用ida打开level,查看字符串,有一个很明显的flag,打开,汇编
int __cdecl main(int argc, const char **argv, const char **envp)
{
FILE *stream; // ST08_8
signed int i; // [rsp+4h] [rbp-2Ch]
char ptr[24]; // [rsp+10h] [rbp-20h]
unsigned __int64 v7; // [rsp+28h] [rbp-8h]
v7 = __readfsqword(40u);
stream = fopen("flag", "r");
fread(ptr, 1uLL, 20uLL, stream);
fclose(stream);
for ( i = 1; i <= 19; ++i )
{
if ( i & 1 )
printf("%ld\n", (unsigned int)(ptr[i] << i));
else
printf("%ld\n", (unsigned int)(i * ptr[i]));
}
return 0;
}
可以看出,将输出的数字保存到了output.txt了,就是让我们找到原来的数字
a = [198,232,816,200,1536,300,6144,984,51200,570,92160,1200,565248,756,1474560,800,6291456,1782,65536000]
for i in range(19):
if ((i+1) & 1):
print(chr(a[i] >> (i+1)),end="")
else:
print (chr(a[i] // (i+1)),end="")
#include<stdio.h>
int main()
{
int i;
long ptr[20]={0,198,232,816,200,1536,300,6144,984,51200,92160,1200,565248,756,1474560,800,6291456,1782,65536000};
for ( i = 1; i <= 19; ++i )
{
if ( i & 1 )
printf("%c ", (ptr[i] >> i));
else
printf("%ld ",( ptr[i]/i));
}
}
flag{d9-dE6-20c}
版权声明:本文为weixin_47158947原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。