re2-cpp-is-awesome

来源：alexctf2017

地址：https://adworld.xctf.org.cn/task/answer?type=reverse&number=4&grade=1&id=5031&page=1

先用IDA打开，看一眼strings

发现字符串L3t_ME_T3ll_Y0u_S0m3th1ng_1mp0rtant_A_{FL4G}_W0nt_b3_3X4ctly_th4t_345y_t0_c4ptur3_H0wev3r_1T_w1ll_b3_C00l_1F_Y0u_g0t_1t

通过交叉引用（ctrl+x）查找发现了

字符串被放在了off_6020A0的地址里。
按F5反汇编成伪代码。
经过分析发现关键验证语句位与箭头所指处。

dword_6020C0是一个int型数组，可知是通过循环数组内的数字来挑选off_6020A0字符串中的字符，拼接成字符串。

编写程序将字符串拼出来就是flag了，代码如下

code = "L3t_ME_T3ll_Y0u_S0m3th1ng_1mp0rtant_A_{FL4G}_W0nt_b3_3X4ctly_th4t_345y_t0_c4ptur3_H0wev3r_1T_w1ll_b3_C00l_1F_Y0u_g0t_1t"
num = [0x24,0x0,0x5,0x36,0x65,0x7,0x27,0x26,0x2D,0x1,0x3,0x0,0x0D,0x56,0x1,0x3,0x65,0x3,0x2D,0x16,0x2,0x15,0x3,0x65,0x0,0x29,0x44,0x44,0x1,0x44,0x2B]


s = ""
for i in num:
    s += code[i]

print(s)

看网上的wp，大佬们用OD动态调试直接就出来了，tql！

---

推荐一个微信，可以搜索淘宝京东优惠券，并且有返利