AlexCTF 2017 RE2
来源:互联网 发布:linux route -p 编辑:程序博客网 时间:2024/06/10 07:36
原文地址:https://ngaoopmeo.blogspot.com/2017/02/alexctf-2017write-upre2-c-is-awesomed.html
Check file type using file command
译文:使用file命令查看文件属性
re2; ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, stripped
So this is a ELF 64-bit file. Let open ida64 and load it
译文:该文件是一个EFL 64位的文件,使用IDA pro 64位打开它
This is pseudo code
译文:伪代码如下:
if ( a1 != 2 ) { v2 = *(_QWORD *)a2; LODWORD(v3) = std::operator<<<std::char_traits<char>>(6299968LL, 4198153LL); LODWORD(v4) = std::operator<<<std::char_traits<char>>(v3, v2); std::operator<<<std::char_traits<char>>(v4, 4198161LL); exit(0); }
a1 is number of parameter. So if number of parameter != 2 program will terminate
译文:al代表参数的个数.如果al不等于2,该程序将退出.
Next
译文:接下来
std::allocator<char>::allocator(&v11);std::__cxx11::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string(&v10, *(_QWORD *)(a2 + 8), &v11);std::allocator<char>::~allocator(&v11);v13 = 0;
that code read string from keyboard to v10
译文:输入的内容存入变量v10
And
译文:并且
v13 = 0; LODWORD(v5) = std::__cxx11::basic_string<char,std::char_traits<char>,std::allocator<char>>::begin(&v10); for ( i = v5; ; sub_400D7A((__int64)&i) ) { LODWORD(v6) = std::__cxx11::basic_string<char,std::char_traits<char>,std::allocator<char>>::end(&v10); v12 = v6; if ( !(unsigned __int8)sub_400D3D(&i, &v12) ) break; v7 = sub_400D9A((__int64)&i); if ( *(_BYTE *)v7 != off_6020A0[dword_6020C0[v13]] ) sub_400B56(); ++v13; }
It compare each character in v10 and off_6020A0 [dword_6020C0[v13]]
so maybe flag is off_6020A0[dword_6020C0[v13]] with v13 is len of flag
译文:比较v10和off_6020A0 [dword_6020C0[v13],可能off_6020A0[dword_6020C0[v13]]是flag的长度
I find off_6020A0 is a string
译文:off_6020A0是一个字符串
内容是
L3t_ME_T3ll_Y0u_S0m3th1ng_1mp0rtant_A_{FL4G}_W0nt_b3_3X4ctly_th4t_345y_t0_c4ptur3_H0wev3r_1T_w1ll_b3_C00l_1F_Y0u_g0t_1t
And dword_6020C0 is an array
译文:dword_6020C0是一个数组.
数组的内容是:
0x24,0x5,0x36,0x65,0x7,0x27,0x26,0x2D,0x1,0x3,0x0,0x0D,0x56,0x1,0x3,0x65,0x3,0x2D,0x16,0x2,0x15,0x3,0x65,0x0,0x29,0x44,0x44,0x1,0x44,0x2B
And here is code to get flag
译文:解出flag的代码如下:
#include <stdio.h>int main(){ char *strsample = "L3t_ME_T3ll_Y0u_S0m3th1ng_1mp0rtant_A_{FL4G}_W0nt_b3_3X4ctly_th4t_345y_t0_c4ptur3_H0wev3r_1T_w1ll_b3_C00l_1F_Y0u_g0t_1t"; int data[] = {0x24,0x5,0x36,0x65,0x7,0x27,0x26,0x2D,0x1,0x3,0x0,0x0D,0x56,0x1,0x3,0x65,0x3,0x2D,0x16,0x2,0x15,0x3,0x65,0x0,0x29,0x44,0x44,0x1,0x44,0x2B}; for (int i = 0; i < sizeof(data)/sizeof(int); i++) printf("%c", strsample[data[i]]); return 0;}
Flag is ALEXCTF{W3_L0v3_C_W1th_CL45535}
译文:flag为ALEXCTF{W3_L0v3_C_W1th_CL45535}
- AlexCTF 2017 RE2
- alexCTF sock题目
- RE2性能测试
- re::engine::RE2
- RE2正则表达式库的Windows移植
- RE2,C++正则表达式库实战
- re2正则表达式引擎学习(二)
- re2正则表达式引擎学习(三)
- re2正则表达式引擎学习(一)
- re2正则表达式引擎学习(四)
- re2正则表达式引擎学习(五)
- 多个正则引擎的比较(pcre re2 hyperscan)
- python正则表达式二:literal、re1|re2 和 .
- 从Google开源RE2库学习到的C++测试方案
- Windows 下正则表达式库 re2 在 C++ 和 Python 中的编译和使用
- RE2、glibc regex 和 C++ regex 正则库的使用和对比
- 2017
- 2017
- poj 3169 Layout (差分约束)
- 机器视觉光源的设计方法
- Android装备选择案例
- set集合完整版整理
- Rabbit官方文档翻译之Publish/Subscribe(三)
- AlexCTF 2017 RE2
- mysql笔记
- 二叉树的层次遍历
- hadoop测试环境搭建2
- [leetcode] 91. Decode Ways
- Java笔记之常量池浅析
- 如何快速成为一个领域的专家?
- id唯一标识
- RabbitMQ官方文档翻译之Routing(四)