^ ) + ;
LABEL_15:
if ( ((unsigned __int8)((v3 ^ 0xA) + ) ^ 0x12) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_59;
if ( ((unsigned __int8)((((((((((*(_BYTE *)(a1 + ) ^ 0x17) + ) ^ 0x27) + ) ^ 0x26) + ) ^ ) + ) ^ 0x16) + ) ^ 0x1C) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_31;
v19 = *(_BYTE *)(a1 + ) ^ 0x1A;
v11 = (((((v19 + ) ^ ) + ) ^ 0x25) + ) ^ 0x30;
v8 = v11 + ;
if ( ((unsigned __int8)((((v11 + ) ^ 0x24) + ) ^ 0x2F) ^ 0x2B) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
break;
while ( )
{
if ( ((unsigned __int8)((((v8 ^ 0x39) + ) ^ 0x36) + ) ^ 0x16) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v19 = *(_BYTE *)(a1 + ) ^ 0x30;
v10 = (((((v19 + ) ^ 0x11) + ) ^ 0x13) + ) ^ 0x21;
LABEL_75:
v2 = (((v10 ^ 0x35) + ) ^ 0x19) + ;
goto LABEL_76;
}
LABEL_32:
v4 = v8 ^ 0x1B;
if ( ((unsigned __int8)((v8 ^ ) + ) ^ 0x21) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x2C) + ) ^ 0x35;
v12 = (v18 + ) ^ 0x29;
v5 = ((((v18 + ) ^ 0x21) + ) ^ 0xA) + ;
if ( ((unsigned __int8)((v5 ^ 0x26) + ) ^ 0x2D) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_42;
v17 = *(_BYTE *)(a1 + ) ^ 0x1F;
v3 = ((((v17 + ) ^ 0x3A) + ) ^ 0x27) + ;
if ( ((unsigned __int8)((v3 ^ 0x1B) + ) ^ 0x16) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_15;
v19 = *(_BYTE *)(a1 + ) ^ 0x10;
v15 = (((v19 + ) ^ 0x14) + ) ^ ;
LABEL_39:
v11 = (v15 + ) ^ 0x1E;
v4 = ((v11 + ) ^ 0x1A) + ;
if ( ((unsigned __int8)((v4 ^ 0x24) + ) ^ ) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
break;
}
while ( )
{
if ( ((unsigned __int8)((v4 ^ 0x2D) + ) ^ ) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ ) + ) ^ 0x19;
v14 = (v18 + ) ^ 0x2C;
goto LABEL_82;
}
LABEL_69:
v2 = ((((v11 + ) ^ 0x1B) + ) ^ 0x1E) + ;
if ( (v2 ^ 0x34) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
break;
LABEL_76:
if ( (v2 ^ 0x12) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_49;
v19 = *(_BYTE *)(a1 + ) ^ 0x11;
v11 = (((((v19 + ) ^ ) + ) ^ 0x15) + ) ^ 0x3E;
v4 = ((v11 + ) ^ 0xF) + ;
}
v19 = *(_BYTE *)(a1 + ) ^ 0x36;
v11 = (((((v19 + ) ^ 0x14) + ) ^ 0x3B) + ) ^ 0x24;
v8 = v11 + ;
}
v18 = ((*(_BYTE *)(a1 + ) ^ ) + ) ^ ;
v12 = v18 + ;
v5 = ((((v18 + ) ^ 0x33) + ) ^ 0x1C) + ;
LABEL_42:
if ( ((unsigned __int8)((v5 ^ 0x2A) + ) ^ 0x2D) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x20) + ) ^ 0x1D;
v16 = v18 + ;
v9 = ((((v18 + ) ^ 0x3F) + ) ^ ) + ;
if ( ((unsigned __int8)((((v9 ^ 0x23) + ) ^ 0x11) + ) ^ 0x28) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x22) + ) ^ 0x12;
v14 = (v18 + ) ^ 0xA;
if ( ((unsigned __int8)(((((((v18 + ) ^ 0x25) + ) ^ 0x29) + ) ^ 0x1F) + ) ^ 0xF) == )
{
if ( v1 + > 0xFFFFFFFF )
goto LABEL_52;
v19 = *(_BYTE *)(a1 + ) ^ 0x11;
LABEL_49:
v18 = (v19 + ) ^ 0x2E;
goto LABEL_50;
}
m=;
LABEL_88:
if(n==m)
{
goto label;
}
else
{
n=m;
i++;
j=-;
goto label; }
}
goto LABEL_62;
}
}
v18 = ((*(_BYTE *)(a1 + ) ^ 0xC) + ) ^ 0x34;
v14 = (v18 + ) ^ ;
v13 = v14 + ;
if ( ((unsigned __int8)(((((((v14 + ) ^ 0x27) + ) ^ 0x3B) + ) ^ 0x23) + ) ^ 0x16) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_56;
v17 = ((*(_BYTE *)(a1 + ) ^ 0xA) + ) ^ 0x3D;
if ( ((unsigned __int8)(((((((((v17 + ) ^ 0x37) + ) ^ 0x19) + ) ^ 0x23) + ) ^ 0x38) + ) ^ 0x29) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v20 = *(_BYTE *)(a1 + ) ^ 0xD;
LABEL_27:
v17 = (v20 + ) ^ 0x3A;
if ( ((unsigned __int8)(((((((((v17 + ) ^ 0x28) + ) ^ 0x1B) + ) ^ 0x1D) + ) ^ 0x39) + ) ^ 0x36) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x20) + ) ^ 0x3C;
if ( ((unsigned __int8)(((((((v18 + ) ^ 0x3A) + ) ^ ) + ) ^ 0x36) + ) ^ 0x29) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_50;
LABEL_31:
v19 = *(_BYTE *)(a1 + ) ^ ;
v11 = (((((v19 + ) ^ 0x2F) + ) ^ 0x38) + ) ^ 0x3F;
v8 = v11 + ;
goto LABEL_32;
}
}
while ( )
{
LABEL_59:
if ( ((unsigned __int8)(((((((((v17 + ) ^ 0x3A) + ) ^ 0x1A) + ) ^ 0xC) + ) ^ 0x28) + ) ^ 0x2A) !=
|| v1 + > 0xFFFFFFFF )
{m=;
goto LABEL_88;}
v18 = *(_BYTE *)(a1 + ) ^ 0x23;
v16 = v18 + ;
v9 = ((((v18 + ) ^ ) + ) ^ 0x1B) + ;
LABEL_62:
if ( ((unsigned __int8)((((v9 ^ 0x11) + ) ^ 0x3A) + ) ^ 0xC) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
break;
v17 = ((*(_BYTE *)(a1 + ) ^ 0x29) + ) ^ 0x18;
if ( ((unsigned __int8)(((((((v17 + ) ^ ) + ) ^ 0x22) + ) ^ 0x22) + ) ^ 0x3A) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v19 = *(_BYTE *)(a1 + ) ^ 0x2B;
v15 = (((v19 + ) ^ 0x1F) + ) ^ ;
if ( ((unsigned __int8)(((((((v15 + ) ^ 0x20) + ) ^ 0x37) + ) ^ ) + ) ^ 0x1F) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v19 = *(_BYTE *)(a1 + ) ^ ;
v11 = (((((v19 + ) ^ 0x35) + ) ^ 0x2E) + ) ^ 0xE;
goto LABEL_69;
}
goto LABEL_39;
}
}
while ( )
{
v14 = v16 ^ 0xB;
if ( ((unsigned __int8)((((((((v16 ^ 0xB) + ) ^ 0x24) + ) ^ 0x1E) + ) ^ 0x2A) + ) ^ 0x21) != )
{m=;
goto LABEL_88;}
LABEL_52:
if ( v1 + <= 0xFFFFFFFF )
{
v20 = *(_BYTE *)(a1 + ) ^ 0x3C;
if ( ((unsigned __int8)((((((((v20 + ) ^ 0x27) + ) ^ ) + ) ^ ) + ) ^ 0x36) ^ 0x27) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_27;
v18 = ((*(_BYTE *)(a1 + ) ^ 0x2C) + ) ^ 0x28;
v14 = (v18 + ) ^ 0x27;
v13 = (v18 + ) ^ 0x27;
LABEL_56:
if ( ((unsigned __int8)(((((v13 ^ 0x3A) + ) ^ ) + ) ^ 0x2F) ^ 0x1B) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v17 = ((*(_BYTE *)(a1 + ) ^ 0x33) + ) ^ 0x38;
goto LABEL_59;
}
}
LABEL_82:
v6 = (((v14 + ) ^ 0xF) + ) ^ 0x24;
LABEL_83:
if ( ((unsigned __int8)(((v6 + ) ^ ) + ) ^ 0x2E) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
if ( ((unsigned __int8)((((((((((((*(_BYTE *)(a1 + ) ^ ) + ) ^ 0x2C) + ) ^ 0x3C) + ) ^ 0x17) + ) ^ 0x30) + ) ^ 0x3C)
+ ) ^ 0x17) == )
{
printf("Congratulations!The flag is %s\n", a1);
system("pause");
}
{m=;
goto LABEL_88;}
}
LABEL_50:
v16 = v18 + ;
}
label:continue;
} }
reverse-XNUCA-babyfuscator的更多相关文章
- LeetCode 7. Reverse Integer
Reverse digits of an integer. Example1: x = 123, return 321 Example2: x = -123, return -321 Have you ...
- js sort() reverse()
数组中存在的两个方法:sort()和reverse() 直接用sort(),如下: ,,,,,,,,,,,]; console.log(array.sort());ps:[0, 1, 2, 2, 29 ...
- [LeetCode] Reverse Vowels of a String 翻转字符串中的元音字母
Write a function that takes a string as input and reverse only the vowels of a string. Example 1:Giv ...
- [LeetCode] Reverse String 翻转字符串
Write a function that takes a string as input and returns the string reversed. Example: Given s = &q ...
- [LeetCode] Reverse Linked List 倒置链表
Reverse a singly linked list. click to show more hints. Hint: A linked list can be reversed either i ...
- [LeetCode] Reverse Bits 翻转位
Reverse bits of a given 32 bits unsigned integer. For example, given input 43261596 (represented in ...
- [LeetCode] Reverse Words in a String II 翻转字符串中的单词之二
Given an input string, reverse the string word by word. A word is defined as a sequence of non-space ...
- [LeetCode] Reverse Words in a String 翻转字符串中的单词
Given an input string, reverse the string word by word. For example, Given s = "the sky is blue ...
- [LeetCode] Evaluate Reverse Polish Notation 计算逆波兰表达式
Evaluate the value of an arithmetic expression in Reverse Polish Notation. Valid operators are +, -, ...
- [LeetCode] Reverse Linked List II 倒置链表之二
Reverse a linked list from position m to n. Do it in-place and in one-pass. For example:Given 1-> ...
随机推荐
- border:0; VS border:none;
border:none与border:0的区别体现为两点:一是理论上的性能差异,二是浏览器兼容性的差异. 性能差异: [border:0;]把border设为“0”像素效果等于border-width ...
- Spring中的事物管理,用 @Transactional 注解声明式地管理事务
事物: 事务管理是企业级应用程序开发中必不可少的技术, 用来确保数据的 完整性和 一致性. 事务就是一系列的动作, 它们被当做一个单独的工作单元. 这些动作要么全部完成, 要么全部不起作用 事务的四 ...
- zigbee学习之路(五):定时器1(查询方式)
一.前言 今天,我们来学习几乎所有单片机都有的功能,定时器的使用,定时器对单片机来说是相当重要的,有了它,单片机就可以进行一些复杂的工作. 二.原理与分析 谈到定时器的控制,我们最先想到的是要给它赋初 ...
- QA、Selenium WebDriver (Q&A)
Q:启动IE浏览器时突然报下面错误,不能正常使用. WebDriverException: Message: Unexpected error launching Internet Explo ...
- openvpn之搭建配置
一.openvpn原理 openvpn通过使用公开密钥(非对称密钥,加密解密使用不同的key,一个称为Publice key,另外一个是Private key)对数据进行加密的.这种方式称为TLS加密 ...
- min.css----全世界最快的CSS框架
有一个CSS框架,叫min.css,它号称是全世界最快的. 难怪,它的代码就这一点. 你看它的页面例子,像Bootstrap,但比后者轻多了,它只是一些CSS样式,没有JavaScript代码. ...
- Hadoop安装指引
pre.ctl { font-family: "Liberation Mono", monospace } p { margin-bottom: 0.25cm; line-heig ...
- Cheatsheet: 2015 08.01 ~ 08.31
Java Beginner's Guide to MVC with Spring Framework Exploring the Spring Web MVC for Web Application ...
- 简单说一下printf("%*s%s",xx,xx,xx);或printf("%*s\n",xx,xx);
大家还记得这个例子吗 #include "public.h" int main() { ; printf("%4d\n",a); ; } 这个输出结果为: ...
- HTML的基本认识
就目前学的HTML,感受最深的就是很多标签.HTML不怎么需要逻辑,只需记忆大量标签.不懂的可以参照W3C的文档.里面有很多学习的东西,很受用. 关于CSS基础: 基本选择器: 1.标签选择器 ...