題目描述如下:
根據題目描述可知此題的目的是讓分析程序加密過程,然後根據密文和密鑰還原出明文。
將得到的pe文件放入IDA,定位到關鍵處:
查看僞代碼,很容易發現加密函數:
跟蹤進去,發現加密過程的兩個關鍵函數:
_BYTE *__cdecl sub_401240(char *a1, char *a2)
{
_BYTE *v3; // [esp+50h] [ebp-14h]
int v4; // [esp+54h] [ebp-10h]
signed int i; // [esp+58h] [ebp-Ch]
size_t v6; // [esp+5Ch] [ebp-8h]
signed int v7; // [esp+60h] [ebp-4h]
v7 = strlen(a1);
v6 = strlen(a2);
v4 = 0;
v3 = operator new(0xFFu);
for ( i = 0; i < v7; ++i )
{
if ( v4 == v6 )
v4 = 0;
v3[i] = sub_401005(a1[i], a2[v4++]);
}
v3[i] = 0;
return v3;
}
char __cdecl sub_401170(char a1, char a2)
{
char result; // al
int i; // [esp+4Ch] [ebp-8h]
char v4; // [esp+5Ch] [ebp+8h]
char v5; // [esp+60h] [ebp+Ch]
v4 = toupper(a1);
v5 = toupper(a2);
if ( v4 == 32 )
return v4;
for ( i = 0; i < v4 - 65; ++i )
++v5;
if ( v5 > 90 )
result = v5 - 25;
else
result = v5;
return result;
}
邏輯並不複雜,大致加密過程爲單個字符處理明文,將明文字符轉變爲大寫字母后根據ASCII碼錶結合密鑰key對明文做移位變換得到密文;根據僞代碼編寫如下解密腳本得到flag:
ciphertext = 'QWDRILDWNTW'
key = 'ilovemoctf'
v4 = 0
plaintext = ''
for i in range(len(ciphertext)):
if v4 == len(key):
v4 = 0
a1 = ord(ciphertext[i].upper())
a2 = ord(key[v4].upper())
v4 += 1
if a1 == 32:
plaintext += chr(a1)
continue
if a1 < a2:
plaintext += chr(a1 + 25 - a2 + 65)
else:
plaintext += chr(a1 - a2 + 65)
print(plaintext)