NSSCTF_RE_[NSSRound#3 Team]jump_by_jump_revenge
32位exe程序
主函数没什么,但是能找到字符串:
这里爆红了,由上一题得知,这又是花指令:
依然是在空行那里nop
然后在主函数的开头按P解析函数再按F5就可以得到反汇编:
int __cdecl main_0(int argc, const char **argv, const char **envp)
{
int i; // [esp+D0h] [ebp-40h]
char Str1[36]; // [esp+E8h] [ebp-28h] BYREF
sub_411037("%s", (char)Str1);
for ( i = 0; i < 29; ++i )
Str1[i] = (Str1[i] + Str1[(i * i + 123) % 21]) % 96 + 32;
if ( !j_strcmp(Str1, "~4G~M:=WV7iX,zlViGmu4?hJ0H-Q*") )
puts("right!");
else
puts("nope!");
return 0;
}
s=['~','4','G','~','M',':','=','W','V','7','i','X',',','z','l','V','i','G','m','u','4','?','h','J','0','H','-','Q','*'] flag='' for i in range(28,-1,-1): k=(i*i+123)%21 for j in range(3): s1=ord(s[i])-0x20+j*0x60-ord(s[k]) if s1>=33 and s1<=126: s[i]=chr(s1) break print(s)
NSSCTF{Jump_b9_jump!_r3V3n9e}