7.1-7.3
作者:互联网
RE
BUU_RE_Youngter-drive
查壳,upx
脱壳,32位,查字符
主函数:
int __cdecl main_0(int argc, const char **argv, const char **envp)
{
HANDLE v4; // [esp+D0h] [ebp-14h]
HANDLE hObject; // [esp+DCh] [ebp-8h]
((void (*)(void))sub_4110FF)();
::hObject = CreateMutexW(0, 0, 0);
j_strcpy(Destination, Source);
hObject = CreateThread(0, 0, StartAddress, 0, 0, 0);
v4 = CreateThread(0, 0, sub_41119F, 0, 0, 0);
CloseHandle(hObject);
CloseHandle(v4);
while ( dword_418008 != -1 )
;
sub_411190();
CloseHandle(::hObject);
return 0;
}
[SWPUCTF 2021 新生赛]fakebase
flag = 'xxxxxxxxxxxxxxxxxxx'
s_box = 'qwertyuiopasdfghjkzxcvb123456#$'
tmp = ''
for i in flag:
tmp += str(bin(ord(i)))[2:].zfill(8)
b1 = int(tmp,2)
s = ''
while b1//31 != 0:
s += s_box[b1%31]
b1 = b1//31
print(s)
# s = u#k4ggia61egegzjuqz12jhfspfkay
大致加密流程就是把flag挨个取出然后拼接成一个字符串,然后再从s_box中取对应的值
也可以简单理解成base31
s='u#k4ggia61egegzjuqz12jhfspfkay'
s_box = 'qwertyuiopasdfghjkzxcvb123456#$'
for j in range(31):
num = j
for i in s[::-1]:
num = num * 31 + s_box.index(i)
num = str(bin(num)[2:])
num = num.zfill((len(num) // 8 + 1) * 8)
flag = ""
for i in range(0,len(num),8):
flag += chr(int(num[i:i+8],2))
print (flag)
flag
NSSCTF{WHAt_BASe31}
标签:box,num,31,hObject,7.3,flag,7.1,b1 来源: https://www.cnblogs.com/1ucky/p/16434958.html