##RE
###maze
这个题目从题目名上可以知道是一个迷宫题目,迷宫题目主要把握住迷宫地图,方向键还有起点终点就好。ida打开
while ( (signed int)v4 < SHIDWORD(v4) )
{
v3 = input[(signed int)v4];
if ( v3 == 'd' )
{
local += 4;
}
else if ( v3 > 100 )
{
if ( v3 == 's' )
{
local += 64;
}
else
{
if ( v3 != 'w' )
{
LABEL_12:
puts("Illegal input!");
exit(0);
}
local -= 64;
}
}
else
{
if ( v3 != 'a' )
goto LABEL_12;
local -= 4;
}
if ( local < (char *)&unk_602080 || local > (char *)&unk_60247C || *(_DWORD *)local & 1 )
goto LABEL_22;
LODWORD(v4) = v4 + 1;
}
从中可以确定方向键为awds,确定了起点终点,但是每次走的步数不太一样,因为按理说步数应该是1但是这里确实4。
先复制出地图,64字节为一行
01 01 01 01 01 00 00 01 01 00 01 00 01 00 00 01 01 00 01 01 01 00 01 01 01 01 01 00 01 00 01 00 01 01 01 01 01 00 01 01 01 00 00 00 01 00 01 00 01 00 00 01 01 00 00 01 01 00 01 00 01 00 00 0101 01 01 00 00 01 00 00 01 01 00 01 01 01 01 00 01 01 01 01 01 01 01 00 01 00 00 00 01 00 00 01 01 00 01 01 01 01 00 01 01 01 01 00 01 00 01 01 01 01 00 01 01 01 01 00 01 01 00 01 01 01 01 0001 00 01 01 00 00 01 01 01 00 01 01 01 01 00 01 01 00 01 00 01 01 01 00 01 01 01 00 01 01 01 00 01 01 01 00 01 01 00 01 01 00 00 00 01 00 01 00 01 01 01 00 01 01 00 01 01 01 01 00 01 00 01 0001 00 01 00 00 00 01 01 01 01 01 01 01 01 01 00 01 00 01 01 01 00 01 01 01 00 01 01 01 00 01 00 01 00 00 00 01 01 00 01 01 01 01 01 01 01 01 00 01 01 01 01 01 00 01 00 01 01 01 01 01 01 01 0001 01 00 01 00 01 01 00 01 01 01 01 01 00 00 01 01 01 01 01 01 01 01 01 01 00 01 00 01 00 01 01 01 01 01 00 01 00 00 01 01 01 01 01 01 00 01 01 01 00 00 01 01 01 01 00 01 00 00 01 01 00 00 0101 01 01 00 00 00 01 01 00 00 01 00 00 01 01 00 00 01 00 00 00 01 01 01 00 01 00 00 00 00 00 01 01 00 01 01 01 00 00 00 01 00 00 01 01 00 00 01 01 00 01 01 01 00 00 00 01 01 00 01 01 00 01 0001 00 01 00 01 00 00 00 01 01 01 01 01 00 01 00 01 01 00 01 01 00 01 01 01 01 01 00 00 00 01 00 01 01 01 00 01 00 00 00 01 00 00 01 01 00 01 00 01 00 01 01 01 00 00 00 01 01 01 00 01 01 01 0101 01 01 00 01 00 00 00 01 00 01 00 01 00 01 00 01 00 01 01 01 01 00 01 01 00 00 00 00 01 01 00 01 00 01 01 01 00 01 01 01 01 00 01 01 00 00 00 01 01 01 01 01 01 01 00 01 01 01 00 01 01 01 0101 00 00 00 01 00 01 01 01 00 00 01 01 00 00 00 01 00 00 00 01 00 00 01 01 00 00 00 00 00 01 00 01 00 00 01 00 01 01 00 00 01 01 01 00 00 01 00 00 00 01 01 01 01 01 01 01 00 01 01 01 00 00 0101 01 00 01 01 01 01 00 01 01 00 01 01 00 00 00 01 00 01 01 01 00 00 00 01 01 00 01 00 00 01 00 01 01 01 00 00 01 00 00 01 00 01 01 01 01 01 00 00 00 00 00 01 00 01 00 01 01 00 01 01 00 01 0001 00 00 01 01 00 01 01 01 01 01 00 01 01 00 01 01 00 01 00 01 01 01 00 01 01 01 01 00 01 00 00 00 01 01 00 00 01 01 01 01 01 01 00 01 01 01 01 00 00 00 01 01 00 01 00 01 01 00 01 01 00 00 0001 01 01 01 01 00 00 01 01 00 00 00 01 00 01 01 01 01 01 00 01 00 01 01 01 00 01 00 01 00 00 01 01 00 01 00 01 01 01 00 01 01 00 01 01 00 00 01 00 01 01 00 01 01 01 01 01 00 01 01 01 01 01 0001 01 01 00 01 00 00 01 01 00 00 00 01 00 00 01 01 00 00 00 01 00 00 01 01 01 00 01 01 00 01 01 01 01 00 01 01 00 00 00 01 00 00 01 01 00 00 00 00 01 00 00 00 01 00 00 01 00 01 01 01 00 00 0001 00 01 00 01 00 01 01 01 00 00 00 01 01 01 01 01 01 01 00 01 00 01 01 01 00 00 01 01 00 00 00 01 00 00 00 01 00 01 00 01 01 01 01 01 00 00 01 01 01 01 00 00 01 01 01 01 01 01 01 01 00 01 0001 00 01 01 01 00 00 01 01 01 01 00 01 01 01 01 01 00 00 00 01 01 01 01 01 01 00 01 01 00 01 00 01 01 01 01 01 00 01 01 01 00 01 01 01 00 00 01 01 00 00 00 00 00 00 00 00 01 01 00 00 01 01 0101 01 01 00 01 01 01 00 01 01 01 00 01 00 01 00 01 01 01 00 01 00 00 01 01 01 00 01 01 01 01 00 01 00 01 01 01 00 00 01 01 00 01 01 01 01 01 01 01 01 01 01 01 00 01 00 01 01 01 01 01 01 00 01
由于左右移位数为4,那么地图有些就是用不上的,可以每隔一行去掉三行。经过精简后的地图如下。
01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 0101|00|01 01 01 01 01 01 01 01 01 01 01 01 01 0101 00 01 01 01 01 01 01 01 01 01 01 01 01 01 0101 00 01 01 01 01 01 01 01 01 01 01 01 01 01 0101 00 01 01 01 01 01 01 01 01 01 01 01 01 01 0101 00 00 00 00 00 00 00 01 01 01 01 01 01 01 0101 01 01 01 01 01 01 00 01 01 01 01 01 01 01 0101 01 01 01 01 01 01 00 01 01 01 01 01 01 01 0101 01 01 01 01 01 01 00 01 00 00 00 00 01 01 0101 01 01 01 01 01 01 00 01 00 01 01 00 01 01 0101 01 01 01 01 01 01 00 00 00 01 01 00 01 01 0101 01 01 01 01 01 01 01 01 01 01 01 00 01 01 0101 01 01 01 01 01 01 01 01 01 01 01 00 00 01 0101 01 01 01 01 01 01 01 01 01 01 01 01 00 01 0101 01 01 01 01 01 01 01 01 01 01 01 01 00 00|00|01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
起点和终点已经标出来,
可以得到flag:
hgame{ssssddddddsssssddwwdddssssdssdd}
###bitwise_operation2
输入先把hgame{}切割掉,经过check_number函数,该函数主要是合并数字,比如输入一个0F,那么在内存中显示为ascii,即30 66,该函数即在内存中存储,0F.然后经过异或运算。
if ( strlen(input) == 39
&& input[0] == 'h'
&& input[1] == 'g'
&& input[2] == 'a'
&& input[3] == 'm'
&& input[4] == 'e'
&& input[5] == '{'
&& input[38] == '}' )
{
left = 0LL;
v8 = 0;
right = 0LL;
v10 = 0;
check_number((__int64)&left, (__int64)&input[6]);
check_number((__int64)&right, (__int64)&input[22]);
for ( i = 0; i > 5) | 8 * *((_BYTE *)&left + i);// 循环左移三位
*((_BYTE *)&left + i) = *((_BYTE *)&left + i) & 0x55 ^ ((*((_BYTE *)&right + 7 - i) & 0xAA) >> 1) | *((_BYTE *)&left + i) & 0xAA;
*((_BYTE *)&right + 7 - i) = 2 * (*((_BYTE *)&left + i) & 0x55) ^ *((_BYTE *)&right + 7 - i) & 0xAA | *((_BYTE *)&right + 7 - i) & 0x55;
*((_BYTE *)&left + i) = *((_BYTE *)&left + i) & 0x55 ^ ((*((_BYTE *)&right + 7 - i) & 0xAA) >> 1) | *((_BYTE *)&left + i) & 0xAA;
}
for ( j = 0; j 1)
left_temp = left_q_5|left_q_a
right_q_a = (((left_temp&0x55)1)^left_xor_2
left_temp_2 = left_q_5_2|left_q_a_2
left_temp_2 = circular_shift_left(left_temp_2,5,8)
flag1.append(left_temp_2)
flag2 = flag2[::-1]
for i in range(8):
print toStr(flag1[i],16).lower()
for i in range(8):
print toStr(flag2[i],16).lower()
得到flag:
hgame{0f233e63637982d266cbf41ecb1b0102}
###advance
就一个改变符号表的base64 flag:
hgame{b45e6a_i5_50_eazy_6VVSQ}
###cpp
题目主要思路是输入按_切割,然后经过矩阵相乘,再跟一个矩阵对比。
for ( i = 6i64; ; i = v11 + 1 ) // 按_切割
{
LOBYTE(v0) = '_';
v11 = sub_7FF735394060(&input, v0, i);// 返回_位置
if ( v11 == -1 )
break;
v16 = sub_7FF7353943B0(&input, &v40, i, v11 - i);
v17 = v16;
v1 = ret_value(v16);
v18 = atoll(v1);
sub_7FF735394350(&v14, &v18);
sub_7FF735392FA0(&v40);
}
v19 = sub_7FF7353943B0(&input, &v41, i, 61 - i);
v20 = v19;
v2 = ret_value(v19);
v21 = atoll(v2);
sub_7FF735394350(&v14, &v21);
sub_7FF735392FA0(&v41);
v31 = 'hg';
v32 = 'am';
v33 = 'e';
v34 = 're';
v35 = 'is';
v36 = 'so';
v37 = 'so';
v38 = 'ea';
v39 = 'sy';
v22 = 1i64;
v23 = 0i64;
v24 = 1i64;
v25 = 0i64;
v26 = 1i64;
v27 = 1i64;
v28 = 1i64;
v29 = 2i64;
v30 = 2i64;
for ( j = 0i64; j < 3; ++j )
{
for ( k = 0i64; k < 3; ++k )
{
v12 = 0i64;
for ( l = 0; l < 3; ++l )
v12 += *(&v22 + 3 * l + k) * *(_QWORD *)sub_7FF7353931E0(&v14, l + 3 * j);
if ( *(&v31 + 3 * j + k) != v12 )
{
v3 = sub_7FF735391900(std::cout, "error");
std::basic_ostream::operator
关注
打赏
![]()
1665306545
查看更多评论
最近更新
- 深拷贝和浅拷贝的区别(重点)
- 【Vue】走进Vue框架世界
- 【云服务器】项目部署—搭建网站—vue电商后台管理系统
- 【React介绍】 一文带你深入React
- 【React】React组件实例的三大属性之state,props,refs(你学废了吗)
- 【脚手架VueCLI】从零开始,创建一个VUE项目
- 【React】深入理解React组件生命周期----图文详解(含代码)
- 【React】DOM的Diffing算法是什么?以及DOM中key的作用----经典面试题
- 【React】1_使用React脚手架创建项目步骤--------详解(含项目结构说明)
- 【React】2_如何使用react脚手架写一个简单的页面?
微信扫码登录