ez fibon
链接
思路
exeinfo看了一下,64位,UPX壳。
脱壳,丢ida64。
#include<idc.idc>
static main() {
auto ea_from = 0x401689;
auto ea_to = 0x40172d;
auto ea = ea_from;
while (ea < ea_to) {
auto cmd = GetMnem(ea);
if (cmd == "mov" || cmd == "lea") {
auto opcode = Dword(NextNotTail(ea) - 4);
if (opcode < 0) {
opcode = ~opcode + 1;
}
Message("%c", opcode);
}
ea = NextNotTail(ea);
}
Message("\nOK!\n");
}
dynvFU{m@^mctQmVS~wenr
解密代码,对该题目适用
python -1 % 64 == 1;C -1 % 64 == -1,注意不同语言的差异。
import math
# if ( strlen(Str) == 22 )
# {
# v9 = 1;
# v8 = 1;
# for ( j = 0; j <= 21; ++j )
# {
# if ( (j & 1) != 0 )
# {
# v8 += v9;
# v3 = (v8 + j + *(_DWORD *)&Str[4 * j + 112]) % 64 + 64;
# }
# else
# {
# v9 += v8;
# v3 = (v9 + j + *(_DWORD *)&Str[4 * j + 112]) % 64 + 64;
# }
# *(_DWORD *)&Str[4 * j + 112] = v3;
# }
v8 = 1
v9 = 1
s = "dynvFU{m@^mctQmVS~wenr"
res = ""
for i in range(22):
if i & 1 != 0:
v8 += v9
if int(math.fmod(ord(s[i])-v8-i, 64)) < 0:
res += (chr(int(math.fmod(ord(s[i])-v8-i, 64)+128)))
continue
if ord(s[i])-v8-i < 64:
res += (chr(int(math.fmod(ord(s[i])-v8-i, 64)+64)))
else:
res += (chr(ord(s[i])-v8-i))
else:
v9 += v8
if int(math.fmod(ord(s[i])-v9-i, 64)) < 0:
res += (chr(int(math.fmod(ord(s[i])-v9-i, 64)+128)))
continue
if ord(s[i])-v9-i < 64:
res += (chr(ord(s[i])-v9-i+64))
else:
res += (chr(ord(s[i])-v9-i))
print(res)
文章评论