2022单身杯520wp

发表于2022-05-20更新于2023-01-13

2022单身杯wp(RE)

Day 1

re签到

image-20230113204243675

64位无壳,拖进ida

image-20220520232806319

一眼base64

image-20220520232938893

直接解码三次,得ctfshow{dsb_re_sign_in_hsssssssss}

magic

image-20220520234757793

64位无壳,丢进ida

image-20220520233154947

进入checkToken函数,进一步发现三个判断函数,三个需同时满足

image-20220520233217281

image-20220520233311744

image-20230112180438123

直接复制过去爆破

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
int fact1(int a1)
{
  int v3; // [rsp+10h] [rbp-4h]

  v3 = 0;
  while ( a1 > 0 )
  {
    v3 += a1 % 10;
    a1 /= 10;
  }
  if(v3 == 58) return 1;
  else return 0;
}


int fact2(int a1)
{
  int i; // [rsp+1Ch] [rbp-4h]

  for ( i = 2; sqrt((double)a1) >= (double)i; ++i )
  {
    if ( !(a1 % i) )
      return 0;
  }
  return 1;
}


int fact3(int a1)
{
  int v2; // [rsp+20h] [rbp-10h]
  int v3; // [rsp+20h] [rbp-10h]
  int v4; // [rsp+24h] [rbp-Ch]
  int v5; // [rsp+28h] [rbp-8h]
  int v6; // [rsp+2Ch] [rbp-4h]

  v2 = a1;
  v4 = 0;
  while ( v2 > 0 )
  {
    v2 /= 10;
    ++v4;
  }
  v3 = a1;
  while ( v3 )
  {
    v5 = (int)((double)v3 / pow(10.0, (double)(v4 - 1)));
    v6 = v3 % 10;
    v3 = (int)((double)v3 - pow(10.0, (double)(v4 - 1)) * (double)v5) / 10;
    if ( v5 != v6 )
      return 0;
    v4 -= 2;
  }
  return 1;
}

int main()
{
    int j = 1;
    for(int j = 0; j < 4294967295; j++)
    {
        if(fact1(j)&&fact2(j)&&fact3(j)) printf("%d\n", j);
    }
}

得出结果

image-20220520234630538

1
ctfshow{9888889}