跳转至

RE_COMPILER

part1

bash被改动过了,题目名称就是compiler,自然要试试the newest version of gcc,其实跟compiler没啥关系,bash中将gcc设置成了gcc -static的alias,编译时会将一段改过的libc_start_main写入binary,debug这个函数可以在内存里找到解密出来的flag part1:

RCTF{Without

part2

将bash从镜像里面拖出来,看到若干个built-in function,在flag_builtin中将flag设置成了queen的alias,将alias设置成了echo \"Help me\" 的alias。

通关白雪公主游戏之后,得到的提示是三个"hash",产生hash的地方在hash_search函数中,这个算法可通过爆破逆出来。

#!usr/bin/env python
#coding=utf-8

def get_hash(string):
    result=0
    for i in range(len(string)):
        result = ord(string[i]) ^ (0x8b * result)
    return result

def find(hash,string,dstHash):
    if hash>=32 and hash<=126:
        temp = chr(hash) + string
        if get_hash(temp) == dstHash:
            print("succeed, %d - > %s"%(dstHash,temp))
        return
    else:
        for c in range(32,126):
            tmp = hash ^ c
            if tmp % 0x8b == 0:
                temp = chr(c) + string
                find(tmp // 0x8b, temp, dstHash)

def decrypt(dst):
    find(dst,'',dst)

decrypt(13340610174042144018)
decrypt(95741437967718225)
decrypt(484886919005526)

# succeed, 13340610174042144018 - > _no_seAms
# succeed, 95741437967718225 - > _NoR_nEe
# succeed, 484886919005526 - > Dlework
part1+part2:

RCTF{Without_no_seAms_NoR_nEeDlework}