无壳
查看ida
这里应该运行就可以得flag,但是这个程序不能直接点击运行
按照伪代码写exp
完整exp:
key=list('gamelab@')
content=[0xB6,0x42,0xB7,0xFC,0xF0,0xA2,0x5E,0xA9,0x3D,0x29,0x36,0x1F,0x54,0x29,0x72,0xA8, 0x63,0x32,0xF2,0x44,0x8B,0x85,0xEC,0x0D,0xAD,0x3F,0x93,0xA3,0x92,0x74,0x81,0x65,0x69,0xEC,0xE4,0x39,0x85,0xA9,0xCA,0xAF,0xB2,0xC6]
rc4number=0x100
s=[0]*rc4number
flag=''
def rc4_init(s,key,rc4number):
for i in range(rc4number):
s[i]=i
j=0
for i in range(rc4number):
j=(j+s[i]+ord(key[i%len(key)]))%rc4number
temp=s[i]
s[i]=s[j]
s[j]=temp
def rc4_endecode(s,content,rc4number):
i=0
j=0
for k in range(len(content)):
i=(i+1)%rc4number
j=(j+s[i])%rc4number
temp=s[i]
s[i]=s[j]
s[j]=temp
t=(s[i]+s[j])%rc4number
content[k]=chr(content[k]^s[t])
content=''.join(content)
print(content)
rc4_init(s,key,rc4number)
rc4_endecode(s,content,rc4number)