Try   HackMD

[CH] Rev C 2

tags:Writeup Reverse Chinese

FlyDragon

Step.1

觀察 output.txt 以及執行程式碼
可猜測 flag.exe 會將flag打亂後輸出

Step.2

使用ghidra查看 main()
可以發現這個程式會讀入flag.txt、照特定的順序交換後輸出

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

order = [5, 13, 0, 12, 1, 16, 3, 2, 8, 7, 15, 4, 6, 17, 11, 10, 9]

不過 for loop 的判斷式是 local_20 < 0x12order[] 的長度只有 0x11 (少了14),所以在最後補一個零

order = [5, 13, 0, 12, 1, 16, 3, 2, 8, 7, 15, 4, 6, 17, 11, 10, 9, 0]

Step.3

撰寫程式逆推交換順序得到flag










output = list("4_e_foyeXE__ouryCs")
order = [5, 13, 0, 12, 1, 16, 3, 2, 8, 7, 15, 4, 6, 17, 11, 10, 9, 0]

for i in reversed(range(len(order))):
    temp = output[i]
    output[i] = output[order[i]]
    output[order[i]] = temp

print("".join(output))
Last changed by 
LoTuX CTF
0
458

Read more

[CH] Cookie Stealer

[name=FlyDragon]

May 28, 2025
[EN] Cookie Stealer

[name=FlyDragon]

May 28, 2025
LoTuX CTF 投稿說明

在 LoTuX 平台上取得 2000 分以上

Apr 4, 2025
[EN] Rev C 2

[name=FlyDragon] Step.1 By observing output.txt and executing the code, it can be inferred that the program flag.exe will output the flag after shuffling it. Step.2 By examining main() using Ghidra, it can be discovered that this program reads in the contents of flag.txt and outputs them after performing specific swaps in a particular order. order = [5, 13, 0, 12, 1, 16, 3, 2, 8, 7, 15, 4, 6, 17, 11, 10, 9]

Nov 1, 2023
Read more from LoTuX CTF
Published on HackMD