# data_structs_and_algos chạy thử file và kiểm tra file thì thấy:  nhảy vào IDA thì thấy: có "Congrats!" ngay tại hàm main rồi nè  ->sau khi gọi hàm "sub_7FF7FC971970" mà giá trị eax trả về = 0 thì in ra "Congrats!" vì vậy nên em đặt BP tại "test eax, eax" và đổi gia trị sau của eax = 0 thử xem suy đoán của mình đúng không  để flag là "Nhihi" mà vẫn đúng vì thế nên hàm để kiểm tra flag là “sub_7FF7FC971970” chắc đúng rồi vì thế nên bay vào hàm nay kiểm tra: thì thấy nó cho một loạt các giá trị : 2 2 * 2 .... format 2 2 * <=> 2*2 sử dụng stack để tính trước hết thì đi lấy data đề cho: trong ida thì thấy data bắt đầu từ "0x1400019DF" và hết tại "0xx14000E5B5"  -> tạo mảng arr chứa chuỗi để tính toán: dùng python để tìm mảng này (ida -> file -> script command) ```python= ea = 0x1400019DF b = 0x14000E5B5 print("Hihi") a = "" i = ea arr = [] while i <= b: x = (idc.generate_disasm_line(i, 0)) if x[-13:] == "sub_14000F050": address = idc.get_operand_value(i-0xe, 1) string = idc.get_strlit_contents(address) string = string.decode('utf-8') a = a + string a = a + "," i +=4 if x[-13:] == "sub_14000EA40": a = a[:-1] arr.append(a) a = "" i +=4 i = i+1 a = a[:-1] arr.append(a) print(arr) ```  bỏ cái mảng vừa tìm được và dùng evaluate postfix để tìm ký tự unicode tương ứng ```python= def evaluate_postfix(a): stack = [] # tokens = a.split() for token in tokens: if isinstance(token, int): stack.append(token) else: operand2 = stack.pop() operand1 = stack.pop() if token == '+': result = operand1 + operand2 elif token == '-': result = operand1 - operand2 elif token == '*': result = operand1 * operand2 elif token == '/': result = operand1 / operand2 elif token == '^': result = operand1 ** operand2 stack.append(result) return stack[0] arr = ['2,2,*,2,*,7,+,2,2,*,2,*,+,2,2,*,2,*,+,7,+,2,2,*,3,*,+,7,+,2,2,*,2,*,+,2,5,*,+,2,2,*,2,*,+', '7,2,3,*,+,2,2,*,+,2,3,*,+,3,3,*,+,2,2,*,+,2,3,*,+,2,3,*,+,3,+,2,3,*,3,*,+', '2,2,*,2,*,2,2,*,2,*,+,2,3,*,+,5,+,2,2,*,2,*,+,2,3,*,+,2,2,*,+,2,3,*,+,5,+,13,+', '17,2,5,*,+,7,+,2,2,*,2,*,+,13,+,2,2,*,3,*,+,13,+,2,2,*,2,*,2,*,+,3,3,*,+,2,3,*,3,*,+', '3,3,+,5,+,5,+,7,+,7,+,3,+,2,2,*,+,3,+,13,+', '11,3,3,*,+,2,5,*,+,2,2,*,2,*,2,*,+,7,+,2,2,*,2,*,2,*,+,13,+,3,5,*,+,2,2,*,2,*,+,2,7,*,+', '2,3,*,2,2,*,+,3,+,2,+,2,2,*,+,2,2,*,+,2,2,*,+,2,3,*,+,2,3,*,+,2,5,*,+', '2,5,*,2,5,*,+,2,3,*,+,2,2,*,2,*,+,2,3,*,+,11,+,11,+,2,2,*,3,*,+,2,7,*,+,2,11,*,+', '2,2,*,2,2,*,+,3,+,5,+,2,3,*,+,2,2,*,+,2,3,*,+,2,2,*,+,2,3,*,+,2,2,*,3,*,+', '2,2,*,2,2,*,+,2,2,*,+,2,+,2,+,2,2,*,+,3,+,2,+,3,+,3,7,*,+', '2,2,*,3,*,13,+,2,3,*,+,3,3,*,+,2,2,*,2,*,+,3,5,*,+,2,2,*,3,*,+,2,5,*,+,2,5,*,+,3,5,*,+', '7,3,+,2,2,*,+,7,+,2,3,*,+,5,+,2,2,*,+,3,+,5,+,2,5,*,+', '2,2,*,2,*,2,2,*,3,*,+,11,+,2,3,*,+,2,3,*,+,2,2,*,3,*,+,2,5,*,+,2,2,*,3,*,+,2,3,*,+,2,2,*,3,*,+', '5,2,2,*,+,3,+,7,+,5,+,5,+,5,+,2,2,*,+,5,+,2,2,*,3,*,+', '2,2,*,3,*,2,2,*,2,*,+,3,5,*,+,2,5,*,+,2,7,*,+,2,5,*,+,5,+,2,7,*,+,2,7,*,+,2,+', '11,3,5,*,+,2,7,*,+,3,5,*,+,2,3,*,+,2,3,*,+,2,7,*,+,2,5,*,+,2,2,*,2,*,2,*,+,7,+', '5,5,+,2,+,5,+,2,3,*,+,2,3,*,+,2,3,*,+,2,2,*,+,2,2,*,+,5,+', '11,3,5,*,+,2,7,*,+,2,7,*,+,2,5,*,+,2,2,*,2,*,+,2,2,*,2,*,2,*,+,7,+,2,7,*,+,2,2,*,2,*,+', '3,3,+,5,+,2,3,*,+,7,+,2,3,*,+,7,+,2,2,*,+,3,+,2,5,*,+', '11,5,+,2,5,*,+,2,2,*,2,*,+,2,5,*,+,13,+,13,+,2,2,*,2,*,+,2,7,*,+,2,2,*,3,*,+', '2,2,*,2,*,2,2,*,3,*,+,11,+,2,3,*,+,2,3,*,+,2,2,*,3,*,+,2,5,*,+,2,2,*,3,*,+,2,3,*,+,2,2,*,3,*,+', '2,2,*,2,3,*,+,5,+,5,+,5,+,5,+,5,+,7,+,3,+,2,5,*,+', '3,3,*,2,2,*,2,*,+,2,2,*,2,*,+,5,+,2,3,*,+,3,5,*,+,2,7,*,+,2,3,*,+,2,5,*,+,23,+', '2,3,*,2,2,*,+,7,+,5,+,2,2,*,+,2,2,*,+,2,3,*,+,2,2,*,+,5,+,2,3,*,+', '2,5,*,7,+,11,+,5,+,2,2,*,2,*,+,13,+,2,2,*,3,*,+,3,3,*,+,2,2,*,3,*,+,2,2,*,2,*,+', '3,3,+,3,+,3,+,2,3,*,+,5,+,5,+,5,+,7,+,3,5,*,+', '2,2,*,3,*,13,+,11,+,11,+,2,2,*,2,*,2,*,+,11,+,2,2,*,2,*,+,3,3,*,+,13,+,2,5,*,+', '5,5,+,5,+,5,+,7,+,2,2,*,+,3,+,3,+,5,+,3,3,*,+', '3,5,+,5,+,2,2,*,+,5,+,3,+,5,+,7,+,5,+,3,3,*,+', '2,2,*,5,+,3,+,5,+,3,+,3,+,5,+,3,+,5,+,17,+', '13,5,+,2,3,*,+,2,2,*,2,*,+,3,3,*,+,2,3,*,+,3,3,*,+,2,3,*,+,2,2,*,3,*,+,3,7,*,+', '5,2,3,*,+,7,+,2,2,*,+,3,+,7,+,5,+,2,2,*,+,5,+,7,+', '2,3,*,2,3,*,+,2,2,*,+,3,+,3,+,3,+,2,2,*,+,3,+,2,2,*,+,13,+', '2,2,*,3,*,2,2,*,2,*,+,3,3,*,+,2,2,*,2,*,+,13,+,3,5,*,+,11,+,2,2,*,2,*,+,13,+,2,2,*,+', '5,5,+,7,+,7,+,3,+,2,2,*,+,7,+,2,2,*,+,7,+,2,3,*,+', '3,7,+,7,+,5,+,5,+,5,+,2,2,*,+,2,2,*,+,7,+,3,+', '3,3,*,2,7,*,+,7,+,7,+,2,2,*,3,*,+,2,2,*,2,*,+,7,+,5,+,13,+,19,+', '2,3,*,5,+,3,+,5,+,5,+,2,3,*,+,5,+,3,+,7,+,2,5,*,+', '13,5,+,2,2,*,2,*,+,3,3,*,+,2,3,*,+,3,3,*,+,2,2,*,3,*,+,7,+,3,3,*,+,2,2,*,2,*,3,*,+', '5,2,3,*,+,2,2,*,+,7,+,7,+,5,+,7,+,3,+,5,+,2,+', '5,5,+,7,+,2,2,*,+,7,+,7,+,3,+,5,+,2,3,*,+,2,2,*,2,*,+', '2,3,*,7,+,2,3,*,+,5,+,3,+,5,+,5,+,3,+,5,+,11,+', '13,2,5,*,+,2,2,*,2,*,+,2,5,*,+,2,5,*,+,2,5,*,+,2,5,*,+,3,3,*,+,11,+,2,3,*,+', '3,3,+,3,+,2,2,*,+,7,+,7,+,5,+,5,+,3,+,2,2,*,3,*,+', '2,3,*,2,7,*,+,5,+,13,+,7,+,13,+,2,2,*,2,*,+,5,+,11,+,2,2,*,5,*,+', '3,3,*,2,2,*,3,*,+,2,5,*,+,3,3,*,+,2,2,*,3,*,+,5,+,3,3,*,+,2,3,*,+,11,+,3,5,*,+', '5,2,3,*,+,2,2,*,+,2,+,3,+,2,2,*,+,2,2,*,+,2,3,*,+,3,+,11,+', '3,3,*,3,5,*,+,2,5,*,+,2,3,*,+,2,2,*,2,*,+,7,+,2,2,*,2,*,+,2,2,*,3,*,+,2,2,*,2,*,+,2,3,*,3,*,+', '5,3,+,5,+,5,+,2,2,*,+,2,3,*,+,5,+,7,+,2,3,*,+,5,+', '3,3,*,7,+,2,2,*,3,*,+,2,2,*,3,*,+,2,2,*,2,*,+,3,3,*,+,2,2,*,2,*,+,13,+,11,+,3,3,*,+', '2,2,*,3,+,2,3,*,+,5,+,2,2,*,+,3,+,5,+,3,+,7,+,2,2,*,2,*,2,*,+', '2,2,*,3,*,2,3,*,+,13,+,13,+,2,2,*,3,*,+,3,3,*,+,3,3,*,+,2,2,*,3,*,+,13,+', '2,7,*,2,5,*,+,2,2,*,2,*,+,2,5,*,+,13,+,2,2,*,2,*,+,13,+,3,5,*,+,2,2,*,3,*,+', '2,3,*,2,2,*,+,2,2,*,+,5,+,3,+,5,+,7,+,2,3,*,+,5,+,11,+', '5,5,+,5,+,7,+,5,+,7,+,5,+,7,+,3,+,3,+', '5,2,3,*,+,3,+,2,2,*,+,5,+,2,3,*,+,2,2,*,+,2,2,*,+,2,3,*,+,2,5,*,+', '2,2,*,2,3,*,+,2,3,*,+,7,+,2,3,*,+,5,+,5,+,5,+,2,3,*,+,5,+', '3,2,2,*,+,2,2,*,+,5,+,2,2,*,+,5,+,2,2,*,+,2,+,5,+,13,+', '7,7,+,7,+,5,+,2,3,*,+,2,3,*,+,2,3,*,+,5,+,5,+', '7,3,+,3,+,5,+,2,2,*,+,5,+,2,2,*,+,2,2,*,+,2,3,*,+,2,7,*,+', '3,5,+,2,2,*,+,2,3,*,+,3,+,7,+,7,+,2,3,*,+,2,2,*,+,2,2,*,2,*,+', '2,2,*,2,3,*,+,3,+,2,3,*,+,3,+,3,+,3,+,3,+,5,+,17,+', '5,3,+,2,2,*,+,3,+,2,3,*,+,7,+,2,2,*,+,5,+,7,+,2,3,*,+', '2,2,*,2,*,2,*,2,5,*,+,11,+,11,+,2,3,*,3,*,+,13,+,2,3,*,+,17,+,2,5,*,+,13,+'] for i in arr: #tách chuỗi thành mảng bởi "," tokens = i.split(",") #chuyển đổ ký tự số thành số tokens = [int(token) if token.isdigit() else token for token in tokens] print(chr(evaluate_postfix(tokens)),end = "") #SEE{5w1n61n6_7hr0u6h_7h3_7r335_51e72e7f398a4fb0e3b8cg8457167552} ``` >vậy flag là: "SEE{5w1n61n6_7hr0u6h_7h3_7r335_51e72e7f398a4fb0e3b8cg8457167552}"