1. 程式人生 > >【練習】reserving.kr之easy ELF

【練習】reserving.kr之easy ELF

() style col code color cde correct res 分析

打開主函數:

int __cdecl main()
{
  int result; // [email protected]

  write(1, "Reversing.Kr Easy ELF\n\n", 0x17u);
  sub_8048434();
  if ( main_0() == 1 )                          // 算法函數
  {
    sub_80484F7();                              // correct!
    result = 0;
  }
  else
  {
    write(1, "Wrong\n", 6u
); result = 0; } return result; }

進入算法函數:

int sub_8048451()
{
  int result; // [email protected]

  if ( byte_804A021 == 0x31 )
  {
    byte_804A020 ^= 0x34u;
    byte_804A022 ^= 0x32u;
    byte_804A023 ^= 0x88u;
    if ( byte_804A024 == 0x58 )
    {
      if ( byte_804A025 )
      {
        result = 0;
      }
      
else if ( byte_804A022 == 0x7C ) { if ( byte_804A020 == 0x78 ) result = byte_804A023 == 0xDDu; else

分析flag的泄露地址,寫出exp如下:

flag=‘‘
flag+=chr(0x78^0x34)
flag+=1
flag+=chr(0x7c^0x32)
flag+=chr(0xdd^0x88)
flag+=X
print flag

flag為L1NUX

【練習】reserving.kr之easy ELF