fa放進IDA發現堆疊不平衡 這裡的除錯技巧是： 哪裡有問題，就在哪裡的上一行Alt+K 賦值為0

F5 main

對v4操作對一系列全是假的flag 靠

這裡有對encyrpt函式異或 寫一個IDC指令碼泡一下

#include <idc.idc>
 
static main()
{
    auto Address = 0x00401500;
    auto Value;
    
    for(;Address <= 0x00401500 + 186;Address++)
    {
        Value = Byte(Address);
        Value = Value ^ 0x41
 
;
        PatchByte(Address, Value);
    }
}

然後正常反編譯 （用u和c亂搞以下）

這裡還是異或 不過只有19位 我們發現main函式裡面還有一個finally函式

這裡v3到v7剛好5位 加上前面對19位就是24位剛好

不過這裡如果還用19位對異或字串 "hahahaha_do_you_find_me?" 解出來是錯誤的

我們猜測最後五個還是異或的同一個數 這個數 可以通過flag最後以為是 '}' 反解出來 最終得到flag

（被註釋掉的是fakeflag）

'''
a = []
f = open('so.in')
for i in range(6):
    s = f.readline()
    for j in range(16):
        if(j%4==0):
            a.append(int(s[j*3:j*3+2],16))
print a
for i in range(len(a)):
    if i & 1:
        a[i] += i
    else:
        a[i] ^= i
Input = ''
for i in range(len(a)):
    Input += chr(a[i])
print Input
 
'''
a = []
b = 'hahahaha_do_you_find_me?'
f = open('so.in')
for i in range(5):
    s = f.readline()
    for j in range(16):
        if(j%4==0):
            a.append(int(s[j*3:j*3+2],16))
del a[len(a)-1]
a.append(37)
a.append(116)
a.append(112)
a.append(38)
a.append(58)
print a
for i in range(19):
    a[i] 
 
^= ord(b[i])
k = ord('}') ^ 58
for i in range(19,24):
    a[i] ^= k
Input = ''
for i in range(len(a)):
    Input += chr(a[i])
print Input

so.in 兩份（前面的是fakeflag 後面的是flag）

66 00 00 00 6B 00 00 00 63 00 00 00 64 00 00 00
7F 00 00 00 61 00 00 00 67 00 00 00 64 00 00 00
3B 00 00 00 56 00 00 00 6B 00 00 00 61 00 00 00
7B 00 00 00 26 00 00 00 3B 00 00 00 50 00 00 00
63 00 00 00 5F 00 00 00 4D 00 00 00 5A 00 00 00
71 00 00 00 0C 00 00 00 37 00 00 00 66 00 00 00







0E 00 00 00 0D 00 00 00 09 00 00 00 06 00 00 00
13 00 00 00 05 00 00 00 58 00 00 00 56 00 00 00
3E 00 00 00 06 00 00 00 0C 00 00 00 3C 00 00 00
1F 00 00 00 57 00 00 00 14 00 00 00 6B 00 00 00
57 00 00 00 59 00 00 00 0D 00 00 00 00 00 00 00