1.Re:0 从零开始的Re生活

观察提示

re-1.png

拖进IDA搜索,找到

re-2.png

得到flag{40D44537822FEA393EA3DB4A37C1370C}

2.babygo

说实话....这两道Go出的.....

打开辣鸡题目检测器

re-3.png

得到flag{G01ang_1s_1nTeRe51ng}

3.easygo

同上......

re-4.png

得到flag{114r514114e514114r514e}

4.Re1

拖进IDA分析,得到以下代码

// local variable allocation has failed, the output may be wrong!
int __cdecl main(int argc, const char **argv, const char **envp)
{
  unsigned int v3; // eax
  int v4; // eax
  int v6; // ecx
  int v7; // er8
  int v8; // eax
  char v9[35]; // [rsp+20h] [rbp-30h]
  char v10; // [rsp+43h] [rbp-Dh]
  int j; // [rsp+44h] [rbp-Ch]
  unsigned int v12; // [rsp+48h] [rbp-8h]
  int i; // [rsp+4Ch] [rbp-4h]

  _main(*(_QWORD *)&argc, argv, envp);
  show_tips();
  for ( i = 0; i <= 19; ++i )
    rand_number[i] = rand();
  v3 = time(0i64);
  srand(v3);
  v12 = 0;
  dice_number[0] = rand_number[0] % 5 + 1;
  printf("[*] you need to roll point %d\n", (unsigned int)(rand_number[0] % 5 + 1));
  puts("--------------------------------");
  while ( 1 )
  {
    do
      v10 = getchar();
    while ( v10 != 115 && v10 != 83 );
    v4 = rand();
    if ( !(unsigned int)show_dice((unsigned int)(v4 % 5 + 1), v12) )
    {
      puts("[*] wrong point game over");
      system("pause");
      return 0;
    }
    puts("[*] correct point");
    puts("--------------------------------");
    if ( ++v12 == 6 )
      break;
    dice_number[v12] = rand_number[v12] % 5 + 1;
    printf("[*] you need to roll point %d\n", dice_number[v12]);
  }
  dice_number[6] = rand_number[6] % 5 + 1;
  if ( v12 == 6 )
  {
    if ( IsDebuggerPresent() )
      rand_number[1] %= 127;
    v12 = 0;
    printf("[*] input your flag:");
    scanf("%s", v9);
    for ( j = 0; j <= 17; ++j )
    {
      if ( j % 3 )
      {
        if ( v9[j] != rand_number[j] % 56 + 66 )
        {
          puts("[*] wrong flag");
          system("pause");
          return 0;
        }
      }
      else
      {
        v6 = v9[j];
        v7 = rand_number[j] % 56 + 60;
        v8 = v12++;
        if ( v6 != v7 + dice_number[v8] )
        {
          puts("[*] wrong flag");
          system("pause");
          return 0;
        }
      }
    }
    puts("[*] correct flag");
  }
  system("pause");
  return 0;
}

提取关键部分,改写代码

#include <bits/stdc++.h>
using namespace std;

int main()
{
    int rand_number[20];
    int dice_number[20];
    srand(0);
    for(int i = 0; i < 20; i++)
    {
        rand_number[i] = rand();
        dice_number[i] = rand_number[i] % 5 + 1;
    }
    int v12 = 6, j, v7, v8;
    
    if ( v12 == 6 )
    {
        v12 = 0;
        for ( j = 0; j <= 17; ++j )
        {
          if ( j % 3 )
          {
            putchar(rand_number[j] % 56 + 66);
          }
          else
          {
            v7 = rand_number[j] % 56 + 60;
            v8 = v12++;
            putchar(v7 + dice_number[v8]);
          }
        }
    }
    return 0;
}

得到flag{fqP^IgU_dc_nSCkPkW}

5.Re22

拖进IDA分析,发现关键代码

re-5.png

hex找到str的数据

re-6.png

删去00,得到

07 0D 00 06
1A 04 55 54
18 3E 02 13
55 02 0A 3E
0C 04 1C 00

编写py脚本

f = open('data.txt', 'r').read().split()
out = []
for i in f:
    out.append(chr(int(i, 16) ^ ord('a')))
print(''.join(out))

得到flag{e45y_cr4ck_me}

Last modification:March 29th, 2020 at 10:37 am