FlareOn2_very_success

发表于2022-12-09更新于2023-01-13

[FlareOn2]very_success

32位ida

image-20221209211232916

很明显一个输入加判断

image-20221209211304600

简单的加密,唯一要注意的就是v11

image-20221209211412807

看汇编或者动调发现,因为这个popf的原因,使得cf标志位为1,adc是带进位加法,也就是说这个v11恒为1

至于a3则靠动调直接得出,只不过a3有部分数据有可能会被ida错误的识别成代码

image-20221209211635110

写脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
flag = [
    0xa8, 0x9a, 0x90, 0xb3, 0xb6, 0xbc, 0xb4, 0xab,
    0x9d, 0xae, 0xf9, 0xb8, 0x9d, 0xb8, 0xaf, 0xba,
    0xa5, 0xa5, 0xba, 0x9a, 0xbc, 0xb0, 0xa7, 0xc0,
    0x8a, 0xaa, 0xae, 0xaf, 0xba, 0xa4, 0xec, 0xaa,
    0xae, 0xeb, 0xad, 0xaa, 0xaf
]

v4 = 0
for i in range(len(flag)):
    x = 1 << (v4 & 3)
    y = (flag[i] - 1 - x) ^ 0xc7
    print(chr(y), end="")
    v4 += flag[i]

flag{a_Little_b1t_harder_plez@flare-on.com}