标签:linu mic 字节对齐 ima png turn 收获 图片 编写
下载附件,为elf文件
在Linux中查看
64位的ELF文件,输入错误的flag时,输出Better luck next time。
将文件拖入IDA64,反编译,分析代码
找出图中关键代码
跟进sub_400B56函数
void __fastcall __noreturn sub_400B56(__int64 a1, __int64 a2, __int64 a3) { std::operator<<<std::char_traits<char>>(&std::cout, "Better luck next time\n", a3); exit(0); }
输出:Better luck next time
进一步确认,if 语句中的判断条件为解题关键。
提取 off_6020A0 和 dword_6020C0 中的数据
off_6020A0:
dword_6020C0:
align 8:8字节对齐,此处不太直观在Hex View跟进。
提取结果:
off="L3t_ME_T3ll_Y0u_S0m3th1ng_1mp0rtant_A_{FL4G}_W0nt_b3_3X4ctly_th4t_345y_t0_c4ptur3_H0wev3r_1T_w1ll_b3_C00l_1F_Y0u_g0t_1t" dword = [0x24, 0x0, 0x5, 0x36, 0x65, 0x7, 0x27, 0x26, 0x2d, 0x1, 0x3, 0x0, 0xd, 0x56, 0x1,0x3, 0x65, 0x3, 0x2d, 0x16, 0x2, 0x15, 0x3, 0x65, 0x0, 0x29, 0x44, 0x44, 0x1, 0x44, 0x2b]
编写python代码:
off = "L3t_ME_T3ll_Y0u_S0m3th1ng_1mp0rtant_A_{FL4G}_W0nt_b3_3X4ctly_th4t_345y_t0_c4ptur3_H0wev3r_1T_w1ll_b3_C00l_1F_Y0u_g0t_1t" dword = [0x24, 0x0, 0x5, 0x36, 0x65, 0x7, 0x27, 0x26, 0x2d, 0x1, 0x3, 0x0, 0xd, 0x56, 0x1, 0x3, 0x65, 0x3, 0x2d, 0x16, 0x2, 0x15, 0x3, 0x65, 0x0, 0x29, 0x44, 0x44, 0x1, 0x44, 0x2b] flag = "" for i in dword: flag += off[i] print(flag)
输出:ALEXCTF{W3_L0v3_C_W1th_CL45535}
解题完毕!
收获:了解 align (n) 的相关知识
alexctf-2017:re2-cpp-is-awesome
标签:linu mic 字节对齐 ima png turn 收获 图片 编写
原文地址:https://www.cnblogs.com/MuZiShiYe/p/11044365.html
