1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
| 012411A0 | 55 | push ebp |
012411A1 | 8B EC | mov ebp,esp |
012411A3 | 83 EC 44 | sub esp,44 |
012411A6 | A1 04 30 24 01 | mov eax,dword ptr ds:[1243004] | eax:"OTacMDMzMTI="
012411AB | 33 C5 | xor eax,ebp |
012411AD | 89 45 FC | mov dword ptr ss:[ebp-4],eax |
012411B0 | 0F 57 C0 | xorps xmm0,xmm0 |
012411B3 | C7 45 F8 00 00 00 00 | mov dword ptr ss:[ebp-8],0 |
012411BA | 68 58 21 24 01 | push reverse3.1242158 | 1242158:"Please enter the flag:"
012411BF | 0F 11 45 E8 | movups xmmword ptr ss:[ebp-18],xmm0 |
012411C3 | 0F 11 45 C0 | movups xmmword ptr ss:[ebp-40],xmm0 |
012411C7 | 0F 11 45 D0 | movups xmmword ptr ss:[ebp-30],xmm0 |
012411CB | 66 0F D6 45 E0 | movq qword ptr ss:[ebp-20],xmm0 |
012411D0 | E8 1B 01 00 00 | call reverse3.12412F0 |
012411D5 | 8D 45 E8 | lea eax,dword ptr ss:[ebp-18] |
012411D8 | 50 | push eax | eax:"OTacMDMzMTI="
012411D9 | 68 70 21 24 01 | push reverse3.1242170 | 1242170:"%20s"
012411DE | E8 CD 00 00 00 | call reverse3.12412B0 |
012411E3 | 8D 4D E8 | lea ecx,dword ptr ss:[ebp-18] | 你的输入 -> ecx
012411E6 | 83 C4 0C | add esp,C |
012411E9 | 8D 51 01 | lea edx,dword ptr ds:[ecx+1] | 你的输入减第一个字节 -> edx
012411EC | 0F 1F 40 00 | nop dword ptr ds:[eax] | eax:"OTacMDMzMTI="
012411F0 | 8A 01 | mov al,byte ptr ds:[ecx] |
012411F2 | 41 | inc ecx |
012411F3 | 84 C0 | test al,al |
012411F5 | 75 F9 | jne reverse3.12411F0 |
012411F7 | 2B CA | sub ecx,edx | 你的输入的长度 -> ecx
012411F9 | 8D 55 E8 | lea edx,dword ptr ss:[ebp-18] | 输入 -> edx
012411FC | 56 | push esi | esi:"TacMDMzMTI="
012411FD | 51 | push ecx |
012411FE | 51 | push ecx |
012411FF | 8D 4D C0 | lea ecx,dword ptr ss:[ebp-40] |
01241202 | E8 F9 FD FF FF | call reverse3.1241000 | base64(你的输入) -> [ebp - 0x40]
01241207 | 8D 4D C0 | lea ecx,dword ptr ss:[ebp-40] |
0124120A | 83 C4 08 | add esp,8 |
0124120D | 33 D2 | xor edx,edx |
0124120F | 8D 71 01 | lea esi,dword ptr ds:[ecx+1] | esi:"TacMDMzMTI="
01241212 | 8A 01 | mov al,byte ptr ds:[ecx] |
01241214 | 41 | inc ecx |
01241215 | 84 C0 | test al,al |
01241217 | 75 F9 | jne reverse3.1241212 |
01241219 | 2B CE | sub ecx,esi | 长度(base64你的输入) -> ecx
0124121B | 74 37 | je reverse3.1241254 |
0124121D | 0F 1F 00 | nop dword ptr ds:[eax] | eax:"OTacMDMzMTI="
01241220 | 8A 4C 15 C0 | mov cl,byte ptr ss:[ebp+edx-40] |
01241224 | 33 C0 | xor eax,eax | eax:"OTacMDMzMTI="
01241226 | 3A 88 08 21 24 01 | cmp cl,byte ptr ds:[eax+1242108] |
0124122C | 74 08 | je reverse3.1241236 |
0124122E | 40 | inc eax | eax:"OTacMDMzMTI="
0124122F | 83 F8 1A | cmp eax,1A | eax:"OTacMDMzMTI="
01241232 | 72 F2 | jb reverse3.1241226 |
01241234 | EB 0A | jmp reverse3.1241240 |
01241236 | 8A 80 24 21 24 01 | mov al,byte ptr ds:[eax+1242124] |
0124123C | 88 44 15 C0 | mov byte ptr ss:[ebp+edx-40],al |
01241240 | 8D 4D C0 | lea ecx,dword ptr ss:[ebp-40] |
01241243 | 42 | inc edx |
01241244 | 8D 71 01 | lea esi,dword ptr ds:[ecx+1] | esi:"TacMDMzMTI="
01241247 | 8A 01 | mov al,byte ptr ds:[ecx] |
01241249 | 41 | inc ecx |
0124124A | 84 C0 | test al,al |
0124124C | 75 F9 | jne reverse3.1241247 |
0124124E | 2B CE | sub ecx,esi | esi:"TacMDMzMTI="
01241250 | 3B D1 | cmp edx,ecx |
01241252 | 72 CC | jb reverse3.1241220 |
01241254 | 6A 14 | push 14 |
01241256 | 8D 45 C0 | lea eax,dword ptr ss:[ebp-40] |
01241259 | 68 40 21 24 01 | push reverse3.1242140 | 1242140:"o2Ffx3V0OjJtYW5spQ=="
0124125E | 50 | push eax | eax:"OTacMDMzMTI="
0124125F | FF 15 C4 20 24 01 | call dword ptr ds:[<&strncmp>] | 经过处理的base64与内置base64值比较,相等=>eax=0
01241265 | 83 C4 0C | add esp,C |
01241268 | 5E | pop esi | esi:"TacMDMzMTI="
01241269 | 85 C0 | test eax,eax | zf=1 => eax=0
0124126B | 75 07 | jne reverse3.1241274 |
0124126D | 68 78 21 24 01 | push reverse3.1242178 | 1242178:"this is the right flag"
01241272 | EB 05 | jmp reverse3.1241279 |
01241274 | 68 90 21 24 01 | push reverse3.1242190 | 1242190:"wrong input"
01241279 | FF 15 B0 20 24 01 | call dword ptr ds:[<&puts>] |
0124127F | 8B 4D FC | mov ecx,dword ptr ss:[ebp-4] |
01241282 | 83 C4 04 | add esp,4 |
01241285 | 33 CD | xor ecx,ebp |
01241287 | 33 C0 | xor eax,eax | eax:"OTacMDMzMTI="
01241289 | E8 92 00 00 00 | call reverse3.1241320 |
0124128E | 8B E5 | mov esp,ebp |
01241290 | 5D | pop ebp |
01241291 | C3 | ret |
|