re | [ACTF新生赛2020]fungame

win32console
devc编译 debugmode
肥肠简单

逻辑清晰
白给的位运算前16位:

然后下面有个栈溢出:

嘛白给的溢出 找到下一个函数地址跳过去就行了,然后是白给的base64:

exp都没怎么写 直接拼了一下:

import base64

flag = ''
y1 = [35, 97, 62, 105, 84, 65, 24, 77, 110, 59, 101, 83, 48, 121, 69, 91]
y2 = [113, 4, 97, 88, 39, 30, 75, 34, 94, 100, 3, 38, 94, 23, 60, 122]

for i in range(16):
	for j in range(33,127):
		if (j^y1[i]) == y2[i]:
			flag += chr(j)
			print(flag)
			
'\x00\x40\x23\x3d'
# Re_1s_So0_funny!a1s0_pWn
# Re_1s_So0_funny!=#@a1s0_pWn
'Re_1s_So0_funny!\x3d\x23\x40\x00'
posted @ 2021-02-02 23:26  Mz1  阅读(457)  评论(0编辑  收藏  举报