/home/flag14/flag14是一個加密程序,輸入加-e參數,該程序將對輸入數據加密後輸出到終端:
level14@nebula:~$ /home/flag14/flag14 -e
123456
13579;
逆向加密算法:
v12 = *MK_FP(__GS__, 20);
v8 = 0;
if ( argc <= 1 )
goto LABEL_17;
v3 = __CFADD__(argv, 4);
v4 = argv + 1 == 0;
v5 = 3;
v6 = argv[1];
v7 = &unk_8048660;
do
{
if ( !v5 )
break;
v3 = (const unsigned __int8)*v6 < *v7;
v4 = *v6++ == *v7++;
--v5;
}
while ( v4 );
if ( !(v3 | v4) != v3 )
{
LABEL_17:
printf("%s\n\t-e\tEncrypt input\n", *argv);
exit(1);
}
while ( 1 )
{
v10 = read(0, &v11, 0x40u);
if ( v10 <= 0 )
break;
for ( i = 0; i < v10; ++i )
*((_BYTE *)&v11 + i) += v8++;
if ( write(1, &v11, v10) <= 0 )
exit(0);
}
exit(0);
}
加密算法中,對輸入字符與變量v8做加法,然後v8遞增。
/home/flag14/token爲已經加密後的數據,我們需要對其進行解密:
level14@nebula:~$ cat /home/flag14/token
857:g67?5ABBo:BtDA?tIvLDKL{MQPSRQWW.
編寫解密算法:
enc = '857:g67?5ABBo:BtDA?tIvLDKL{MQPSRQWW.'
dec = ''
for i in range(len(enc)):
dec += chr(ord(enc[i]) - i)
i += 1
print dec
level14@nebula:~$ python exp.py
8457c118-887c-4e40-a5a6-33a25353165
使用解密所得數據登陸flag14即可。