拖入IDA64 strings F5檢視

前面是一段賦值

推測424BA0是檢測長度的函式，並且從v12開始取36個長度的字元

也就是這一段：

先做第一個指令碼

v12 = [73,111,100,108,62,81,110,98,40,111,99,121,127,121,46,105,127,100,96,51,119,125,119,101,107,57,123,105,121,61,126,121,76,64,69,67]
partflag = ''
for i in range(len(v12)):
    partflag += chr(v12[i]^i)
print(partflag)


Info:The first four chars are `flag`
 

PS 關於輸入

放在memset後面且距離很近的函式很可能是輸入函式

檢視字串，明顯的base64加密

十次base64加密後與6CC090進行對比

寫第二段指令碼

import base64
partflag = 'Vm0wd2VHUXhTWGhpUm1SWVYwZDRWVll3Wkc5WFJsbDNXa1pPVlUxV2NIcFhhMk0xVmpKS1NHVkdXbFpOYmtKVVZtcEtTMUl5VGtsaVJtUk9ZV3hhZVZadGVHdFRNVTVYVW01T2FGSnRVbGhhVjNoaFZWWmtWMXBFVWxSTmJFcElWbTAxVDJGV1NuTlhia0pXWWxob1dGUnJXbXRXTVZaeVdrWm9hVlpyV1hwV1IzaGhXVmRHVjFOdVVsWmlhMHBZV1ZSR1lWZEdVbFZTYlhSWFRWWndNRlZ0TVc5VWJGcFZWbXR3VjJKSFVYZFdha1pXWlZaT2NtRkhhRk5pVjJoWVYxZDBhMVV3TlhOalJscFlZbGhTY1ZsclduZGxiR1J5VmxSR1ZXSlZjRWhaTUZKaFZqSktWVkZZYUZkV1JWcFlWV3BHYTFkWFRrZFRiV3hvVFVoQ1dsWXhaRFJpTWtsM1RVaG9hbEpYYUhOVmJUVkRZekZhY1ZKcmRGTk5Wa3A2VjJ0U1ExWlhTbFpqUldoYVRVWndkbFpxUmtwbGJVWklZVVprYUdFeGNHOVhXSEJIWkRGS2RGSnJhR2hTYXpWdlZGVm9RMlJzV25STldHUlZUVlpXTlZadE5VOVdiVXBJVld4c1dtSllUWGhXTUZwell6RmFkRkpzVWxOaVNFSktWa1phVTFFeFduUlRhMlJxVWxad1YxWnRlRXRXTVZaSFVsUnNVVlZVTURrPQ==
 
'
for i in range(10):
    partflag = base64.b64decode(partflag).decode("utf-8") #必須先轉碼成byte型，因為python3中字元都為unicode編碼，但是b64encode函式的引數為byte型別
print(partflag)

//也可以線上解碼十次
https://bbs.pediy.com/thread-254172.htm

參考：https://blog.csdn.net/qq_44625297/article/details/105155727

——————————————————————餘下明天再寫