re1

不会 re 的都可以做

文件md5 hash为：9083aceef1a0c7ea36183fde040f721e
ida反编译

unsigned __int64 __fastcall ba(__int64 a1, size_t *a2)
{
  size_t i; // [rsp+18h] [rbp-68h]
  char v4[20]; // [rsp+2Ch] [rbp-54h] BYREF
  char v5[56]; // [rsp+40h] [rbp-40h] BYREF
  unsigned __int64 v6; // [rsp+78h] [rbp-8h]

  v6 = __readfsqword(0x28u);
  strcpy(&v4[6], "djqjnqdwfyl!");
  strcpy(v4, "flag{");
  pp(v5, v4, &v4[6]);
  pp(v5, v5, &unk_2004);
  *a2 = strlen(v5);
  for ( i = 0LL; i < *a2; ++i )
    *(_BYTE *)(a1 + i) = v5[i];
  return __readfsqword(0x28u) ^ v6;
}

unk_2004的值为}
ai就给分析出flag了

- strcpy(&v4[6], "djqjnqdwfyl!");：将"djqjnqdwfyl!"复制到v4[6]开始的位置。
- strcpy(v4, "flag{");：将"flag{"复制到v4[0]。
- pp(v5, v4, &v4[6]);：假设pp是某种拼接函数（可能是strcat），将v4（"flag{"）和&v4[6]（"djqjnqdwfyl!"）拼接，结果存入v5，即v5 = "flag{djqjnqdwfyl!"。
- pp(v5, v5, &unk_2004);：将v5和某个未知字符串（unk_2004）拼接。

re2

ida反编译看源码

int __cdecl main(int argc, const char **argv, const char **envp)
{
  v10 = __readfsqword(0x28u);
  qmemcpy(v8, "Q[VPL{QVAz]PC^Z]R_QCH]VR_]NZMVSZ]ORM_[HV[SN^AJ", 46);
  v7 = 55;
  puts("Welcome to the secret decoder!");
  puts("Can you figure out the key to unlock the secret message?");
  puts("The message is hidden inside the program...");
  for ( i = 0; i <= 999999; ++i )
    ;
  for ( j = 0; *((_BYTE *)v8 + j); ++j )
    ;
  putchar(10);
  printf("Enter the decryption key (in hexadecimal): ");
  fgets(s, 100, _bss_start);
  __isoc99_sscanf(s, "%x", &v4);
  if ( v7 == v4 )
  {
    xor_encrypt_decrypt(v8, v7);
    printf("Decrypted: %s\n", (const char *)v8);
  }
  else
  {
    puts("Incorrect key. Try again!");
  }
  return 0;
}

如果输入的v4等于v7，则解密成功
需要输入16进行 （%x)
55的十六进制是0x37,输入37

$ ./bb
Welcome to the secret decoder!
Can you figure out the key to unlock the secret message?
The message is hidden inside the program...

Enter the decryption key (in hexadecimal): 37
Decrypted: flag{LfavMjgtimjehftjaehjymzadmjxezhlaldyiv}