[UTCTF2020]babymips

时间:2024-07-15 07:06:09

水一篇

32位

c++写的,长得比较丑陋

进入sub-401164函数

V7的数据可以得到

unsigned char ida_chars[] =
{
  0x62, 0x6C, 0x7F, 0x76, 0x7A, 0x7B, 0x66, 0x73, 0x76, 0x50, 
  0x52, 0x7D, 0x40, 0x54, 0x55, 0x79, 0x40, 0x49, 0x47, 0x4D, 
  0x74, 0x19, 0x7B, 0x6A, 0x42, 0x0A, 0x4F, 0x52, 0x7D, 0x69, 
  0x4F, 0x53, 0x0C, 0x64, 0x10, 0x0F, 0x1E, 0x4A, 0x67, 0x03, 
  0x7C, 0x67, 0x02, 0x6A, 0x31, 0x67, 0x61, 0x37, 0x7A, 0x62, 
  0x2C, 0x2C, 0x0F, 0x6E, 0x17, 0x00, 0x16, 0x0F, 0x16, 0x0A, 
  0x6D, 0x62, 0x73, 0x25, 0x39, 0x76, 0x2E, 0x1C, 0x63, 0x78, 
  0x2B, 0x74, 0x32, 0x16, 0x20, 0x22, 0x44, 0x19, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x4E
};

大概意思应该是异或那里相等

V7传到形式参数a1里面

 

 我不知道他为什么没有后面那一半

#include<stdio.h>
#include<string.h>
int main()
{
	char str[] =
	{
  0x62, 0x6C, 0x7F, 0x76, 0x7A, 0x7B, 0x66, 0x73, 0x76, 0x50, 
  0x52, 0x7D, 0x40, 0x54, 0x55, 0x79, 0x40, 0x49, 0x47, 0x4D, 
  0x74, 0x19, 0x7B, 0x6A, 0x42, 0x0A, 0x4F, 0x52, 0x7D, 0x69, 
  0x4F, 0x53, 0x0C, 0x64, 0x10, 0x0F, 0x1E, 0x4A, 0x67, 0x03, 
  0x7C, 0x67, 0x02, 0x6A, 0x31, 0x67, 0x61, 0x37, 0x7A, 0x62, 
  0x2C, 0x2C, 0x0F, 0x6E, 0x17, 0x00, 0x16, 0x0F, 0x16, 0x0A, 
  0x6D, 0x62, 0x73, 0x25, 0x39, 0x76, 0x2E, 0x1C, 0x63, 0x78, 
  0x2B, 0x74, 0x32, 0x16, 0x20, 0x22, 0x44, 0x19
	};
	char flag[500];
	int i;
	for(i=0;i<strlen(str);i++)
	{
		flag[i]=str[i]^(i+23);
		printf("%c",flag[i]);
	}
	
	return 0;
}
//utflag{mips_cpp_gang_5VDm:~`N]ze;\)5%vZ=C'C(r#$q=*efD"Z

 我知道了

数据用unsigned char,求数组长度用sizeof


#include<stdio.h>
#include<string.h>
int main()
{
	unsigned char str[] =
	{
  0x62, 0x6C, 0x7F, 0x76, 0x7A, 0x7B, 0x66, 0x73, 0x76, 0x50, 
  0x52, 0x7D, 0x40, 0x54, 0x55, 0x79, 0x40, 0x49, 0x47, 0x4D, 
  0x74, 0x19, 0x7B, 0x6A, 0x42, 0x0A, 0x4F, 0x52, 0x7D, 0x69, 
  0x4F, 0x53, 0x0C, 0x64, 0x10, 0x0F, 0x1E, 0x4A, 0x67, 0x03, 
  0x7C, 0x67, 0x02, 0x6A, 0x31, 0x67, 0x61, 0x37, 0x7A, 0x62, 
  0x2C, 0x2C, 0x0F, 0x6E, 0x17, 0x00, 0x16, 0x0F, 0x16, 0x0A, 
  0x6D, 0x62, 0x73, 0x25, 0x39, 0x76, 0x2E, 0x1C, 0x63, 0x78, 
  0x2B, 0x74, 0x32, 0x16, 0x20, 0x22, 0x44, 0x19
	};
	char flag[500];
	int i;
	for(i=0;i<sizeof(str);i++)
	{
		flag[i]=str[i]^(i+23);
		printf("%c",flag[i]);
	}
	
	return 0;
}
//utflag{mips_cpp_gang_5VDm:~`N]ze;\)5%vZ=C'C(r#$q=*efD"ZNY_GX>6&sn.wF8$v*mvA@'}

相关文章