ADWORLD [REV] 666

Posted on

666

老题新做了属于是.本来是一道入门级题目,但是当年想不出来是因为对这种类似crypt的题目比较生疏.越学越发现密码学确实对逆向手来说很重要,趁着水课时间来回忆一下.

IDA Pro打开,就不看main了,直接进入核心函数:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
int __fastcall encode(const char *a1, __int64 a2)
{
  char v3[104]; // [rsp+10h] [rbp-70h]
  int v4; // [rsp+78h] [rbp-8h]
  int i; // [rsp+7Ch] [rbp-4h]

  i = 0;
  v4 = 0;
  if ( strlen(a1) != key )
    return puts("Your Length is Wrong");
  for ( i = 0; i < key; i += 3 )
  {
    v3[i + 64] = key ^ (a1[i] + 6);
    v3[i + 33] = (a1[i + 1] - 6) ^ key;
    v3[i + 2] = a1[i + 2] ^ 6 ^ key;
    *(_BYTE *)(a2 + i) = v3[i + 64];
    *(_BYTE *)(a2 + i + 1LL) = v3[i + 33];
    *(_BYTE *)(a2 + i + 2LL) = v3[i + 2];
  }
  return a2;
}

key是一个全局变量,恒为0x12 .v3其实就是一个tmp数组不用管,for循环里的可以简化为:

1
2
3
*(_BYTE *)(a2 + i) = key ^ (a1[i] + 6);
*(_BYTE *)(a2 + i + 1LL) = (a1[i + 1] - 6) ^ key;
*(_BYTE *)(a2 + i + 2LL) = a1[i + 2] ^ 6 ^ key;

解密脚本:

1
2
3
4
5
6
7
8
9
10
11
12
13
s = [0x69, 0x7A, 0x77, 0x68, 0x72, 0x6F, 0x7A, 0x22, 0x22, 0x77, 0x22, 0x76, 0x2E, 0x4B, 0x22, 0x2E, 0x4E, 0x69]
flag = ''
print(len(s))
key = 18
i = 0

while i < key:
    flag += chr((s[i] ^ key) - 6)
    flag += chr((s[i + 1] ^ key) + 6)
    flag += chr((s[i + 2] ^ 6) ^ key)
    i += 3

print(flag)

水完一节课,去吃饭了冲冲冲.