1.查壳
PE32 无壳
运行程序
2.IDA静态分析
(1)main
// attributes: thunk
int __cdecl main(int argc, const char **argv, const char **envp)
{
return main_0(argc, argv, envp);
}
跟进main_0
(2)main_0
int __cdecl main_0(int argc, const char **argv, const char **envp)
{
char v4[4]; // [esp+4Ch] [ebp-Ch] BYREF
const char *v5; // [esp+50h] [ebp-8h]
int v6; // [esp+54h] [ebp-4h]
v6 = 5;
v5 = "DBAPP{49d3c93df25caad81232130f3d2ebfad}";
while ( v6 >= 0 )
{
printf(&byte_4250EC, v6);
sub_40100A();
--v6;
}
printf(asc_425088);
v4[0] = 1;
scanf("%c", v4);
if ( v4[0] == 89 )
{
printf(aOd);
return sub_40100A();
}
else
{
if ( v4[0] == 78 )
printf(&byte_425034);
else
printf(&byte_42501C);
return sub_40100A();
}
}
v5疑似flag,提交后发现成功,flag为:flag{{49d3c93df25caad81232130f3d2ebfad}}