【練習】reserving.kr之easy ELF
阿新 • • 發佈:2017-10-08
() style col code color cde correct res 分析
打開主函數:
int __cdecl main() { int result; // [email protected] write(1, "Reversing.Kr Easy ELF\n\n", 0x17u); sub_8048434(); if ( main_0() == 1 ) // 算法函數 { sub_80484F7(); // correct! result = 0; } else { write(1, "Wrong\n", 6u); result = 0; } return result; }
進入算法函數:
int sub_8048451() { int result; // [email protected] if ( byte_804A021 == 0x31 ) { byte_804A020 ^= 0x34u; byte_804A022 ^= 0x32u; byte_804A023 ^= 0x88u; if ( byte_804A024 == 0x58 ) { if ( byte_804A025 ) { result = 0; }else if ( byte_804A022 == 0x7C ) { if ( byte_804A020 == 0x78 ) result = byte_804A023 == 0xDDu; else
分析flag的泄露地址,寫出exp如下:
flag=‘‘ flag+=chr(0x78^0x34) flag+=‘1‘ flag+=chr(0x7c^0x32) flag+=chr(0xdd^0x88) flag+=‘X‘ print flag
flag為L1NUX
【練習】reserving.kr之easy ELF