IDA打开后f5后的主函数代码
sub_4005B6()的代码
主要逆向sub_4005B6()的代码,逆向出的IDC脚本(IDA里Shift + f2)即可编写脚本
代码
auto i;
for(i=14997; i>=0; i = i - 3)
{
auto v0 = Byte(0x6010C0 + i);
auto v3 = Byte(0x6010C0 + (i + 2));
auto result = v0;
if(v0 == 1)
{
result = Byte(0x6010C0 + i + 1);
PatchByte(0x601060 + result * 4, Byte(0x601060 + result * 4) - v3);
}
if(v0 == 2)
{
result = Byte(0x6010C0 + i + 1);
PatchByte(0x601060 + result * 4, Byte(0x601060 + result * 4) + v3);
}
if(v0 == 3)
{
result = Byte(0x6010C0 + i + 1);
PatchByte(0x601060 + result * 4, Byte(0x601060 + result * 4) ^ v3);
}
if(v0 == 4)
{
result = Byte(0x6010C0 + i + 1);
PatchByte(0x601060 + result * 4, Byte(0x601060 + result * 4) / v3);
}
if(v0 == 5)
{
result = Byte(0x6010C0 + i + 1);
PatchByte(0x601060 + result * 4, Byte(0x601060 + result * 4) ^ Byte(0x601060 + v3 * 4));
}
else
continue;
}
for(i=0;i<24;i++)
Message("%c",Byte(0x601060+i*4))
run一下直接出flag,nctf{Embr4ce_Vm_j0in_R3}
Comments | NOTHING