获取基本信息

获取关键字符串

进来“开门红”

上一篇博客才发现这个

按u转换为二进制

有个无效db，最简单的花指令

nop掉

重新u一下p一下

就正常了

然后编译完main函数

int __cdecl __noreturn main(int argc, const char **argv, const char **envp)
{signed int v3; // kr00_4int i; // edxchar v5; // clunsigned int j; // edxint v7; // eaxchar v8; // [esp+0h] [ebp-44h]char v9; // [esp+0h] [ebp-44h]char Arglist[48]; // [esp+10h] [ebp-34h] BYREFsub_401020("please input flag\n", v8);sub_401050("%s", (char)Arglist);v3 = strlen(Arglist);for ( i = 0; i < v3 / 2; ++i ){v5 = Arglist[2 * i];Arglist[2 * i] = Arglist[2 * i + 1];Arglist[2 * i + 1] = v5;}for ( j = 0; j < strlen(Arglist); ++j )Arglist[j] ^= 0x30u;v7 = strcmp(Arglist, "c~scvdzKCEoDEZ[^roDICUMC");if ( v7 )v7 = v7 < 0 ? -1 : 1;if ( !v7 ){sub_401020("yes", v9);exit(0);}sub_401020("error", v9);exit(0);
}

简单的逻辑

a='c~scvdzKCEoDEZ[^roDICUMC'
b=[]
flag=''
for i in range(len(a)):b.append(ord(a[i])^0x30)
for i in range(0,len(a),2):b[i],b[i+1]=b[i+1],b[i]
for i in b:print(chr(i),end='')