可以看出将输入字符串进行异或加密之后,判断前5位,就是“flag{”,然后进入 sub_4007F0(v5)
进行移位加密后判断五位之后的字符
跟进,加密后的字符串
爆破脚本
data=[0x52, 0xFD, 0x16, 0xA4, 0x89, 0xBD, 0x92, 0x80, 0x13, 0x41, 0x54, 0xA0, 0x8D, 0x45, 0x18, 0x81, 0xDE, 0xFC, 0x95, 0xF0, 0x16, 0x79, 0x1A, 0x15, 0x5B, 0x75, 0x1F] print("flag{",end='') for i in range(len(data)): if i%2==0: data[i]=(data[i]&0x3f)<<2|(data[i]&0xc0)>>6 print(chr(data[i]^0x20-i-5),end="") else: data[i]=(data[i]&0xfc)>>2|(data[i]&0x3)<<6 print(chr(data[i]^0x20-i-5), end="")
