Sorry, your browser cannot access this site
This page requires browser support (enable) JavaScript
Learn more >

Archer's blog

博客

分类

标签

归档

友链

HTB_rev Behind the Scenes Writeup

CTFReverse Engineering

Writeup

HTB

Reverse Engineering

更新于:Apr 2, 2025

用010 Editor (或者Hex Editor之类的都行)打开源文件,将里面所有的 0F 0B (即 ud2 )改为 90 9090NOP,是Machine Code中表示 无操作 (No Operation) 的命令),然后再用IDA打开文件即可看到完整的代码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
int __fastcall main(int argc, const char **argv, const char **envp)
{
  struct sigaction s; // [rsp+10h] [rbp-A0h] BYREF
  unsigned __int64 v5; // [rsp+A8h] [rbp-8h]

  v5 = __readfsqword(0x28u);
  memset(&s, 0, sizeof(s));
  sigemptyset(&s.sa_mask);
  s.sa_handler = (__sighandler_t)segill_sigaction;
  s.sa_flags = 4;
  sigaction(4, &s, 0LL);
  if ( argc == 2 )
  {
    if ( strlen(argv[1]) == 12 )
    {
      if ( !strncmp(argv[1], "Itz", 3uLL) )
      {
        if ( !strncmp(argv[1] + 3, "_0n", 3uLL) )
        {
          if ( !strncmp(argv[1] + 6, "Ly_", 3uLL) )
          {
            if ( !strncmp(argv[1] + 9, "UD2", 3uLL) )
              printf("> HTB{%s}\n", argv[1]);
            return 0;
          }
          else
          {
            return 0;
          }
        }
        else
        {
          return 0;
        }
      }
      else
      {
        return 0;
      }
    }
    else
    {
      return 0;
    }
  }
  else
  {
    puts("./challenge <password>");
    return 1;
  }
}

所以flag为

1
HTB{Itz_0nLy_UD2}

发布于:Mar 12, 2025