发现是apk文件,放到Android Killer中打开得到flag为:flag{7631a988259a00816deda84afb29430a}
1.查壳无壳 64位2.IDA静态分析main:int __cdecl main(int argc, const char **argv, const char **envp) { int i; // [rsp+2Ch] [rbp-124h] char __b[264]; // [rsp+40h] [rbp-110h] BYREF memset(__b, 0, 0x100uLL); printf("Input your flag:\n"); get_line(__b, 256LL); if ( strlen(__b) != 33 ) // flag长度为33 goto LABEL_7; for ( i = 1; i < 33; ++i ) __b[i] ^= __b[i - 1]; if ( !strncmp(__b, global, 0x21uLL) ) printf("Success"); else LABEL_7: prin
1.查壳发现有UPX壳脱壳运行回车后程序直接退出2.IDA静态分析int __cdecl main(int argc, const char **argv, const char **envp) { char Str2[14]; // [esp+12h] [ebp-3Ah] BYREF char Str1[44]; // [esp+20h] [ebp-2Ch] BYREF __main(); strcpy(Str2, "HappyNewYear!"); memset(Str1, 0, 32); printf("please input the true flag:"); scanf("%s", Str1); if ( !strncmp(Str1, Str2, strlen(Str2)) ) return puts("this is true flag!"); else return puts("wrong!"); }程序逻辑很简单,f
1.查壳PE32 无壳运行程序2.IDA静态分析(1)main// attributes: thunk int __cdecl main(int argc, const char **argv, const char **envp) { return main_0(argc, argv, envp); }跟进main_0(2)main_0int __cdecl main_0(int argc, const char **argv, const char **envp) { char v4[4]; // [esp+4Ch] [ebp-Ch] BYREF const char *v5; // [esp+50h] [ebp-8h] int v6; // [esp+54h] [ebp-4h] v6 = 5; v5 = "DBAPP{49d3c93df25caad81232130f3d2ebfad}"; while ( v6 >= 0 ) { printf(&byte_4250EC, v6); sub_40100
1.查壳ELF64 无壳kali中运行用户输入两次flag,程序验证后输出提示,程序退出2.IDA静态分析main:int __cdecl main(int argc, const char **argv, const char **envp) { int stat_loc; // [rsp+4h] [rbp-3Ch] BYREF int i; // [rsp+8h] [rbp-38h] __pid_t pid; // [rsp+Ch] [rbp-34h] char s2[24]; // [rsp+10h] [rbp-30h] BYREF unsigned __int64 v8; // [rsp+28h] [rbp-18h] v8 = __readfsqword(0x28u); pid = fork(); if ( pid ) { waitpid(pid, &stat_loc, 0); } else { for ( i = 0; i <= strlen(&flag); ++i ) {
Norman1z