reverse-XNUCA-babyfuscator
上一次线上赛的一道题目
链接:http://pan.baidu.com/s/1qY9ztKC 密码:xlr2
这是一道代码混淆的题目,因为当时还不知道angr这样一个软件,所以我就用了自己的一种思路
本体是对32位密码进行顺次加密运算的(确实是顺次,我验算过),所以我的思路就是修改源代码,进行顺次爆破
主要思想是在每一次报错的goto跳转前加上一个唯一的m变量值,并在报错的代码处用n变量来保存上一次的m值,如果m=n则说明,是同一位发生错误,继续爆破该位,若m!=n则说明,上一位正确,已经跳转到下一位,则i++开始爆破下一位。
个人觉得方法还比较简单,工作量也比较小,上代码:
// ewwe.cpp : Defines the entry point for the console application.
// #include<stdio.h>
#include<stdlib.h>
typedef char _BYTE; void main()
{
unsigned int v1; // [sp+Ch] [bp-24h]@0
unsigned __int8 v2; // [sp+14h] [bp-1Ch]@69
char v3; // [sp+16h] [bp-1Ah]@2
char v4; // [sp+16h] [bp-1Ah]@32
char v5; // [sp+16h] [bp-1Ah]@34
char v6; // [sp+17h] [bp-19h]@8
char v7; // [sp+18h] [bp-18h]@5
char v8; // [sp+18h] [bp-18h]@19
char v9; // [sp+18h] [bp-18h]@44
char v10; // [sp+19h] [bp-17h]@0
char v11; // [sp+19h] [bp-17h]@19
char v12; // [sp+1Ah] [bp-16h]@4
char v13; // [sp+1Ah] [bp-16h]@21
char v14; // [sp+1Bh] [bp-15h]@10
char v15; // [sp+1Bh] [bp-15h]@38
char v16; // [sp+1Ch] [bp-14h]@44
char v17; // [sp+1Dh] [bp-13h]@2
char v18; // [sp+1Dh] [bp-13h]@4
char v19; // [sp+1Fh] [bp-11h]@0
char v20; // [sp+1Fh] [bp-11h]@26
char table[]="abcdefghijklmnopqrstuvwxyz0123456789";
char a1[]="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
int i=;
int j=;
int m;
int n=; for(j;j<;j++){
a1[i]=table[j];
if ( v1 + 0x717BAD35 > 0xFFFFFFFF )
goto LABEL_75;
v17 = ((*(_BYTE *)a1 ^ 0x10) + ) ^ 0x12;
v3 = ((((((v17 + ) ^ 0x1B) + ) ^ 0x39) + ) ^ 0x29) + ;
if ( ((unsigned __int8)((v3 ^ 0x3B) + ) ^ 0xA) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_15;
v18 = ((*(_BYTE *)(a1 + ) ^ ) + ) ^ 0x16;
v12 = ((v18 + ) ^ 0x2F) + ;;
while ( )
{
v7 = (v12 ^ 0x32) + ;
if ( ((unsigned __int8)((((v7 ^ 0xB) + ) ^ 0x2B) + ) ^ ) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x26) + ) ^ 0x14;
v7 = ((((v18 + ) ^ ) + ) ^ ) + ;
}
do
{
v6 = v7 ^ 0x3D;
if ( ((unsigned __int8)((((v7 ^ 0x3D) + ) ^ 0x31) + ) ^ 0xC) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_83;
v18 = ((*(_BYTE *)(a1 + ) ^ 0x2F) + ) ^ 0x29;
v14 = (v18 + ) ^ 0x1F;
if ( ((unsigned __int8)(((((((v18 + ) ^ 0x27) + ) ^ 0x31) + ) ^ 0x26) + ) ^ 0x32) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_82;
v18 = *(_BYTE *)(a1 + ) ^ 0x1F;
v7 = ((((v18 + ) ^ 0x21) + ) ^ 0x27) + ;
if ( ((unsigned __int8)((((v7 ^ 0x2D) + ) ^ 0x19) + ) ^ 0x39) != )
{m=;
goto LABEL_88;}
}
while ( v1 + > 0xFFFFFFFF );
v17 = (*(_BYTE *)(a1 + ) + ) ^ 0x26;
v3 = ((((((v17 + ) ^ 0x10) + ) ^ 0x32) + ) ^ ) + ;
LABEL_15:
if ( ((unsigned __int8)((v3 ^ 0xA) + ) ^ 0x12) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_59;
if ( ((unsigned __int8)((((((((((*(_BYTE *)(a1 + ) ^ 0x17) + ) ^ 0x27) + ) ^ 0x26) + ) ^ ) + ) ^ 0x16) + ) ^ 0x1C) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_31;
v19 = *(_BYTE *)(a1 + ) ^ 0x1A;
v11 = (((((v19 + ) ^ ) + ) ^ 0x25) + ) ^ 0x30;
v8 = v11 + ;
if ( ((unsigned __int8)((((v11 + ) ^ 0x24) + ) ^ 0x2F) ^ 0x2B) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
break;
while ( )
{
if ( ((unsigned __int8)((((v8 ^ 0x39) + ) ^ 0x36) + ) ^ 0x16) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v19 = *(_BYTE *)(a1 + ) ^ 0x30;
v10 = (((((v19 + ) ^ 0x11) + ) ^ 0x13) + ) ^ 0x21;
LABEL_75:
v2 = (((v10 ^ 0x35) + ) ^ 0x19) + ;
goto LABEL_76;
}
LABEL_32:
v4 = v8 ^ 0x1B;
if ( ((unsigned __int8)((v8 ^ ) + ) ^ 0x21) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x2C) + ) ^ 0x35;
v12 = (v18 + ) ^ 0x29;
v5 = ((((v18 + ) ^ 0x21) + ) ^ 0xA) + ;
if ( ((unsigned __int8)((v5 ^ 0x26) + ) ^ 0x2D) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_42;
v17 = *(_BYTE *)(a1 + ) ^ 0x1F;
v3 = ((((v17 + ) ^ 0x3A) + ) ^ 0x27) + ;
if ( ((unsigned __int8)((v3 ^ 0x1B) + ) ^ 0x16) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_15;
v19 = *(_BYTE *)(a1 + ) ^ 0x10;
v15 = (((v19 + ) ^ 0x14) + ) ^ ;
LABEL_39:
v11 = (v15 + ) ^ 0x1E;
v4 = ((v11 + ) ^ 0x1A) + ;
if ( ((unsigned __int8)((v4 ^ 0x24) + ) ^ ) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
break;
}
while ( )
{
if ( ((unsigned __int8)((v4 ^ 0x2D) + ) ^ ) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ ) + ) ^ 0x19;
v14 = (v18 + ) ^ 0x2C;
goto LABEL_82;
}
LABEL_69:
v2 = ((((v11 + ) ^ 0x1B) + ) ^ 0x1E) + ;
if ( (v2 ^ 0x34) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
break;
LABEL_76:
if ( (v2 ^ 0x12) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_49;
v19 = *(_BYTE *)(a1 + ) ^ 0x11;
v11 = (((((v19 + ) ^ ) + ) ^ 0x15) + ) ^ 0x3E;
v4 = ((v11 + ) ^ 0xF) + ;
}
v19 = *(_BYTE *)(a1 + ) ^ 0x36;
v11 = (((((v19 + ) ^ 0x14) + ) ^ 0x3B) + ) ^ 0x24;
v8 = v11 + ;
}
v18 = ((*(_BYTE *)(a1 + ) ^ ) + ) ^ ;
v12 = v18 + ;
v5 = ((((v18 + ) ^ 0x33) + ) ^ 0x1C) + ;
LABEL_42:
if ( ((unsigned __int8)((v5 ^ 0x2A) + ) ^ 0x2D) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x20) + ) ^ 0x1D;
v16 = v18 + ;
v9 = ((((v18 + ) ^ 0x3F) + ) ^ ) + ;
if ( ((unsigned __int8)((((v9 ^ 0x23) + ) ^ 0x11) + ) ^ 0x28) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x22) + ) ^ 0x12;
v14 = (v18 + ) ^ 0xA;
if ( ((unsigned __int8)(((((((v18 + ) ^ 0x25) + ) ^ 0x29) + ) ^ 0x1F) + ) ^ 0xF) == )
{
if ( v1 + > 0xFFFFFFFF )
goto LABEL_52;
v19 = *(_BYTE *)(a1 + ) ^ 0x11;
LABEL_49:
v18 = (v19 + ) ^ 0x2E;
goto LABEL_50;
}
m=;
LABEL_88:
if(n==m)
{
goto label;
}
else
{
n=m;
i++;
j=-;
goto label; }
}
goto LABEL_62;
}
}
v18 = ((*(_BYTE *)(a1 + ) ^ 0xC) + ) ^ 0x34;
v14 = (v18 + ) ^ ;
v13 = v14 + ;
if ( ((unsigned __int8)(((((((v14 + ) ^ 0x27) + ) ^ 0x3B) + ) ^ 0x23) + ) ^ 0x16) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_56;
v17 = ((*(_BYTE *)(a1 + ) ^ 0xA) + ) ^ 0x3D;
if ( ((unsigned __int8)(((((((((v17 + ) ^ 0x37) + ) ^ 0x19) + ) ^ 0x23) + ) ^ 0x38) + ) ^ 0x29) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v20 = *(_BYTE *)(a1 + ) ^ 0xD;
LABEL_27:
v17 = (v20 + ) ^ 0x3A;
if ( ((unsigned __int8)(((((((((v17 + ) ^ 0x28) + ) ^ 0x1B) + ) ^ 0x1D) + ) ^ 0x39) + ) ^ 0x36) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v18 = ((*(_BYTE *)(a1 + ) ^ 0x20) + ) ^ 0x3C;
if ( ((unsigned __int8)(((((((v18 + ) ^ 0x3A) + ) ^ ) + ) ^ 0x36) + ) ^ 0x29) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_50;
LABEL_31:
v19 = *(_BYTE *)(a1 + ) ^ ;
v11 = (((((v19 + ) ^ 0x2F) + ) ^ 0x38) + ) ^ 0x3F;
v8 = v11 + ;
goto LABEL_32;
}
}
while ( )
{
LABEL_59:
if ( ((unsigned __int8)(((((((((v17 + ) ^ 0x3A) + ) ^ 0x1A) + ) ^ 0xC) + ) ^ 0x28) + ) ^ 0x2A) !=
|| v1 + > 0xFFFFFFFF )
{m=;
goto LABEL_88;}
v18 = *(_BYTE *)(a1 + ) ^ 0x23;
v16 = v18 + ;
v9 = ((((v18 + ) ^ ) + ) ^ 0x1B) + ;
LABEL_62:
if ( ((unsigned __int8)((((v9 ^ 0x11) + ) ^ 0x3A) + ) ^ 0xC) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
break;
v17 = ((*(_BYTE *)(a1 + ) ^ 0x29) + ) ^ 0x18;
if ( ((unsigned __int8)(((((((v17 + ) ^ ) + ) ^ 0x22) + ) ^ 0x22) + ) ^ 0x3A) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v19 = *(_BYTE *)(a1 + ) ^ 0x2B;
v15 = (((v19 + ) ^ 0x1F) + ) ^ ;
if ( ((unsigned __int8)(((((((v15 + ) ^ 0x20) + ) ^ 0x37) + ) ^ ) + ) ^ 0x1F) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v19 = *(_BYTE *)(a1 + ) ^ ;
v11 = (((((v19 + ) ^ 0x35) + ) ^ 0x2E) + ) ^ 0xE;
goto LABEL_69;
}
goto LABEL_39;
}
}
while ( )
{
v14 = v16 ^ 0xB;
if ( ((unsigned __int8)((((((((v16 ^ 0xB) + ) ^ 0x24) + ) ^ 0x1E) + ) ^ 0x2A) + ) ^ 0x21) != )
{m=;
goto LABEL_88;}
LABEL_52:
if ( v1 + <= 0xFFFFFFFF )
{
v20 = *(_BYTE *)(a1 + ) ^ 0x3C;
if ( ((unsigned __int8)((((((((v20 + ) ^ 0x27) + ) ^ ) + ) ^ ) + ) ^ 0x36) ^ 0x27) != )
{m=;
goto LABEL_88;}
if ( v1 + > 0xFFFFFFFF )
goto LABEL_27;
v18 = ((*(_BYTE *)(a1 + ) ^ 0x2C) + ) ^ 0x28;
v14 = (v18 + ) ^ 0x27;
v13 = (v18 + ) ^ 0x27;
LABEL_56:
if ( ((unsigned __int8)(((((v13 ^ 0x3A) + ) ^ ) + ) ^ 0x2F) ^ 0x1B) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
v17 = ((*(_BYTE *)(a1 + ) ^ 0x33) + ) ^ 0x38;
goto LABEL_59;
}
}
LABEL_82:
v6 = (((v14 + ) ^ 0xF) + ) ^ 0x24;
LABEL_83:
if ( ((unsigned __int8)(((v6 + ) ^ ) + ) ^ 0x2E) != )
{m=;
goto LABEL_88;}
if ( v1 + <= 0xFFFFFFFF )
{
if ( ((unsigned __int8)((((((((((((*(_BYTE *)(a1 + ) ^ ) + ) ^ 0x2C) + ) ^ 0x3C) + ) ^ 0x17) + ) ^ 0x30) + ) ^ 0x3C)
+ ) ^ 0x17) == )
{
printf("Congratulations!The flag is %s\n", a1);
system("pause");
}
{m=;
goto LABEL_88;}
}
LABEL_50:
v16 = v18 + ;
}
label:continue;
} }
reverse-XNUCA-babyfuscator的更多相关文章
- LeetCode 7. Reverse Integer
Reverse digits of an integer. Example1: x = 123, return 321 Example2: x = -123, return -321 Have you ...
- js sort() reverse()
数组中存在的两个方法:sort()和reverse() 直接用sort(),如下: ,,,,,,,,,,,]; console.log(array.sort());ps:[0, 1, 2, 2, 29 ...
- [LeetCode] Reverse Vowels of a String 翻转字符串中的元音字母
Write a function that takes a string as input and reverse only the vowels of a string. Example 1:Giv ...
- [LeetCode] Reverse String 翻转字符串
Write a function that takes a string as input and returns the string reversed. Example: Given s = &q ...
- [LeetCode] Reverse Linked List 倒置链表
Reverse a singly linked list. click to show more hints. Hint: A linked list can be reversed either i ...
- [LeetCode] Reverse Bits 翻转位
Reverse bits of a given 32 bits unsigned integer. For example, given input 43261596 (represented in ...
- [LeetCode] Reverse Words in a String II 翻转字符串中的单词之二
Given an input string, reverse the string word by word. A word is defined as a sequence of non-space ...
- [LeetCode] Reverse Words in a String 翻转字符串中的单词
Given an input string, reverse the string word by word. For example, Given s = "the sky is blue ...
- [LeetCode] Evaluate Reverse Polish Notation 计算逆波兰表达式
Evaluate the value of an arithmetic expression in Reverse Polish Notation. Valid operators are +, -, ...
- [LeetCode] Reverse Linked List II 倒置链表之二
Reverse a linked list from position m to n. Do it in-place and in one-pass. For example:Given 1-> ...
随机推荐
- codeforces VK cup 2016-round 1 D.Bear and Contribution
题意大概就是有n个数字,要使至少有k个相同,可以花费b使一个数+5,可以花费c使一个数+1,求最小花费. 要对齐的数肯定是在[v,v+4]之间,所以分别枚举模为0~4的情况就可以了. 排序一下,然后化 ...
- javscript 中的术语和俚语
语言中俚语和方言.在JavaScript中也有一些俚语或者说是术语,看似奇淫巧技,还是有一些用处,有三种语言组件可以来构造术语:强转.逻辑运算符和位变换. 1.强转:在javascript和大部分的语 ...
- AJAX的问题
1.什么是AJAX AJAX即"Asynchronous Javascript And XML"(异步JavaScript和XML),是指一种创建交互式网页应用的网页开发技术. A ...
- MyBatis简介
- C#定时执行一个操作
一个客户端向服务器端socket发送报文,但是服务器端限制了发送频率,假如10秒内只能发送1次,这时客户端也要相应的做限制,初步的想法是在配置文件中保存上次最后发送的时间,当前发送时和这个上次最后时间 ...
- sizeof()和strlen()
sizeof计算的是栈中大小 P { margin-bottom: 0.21cm; direction: ltr; color: rgb(0, 0, 0); text-align: justify } ...
- 程序设计入门——C语言 第5周编程练习 1高精度小数(10分)
1 高精度小数(10分) 题目内容: 由于计算机内部表达方式的限制,浮点运算都有精度问题,为了得到高精度的计算结果,就需要自己设计实现方法. (0,1)之间的任何浮点数都可以表达为两个正整数的商,为了 ...
- servlet学习笔记_1
一.动态页面和静态页面 动态页面&静态页面:如果浏览器在不同时刻不同条件下访问web服务器的某个页面,浏览器所获得的页面内容会发生变化,那么这种页面称之为动态页面.动态页面和静态页面的区别在于 ...
- (五)socket实践编程
1.服务器端程序编写 (1)socket(2)bind(3)listen(4)accept,返回值是一个fd,accept正确返回就表示我们已经和前来连接我的客户端之间建立了一个TCP连接了,以后我们 ...
- codeforces 446A DZY Loves Sequences
vjudge 上题目链接:codeforces 446A 大意是说最多可以修改数列中的一个数,求最长严格递增的连续子序列长度. 其实就是个 dp 的思想,想好思路后交上去没想到一直 wa 在第二个测试 ...