반응형
더보기
int __cdecl main(int argc, const char **argv, const char **envp)
{
unsigned __int8 v3; // al
int v4; // edi
int v5; // ecx
void *v6; // ecx
void *v7; // ecx
void *v8; // ecx
void *v9; // ecx
_BYTE *v10; // ecx
_BYTE *v11; // ecx
_BYTE *v12; // ecx
void *v13; // ecx
_BYTE *v14; // ecx
void *v15; // ecx
_BYTE *v16; // ecx
_BYTE *v17; // ecx
_BYTE *v18; // ecx
_BYTE *v19; // ecx
_BYTE *v20; // ecx
void *v21; // ecx
_BYTE *v22; // ecx
_BYTE *v23; // ecx
_BYTE *v24; // ecx
_BYTE *v25; // ecx
_BYTE *v26; // ecx
_BYTE *v27; // ecx
_BYTE *v28; // ecx
_BYTE *v29; // ecx
_BYTE *v30; // ecx
_BYTE *v31; // ecx
void *v32; // ecx
_BYTE *v33; // ecx
_BYTE *v34; // ecx
_BYTE *v35; // ecx
void *v36; // ecx
_BYTE *v37; // ecx
_BYTE *v38; // ecx
_BYTE *v39; // ecx
int v40; // ecx
int v41; // ecx
int v42; // ecx
int v43; // ecx
int v44; // ecx
int v45; // ecx
int v46; // ecx
int v47; // ecx
int v48; // ecx
int v49; // ecx
int v50; // ecx
int v51; // ecx
int v52; // ecx
int v53; // ecx
int v54; // ecx
int v55; // ecx
int v56; // ecx
int v57; // ecx
int v58; // ecx
int v59; // ecx
int v60; // ecx
int v61; // ecx
int v62; // ecx
int v63; // ecx
int v64; // ecx
int v65; // ecx
int v66; // ecx
int v67; // ecx
int v68; // ecx
int v69; // ecx
int v70; // ecx
int v71; // ecx
int v72; // ecx
int v73; // ecx
int v74; // ecx
int v75; // ecx
int v76; // ecx
int v77; // ecx
int v78; // ecx
void *v80[5]; // [esp+Ch] [ebp-340h] BYREF
unsigned int v81; // [esp+20h] [ebp-32Ch]
void *v82[5]; // [esp+24h] [ebp-328h] BYREF
unsigned int v83; // [esp+38h] [ebp-314h]
void *v84[5]; // [esp+3Ch] [ebp-310h] BYREF
unsigned int v85; // [esp+50h] [ebp-2FCh]
void *v86[5]; // [esp+54h] [ebp-2F8h] BYREF
unsigned int v87; // [esp+68h] [ebp-2E4h]
void *v88[5]; // [esp+6Ch] [ebp-2E0h] BYREF
unsigned int v89; // [esp+80h] [ebp-2CCh]
void *v90[5]; // [esp+84h] [ebp-2C8h] BYREF
unsigned int v91; // [esp+98h] [ebp-2B4h]
void *v92[5]; // [esp+9Ch] [ebp-2B0h] BYREF
unsigned int v93; // [esp+B0h] [ebp-29Ch]
void *v94[5]; // [esp+B4h] [ebp-298h] BYREF
unsigned int v95; // [esp+C8h] [ebp-284h]
void *Block[5]; // [esp+CCh] [ebp-280h] BYREF
unsigned int v97; // [esp+E0h] [ebp-26Ch]
void *v98; // [esp+E4h] [ebp-268h] BYREF
int v99; // [esp+F4h] [ebp-258h]
unsigned int v100; // [esp+F8h] [ebp-254h]
void *v101; // [esp+FCh] [ebp-250h] BYREF
int v102; // [esp+10Ch] [ebp-240h]
unsigned int v103; // [esp+110h] [ebp-23Ch]
void *v104; // [esp+114h] [ebp-238h] BYREF
int v105; // [esp+124h] [ebp-228h]
unsigned int v106; // [esp+128h] [ebp-224h]
void *v107; // [esp+12Ch] [ebp-220h] BYREF
int v108; // [esp+13Ch] [ebp-210h]
unsigned int v109; // [esp+140h] [ebp-20Ch]
void *v110; // [esp+144h] [ebp-208h] BYREF
int v111; // [esp+154h] [ebp-1F8h]
unsigned int v112; // [esp+158h] [ebp-1F4h]
void *v113; // [esp+15Ch] [ebp-1F0h] BYREF
int v114; // [esp+16Ch] [ebp-1E0h]
unsigned int v115; // [esp+170h] [ebp-1DCh]
void *v116; // [esp+174h] [ebp-1D8h] BYREF
int v117; // [esp+184h] [ebp-1C8h]
unsigned int v118; // [esp+188h] [ebp-1C4h]
void *v119; // [esp+18Ch] [ebp-1C0h] BYREF
int v120; // [esp+19Ch] [ebp-1B0h]
unsigned int v121; // [esp+1A0h] [ebp-1ACh]
void *v122; // [esp+1A4h] [ebp-1A8h] BYREF
int v123; // [esp+1B4h] [ebp-198h]
unsigned int v124; // [esp+1B8h] [ebp-194h]
void *v125; // [esp+1BCh] [ebp-190h] BYREF
int v126; // [esp+1CCh] [ebp-180h]
unsigned int v127; // [esp+1D0h] [ebp-17Ch]
void *v128; // [esp+1D4h] [ebp-178h] BYREF
int v129; // [esp+1E4h] [ebp-168h]
unsigned int v130; // [esp+1E8h] [ebp-164h]
void *v131; // [esp+1ECh] [ebp-160h] BYREF
int v132; // [esp+1FCh] [ebp-150h]
unsigned int v133; // [esp+200h] [ebp-14Ch]
void *v134; // [esp+204h] [ebp-148h] BYREF
int v135; // [esp+214h] [ebp-138h]
unsigned int v136; // [esp+218h] [ebp-134h]
void *v137; // [esp+21Ch] [ebp-130h] BYREF
int v138; // [esp+22Ch] [ebp-120h]
unsigned int v139; // [esp+230h] [ebp-11Ch]
void *v140; // [esp+234h] [ebp-118h] BYREF
int v141; // [esp+244h] [ebp-108h]
unsigned int v142; // [esp+248h] [ebp-104h]
void *v143; // [esp+24Ch] [ebp-100h] BYREF
int v144; // [esp+25Ch] [ebp-F0h]
unsigned int v145; // [esp+260h] [ebp-ECh]
void *v146; // [esp+264h] [ebp-E8h] BYREF
int v147; // [esp+274h] [ebp-D8h]
unsigned int v148; // [esp+278h] [ebp-D4h]
void *v149; // [esp+27Ch] [ebp-D0h] BYREF
int v150; // [esp+28Ch] [ebp-C0h]
unsigned int v151; // [esp+290h] [ebp-BCh]
void *v152; // [esp+294h] [ebp-B8h] BYREF
int v153; // [esp+2A4h] [ebp-A8h]
unsigned int v154; // [esp+2A8h] [ebp-A4h]
void *v155; // [esp+2ACh] [ebp-A0h] BYREF
int v156; // [esp+2BCh] [ebp-90h]
unsigned int v157; // [esp+2C0h] [ebp-8Ch]
void *v158; // [esp+2C4h] [ebp-88h] BYREF
int v159; // [esp+2D4h] [ebp-78h]
unsigned int v160; // [esp+2D8h] [ebp-74h]
void *v161; // [esp+2DCh] [ebp-70h] BYREF
int v162; // [esp+2ECh] [ebp-60h]
unsigned int v163; // [esp+2F0h] [ebp-5Ch]
void *v164; // [esp+2F4h] [ebp-58h] BYREF
int v165; // [esp+304h] [ebp-48h]
unsigned int v166; // [esp+308h] [ebp-44h]
void *v167; // [esp+30Ch] [ebp-40h] BYREF
int v168; // [esp+31Ch] [ebp-30h]
unsigned int v169; // [esp+320h] [ebp-2Ch]
void *v170; // [esp+324h] [ebp-28h] BYREF
int v171; // [esp+334h] [ebp-18h]
unsigned int v172; // [esp+338h] [ebp-14h]
int v173; // [esp+348h] [ebp-4h]
v99 = 0;
v100 = 15;
LOBYTE(v98) = 0;
sub_3B2A30(&v98, "i", 1u);
v173 = 0;
v102 = 0;
v103 = 15;
LOBYTE(v101) = 0;
sub_3B2A30(&v101, "s", 1u);
LOBYTE(v173) = 1;
v105 = 0;
v106 = 15;
LOBYTE(v104) = 0;
sub_3B2A30(&v104, "c", 1u);
LOBYTE(v173) = 2;
v80[4] = 0;
v81 = 15;
LOBYTE(v80[0]) = 0;
sub_3B2A30(v80, "_", 1u);
LOBYTE(v173) = 3;
v108 = 0;
v109 = 15;
LOBYTE(v107) = 0;
sub_3B2A30(&v107, "u", 1u);
LOBYTE(v173) = 4;
v111 = 0;
v112 = 15;
LOBYTE(v110) = 0;
sub_3B2A30(&v110, "y", 1u);
LOBYTE(v173) = 5;
v114 = 0;
v115 = 15;
LOBYTE(v113) = 0;
sub_3B2A30(&v113, "o", 1u);
LOBYTE(v173) = 6;
v82[4] = 0;
v83 = 15;
LOBYTE(v82[0]) = 0;
sub_3B2A30(v82, "r", 1u);
LOBYTE(v173) = 7;
v117 = 0;
v118 = 15;
LOBYTE(v116) = 0;
sub_3B2A30(&v116, "u", 1u);
LOBYTE(v173) = 8;
v120 = 0;
v121 = 15;
LOBYTE(v119) = 0;
sub_3B2A30(&v119, "r", 1u);
LOBYTE(v173) = 9;
v171 = 0;
v172 = 15;
LOBYTE(v170) = 0;
sub_3B2A30(&v170, "_", 1u);
LOBYTE(v173) = 10;
v123 = 0;
v124 = 15;
LOBYTE(v122) = 0;
sub_3B2A30(&v122, "f", 1u);
LOBYTE(v173) = 11;
v126 = 0;
v127 = 15;
LOBYTE(v125) = 0;
sub_3B2A30(&v125, "l", 1u);
LOBYTE(v173) = 12;
v129 = 0;
v130 = 15;
LOBYTE(v128) = 0;
sub_3B2A30(&v128, "4", 1u);
LOBYTE(v173) = 13;
v132 = 0;
v133 = 15;
LOBYTE(v131) = 0;
sub_3B2A30(&v131, "g", 1u);
LOBYTE(v173) = 14;
v135 = 0;
v136 = 15;
LOBYTE(v134) = 0;
sub_3B2A30(&v134, "i", 1u);
LOBYTE(v173) = 15;
v138 = 0;
v139 = 15;
LOBYTE(v137) = 0;
sub_3B2A30(&v137, "s", 1u);
LOBYTE(v173) = 16;
v141 = 0;
v142 = 15;
LOBYTE(v140) = 0;
sub_3B2A30(&v140, "t", 1u);
LOBYTE(v173) = 17;
v84[4] = 0;
v85 = 15;
LOBYTE(v84[0]) = 0;
sub_3B2A30(v84, "k", 1u);
LOBYTE(v173) = 18;
v144 = 0;
v145 = 15;
LOBYTE(v143) = 0;
sub_3B2A30(&v143, "h", 1u);
LOBYTE(v173) = 19;
v147 = 0;
v148 = 15;
LOBYTE(v146) = 0;
sub_3B2A30(&v146, "t", 1u);
LOBYTE(v173) = 20;
v150 = 0;
v151 = 15;
LOBYTE(v149) = 0;
sub_3B2A30(&v149, "e", 1u);
LOBYTE(v173) = 21;
v153 = 0;
v154 = 15;
LOBYTE(v152) = 0;
sub_3B2A30(&v152, "f", 1u);
LOBYTE(v173) = 22;
v156 = 0;
v157 = 15;
LOBYTE(v155) = 0;
sub_3B2A30(&v155, "l", 1u);
LOBYTE(v173) = 23;
v86[4] = 0;
v87 = 15;
LOBYTE(v86[0]) = 0;
sub_3B2A30(v86, "b", 1u);
LOBYTE(v173) = 24;
v159 = 0;
v160 = 15;
LOBYTE(v158) = 0;
sub_3B2A30(&v158, "a", 1u);
LOBYTE(v173) = 25;
v88[4] = 0;
v89 = 15;
LOBYTE(v88[0]) = 0;
sub_3B2A30(v88, "x", 1u);
LOBYTE(v173) = 26;
v162 = 0;
v163 = 15;
LOBYTE(v161) = 0;
sub_3B2A30(&v161, "g", 1u);
LOBYTE(v173) = 27;
v165 = 0;
v166 = 15;
LOBYTE(v164) = 0;
sub_3B2A30(&v164, "{", 1u);
LOBYTE(v173) = 28;
v168 = 0;
v169 = 15;
LOBYTE(v167) = 0;
sub_3B2A30(&v167, "}", 1u);
LOBYTE(v173) = 29;
v92[4] = 0;
v93 = 15;
LOBYTE(v92[0]) = 0;
sub_3B2A30(v92, "1337-1337-1337-1337", 0x13u);
LOBYTE(v173) = 30;
v90[4] = 0;
v91 = 15;
LOBYTE(v90[0]) = 0;
sub_3B2A30(v90, "7331-7331-7331-7331", 0x13u);
LOBYTE(v173) = 31;
v94[4] = 0;
v95 = 15;
LOBYTE(v94[0]) = 0;
sub_3B2A30(v94, "0000-0000-0000-0000", 0x13u);
LOBYTE(v173) = 32;
Block[4] = 0;
v97 = 15;
LOBYTE(Block[0]) = 0;
sub_3B2A30(Block, &unk_3B51F0, 0);
LOBYTE(v173) = 33;
sub_3B2D90(std::cout, "Enter serial number:\n");
v3 = std::ios::widen(std::cin + *(std::cin + 4), 10);
sub_3B3200(v3);
v4 = sub_3B2940(v92);
if ( !sub_3B2940(v94) )
{
sub_3B2D90(std::cout, "Fake! \n");
LABEL_3:
sub_3B2D90(std::cout, "Wrong!");
goto LABEL_4;
}
if ( v4 )
goto LABEL_3;
LOBYTE(v5) = 67;
sub_3B1170(v5);
LOBYTE(v40) = 67;
sub_3B1170(v40);
LOBYTE(v41) = 71;
sub_3B1170(v41);
LOBYTE(v42) = 71;
sub_3B1170(v42);
LOBYTE(v43) = 65;
sub_3B1170(v43);
LOBYTE(v44) = 65;
sub_3B1170(v44);
LOBYTE(v45) = 71;
sub_3B1170(v45);
Sleep(0x190u);
std::ostream::operator<<(std::cout, sub_3B2FD0);
LOBYTE(v46) = 70;
sub_3B1170(v46);
LOBYTE(v47) = 70;
sub_3B1170(v47);
LOBYTE(v48) = 69;
sub_3B1170(v48);
LOBYTE(v49) = 69;
sub_3B1170(v49);
LOBYTE(v50) = 68;
sub_3B1170(v50);
LOBYTE(v51) = 68;
sub_3B1170(v51);
LOBYTE(v52) = 67;
sub_3B1170(v52);
Sleep(0x190u);
std::ostream::operator<<(std::cout, sub_3B2FD0);
LOBYTE(v53) = 71;
sub_3B1170(v53);
LOBYTE(v54) = 71;
sub_3B1170(v54);
LOBYTE(v55) = 70;
sub_3B1170(v55);
LOBYTE(v56) = 70;
sub_3B1170(v56);
LOBYTE(v57) = 69;
sub_3B1170(v57);
LOBYTE(v58) = 68;
sub_3B1170(v58);
LOBYTE(v59) = 71;
sub_3B1170(v59);
Sleep(0x190u);
std::ostream::operator<<(std::cout, sub_3B2FD0);
LOBYTE(v60) = 71;
sub_3B1170(v60);
LOBYTE(v61) = 70;
sub_3B1170(v61);
LOBYTE(v62) = 70;
sub_3B1170(v62);
LOBYTE(v63) = 69;
sub_3B1170(v63);
LOBYTE(v64) = 68;
sub_3B1170(v64);
LOBYTE(v65) = 67;
sub_3B1170(v65);
LOBYTE(v66) = 67;
sub_3B1170(v66);
Sleep(0x190u);
std::ostream::operator<<(std::cout, sub_3B2FD0);
LOBYTE(v67) = 71;
sub_3B1170(v67);
LOBYTE(v68) = 71;
sub_3B1170(v68);
LOBYTE(v69) = 65;
sub_3B1170(v69);
LOBYTE(v70) = 65;
sub_3B1170(v70);
LOBYTE(v71) = 71;
sub_3B1170(v71);
LOBYTE(v72) = 70;
sub_3B1170(v72);
LOBYTE(v73) = 70;
sub_3B1170(v73);
Sleep(0x190u);
std::ostream::operator<<(std::cout, sub_3B2FD0);
LOBYTE(v74) = 69;
sub_3B1170(v74);
LOBYTE(v75) = 69;
sub_3B1170(v75);
LOBYTE(v76) = 68;
sub_3B1170(v76);
LOBYTE(v77) = 68;
sub_3B1170(v77);
LOBYTE(v78) = 67;
sub_3B1170(v78);
std::ostream::operator<<(std::cout, sub_3B2FD0);
sub_3B2D90(std::cout, "Thanks for listening <3, here is your flag: ");
sub_3B33B0(v165);
sub_3B33B0(v111);
sub_3B33B0(v114);
sub_3B33B0(v117);
sub_3B33B0(v120);
sub_3B33B0(v171);
sub_3B33B0(v123);
sub_3B33B0(v126);
sub_3B33B0(v129);
sub_3B33B0(v132);
sub_3B33B0(v171);
sub_3B33B0(v135);
sub_3B33B0(v138);
sub_3B33B0(v171);
sub_3B33B0(v141);
sub_3B33B0(v144);
sub_3B33B0(v99);
sub_3B33B0(v102);
sub_3B33B0(v171);
sub_3B33B0(v105);
sub_3B33B0(v108);
sub_3B33B0(v147);
sub_3B33B0(v150);
sub_3B33B0(v171);
sub_3B33B0(v153);
sub_3B33B0(v156);
sub_3B33B0(v159);
sub_3B33B0(v162);
sub_3B33B0(v168);
LABEL_4:
Sleep(0xFA0u);
if ( v97 >= 0x10 )
{
v6 = Block[0];
if ( v97 + 1 >= 0x1000 )
{
v6 = *(Block[0] - 1);
if ( (Block[0] - v6 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v6);
}
if ( v95 >= 0x10 )
{
v7 = v94[0];
if ( v95 + 1 >= 0x1000 )
{
v7 = *(v94[0] - 1);
if ( (v94[0] - v7 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v7);
}
if ( v91 >= 0x10 )
{
v8 = v90[0];
if ( v91 + 1 >= 0x1000 )
{
v8 = *(v90[0] - 1);
if ( (v90[0] - v8 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v8);
}
if ( v93 >= 0x10 )
{
v9 = v92[0];
if ( v93 + 1 >= 0x1000 )
{
v9 = *(v92[0] - 1);
if ( (v92[0] - v9 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v9);
}
if ( v169 >= 0x10 )
{
v10 = v167;
if ( v169 + 1 >= 0x1000 )
{
v10 = *(v167 - 1);
if ( (v167 - v10 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v10);
}
v168 = 0;
v169 = 15;
LOBYTE(v167) = 0;
if ( v166 >= 0x10 )
{
v11 = v164;
if ( v166 + 1 >= 0x1000 )
{
v11 = *(v164 - 1);
if ( (v164 - v11 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v11);
}
v165 = 0;
v166 = 15;
LOBYTE(v164) = 0;
if ( v163 >= 0x10 )
{
v12 = v161;
if ( v163 + 1 >= 0x1000 )
{
v12 = *(v161 - 1);
if ( (v161 - v12 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v12);
}
v162 = 0;
v163 = 15;
LOBYTE(v161) = 0;
if ( v89 >= 0x10 )
{
v13 = v88[0];
if ( v89 + 1 >= 0x1000 )
{
v13 = *(v88[0] - 1);
if ( (v88[0] - v13 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v13);
}
if ( v160 >= 0x10 )
{
v14 = v158;
if ( v160 + 1 >= 0x1000 )
{
v14 = *(v158 - 1);
if ( (v158 - v14 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v14);
}
v159 = 0;
v160 = 15;
LOBYTE(v158) = 0;
if ( v87 >= 0x10 )
{
v15 = v86[0];
if ( v87 + 1 >= 0x1000 )
{
v15 = *(v86[0] - 1);
if ( (v86[0] - v15 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v15);
}
if ( v157 >= 0x10 )
{
v16 = v155;
if ( v157 + 1 >= 0x1000 )
{
v16 = *(v155 - 1);
if ( (v155 - v16 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v16);
}
v156 = 0;
v157 = 15;
LOBYTE(v155) = 0;
if ( v154 >= 0x10 )
{
v17 = v152;
if ( v154 + 1 >= 0x1000 )
{
v17 = *(v152 - 1);
if ( (v152 - v17 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v17);
}
v153 = 0;
v154 = 15;
LOBYTE(v152) = 0;
if ( v151 >= 0x10 )
{
v18 = v149;
if ( v151 + 1 >= 0x1000 )
{
v18 = *(v149 - 1);
if ( (v149 - v18 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v18);
}
v150 = 0;
v151 = 15;
LOBYTE(v149) = 0;
if ( v148 >= 0x10 )
{
v19 = v146;
if ( v148 + 1 >= 0x1000 )
{
v19 = *(v146 - 1);
if ( (v146 - v19 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v19);
}
v147 = 0;
v148 = 15;
LOBYTE(v146) = 0;
if ( v145 >= 0x10 )
{
v20 = v143;
if ( v145 + 1 >= 0x1000 )
{
v20 = *(v143 - 1);
if ( (v143 - v20 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v20);
}
v144 = 0;
v145 = 15;
LOBYTE(v143) = 0;
if ( v85 >= 0x10 )
{
v21 = v84[0];
if ( v85 + 1 >= 0x1000 )
{
v21 = *(v84[0] - 1);
if ( (v84[0] - v21 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v21);
}
if ( v142 >= 0x10 )
{
v22 = v140;
if ( v142 + 1 >= 0x1000 )
{
v22 = *(v140 - 1);
if ( (v140 - v22 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v22);
}
v141 = 0;
v142 = 15;
LOBYTE(v140) = 0;
if ( v139 >= 0x10 )
{
v23 = v137;
if ( v139 + 1 >= 0x1000 )
{
v23 = *(v137 - 1);
if ( (v137 - v23 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v23);
}
v138 = 0;
v139 = 15;
LOBYTE(v137) = 0;
if ( v136 >= 0x10 )
{
v24 = v134;
if ( v136 + 1 >= 0x1000 )
{
v24 = *(v134 - 1);
if ( (v134 - v24 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v24);
}
v135 = 0;
v136 = 15;
LOBYTE(v134) = 0;
if ( v133 >= 0x10 )
{
v25 = v131;
if ( v133 + 1 >= 0x1000 )
{
v25 = *(v131 - 1);
if ( (v131 - v25 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v25);
}
v132 = 0;
v133 = 15;
LOBYTE(v131) = 0;
if ( v130 >= 0x10 )
{
v26 = v128;
if ( v130 + 1 >= 0x1000 )
{
v26 = *(v128 - 1);
if ( (v128 - v26 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v26);
}
v129 = 0;
v130 = 15;
LOBYTE(v128) = 0;
if ( v127 >= 0x10 )
{
v27 = v125;
if ( v127 + 1 >= 0x1000 )
{
v27 = *(v125 - 1);
if ( (v125 - v27 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v27);
}
v126 = 0;
v127 = 15;
LOBYTE(v125) = 0;
if ( v124 >= 0x10 )
{
v28 = v122;
if ( v124 + 1 >= 0x1000 )
{
v28 = *(v122 - 1);
if ( (v122 - v28 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v28);
}
v123 = 0;
v124 = 15;
LOBYTE(v122) = 0;
if ( v172 >= 0x10 )
{
v29 = v170;
if ( v172 + 1 >= 0x1000 )
{
v29 = *(v170 - 1);
if ( (v170 - v29 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v29);
}
v171 = 0;
v172 = 15;
LOBYTE(v170) = 0;
if ( v121 >= 0x10 )
{
v30 = v119;
if ( v121 + 1 >= 0x1000 )
{
v30 = *(v119 - 1);
if ( (v119 - v30 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v30);
}
v120 = 0;
v121 = 15;
LOBYTE(v119) = 0;
if ( v118 >= 0x10 )
{
v31 = v116;
if ( v118 + 1 >= 0x1000 )
{
v31 = *(v116 - 1);
if ( (v116 - v31 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v31);
}
v117 = 0;
v118 = 15;
LOBYTE(v116) = 0;
if ( v83 >= 0x10 )
{
v32 = v82[0];
if ( v83 + 1 >= 0x1000 )
{
v32 = *(v82[0] - 1);
if ( (v82[0] - v32 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v32);
}
if ( v115 >= 0x10 )
{
v33 = v113;
if ( v115 + 1 >= 0x1000 )
{
v33 = *(v113 - 1);
if ( (v113 - v33 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v33);
}
v114 = 0;
v115 = 15;
LOBYTE(v113) = 0;
if ( v112 >= 0x10 )
{
v34 = v110;
if ( v112 + 1 >= 0x1000 )
{
v34 = *(v110 - 1);
if ( (v110 - v34 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v34);
}
v111 = 0;
v112 = 15;
LOBYTE(v110) = 0;
if ( v109 >= 0x10 )
{
v35 = v107;
if ( v109 + 1 >= 0x1000 )
{
v35 = *(v107 - 1);
if ( (v107 - v35 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v35);
}
v108 = 0;
v109 = 15;
LOBYTE(v107) = 0;
if ( v81 >= 0x10 )
{
v36 = v80[0];
if ( v81 + 1 >= 0x1000 )
{
v36 = *(v80[0] - 1);
if ( (v80[0] - v36 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v36);
}
if ( v106 >= 0x10 )
{
v37 = v104;
if ( v106 + 1 >= 0x1000 )
{
v37 = *(v104 - 1);
if ( (v104 - v37 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v37);
}
v105 = 0;
v106 = 15;
LOBYTE(v104) = 0;
if ( v103 < 0x10 )
goto LABEL_136;
v38 = v101;
if ( v103 + 1 >= 0x1000 )
{
v38 = *(v101 - 1);
if ( (v101 - v38 - 4) > 0x1F )
LABEL_139:
invalid_parameter_noinfo_noreturn();
}
sub_3B3642(v38);
LABEL_136:
v102 = 0;
v103 = 15;
LOBYTE(v101) = 0;
if ( v100 >= 0x10 )
{
v39 = v98;
if ( v100 + 1 >= 0x1000 )
{
v39 = *(v98 - 1);
if ( (v98 - v39 - 4) > 0x1F )
goto LABEL_139;
}
sub_3B3642(v39);
}
return 0;
}음... main함수가 엄청 길다.
그래서 이것저것 분석해보다가, 처음에는 isc_uyorur_fl4gistkhteflbaxg{} 문자열을 활용하나싶기도하고,
fl4g가 보여서......
동적분석을 해야겠다라고 생각했다.
처음에 AAAAA를 넣고, 동적분석을 하는데 1337-1337-1337-1337과 비교를 하는 부분이 있었고
내 AAAAA가 어떻게 변하는지 분석하지도 못하고 디버깅이 종료되어서
다음 디버깅시에 1337-1337-1337-1337를 입력하니까, 플래그가 나왔다.(뭐지?)
그래서 저 플래그 나오는 부분으로 EIP컨트롤해도 나오나?하고 컨트롤해봤는데.. 역시나 나왔다.
하지만 처음부터 .text:003B22BF로 EIP컨트롤하면 에러가 뜨니까 주의하자.
ㅁ
아마 sub_3B2940에서 메모리를 참조를 한번 해야지 플래그 나올때 원활하게 메모리 참조가 되는것같다.
반응형
'Rev > Write-up' 카테고리의 다른 글
| RaziCTF2020 - Protected Conditions (0) | 2021.01.29 |
|---|---|
| RaziCTF2020 - Revme (0) | 2021.01.27 |
| HTB - Nostalgia (0) | 2021.01.22 |
| HTB - exalton_v1 (0) | 2021.01.20 |
| HTB - Hackybird (0) | 2021.01.18 |
