elf檔案用ida打開
main函數F5,判斷條件為
if ( sub_8048451() == )
{
sub_80484F7(); //輸出correct!
result = ;
}
else
{
write(, "Wrong\n", );
result = ;
}
故隻要sub_8048451()==1即可,檢視這個函數
int sub_8048451()
{
int result; // [email protected]
if ( byte_804A021 == )
{
byte_804A020 ^= u;
byte_804A022 ^= u;
byte_804A023 ^= u;
if ( byte_804A024 == )
{
if ( byte_804A025 )
{
result = ;
}
else if ( byte_804A022 == )
{
if ( byte_804A020 == )
result = byte_804A023 == -;
else
result = ;
}
else
{
result = ;
}
}
else
{
result = ;
}
}
else
{
result = ;
}
return result;
}
然後找到byte_804A020看看這是什麼東西
.bss:0804A020 byte_804A020 db ? ; DATA XREF: sub_8048434+Bo
.bss:0804A020 ; sub_8048451:loc_8048469r ...
.bss:0804A021 byte_804A021 db ? ; DATA XREF: sub_8048451+r
.bss:0804A022 byte_804A022 db ? ; DATA XREF: sub_8048451+r
.bss:0804A022 ; sub_8048451+w ...
.bss:0804A023 byte_804A023 db ? ; DATA XREF: sub_8048451+r
.bss:0804A023 ; sub_8048451+w ...
.bss:0804A024 byte_804A024 db ? ; DATA XREF: sub_8048451+r
.bss:0804A025 byte_804A025 db ? ; DATA XREF: sub_8048451:loc_80484A8r
看sub_8048434()函數
int sub_8048434()
{
return __isoc99_scanf();
}
即是輸入的字元串
寫個c
#include <stdio.h>
int main ()
{
char s[]={,'1',,,'X'};
s[]=^;
s[]=^;
s[]=^-;
s[]=;
printf("%s",s);
}
答案為L1NUX,送出,正确
![Reversing.kr Easy Keygen、Easy Unpack[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)