下载,查看:
载入ida,f5分析,发现sub_457AB4那里很可能是答案:
void main_0()
{
signed int i; // [esp+DCh] [ebp-20h]
int v1; // [esp+F4h] [ebp-8h]
sub_45A7BE(&unk_50B110);
sub_45A7BE(&unk_50B158);
sub_45A7BE(&unk_50B1A0);
sub_45A7BE(&unk_50B1E8);
sub_45A7BE(&unk_50B230);
sub_45A7BE(&unk_50B278);
sub_45A7BE(&unk_50B2C0);
sub_45A7BE(&unk_50B308);
sub_45A7BE("二 |n");
sub_45A7BE("| by 0x61 |n");
sub_45A7BE("| |n");
sub_45A7BE("|------------------------------------------------------|n");
sub_45A7BE(
"Play a gamen"
"The n is the serial number of the lamp,and m is the state of the lampn"
"If m of the Nth lamp is 1,it's on ,if not it's offn"
"At first all the lights were closedn");
sub_45A7BE("Now you can input n to change its staten");
sub_45A7BE(
"But you should pay attention to one thing,if you change the state of the Nth lamp,the state of (N-1)th and (N+1)th w"
"ill be changed toon");
sub_45A7BE("When all lamps are on,flag will appearn");
sub_45A7BE("Now,input n n");
while ( 1 )
{
while ( 1 )
{
sub_45A7BE("input n,n(1-8)n");
sub_459418();
sub_45A7BE("n=");
sub_4596D4("%d", &v1);
sub_45A7BE("n");
if ( v1 >= 0 && v1 <= 8 )
break;
sub_45A7BE("sorry,n error,try againn");
}
if ( v1 )
{
sub_4576D6(v1 - 1);
}
else
{
for ( i = 0; i < 8; ++i )
{
if ( (unsigned int)i >= 9 )
j____report_rangecheckfailure();
byte_532E28[i] = 0;
}
}
j__system("CLS");
sub_458054();
if ( byte_532E28[0] == 1
&& byte_532E28[1] == 1
&& byte_532E28[2] == 1
&& byte_532E28[3] == 1
&& byte_532E28[4] == 1
&& byte_532E28[5] == 1
&& byte_532E28[6] == 1
&& byte_532E28[7] == 1 )
{
sub_457AB4();
}
}
}双击进入,发现提示:
接下来就是下断点,模拟运行:
找到sub_457AB4入口,之后setip大法:
用od搜索字符串,然后直接setip也行:
最后
以上就是愤怒红牛最近收集整理的关于xctf攻防世界game writeup的全部内容,更多相关xctf攻防世界game内容请搜索靠谱客的其他文章。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复