mips逆向
ida没安装插件无法逆向mips,下载一个ghidra工具,需要安装jdk11才能执行。
使用ghidra打开,发现下面的代码,flag的前五位异或处理后,判断正确进入下一步
又是一系列看似复杂的操作,实际上仔细观察后并不复杂,就是循环flag,判断i进入不同的计算,计算就是左移或者右移。
解题方法两种,一种是直接根据代码逆推,另一种是直接暴力破解
#第一种方法 ,逆推代码
str = 'Q|j{g'
i = 0
for c in str:
print chr(ord(c) ^ 0x20 - i)
i += 1
flag = [81, 124, 106, 123, 103, 0x52, 0xFD, 0x16, 0xA4, 0x89, 0xBD, 0x92, 0x80, 0x13, 0x41, 0x54, 0xA0, 0x8D, 0x45,
0x18, 0x81, 0xDE, 0xFC,
0x95,
0xF0,
0x16, 0x79, 0x1A, 0x15, 0x5B, 0x75, 0x1F]
for i in range(len(flag)):
if (i & 1) == 0:
# flag[i] = ((flag[i] << 26) >> 24) | flag[i] >> 6
# flag[i] = flag[i] << 2 & 0x7 | flag[i] >> 6
flag[i] = flag[i] >> 2 | flag[i] << 6 & 0xff
else:
# flag[i] = flag[i] >> 2 | (flag[i] << 30) >> 24
# flag[i] = flag[i] >> 2 | flag[i] << 6 & 0x7
flag[i] = flag[i] << 2 & 0xff | flag[i] >> 6
f = 'qctf{'
for i in range(5, len(flag)):
f +=chr(flag[i] ^ 0x20 - i)
print f
#第二种方法 ,暴力破解
c = [81, 124, 106, 123, 103, 0x52, 0xFD, 0x16, 0xA4, 0x89, 0xBD, 0x92, 0x80, 0x13, 0x41, 0x54, 0xA0, 0x8D, 0x45, 0x18,
0x81,
0xDE, 0xFC,
0x95,
0xF0,
0x16, 0x79, 0x1A, 0x15, 0x5B, 0x75, 0x1F]
flag = ''
for i in range(5, 32):
for n in range(32, 127):
tt = n ^ (0x20 - i)
if (i & 1) == 0:
tmp = ((tt << 2) & 0xff) | tt >> 6
else:
tmp = tt >> 2 | ((tt << 6) & 0xff)
if tmp == c[i]:
flag += chr(n)
break
print(flag)