拖入IDA64查看伪代码
1 unsigned __int64 Decry() 2 { 3 char v1; // [rsp+Fh] [rbp-51h] 4 int v2; // [rsp+10h] [rbp-50h] 5 int v3; // [rsp+14h] [rbp-4Ch] 6 int i; // [rsp+18h] [rbp-48h] 7 int v5; // [rsp+1Ch] [rbp-44h] 8 char src[8]; // [rsp+20h] [rbp-40h] 9 __int64 v7; // [rsp+28h] [rbp-38h] 10 int v8; // [rsp+30h] [rbp-30h] 11 __int64 v9; // [rsp+40h] [rbp-20h] 12 __int64 v10; // [rsp+48h] [rbp-18h] 13 int v11; // [rsp+50h] [rbp-10h] 14 unsigned __int64 v12; // [rsp+58h] [rbp-8h] 15 16 v12 = __readfsqword(0x28u); 17 *(_QWORD *)src = 357761762382LL; 18 v7 = 0LL; 19 v8 = 0; 20 v9 = 512969957736LL; 21 v10 = 0LL; 22 v11 = 0; 23 text = (char *)join(key3, &v9); 24 strcpy(key, key1); 25 strcat(key, src); 26 v2 = 0; 27 v3 = 0; 28 getchar(); 29 v5 = strlen(key); 30 for ( i = 0; i < v5; ++i ) 31 { 32 if ( key[v3 % v5] > 64 && key[v3 % v5] <= 90 ) 33 key[i] = key[v3 % v5] + 32; 34 ++v3; 35 } 36 printf("Please input your flag:", src); 37 while ( 1 ) 38 { 39 v1 = getchar(); 40 if ( v1 == 10 ) 41 break; 42 if ( v1 == 32 ) 43 { 44 ++v2; 45 } 46 else 47 { 48 if ( v1 <= 96 || v1 > 122 ) 49 { 50 if ( v1 > 64 && v1 <= 90 ) 51 str2[v2] = (v1 - 39 - key[v3++ % v5] + 97) % 26 + 97; 52 } 53 else 54 { 55 str2[v2] = (v1 - 39 - key[v3++ % v5] + 97) % 26 + 97; 56 } 57 if ( !(v3 % v5) ) 58 putchar(32); 59 ++v2; 60 } 61 } 62 if ( !strcmp(text, str2) ) 63 puts("Congratulation!\n"); 64 else 65 puts("Try again!\n"); 66 return __readfsqword(0x28u) ^ v12; 67 }
3-14 一些参数
注意17 src;20 v9
23 text="killshadow" //涉及大端和小端存储 //那就暂且认为凡是需要手动转成字符串的字符串都按照倒序处理(最起码现在碰到的都是)
24-25 key="ADSFKNDCLS"
30-35 key大写转小写
39-45
1 v1 = getchar(); 2 if ( v1 == ‘\n‘ ) 3 break; 4 if ( v1 == ‘ ‘ ) 5 { 6 ++v2; 7 }
重点运算在48-63 经过和key相关的操作 str2[v2] = (v1 - 39 - key[v3++ % v5] + 97) % 26 + 97; 后,与text比较
准备写脚本
原文:https://www.cnblogs.com/CCCDD/p/15060447.html