1.查壳PE32 无壳2.IDA静态分析(1)main// attributes: thunk int __cdecl main(int argc, const char **argv, const char **envp) { return main_0(argc, argv, envp); }main_0int __cdecl main_0(int argc, const char **argv, const char **envp) { int v3; // eax const char *v4; // eax size_t v5; // eax char v7; // [esp+0h] [ebp-188h] char v8; // [esp+0h] [ebp-188h] signed int j; // [esp+DCh] [ebp-ACh] int i; // [esp+E8h] [ebp-A0h] signed int v11; // [esp+E8h] [ebp-A0h] char Destination[108]; // [esp
发现是apk文件,放到Android Killer中打开得到flag为:flag{7631a988259a00816deda84afb29430a}
1.查壳无壳 64位2.IDA静态分析main:int __cdecl main(int argc, const char **argv, const char **envp) { int i; // [rsp+2Ch] [rbp-124h] char __b[264]; // [rsp+40h] [rbp-110h] BYREF memset(__b, 0, 0x100uLL); printf("Input your flag:\n"); get_line(__b, 256LL); if ( strlen(__b) != 33 ) // flag长度为33 goto LABEL_7; for ( i = 1; i < 33; ++i ) __b[i] ^= __b[i - 1]; if ( !strncmp(__b, global, 0x21uLL) ) printf("Success"); else LABEL_7: prin
1.查壳发现有UPX壳脱壳运行回车后程序直接退出2.IDA静态分析int __cdecl main(int argc, const char **argv, const char **envp) { char Str2[14]; // [esp+12h] [ebp-3Ah] BYREF char Str1[44]; // [esp+20h] [ebp-2Ch] BYREF __main(); strcpy(Str2, "HappyNewYear!"); memset(Str1, 0, 32); printf("please input the true flag:"); scanf("%s", Str1); if ( !strncmp(Str1, Str2, strlen(Str2)) ) return puts("this is true flag!"); else return puts("wrong!"); }程序逻辑很简单,f
1.查壳PE32 无壳运行程序2.IDA静态分析(1)main// attributes: thunk int __cdecl main(int argc, const char **argv, const char **envp) { return main_0(argc, argv, envp); }跟进main_0(2)main_0int __cdecl main_0(int argc, const char **argv, const char **envp) { char v4[4]; // [esp+4Ch] [ebp-Ch] BYREF const char *v5; // [esp+50h] [ebp-8h] int v6; // [esp+54h] [ebp-4h] v6 = 5; v5 = "DBAPP{49d3c93df25caad81232130f3d2ebfad}"; while ( v6 >= 0 ) { printf(&byte_4250EC, v6); sub_40100
Norman1z