Lost Decryption

問題概要

ジャンル

binary

点数

200 points

問題文

Lost Decryption
I created my own cipher and encrypted the very important file.
However, I lost the decryption program because of file system error, so now I cannot read the file.
Please help me.
lost_decryption.zip

フラグ

???

挑戦者

tkmru

解法

議論

$ ./cipher
./cipher: error while loading shared libraries: libdecrypt.so: cannot open shared object file: No such file or directory

libencrypt.soはあるけどlibdecrypt.soはない。
libencrypt頑張って読んでdecryptすればよさそう。

sub_700()つらい
残り時間で読むのきつい


































int sub_700(int arg0, int arg1) {
    stack[2047] = 0xfa94b1238c6dd663;
    stack[2046] = r14;
    stack[2045] = 0x6ed0153c8f6d2b11;
    stack[2044] = r12;
    stack[2043] = 0x5;
    stack[2042] = rbx;
    r12 = arg0;
    rbx = arg1; // ここに0x9104f95de694dc50
    counter = 0x5;
    rsp = rsp - 0x8 - 0x8 - 0x8 - 0x8 - 0x8 - 0x8 - 0x8;
    do {
            rax = (((r12 << 0x39) + r12 << 0x4) - r12 ^ r12) + rbx ^ ((((r12 << 0x39) + r12 << 0x4) - r12 ^ r12) + rbx) * 0x8 ^ rbx * 0xfa94b1238c6dd663 + 0x2f3942d23a31a317 ^ ((((r12 << 0x39) + r12 << 0x4) - r12 ^ r12) + rbx ^ ((((r12 << 0x39) + r12 << 0x4) - r12 ^ r12) + rbx) * 0x8) + 0x6ed0153c8f6d2b11;
            rsi = (rbx * 0xfa94b1238c6dd663 + 0x2f3942d23a31a317 ^ (rax ^ rax >> 0x11 & 0xb78bc70454e32323) - rbx * 0xfa94b1238c6dd663 + 0x2f3942d23a31a317 ^ rbx * 0xfa94b1238c6dd663 + 0x2f3942d23a31a317) >> 0x1 ^ (rax ^ rax >> 0x11 & 0xb78bc70454e32323) - rbx * 0xfa94b1238c6dd663 + 0x2f3942d23a31a317 ^ rbx * 0xfa94b1238c6dd663 + 0x2f3942d23a31a317;
            rbx = rbx * 0xfa94b1238c6dd663 + 0x2f3942d23a31a317 ^ (rax ^ rax >> 0x11 & 0xb78bc70454e32323) - rbx * 0xfa94b1238c6dd663 + 0x2f3942d23a31a317 ^ rbx * 0xfa94b1238c6dd663 + 0x2f3942d23a31a317 ^ rsi + rsi;
            rax = (rbx >> 0x2 ^ rsi) * 0x4 ^ rbx ^ (rbx >> 0x2 ^ rsi ^ ((rbx >> 0x2 ^ rsi) * 0x4 ^ rbx) >> 0x3) * 0x8;
            rdx = ((rax >> 0x4 ^ rbx >> 0x2 ^ rsi ^ ((rbx >> 0x2 ^ rsi) * 0x4 ^ rbx) >> 0x3) << 0x4 ^ rax ^ (rax >> 0x4 ^ rbx >> 0x2 ^ rsi ^ ((rbx >> 0x2 ^ rsi) * 0x4 ^ rbx) >> 0x3 ^ ((rax >> 0x4 ^ rbx >> 0x2 ^ rsi ^ ((rbx >> 0x2 ^ rsi) * 0x4 ^ rbx) >> 0x3) << 0x4 ^ rax) >> 0x5) << 0x5) >> 0x6 ^ rax >> 0x4 ^ rbx >> 0x2 ^ rsi ^ ((rbx >> 0x2 ^ rsi) * 0x4 ^ rbx) >> 0x3 ^ ((rax >> 0x4 ^ rbx >> 0x2 ^ rsi ^ ((rbx >> 0x2 ^ rsi) * 0x4 ^ rbx) >> 0x3) << 0x4 ^ rax) >> 0x5;
            rax = rdx << 0x6 ^ (rax >> 0x4 ^ rbx >> 0x2 ^ rsi ^ ((rbx >> 0x2 ^ rsi) * 0x4 ^ rbx) >> 0x3) << 0x4 ^ rax ^ (rax >> 0x4 ^ rbx >> 0x2 ^ rsi ^ ((rbx >> 0x2 ^ rsi) * 0x4 ^ rbx) >> 0x3 ^ ((rax >> 0x4 ^ rbx >> 0x2 ^ rsi ^ ((rbx >> 0x2 ^ rsi) * 0x4 ^ rbx) >> 0x3) << 0x4 ^ rax) >> 0x5) << 0x5;
            r12 = rax >> 0x7 ^ rdx;
            rbx = rax ^ (rax >> 0x7 ^ rdx) << 0x7;
            if (rax != (rax >> 0x7 ^ rdx) << 0x7) {
                    r12 = r12 * rbx;
            }
            r14 = 0x0;
            do {
                    rax = sub_5e0(rbx >> r14 & 0xff);
                    rcx = r14;
                    r14 = r14 + 0x8;
                    r12 = r12 ^ sign_extend_32((rax & 0xff) << rcx);
            } while (r14 != 0x40);
            counter--;
    } while (counter != 0x0);
    return r12;
}









    counter = 0xe;
    r13 = arg_1;
    do {
            var_0 = var_0 ^ sub_700(ENCRYPT, ENCRYPT);
            sub_700(ENCRYPT, 0x9104f95de694dc50);
            sub_880(rbp);
            sub_880(r13);
            counter--;
    } while (counter != 0x0);

xor多いし、ちょっと変更すればdecryptにそのまま使えるのではという気持ち