算法题,一开始完全看不懂,慢慢磨了一天,才看明白
通过主函数看到字符串处理的代码在stringMod里面
__int64 __fastcall stringMod(__int64 *a1)
{
__int64 v1; // r9
__int64 v2; // r10
__int64 v3; // rcx
signed int v4; // er8
int *v5; // rdi
int *v6; // rsi
signed int v7; // ecx
signed int v8; // er9
int v9; // er10
unsigned int v10; // eax
int v11; // esi
int v12; // esi
int v14[24]; // [rsp+0h] [rbp-60h]
int _48[24]; // [rsp+48h] [rbp-18h]
memset(v14, 0, 0x48uLL);
v1 = a1[1];
if ( v1 )
{
v2 = *a1;
v3 = 0LL;
v4 = 0;
do
{
v12 = *(char *)(v2 + v3);
v14[v3] = v12;
if ( 3 * ((unsigned int)v3 / 3) == (_DWORD)v3 && v12 != firstchar[(unsigned int)v3 / 3] )// 角标等于3,从firstchar里取值
v4 = -1;
++v3;
}
while ( v3 != v1 );
}
else
{
v4 = 0;
}
v5 = v14;
v6 = v14;
v7 = 666;
do
{
*v6 = v7 ^ *(unsigned __int8 *)v6; // 把输入的值每一位进行异或,v7每一次都是变化的
v7 += v7 % 5;
++v6;
}
while ( _48 != v6 );
v8 = 1;
v9 = 0;
v10 = 1;
v11 = 0;
do
{
if ( v11 == 2 )
{
if ( *v5 != thirdchar[v9] ) // 第三位从thirdchar中取
v4 = -1;
if ( v10 % *v5 != masterArray[v9] ) // 循环第三次才进入这里 所以v10等于前两次的v10 *flag[i],
// v10=flag[i-2]*flag[i-1]
v4 = -1;
++v9;
v10 = 1;
v11 = 0;
}
else
{
v10 *= *v5; // v10 = v10 * flag[i]
if ( ++v11 == 3 )
v11 = 0;
}
++v8;
++v5;
}
while ( v8 != 19 ); // //循坏18次,代表flag18位
//
return (unsigned int)(v7 * v4);
}
firstchar = [0x41, 0x69, 0x6E, 0x45, 0x6F, 0x61]
masterchar = [0x1D7, 0x0C, 0x244, 0x25E, 0x93, 0x6C]
thirdchar = [0x2EF, 0x2C4, 0x2DC, 0x2C7, 0x2DE, 0x2FC]
base_xor_number = 666
flag = ''
for i in range(0, 18, 3):
char1 = firstchar[i / 3]
char1_xor_number = base_xor_number
base_xor_number += base_xor_number % 5
char2_xor_number = base_xor_number
base_xor_number += base_xor_number % 5
char3 = thirdchar[i / 3]
char3_xor_number = base_xor_number
base_xor_number += base_xor_number % 5
for char2 in range(128):
if ((char1_xor_number ^ char1) * (char2_xor_number ^ char2)) % char3 == masterchar[i / 3]:
flag += chr(char1) + chr(char2) + chr(char3 ^ char3_xor_number)
print flag
tuctf{AfricanOrEuropean?}