1. 程式人生 > >南郵ctf平臺 逆向 WxyVM2

南郵ctf平臺 逆向 WxyVM2

直接 IDA F5出原始碼, 非常好懂,就是做比較

for ( i = 0; i <= 24; ++i ) {
    if ( *(&byte_694100 + i) != dword_694060[i] )
      v1 = 0;
}

但是這段程式碼之前有幾萬條指令,其中有很多混淆的指令,只有對 byte_694100 ~ byte_694124 的修改才是有用的。
我們要做的就是要對 dword_694060[i] 進行逆運算。
我用了 python 和 notepad++ 的替換功能,將 byte_694100 ^= 0x5Eu;化簡成了 00^5Eu,方便 c 處理,用 list 儲存;將 dword_694060[i] 的數拷貝出來,轉換成十進位制數,用 sl 儲存;
我使用了 c 來做,因為 python 的整數型別應該是沒有溢位的,我怕可能進行運算時會出錯,而用 c 比較貼近源程式,其實用什麼好像都是可以的。。。因為 byte 是八位,所以我用了 uint8_t 來儲存 byte。
而且 list 需要用 python 反轉一下順序,因為我們要逆運算,而 + - 與 ^ 不適用於交換律的。

#include<iostream>
#include<math.h>
#include <algorithm>
#include<string>
using namespace std;

int main() {
	uint8_t  sl[] = { -64,-123,-7,108,-30,20,-69,-28,13,89,28,35,-120,110,-101,-54,-70,92,55,-1,72,-40,31,-85,-91 };
	string list[2415] = { "09+7","11+69","00^5Eu","02^Bu","02+10","0B^6Bu"
,"06+76","0C+121","11^Fu","0D+75","12^Bu","00^7Eu","14-105","17+26","08+26","09+96","0D^52u","12+116","02+27","15-8","14+72","01+89","12-26","10-110","0C+81","02^3u","03^55u","0B^4Fu","0B^2Bu","00^35u","13-56","01-49","05^2Fu","0A-102","0A-43","06-121","10^62u","0E-87","07^48u","13^1Au","0A+47","04-118","14+82","09-46","03^6Bu","0B-59"
,"04^28u","0B+71","0A+100","12^29u","10^10u","0D^44u","0C^22u","03^4Fu","10^50u","15-8","14-16","02-112","09^5Bu","0C+96","05-117","07-66","09-21","0E-33","0A+69","07+108","0C^10u","15+104","0A+36","10^23u","01+63","0B^62u","11+2","0B+77","12^3Du","18-47","02-75","08+71","12-94","03^41u","04^17u","16^5Au","10+31","05+24","08-116","02-101","0B-109","01-19","13-118","0A-28","0F^5Fu","10-54","17^2Cu","0C+127","03-47","13-51","09^35u","09-41","0D+18","08+42","08+127","07^5Bu","0A-26","18+62","06^55u","16^4u","04^3Cu","06-33","0E^2Du","02^61u","0F-95","07-55","14+27","02^4Fu","11-98","09-24","03-4","06^49u","14+74","06^37u","14-117","01-66","02-51","00+64","10^18u","15-8","0D^51u","03+50","18-38","16-80","0C-104","15^37u","04+56","00+28","04+95","06+38","01-59","16-88","03+127","06^42u","05-88","0F+21","00^6Au","11+48","16+125","06^3u","06+31","11^36u","00+39","00-6","05-39","00-16","00^48u","0F-65","0F-39","15-88","00-60","03^2u","15-96","13-8","04+100","0D-56","17^5Cu","12-19","06^21u","06+35","11-121","0D-26","14-108","01+83","06+76","08^29u","03^57u","01+80","0A-53","0F^42u","07+22","0D-100","09-70","05+21","10-10","03-89","0C^34u","00^21u","0E^54u","06^32u","12+70","03+53","08+95","09-82","10-10","09+100","18-113","0E-119","02^80u","0F+20","09+28","11+36","09-67","0D+9","0A-32","01+53","09^4u","15-109","15^24u","0D+68","10-59","12+28","02^47u","07+24","10^68u","06^67u","10+12","0D-75","0E^3Au","18-89","09+114","0D^74u","09^4Cu","11-70","15^27u","0F-109","10-42","0A-33","10-5","03-23","02^2Eu","0F^42u","12-88","01+29","16-93","16^28u","17+12","01+122","04^Au","06+84","11+14","01+22","18-114","11+14","11-102","0D-22","0C-17","04^7Bu","05-91","16^Du","0A-87","0E^5Au","0D^33u","0C^Eu","13-96","12^77u","11-50","0B-32","11+5","06-109","10^73u","03^44u","12-45","0A^26u","02-93","06-121","08+88","0A+51","17^Au","00+-128","12-117","01-19","0F+90","18^6u","12^53u","0E-61","03-69","00^59u","06-44","0A-20","0D^77u","09+43","15+20","15^80u","17^2Bu","16+76","04-111","15-120","13-60","0E^65u","00-21","16+73","03+89","15^55u","07^5Bu","0C-87","0A^6Cu","05+86","05^34u","0F+103","0A^4Cu","05^57u","14^5Bu","17+37","16^31u","01+22","03+84","14^58u","15+126","0B-69","05^7Bu","06^20u","02+82","09^6Bu","06-46","00-48","07-28","07+58","06+62","06-80","00+93","06^70u","11+109","13-85","0D+118","14+1","15+86","06^36u","08+77","0D^80u","00+46","10^47u","13+34","0F-53","16+92","08+51","0F+104","0D^57u","14+66","09^1Du","01^41u","13+105","09^66u","00+15","17+30","00^6Fu","01-69","07-104","08+103","0E+93","16^29u","15-115","16+108","00^3Cu","0F-18","13-116","09+126","00+113","01+107","0D^64u","15+16","0B-83","17^24u","02^47u","07^64u","18+39","01+53","06^38u","0F^58u","0C-108","15+85","0D^Bu","11+13","13+95","0F+98","0D^68u","03^2Cu","13^18u","05+15","0D+68","13^60u","0D^66u","01-11","11+105","00+94","10^59u","01^6Bu","0D^67u","04-74","00+4","06+74","07-57","01-106","04-11","12+92","0C-111","18+102","04^Au","14-110","03-20","12-124","17-72","12^12u","0E^32u","00-3","03+39","17^8u","04-7","09-62","17^43u","13^67u","0A+103","12^Eu","18-41","01-112","01-75","0D-4","14-37","01^Du","0C-86","04+42","17^74u","15^65u","18+2","03+27","18+84","0C+79","05+98","06+1","0B^1u","08-121","02-70","08^20u","04^22u","18^44u","12-122","14^38u","18+113","00+111","0D^58u","14+33","03+43","16+2","17^4Cu","16+56","14+12","09^5Du","0D^57u","00+111","06+114","0F+48","17+50","00^5Du","15-13","02+75","0A+73","07^77u","10-17","0E^5Au","0E^1Fu","07-25","11+35","12^75u","10-71","09+76","16+56","0A^41u","12+53","03+88","01-60","04+125","00-119","03^66u","10-28","01+62","02+60","15^40u","17+66","08+15","16+14","06+45","05^Du","0D-70","04^57u","02+10","0D+8","01-78","0F^12u","05-20","16^15u","01^6Au","14^75u","16+84","02+92","0F-98","17+48","0C-93","04-102","15-79","0F^4Du","11^45u","15-53","0F+-128","00^57u","17+51","04+59","10+104","0E-112","0F^3Eu","0E+116","18-80","15^42u","00-117","0D-36","14-124","0A+21","05-16","0D-31","0B+15","10+118","01+97","0E+42","0F-90","09^23u","14-73","0C+8","15^2Fu","0F-124","11+126","11^8u","01-63","14-54","09+1","02+11","10+110","0C^1u","09^53u","03+97","0E+76","04^6Au","06^61u","09^34u","02^Cu","0B-121","0B-112","18-101","0A+104","14^Cu","09^6Eu","02^64u","16^Cu","05-75","14-88","11^16u","04-72","0A+112","07^50u","0E+31","15-10","17+64","08+114","16^5Fu","0C+44","03-37","0F^6Au","0E+49","06^7Au","0E-43","08-33","06^13u","11+4","03-100","10-101","05-12","15+52","09+67","12^35u","17+102","12^3Cu","0C+121","01^68u","0D^59u","0E^3Cu","0D^32u","11^71u","0F^63u","08-10","17-10","0E^4Du","11-5","13+112","0F+125","06^7u","02-87","09-86","0C^62u","09-93","18^43u","00+107","14^5Fu","05+40","00+67","0F+49","0C+97","07-25","03+107","14+35","03-41","11-39","04-65","11^5u","01^1Bu","0C-110","16-127","0E^4u","18^4Fu","17-21","03+105","0C^39u","03+15","0A-115","07+87","0F^37u","0B-56","03-64","10-43","11-106","02^10u","10^65u","17^6Eu","06-89","16-33","16-113","0F-28","12^48u","15-31","15+107","08^13u","10^74u","13-4","03^Eu","00+67","10^55u","08^40u","0A^4Au","10^16u","09+31","0B^3Fu","15-61","07+59","0D^4Eu","16+41","07-103","04+52","14+32","18+71","02^49u","18+92","18^6Bu","06+54","0E-94","07^66u","00-57","09+15","07+78","05-60","09^63u","17-4","11-99","0D^6Du","14+100","0C+115","09^77u","10-107","01+50","07+12","13^44u","12^21u","0D+117","18^32u","04-91","12+17","13-66","10+29","0C^4Cu","0C-8","11^3Du","03^60u","05^5Eu","00+2","14+6","0C^68u","0B+108","0E+49","16+74","06+101","0D^22u","16+39","0B-32","09+44","13+56","05^36u","00^51u","15-125","0E-78","0F+99","10+24","04^32u","04^79u","07-20","0A^29u","15^7Fu","17^37u","07-83","01^36u","11^7Au","03^Au","00^6Au","14^43u","17^70u","14-73","14-17","16+13","14+112","0A^29u","0E^7Bu","02^76u","00-105","12+76","06^21u","01-88","03^74u","0D-29","13+102","15^36u","03^74u","13+74",