filmov
tv
pico2024 Classic Crackme 0x100
Показать описание
Used z3py to find the proper input for a crackme (instead of attempting to reverse the encryption).
# this function will allow me to convert my BitVec names back to numbers to sort them
def getIndex(g):
s=Solver()
# ensure the results are ASCII characters
for v in userInput:
# implement the loop in Ghidra
for i in range(3):
for j in range(50):
uVar1 = (((j % 255) ﹥﹥ 1) & 0x55) + ((j %255) & 0x55)
uVar1 = ((uVar1 ﹥﹥ 2) & 0x33) + (uVar1 & 0x33)
iVar2 = ((uVar1 ﹥﹥ 4) & 0xf) + (userInput[j]-97)+(0xf & uVar1)
userInput[j] = 97+iVar2+(iVar2/26)*(-26)
# make sure the encrypted value equals the memcmp value
for j in range(50):
result=''
# Alas the model isn't in order, so we sort it using the name
result=result+chr(model[d].as_long())
print(result)
# this function will allow me to convert my BitVec names back to numbers to sort them
def getIndex(g):
s=Solver()
# ensure the results are ASCII characters
for v in userInput:
# implement the loop in Ghidra
for i in range(3):
for j in range(50):
uVar1 = (((j % 255) ﹥﹥ 1) & 0x55) + ((j %255) & 0x55)
uVar1 = ((uVar1 ﹥﹥ 2) & 0x33) + (uVar1 & 0x33)
iVar2 = ((uVar1 ﹥﹥ 4) & 0xf) + (userInput[j]-97)+(0xf & uVar1)
userInput[j] = 97+iVar2+(iVar2/26)*(-26)
# make sure the encrypted value equals the memcmp value
for j in range(50):
result=''
# Alas the model isn't in order, so we sort it using the name
result=result+chr(model[d].as_long())
print(result)
Комментарии