この大会は2021/6/12 16:00(JST)~2021/6/13 23:00(JST)に開催されました。
今回もチームで参戦。結果は1453点で374チーム中35位でした。
自分で解けた問題をWriteupとして書いておきます。
Welcome (Intro)
Discordに入り、#-reglesチャネルのトピックを見ると、フラグが書いてあった。
THCon21{H31l0_th3re!}
My first one time pad (Intro)
ファイル全体からXOR鍵を算出し、それをplaintext.txtに書いてある暗号に適用し、復号する。
with open('plaintext.txt', 'r') as f: pt = f.read().rstrip() with open('encrypted.txt', 'r') as f: ct = f.read().rstrip().decode('hex') flag_enc = pt.split(' ')[-1].decode('hex') key = '' for i in range(len(ct)): key += chr(ord(pt[i]) ^ ord(ct[i])) flag = '' for i in range(len(flag_enc)): flag += chr(ord(flag_enc[i]) ^ ord(key[i])) print flag
FLAG: THCon21{1Tp_w0rK3_0nly_0nC3}
SQL for dummies (Intro)
Usernameに以下を入力して、[Log In]をクリックすると、フラグが表示された。
' or 1=1 --
THCon21{eA3y*QL_1nject0R}
ELF x64 - Right on Time (reverse)
$ gdb -q ./chall.bin Reading symbols from ./chall.bin...(no debugging symbols found)...done. gdb-peda$ set arg 1 gdb-peda$ start [----------------------------------registers-----------------------------------] RAX: 0x5555555551c9 (<main>: endbr64) RBX: 0x0 RCX: 0x555555555cc0 (<__libc_csu_init>: endbr64) RDX: 0x7fffffffdf40 --> 0x7fffffffe28e ("CLUTTER_IM_MODULE=xim") RSI: 0x7fffffffdf28 --> 0x7fffffffe271 ("/mnt/hgfs/Shared/chall.bin") RDI: 0x2 RBP: 0x555555555cc0 (<__libc_csu_init>: endbr64) RSP: 0x7fffffffde48 --> 0x7ffff7a03bf7 (<__libc_start_main+231>: mov edi,eax) RIP: 0x5555555551c9 (<main>: endbr64) R8 : 0x7ffff7dced80 --> 0x0 R9 : 0x7ffff7dced80 --> 0x0 R10: 0x0 R11: 0x0 R12: 0x5555555550e0 (<_start>: endbr64) R13: 0x7fffffffdf20 --> 0x2 R14: 0x0 R15: 0x0 EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0x5555555551b9 <__do_global_dtors_aux+57>: nop DWORD PTR [rax+0x0] 0x5555555551c0 <frame_dummy>: endbr64 0x5555555551c4 <frame_dummy+4>: jmp 0x555555555140 <register_tm_clones> => 0x5555555551c9 <main>: endbr64 0x5555555551cd <main+4>: push rbp 0x5555555551ce <main+5>: mov rbp,rsp 0x5555555551d1 <main+8>: sub rsp,0x1e0 0x5555555551d8 <main+15>: mov DWORD PTR [rbp-0x1d4],edi [------------------------------------stack-------------------------------------] 0000| 0x7fffffffde48 --> 0x7ffff7a03bf7 (<__libc_start_main+231>: mov edi,eax) 0008| 0x7fffffffde50 --> 0x2 0016| 0x7fffffffde58 --> 0x7fffffffdf28 --> 0x7fffffffe271 ("/mnt/hgfs/Shared/chall.bin") 0024| 0x7fffffffde60 --> 0x200008000 0032| 0x7fffffffde68 --> 0x5555555551c9 (<main>: endbr64) 0040| 0x7fffffffde70 --> 0x0 0048| 0x7fffffffde78 --> 0xbd29ce94164043c6 0056| 0x7fffffffde80 --> 0x5555555550e0 (<_start>: endbr64) [------------------------------------------------------------------------------] Legend: code, data, rodata, value Temporary breakpoint 1, 0x00005555555551c9 in main () gdb-peda$ disas main Dump of assembler code for function main: => 0x00005555555551c9 <+0>: endbr64 0x00005555555551cd <+4>: push rbp 0x00005555555551ce <+5>: mov rbp,rsp 0x00005555555551d1 <+8>: sub rsp,0x1e0 0x00005555555551d8 <+15>: mov DWORD PTR [rbp-0x1d4],edi 0x00005555555551de <+21>: mov QWORD PTR [rbp-0x1e0],rsi 0x00005555555551e5 <+28>: mov rax,QWORD PTR fs:0x28 0x00005555555551ee <+37>: mov QWORD PTR [rbp-0x8],rax 0x00005555555551f2 <+41>: xor eax,eax 0x00005555555551f4 <+43>: mov BYTE PTR [rbp-0x16],0x0 0x00005555555551f8 <+47>: mov BYTE PTR [rbp-0x100],0x0 0x00005555555551ff <+54>: mov BYTE PTR [rbp-0x130],0x34 0x0000555555555206 <+61>: mov BYTE PTR [rbp-0x7b],0x2a 0x000055555555520a <+65>: mov BYTE PTR [rbp-0xaa],0x70 0x0000555555555211 <+72>: mov BYTE PTR [rbp-0x62],0x6a 0x0000555555555215 <+76>: mov BYTE PTR [rbp-0x5a],0x34 0x0000555555555219 <+80>: mov BYTE PTR [rbp-0x7f],0x44 0x000055555555521d <+84>: mov BYTE PTR [rbp-0x168],0x35 0x0000555555555224 <+91>: mov BYTE PTR [rbp-0x95],0x49 0x000055555555522b <+98>: mov BYTE PTR [rbp-0x1b9],0x37 0x0000555555555232 <+105>: mov BYTE PTR [rbp-0x7c],0x3e 0x0000555555555236 <+109>: mov BYTE PTR [rbp-0x134],0x35 0x000055555555523d <+116>: mov BYTE PTR [rbp-0xca],0x54 0x0000555555555244 <+123>: mov BYTE PTR [rbp-0xde],0x59 0x000055555555524b <+130>: mov BYTE PTR [rbp-0x17a],0x35 0x0000555555555252 <+137>: mov BYTE PTR [rbp-0x16f],0x37 0x0000555555555259 <+144>: mov BYTE PTR [rbp-0xce],0x68 0x0000555555555260 <+151>: mov BYTE PTR [rbp-0x80],0x7b 0x0000555555555264 <+155>: mov BYTE PTR [rbp-0x7d],0x6b 0x0000555555555268 <+159>: mov BYTE PTR [rbp-0x9a],0x3e 0x000055555555526f <+166>: mov BYTE PTR [rbp-0xb6],0x78 0x0000555555555276 <+173>: mov BYTE PTR [rbp-0xe8],0x75 0x000055555555527d <+180>: mov BYTE PTR [rbp-0x151],0x30 0x0000555555555284 <+187>: mov BYTE PTR [rbp-0x180],0x34 0x000055555555528b <+194>: mov BYTE PTR [rbp-0xb1],0x58 0x0000555555555292 <+201>: mov BYTE PTR [rbp-0x92],0x77 0x0000555555555299 <+208>: mov BYTE PTR [rbp-0x34],0x29 0x000055555555529d <+212>: mov BYTE PTR [rbp-0x67],0x29 0x00005555555552a1 <+216>: mov BYTE PTR [rbp-0x11d],0x35 0x00005555555552a8 <+223>: mov BYTE PTR [rbp-0x13a],0x35 0x00005555555552af <+230>: mov BYTE PTR [rbp-0x139],0x37 0x00005555555552b6 <+237>: mov BYTE PTR [rbp-0x190],0x34 0x00005555555552bd <+244>: mov BYTE PTR [rbp-0x9d],0x28 0x00005555555552c4 <+251>: mov BYTE PTR [rbp-0x125],0x37 0x00005555555552cb <+258>: mov BYTE PTR [rbp-0xbf],0x76 0x00005555555552d2 <+265>: mov BYTE PTR [rbp-0x1a6],0x35 0x00005555555552d9 <+272>: mov BYTE PTR [rbp-0x5c],0x3e 0x00005555555552dd <+276>: mov BYTE PTR [rbp-0x199],0x35 0x00005555555552e4 <+283>: mov BYTE PTR [rbp-0x10f],0x38 0x00005555555552eb <+290>: mov BYTE PTR [rbp-0xd4],0x38 0x00005555555552f2 <+297>: mov BYTE PTR [rbp-0x60],0x24 0x00005555555552f6 <+301>: mov BYTE PTR [rbp-0x119],0x36 0x00005555555552fd <+308>: mov BYTE PTR [rbp-0x1af],0x37 0x0000555555555304 <+315>: mov BYTE PTR [rbp-0x1ad],0x39 0x000055555555530b <+322>: mov BYTE PTR [rbp-0x61],0x7b 0x000055555555530f <+326>: mov BYTE PTR [rbp-0x1a8],0x35 0x0000555555555316 <+333>: mov BYTE PTR [rbp-0x117],0x35 0x000055555555531d <+340>: mov BYTE PTR [rbp-0xc2],0x6d 0x0000555555555324 <+347>: mov BYTE PTR [rbp-0x31],0x31 0x0000555555555328 <+351>: mov BYTE PTR [rbp-0x13b],0x39 0x000055555555532f <+358>: mov BYTE PTR [rbp-0x96],0x63 0x0000555555555336 <+365>: mov BYTE PTR [rbp-0x149],0x37 0x000055555555533d <+372>: mov BYTE PTR [rbp-0x17b],0x39 0x0000555555555344 <+379>: mov BYTE PTR [rbp-0x8e],0x70 0x000055555555534b <+386>: mov BYTE PTR [rbp-0x8f],0x64 0x0000555555555352 <+393>: mov BYTE PTR [rbp-0xd1],0x42 0x0000555555555359 <+400>: mov BYTE PTR [rbp-0xc7],0x50 0x0000555555555360 <+407>: mov BYTE PTR [rbp-0x186],0x35 0x0000555555555367 <+414>: mov BYTE PTR [rbp-0xd6],0x2a 0x000055555555536e <+421>: mov BYTE PTR [rbp-0x159],0x35 0x0000555555555375 <+428>: mov BYTE PTR [rbp-0x84],0x64 0x000055555555537c <+435>: mov BYTE PTR [rbp-0x55],0x62 0x0000555555555380 <+439>: mov BYTE PTR [rbp-0x184],0x35 0x0000555555555387 <+446>: mov BYTE PTR [rbp-0xb0],0x7a 0x000055555555538e <+453>: mov BYTE PTR [rbp-0x1c0],0x34 0x0000555555555395 <+460>: mov BYTE PTR [rbp-0x17e],0x34 0x000055555555539c <+467>: mov BYTE PTR [rbp-0x5b],0x34 0x00005555555553a0 <+471>: mov BYTE PTR [rbp-0xe2],0x36 0x00005555555553a7 <+478>: mov BYTE PTR [rbp-0xcf],0x4f 0x00005555555553ae <+485>: mov BYTE PTR [rbp-0x41],0x78 0x00005555555553b2 <+489>: mov BYTE PTR [rbp-0x173],0x34 0x00005555555553b9 <+496>: mov BYTE PTR [rbp-0x1bf],0x42 0x00005555555553c0 <+503>: mov BYTE PTR [rbp-0x1a],0x2e 0x00005555555553c4 <+507>: mov BYTE PTR [rbp-0x6a],0x74 0x00005555555553c8 <+511>: mov BYTE PTR [rbp-0x19e],0x35 0x00005555555553cf <+518>: mov BYTE PTR [rbp-0xef],0x6e 0x00005555555553d6 <+525>: mov BYTE PTR [rbp-0x18f],0x41 0x00005555555553dd <+532>: mov BYTE PTR [rbp-0x1a2],0x35 0x00005555555553e4 <+539>: mov BYTE PTR [rbp-0x9e],0x4d 0x00005555555553eb <+546>: mov BYTE PTR [rbp-0x32],0x58 0x00005555555553ef <+550>: mov BYTE PTR [rbp-0x1b6],0x35 0x00005555555553f6 <+557>: mov BYTE PTR [rbp-0x21],0x61 0x00005555555553fa <+561>: mov BYTE PTR [rbp-0xe9],0x34 0x0000555555555401 <+568>: mov BYTE PTR [rbp-0x19a],0x34 0x0000555555555408 <+575>: mov BYTE PTR [rbp-0x15c],0x34 0x000055555555540f <+582>: mov BYTE PTR [rbp-0x1b5],0x32 0x0000555555555416 <+589>: mov BYTE PTR [rbp-0x1e],0x62 0x000055555555541a <+593>: mov BYTE PTR [rbp-0x163],0x42 0x0000555555555421 <+600>: mov BYTE PTR [rbp-0x51],0x3f 0x0000555555555425 <+604>: mov BYTE PTR [rbp-0xa6],0x77 0x000055555555542c <+611>: mov BYTE PTR [rbp-0x26],0x2d 0x0000555555555430 <+615>: mov BYTE PTR [rbp-0x104],0x33 0x0000555555555437 <+622>: mov BYTE PTR [rbp-0x16d],0x36 0x000055555555543e <+629>: mov BYTE PTR [rbp-0x145],0x37 0x0000555555555445 <+636>: mov BYTE PTR [rbp-0x114],0x35 0x000055555555544c <+643>: mov BYTE PTR [rbp-0x36],0x75 0x0000555555555450 <+647>: mov BYTE PTR [rbp-0x25],0x33 0x0000555555555454 <+651>: mov BYTE PTR [rbp-0x148],0x35 0x000055555555545b <+658>: mov BYTE PTR [rbp-0xec],0x43 0x0000555555555462 <+665>: mov BYTE PTR [rbp-0x11b],0x32 0x0000555555555469 <+672>: mov BYTE PTR [rbp-0x192],0x35 0x0000555555555470 <+679>: mov BYTE PTR [rbp-0xd8],0x68 0x0000555555555477 <+686>: mov BYTE PTR [rbp-0xe4],0x7d 0x000055555555547e <+693>: mov BYTE PTR [rbp-0x185],0x37 0x0000555555555485 <+700>: mov BYTE PTR [rbp-0x16c],0x34 0x000055555555548c <+707>: mov BYTE PTR [rbp-0x1b7],0x31 0x0000555555555493 <+714>: mov BYTE PTR [rbp-0xba],0x2f 0x000055555555549a <+721>: mov BYTE PTR [rbp-0x13f],0x43 0x00005555555554a1 <+728>: mov BYTE PTR [rbp-0x6e],0x36 0x00005555555554a5 <+732>: mov BYTE PTR [rbp-0x17f],0x44 0x00005555555554ac <+739>: mov BYTE PTR [rbp-0xc4],0x2e 0x00005555555554b3 <+746>: mov BYTE PTR [rbp-0x189],0x35 0x00005555555554ba <+753>: mov BYTE PTR [rbp-0x12f],0x42 0x00005555555554c1 <+760>: mov BYTE PTR [rbp-0x12d],0x35 0x00005555555554c8 <+767>: mov BYTE PTR [rbp-0x33],0x63 0x00005555555554cc <+771>: mov BYTE PTR [rbp-0x164],0x34 0x00005555555554d3 <+778>: mov BYTE PTR [rbp-0xd0],0x60 0x00005555555554da <+785>: mov BYTE PTR [rbp-0x138],0x35 0x00005555555554e1 <+792>: mov BYTE PTR [rbp-0x169],0x35 0x00005555555554e8 <+799>: mov BYTE PTR [rbp-0x49],0x24 0x00005555555554ec <+803>: mov BYTE PTR [rbp-0xd2],0x40 0x00005555555554f3 <+810>: mov BYTE PTR [rbp-0x14a],0x35 0x00005555555554fa <+817>: mov BYTE PTR [rbp-0x118],0x34 0x0000555555555501 <+824>: mov BYTE PTR [rbp-0x19b],0x43 0x0000555555555508 <+831>: mov BYTE PTR [rbp-0x8b],0x3b 0x000055555555550f <+838>: mov BYTE PTR [rbp-0x71],0x60 0x0000555555555513 <+842>: mov BYTE PTR [rbp-0x16e],0x34 0x000055555555551a <+849>: mov BYTE PTR [rbp-0xdf],0x71 0x0000555555555521 <+856>: mov BYTE PTR [rbp-0x187],0x31 0x0000555555555528 <+863>: mov BYTE PTR [rbp-0x6d],0x4d 0x000055555555552c <+867>: mov BYTE PTR [rbp-0x42],0x42 0x0000555555555530 <+871>: mov BYTE PTR [rbp-0x5d],0x74 0x0000555555555534 <+875>: mov BYTE PTR [rbp-0x44],0x5b 0x0000555555555538 <+879>: mov BYTE PTR [rbp-0x54],0x7b 0x000055555555553c <+883>: mov BYTE PTR [rbp-0x123],0x34 0x0000555555555543 <+890>: mov BYTE PTR [rbp-0x1a4],0x34 0x000055555555554a <+897>: mov BYTE PTR [rbp-0x78],0x5a 0x000055555555554e <+901>: mov BYTE PTR [rbp-0xdd],0x26 0x0000555555555555 <+908>: mov BYTE PTR [rbp-0xe5],0x5a 0x000055555555555c <+915>: mov BYTE PTR [rbp-0xe6],0x56 0x0000555555555563 <+922>: mov BYTE PTR [rbp-0x1a5],0x34 0x000055555555556a <+929>: mov BYTE PTR [rbp-0xa2],0x76 0x0000555555555571 <+936>: mov BYTE PTR [rbp-0x153],0x43 0x0000555555555578 <+943>: mov BYTE PTR [rbp-0xb3],0x6d 0x000055555555557f <+950>: mov BYTE PTR [rbp-0xa3],0x6e 0x0000555555555586 <+957>: mov BYTE PTR [rbp-0x1bc],0x34 0x000055555555558d <+964>: mov BYTE PTR [rbp-0x142],0x34 0x0000555555555594 <+971>: mov BYTE PTR [rbp-0x8a],0x4d 0x000055555555559b <+978>: mov BYTE PTR [rbp-0xbc],0x75 0x00005555555555a2 <+985>: mov BYTE PTR [rbp-0x2c],0x5a 0x00005555555555a6 <+989>: mov BYTE PTR [rbp-0x1ab],0x32 0x00005555555555ad <+996>: mov BYTE PTR [rbp-0x82],0x61 0x00005555555555b4 <+1003>: mov BYTE PTR [rbp-0x69],0x28 0x00005555555555b8 <+1007>: mov BYTE PTR [rbp-0x18b],0x42 0x00005555555555bf <+1014>: mov BYTE PTR [rbp-0xad],0x65 0x00005555555555c6 <+1021>: mov BYTE PTR [rbp-0x24],0x5e 0x00005555555555ca <+1025>: mov BYTE PTR [rbp-0x17d],0x35 0x00005555555555d1 <+1032>: mov BYTE PTR [rbp-0x121],0x42 0x00005555555555d8 <+1039>: mov BYTE PTR [rbp-0x3c],0x35 0x00005555555555dc <+1043>: mov BYTE PTR [rbp-0x107],0x44 0x00005555555555e3 <+1050>: mov BYTE PTR [rbp-0x105],0x44 0x00005555555555ea <+1057>: mov BYTE PTR [rbp-0x9c],0x4c 0x00005555555555f1 <+1064>: mov BYTE PTR [rbp-0x135],0x36 0x00005555555555f8 <+1071>: mov BYTE PTR [rbp-0x122],0x34 0x00005555555555ff <+1078>: mov BYTE PTR [rbp-0x183],0x33 0x0000555555555606 <+1085>: mov BYTE PTR [rbp-0xed],0x49 0x000055555555560d <+1092>: mov BYTE PTR [rbp-0x12b],0x41 0x0000555555555614 <+1099>: mov BYTE PTR [rbp-0xc1],0x6f 0x000055555555561b <+1106>: mov BYTE PTR [rbp-0x106],0x33 0x0000555555555622 <+1113>: mov BYTE PTR [rbp-0x115],0x33 0x0000555555555629 <+1120>: mov BYTE PTR [rbp-0x19],0x20 0x000055555555562d <+1124>: mov BYTE PTR [rbp-0x79],0x6e 0x0000555555555631 <+1128>: mov BYTE PTR [rbp-0x156],0x35 0x0000555555555638 <+1135>: mov BYTE PTR [rbp-0xbd],0x43 0x000055555555563f <+1142>: mov BYTE PTR [rbp-0xab],0x50 0x0000555555555646 <+1149>: mov BYTE PTR [rbp-0x2f],0x58 0x000055555555564a <+1153>: mov BYTE PTR [rbp-0x162],0x34 0x0000555555555651 <+1160>: mov BYTE PTR [rbp-0x40],0x24 0x0000555555555655 <+1164>: mov BYTE PTR [rbp-0x161],0x35 0x000055555555565c <+1171>: mov BYTE PTR [rbp-0xeb],0x45 0x0000555555555663 <+1178>: mov BYTE PTR [rbp-0x43],0x2d 0x0000555555555667 <+1182>: mov BYTE PTR [rbp-0x191],0x31 0x000055555555566e <+1189>: mov BYTE PTR [rbp-0x10e],0x35 0x0000555555555675 <+1196>: mov BYTE PTR [rbp-0x45],0x5a 0x0000555555555679 <+1200>: mov BYTE PTR [rbp-0x12e],0x33 0x0000555555555680 <+1207>: mov BYTE PTR [rbp-0xae],0x35 0x0000555555555687 <+1214>: mov BYTE PTR [rbp-0x193],0x34 0x000055555555568e <+1221>: mov BYTE PTR [rbp-0x63],0x7d 0x0000555555555692 <+1225>: mov BYTE PTR [rbp-0xee],0x2a 0x0000555555555699 <+1232>: mov BYTE PTR [rbp-0x1b3],0x34 0x00005555555556a0 <+1239>: mov BYTE PTR [rbp-0x7e],0x31 0x00005555555556a4 <+1243>: mov BYTE PTR [rbp-0x126],0x35 0x00005555555556ab <+1250>: mov BYTE PTR [rbp-0x194],0x34 0x00005555555556b2 <+1257>: mov BYTE PTR [rbp-0x16],0x36 0x00005555555556b6 <+1261>: mov BYTE PTR [rbp-0xdc],0x78 0x00005555555556bd <+1268>: mov BYTE PTR [rbp-0x3f],0x56 0x00005555555556c1 <+1272>: mov BYTE PTR [rbp-0x17],0x48 0x00005555555556c5 <+1276>: mov BYTE PTR [rbp-0x1a9],0x38 0x00005555555556cc <+1283>: mov BYTE PTR [rbp-0x77],0x5a 0x00005555555556d0 <+1287>: mov BYTE PTR [rbp-0x7a],0x6c 0x00005555555556d4 <+1291>: mov BYTE PTR [rbp-0x11f],0x43 0x00005555555556db <+1298>: mov BYTE PTR [rbp-0xc5],0x51 0x00005555555556e2 <+1305>: mov BYTE PTR [rbp-0x72],0x78 0x00005555555556e6 <+1309>: mov BYTE PTR [rbp-0xb2],0x37 0x00005555555556ed <+1316>: mov BYTE PTR [rbp-0x15b],0x42 0x00005555555556f4 <+1323>: mov BYTE PTR [rbp-0x1b2],0x34 0x00005555555556fb <+1330>: mov BYTE PTR [rbp-0x171],0x32 0x0000555555555702 <+1337>: mov BYTE PTR [rbp-0x94],0x49 0x0000555555555709 <+1344>: mov BYTE PTR [rbp-0xd5],0x5a 0x0000555555555710 <+1351>: mov BYTE PTR [rbp-0x87],0x2b 0x0000555555555717 <+1358>: mov BYTE PTR [rbp-0x14b],0x39 0x000055555555571e <+1365>: mov BYTE PTR [rbp-0x165],0x34 0x0000555555555725 <+1372>: mov BYTE PTR [rbp-0x1ac],0x33 0x000055555555572c <+1379>: mov BYTE PTR [rbp-0x89],0x55 0x0000555555555733 <+1386>: mov BYTE PTR [rbp-0x20],0x6f 0x0000555555555737 <+1390>: mov BYTE PTR [rbp-0x6b],0x53 0x000055555555573b <+1394>: mov BYTE PTR [rbp-0x6f],0x3e 0x000055555555573f <+1398>: mov BYTE PTR [rbp-0x1b1],0x33 0x0000555555555746 <+1405>: mov BYTE PTR [rbp-0x150],0x34 0x000055555555574d <+1412>: mov BYTE PTR [rbp-0xcd],0x45 0x0000555555555754 <+1419>: mov BYTE PTR [rbp-0x1bd],0x41 0x000055555555575b <+1426>: mov BYTE PTR [rbp-0xc0],0x3e 0x0000555555555762 <+1433>: mov BYTE PTR [rbp-0x15a],0x35 0x0000555555555769 <+1440>: mov BYTE PTR [rbp-0x111],0x31 0x0000555555555770 <+1447>: mov BYTE PTR [rbp-0x13e],0x34 0x0000555555555777 <+1454>: mov BYTE PTR [rbp-0x70],0x5d 0x000055555555577b <+1458>: mov BYTE PTR [rbp-0x124],0x35 0x0000555555555782 <+1465>: mov BYTE PTR [rbp-0xb7],0x53 0x0000555555555789 <+1472>: mov BYTE PTR [rbp-0x16b],0x32 0x0000555555555790 <+1479>: mov BYTE PTR [rbp-0x52],0x49 0x0000555555555794 <+1483>: mov BYTE PTR [rbp-0x14d],0x35 0x000055555555579b <+1490>: mov BYTE PTR [rbp-0x127],0x42 0x00005555555557a2 <+1497>: mov BYTE PTR [rbp-0x1b8],0x35 0x00005555555557a9 <+1504>: mov BYTE PTR [rbp-0x1aa],0x34 0x00005555555557b0 <+1511>: mov BYTE PTR [rbp-0x1b],0x57 0x00005555555557b4 <+1515>: mov BYTE PTR [rbp-0x11e],0x34 0x00005555555557bb <+1522>: mov BYTE PTR [rbp-0x23],0x21 0x00005555555557bf <+1526>: mov BYTE PTR [rbp-0xc8],0x7c 0x00005555555557c6 <+1533>: mov BYTE PTR [rbp-0xa1],0x4d 0x00005555555557cd <+1540>: mov BYTE PTR [rbp-0x101],0x44 0x00005555555557d4 <+1547>: mov BYTE PTR [rbp-0x46],0x21 0x00005555555557d8 <+1551>: mov BYTE PTR [rbp-0xac],0x42 0x00005555555557df <+1558>: mov BYTE PTR [rbp-0xa8],0x6b 0x00005555555557e6 <+1565>: mov BYTE PTR [rbp-0x11c],0x33 0x00005555555557ed <+1572>: mov BYTE PTR [rbp-0x47],0x55 0x00005555555557f1 <+1576>: mov BYTE PTR [rbp-0x5f],0x66 0x00005555555557f5 <+1580>: mov BYTE PTR [rbp-0x6c],0x2d 0x00005555555557f9 <+1584>: mov BYTE PTR [rbp-0x58],0x4f 0x00005555555557fd <+1588>: mov BYTE PTR [rbp-0xaf],0x7a 0x0000555555555804 <+1595>: mov BYTE PTR [rbp-0x2d],0x67 0x0000555555555808 <+1599>: mov BYTE PTR [rbp-0x27],0x60 0x000055555555580c <+1603>: mov BYTE PTR [rbp-0x158],0x33 0x0000555555555813 <+1610>: mov BYTE PTR [rbp-0xbb],0x49 0x000055555555581a <+1617>: mov BYTE PTR [rbp-0x8d],0x73 0x0000555555555821 <+1624>: mov BYTE PTR [rbp-0x11a],0x35 0x0000555555555828 <+1631>: mov BYTE PTR [rbp-0x143],0x33 0x000055555555582f <+1638>: mov BYTE PTR [rbp-0x116],0x33 0x0000555555555836 <+1645>: mov BYTE PTR [rbp-0xe1],0x54 0x000055555555583d <+1652>: mov BYTE PTR [rbp-0xb4],0x25 0x0000555555555844 <+1659>: mov BYTE PTR [rbp-0x9f],0x64 0x000055555555584b <+1666>: mov BYTE PTR [rbp-0x15e],0x35 0x0000555555555852 <+1673>: mov BYTE PTR [rbp-0xda],0x69 0x0000555555555859 <+1680>: mov BYTE PTR [rbp-0x5e],0x36 0x000055555555585d <+1684>: mov BYTE PTR [rbp-0xc3],0x48 0x0000555555555864 <+1691>: mov BYTE PTR [rbp-0x88],0x24 0x000055555555586b <+1698>: mov BYTE PTR [rbp-0x136],0x33 0x0000555555555872 <+1705>: mov BYTE PTR [rbp-0x1a3],0x42 0x0000555555555879 <+1712>: mov BYTE PTR [rbp-0x12c],0x34 0x0000555555555880 <+1719>: mov BYTE PTR [rbp-0x1ba],0x35 0x0000555555555887 <+1726>: mov BYTE PTR [rbp-0x57],0x28 0x000055555555588b <+1730>: mov BYTE PTR [rbp-0x170],0x34 0x0000555555555892 <+1737>: mov BYTE PTR [rbp-0xbe],0x29 0x0000555555555899 <+1744>: mov BYTE PTR [rbp-0x74],0x65 0x000055555555589d <+1748>: mov BYTE PTR [rbp-0x59],0x33 0x00005555555558a1 <+1752>: mov BYTE PTR [rbp-0x35],0x44 0x00005555555558a5 <+1756>: mov BYTE PTR [rbp-0x120],0x34 0x00005555555558ac <+1763>: mov BYTE PTR [rbp-0x4d],0x50 0x00005555555558b0 <+1767>: mov BYTE PTR [rbp-0x140],0x34 0x00005555555558b7 <+1774>: mov BYTE PTR [rbp-0x76],0x24 0x00005555555558bb <+1778>: mov BYTE PTR [rbp-0x18d],0x32 0x00005555555558c2 <+1785>: mov BYTE PTR [rbp-0x172],0x34 0x00005555555558c9 <+1792>: mov BYTE PTR [rbp-0x108],0x33 0x00005555555558d0 <+1799>: mov BYTE PTR [rbp-0x14e],0x33 0x00005555555558d7 <+1806>: mov BYTE PTR [rbp-0x99],0x6e 0x00005555555558de <+1813>: mov BYTE PTR [rbp-0x4f],0x41 0x00005555555558e2 <+1817>: mov BYTE PTR [rbp-0x4c],0x71 0x00005555555558e6 <+1821>: mov BYTE PTR [rbp-0x73],0x3a 0x00005555555558ea <+1825>: mov BYTE PTR [rbp-0x1d],0x3a 0x00005555555558ee <+1829>: mov BYTE PTR [rbp-0x50],0x2d 0x00005555555558f2 <+1833>: mov BYTE PTR [rbp-0x15d],0x32 0x00005555555558f9 <+1840>: mov BYTE PTR [rbp-0x13c],0x35 0x0000555555555900 <+1847>: mov BYTE PTR [rbp-0x38],0x65 0x0000555555555904 <+1851>: mov BYTE PTR [rbp-0x86],0x6b 0x000055555555590b <+1858>: mov BYTE PTR [rbp-0x48],0x65 0x000055555555590f <+1862>: mov BYTE PTR [rbp-0xa4],0x34 0x0000555555555916 <+1869>: mov BYTE PTR [rbp-0x1c],0x2b 0x000055555555591a <+1873>: mov BYTE PTR [rbp-0x1f],0x6f 0x000055555555591e <+1877>: mov BYTE PTR [rbp-0x2a],0x40 0x0000555555555922 <+1881>: mov BYTE PTR [rbp-0x15f],0x44 0x0000555555555929 <+1888>: mov BYTE PTR [rbp-0x16a],0x34 0x0000555555555930 <+1895>: mov BYTE PTR [rbp-0x178],0x35 0x0000555555555937 <+1902>: mov BYTE PTR [rbp-0x129],0x36 0x000055555555593e <+1909>: mov BYTE PTR [rbp-0x3d],0x36 0x0000555555555942 <+1913>: mov BYTE PTR [rbp-0x75],0x71 0x0000555555555946 <+1917>: mov BYTE PTR [rbp-0x102],0x33 0x000055555555594d <+1924>: mov BYTE PTR [rbp-0x18a],0x34 0x0000555555555954 <+1931>: mov BYTE PTR [rbp-0x37],0x54 0x0000555555555958 <+1935>: mov BYTE PTR [rbp-0xea],0x2d 0x000055555555595f <+1942>: mov BYTE PTR [rbp-0x182],0x35 0x0000555555555966 <+1949>: mov BYTE PTR [rbp-0x10d],0x35 0x000055555555596d <+1956>: mov BYTE PTR [rbp-0x14f],0x46 0x0000555555555974 <+1963>: mov BYTE PTR [rbp-0x66],0x40 0x0000555555555978 <+1967>: mov BYTE PTR [rbp-0x18],0x39 0x000055555555597c <+1971>: mov BYTE PTR [rbp-0x133],0x33 0x0000555555555983 <+1978>: mov BYTE PTR [rbp-0x198],0x33 0x000055555555598a <+1985>: mov BYTE PTR [rbp-0x10c],0x33 0x0000555555555991 <+1992>: mov BYTE PTR [rbp-0x175],0x36 0x0000555555555998 <+1999>: mov BYTE PTR [rbp-0x152],0x35 0x000055555555599f <+2006>: mov BYTE PTR [rbp-0x103],0x44 0x00005555555559a6 <+2013>: mov BYTE PTR [rbp-0x195],0x44 0x00005555555559ad <+2020>: mov BYTE PTR [rbp-0x18e],0x34 0x00005555555559b4 <+2027>: mov BYTE PTR [rbp-0x68],0x72 0x00005555555559b8 <+2031>: mov BYTE PTR [rbp-0x3a],0x49 0x00005555555559bc <+2035>: mov BYTE PTR [rbp-0xa9],0x6b 0x00005555555559c3 <+2042>: mov BYTE PTR [rbp-0x98],0x6c 0x00005555555559ca <+2049>: mov BYTE PTR [rbp-0xa0],0x5a 0x00005555555559d1 <+2056>: mov BYTE PTR [rbp-0x128],0x34 0x00005555555559d8 <+2063>: mov BYTE PTR [rbp-0x109],0x44 0x00005555555559df <+2070>: mov BYTE PTR [rbp-0x17c],0x35 0x00005555555559e6 <+2077>: mov BYTE PTR [rbp-0x155],0x32 0x00005555555559ed <+2084>: mov BYTE PTR [rbp-0x2e],0x3e 0x00005555555559f1 <+2088>: mov BYTE PTR [rbp-0x10a],0x33 0x00005555555559f8 <+2095>: mov BYTE PTR [rbp-0x147],0x39 0x00005555555559ff <+2102>: mov BYTE PTR [rbp-0x1ae],0x34 0x0000555555555a06 <+2109>: mov BYTE PTR [rbp-0x8c],0x76 0x0000555555555a0d <+2116>: mov BYTE PTR [rbp-0x1be],0x35 0x0000555555555a14 <+2123>: mov BYTE PTR [rbp-0x157],0x36 0x0000555555555a1b <+2130>: mov BYTE PTR [rbp-0x12a],0x34 0x0000555555555a22 <+2137>: mov BYTE PTR [rbp-0x85],0x74 0x0000555555555a29 <+2144>: mov BYTE PTR [rbp-0x83],0x43 0x0000555555555a30 <+2151>: mov BYTE PTR [rbp-0x110],0x34 0x0000555555555a37 <+2158>: mov BYTE PTR [rbp-0x146],0x35 0x0000555555555a3e <+2165>: mov BYTE PTR [rbp-0x188],0x35 0x0000555555555a45 <+2172>: mov BYTE PTR [rbp-0x174],0x35 0x0000555555555a4c <+2179>: mov BYTE PTR [rbp-0x18c],0x34 0x0000555555555a53 <+2186>: mov BYTE PTR [rbp-0x29],0x3c 0x0000555555555a57 <+2190>: mov BYTE PTR [rbp-0xb8],0x6b 0x0000555555555a5e <+2197>: mov BYTE PTR [rbp-0x2b],0x47 0x0000555555555a62 <+2201>: mov BYTE PTR [rbp-0x176],0x33 0x0000555555555a69 <+2208>: mov BYTE PTR [rbp-0x4e],0x39 0x0000555555555a6d <+2212>: mov BYTE PTR [rbp-0x14c],0x34 0x0000555555555a74 <+2219>: mov BYTE PTR [rbp-0x196],0x34 0x0000555555555a7b <+2226>: mov BYTE PTR [rbp-0xb5],0x7c 0x0000555555555a82 <+2233>: mov BYTE PTR [rbp-0x4b],0x4d 0x0000555555555a86 <+2237>: mov BYTE PTR [rbp-0x144],0x35 0x0000555555555a8d <+2244>: mov BYTE PTR [rbp-0x181],0x41 0x0000555555555a94 <+2251>: mov BYTE PTR [rbp-0xb9],0x67 0x0000555555555a9b <+2258>: mov BYTE PTR [rbp-0xcb],0x3d 0x0000555555555aa2 <+2265>: mov BYTE PTR [rbp-0x22],0x74 0x0000555555555aa6 <+2269>: mov BYTE PTR [rbp-0xdb],0x2d 0x0000555555555aad <+2276>: mov BYTE PTR [rbp-0x13d],0x39 0x0000555555555ab4 <+2283>: mov BYTE PTR [rbp-0x1a0],0x34 0x0000555555555abb <+2290>: mov BYTE PTR [rbp-0x28],0x34 0x0000555555555abf <+2294>: mov BYTE PTR [rbp-0x1bb],0x33 0x0000555555555ac6 <+2301>: mov BYTE PTR [rbp-0x141],0x35 0x0000555555555acd <+2308>: mov BYTE PTR [rbp-0x177],0x39 0x0000555555555ad4 <+2315>: mov BYTE PTR [rbp-0x93],0x4e 0x0000555555555adb <+2322>: mov BYTE PTR [rbp-0xa5],0x55 0x0000555555555ae2 <+2329>: mov BYTE PTR [rbp-0x1a1],0x39 0x0000555555555ae9 <+2336>: mov BYTE PTR [rbp-0x3e],0x40 0x0000555555555aed <+2340>: mov BYTE PTR [rbp-0x3b],0x51 0x0000555555555af1 <+2344>: mov BYTE PTR [rbp-0x167],0x39 0x0000555555555af8 <+2351>: mov BYTE PTR [rbp-0x30],0x43 0x0000555555555afc <+2355>: mov BYTE PTR [rbp-0xc6],0x65 0x0000555555555b03 <+2362>: mov BYTE PTR [rbp-0x56],0x2f 0x0000555555555b07 <+2366>: mov BYTE PTR [rbp-0x166],0x35 0x0000555555555b0e <+2373>: mov BYTE PTR [rbp-0x154],0x34 0x0000555555555b15 <+2380>: mov BYTE PTR [rbp-0x10b],0x44 0x0000555555555b1c <+2387>: mov BYTE PTR [rbp-0x197],0x34 0x0000555555555b23 <+2394>: mov BYTE PTR [rbp-0x91],0x35 0x0000555555555b2a <+2401>: mov BYTE PTR [rbp-0x1a7],0x33 0x0000555555555b31 <+2408>: mov BYTE PTR [rbp-0x64],0x4d 0x0000555555555b35 <+2412>: mov BYTE PTR [rbp-0x97],0x5f 0x0000555555555b3c <+2419>: mov BYTE PTR [rbp-0x1b4],0x34 0x0000555555555b43 <+2426>: mov BYTE PTR [rbp-0xe7],0x52 0x0000555555555b4a <+2433>: mov BYTE PTR [rbp-0x4a],0x6d 0x0000555555555b4e <+2437>: mov BYTE PTR [rbp-0xa7],0x35 0x0000555555555b55 <+2444>: mov BYTE PTR [rbp-0x65],0x7c 0x0000555555555b59 <+2448>: mov BYTE PTR [rbp-0xc9],0x33 0x0000555555555b60 <+2455>: lea rax,[rip+0x4a1] # 0x555555556008 0x0000555555555b67 <+2462>: mov QWORD PTR [rbp-0x1d0],rax 0x0000555555555b6e <+2469>: mov BYTE PTR [rbp-0x81],0x6d 0x0000555555555b75 <+2476>: mov BYTE PTR [rbp-0x53],0x30 0x0000555555555b79 <+2480>: mov BYTE PTR [rbp-0x137],0x39 0x0000555555555b80 <+2487>: mov BYTE PTR [rbp-0x112],0x35 0x0000555555555b87 <+2494>: mov BYTE PTR [rbp-0xe0],0x75 0x0000555555555b8e <+2501>: mov BYTE PTR [rbp-0x132],0x35 0x0000555555555b95 <+2508>: mov BYTE PTR [rbp-0xcc],0x79 0x0000555555555b9c <+2515>: mov BYTE PTR [rbp-0x9b],0x53 0x0000555555555ba3 <+2522>: mov BYTE PTR [rbp-0xe3],0x7d 0x0000555555555baa <+2529>: mov BYTE PTR [rbp-0x131],0x41 0x0000555555555bb1 <+2536>: mov BYTE PTR [rbp-0xd3],0x5f 0x0000555555555bb8 <+2543>: mov BYTE PTR [rbp-0x19f],0x46 0x0000555555555bbf <+2550>: mov BYTE PTR [rbp-0xd9],0x2b 0x0000555555555bc6 <+2557>: mov BYTE PTR [rbp-0xd7],0x25 0x0000555555555bcd <+2564>: mov BYTE PTR [rbp-0x1b0],0x34 0x0000555555555bd4 <+2571>: mov BYTE PTR [rbp-0x160],0x34 0x0000555555555bdb <+2578>: mov BYTE PTR [rbp-0x90],0x48 0x0000555555555be2 <+2585>: mov BYTE PTR [rbp-0x179],0x37 0x0000555555555be9 <+2592>: mov BYTE PTR [rbp-0x39],0x61 0x0000555555555bed <+2596>: mov BYTE PTR [rbp-0x19c],0x34 0x0000555555555bf4 <+2603>: mov BYTE PTR [rbp-0x113],0x32 0x0000555555555bfb <+2610>: mov BYTE PTR [rbp-0x19d],0x32 0x0000555555555c02 <+2617>: cmp DWORD PTR [rbp-0x1d4],0x2 0x0000555555555c09 <+2624>: jne 0x555555555c81 <main+2744> 0x0000555555555c0b <+2626>: mov edi,0x0 0x0000555555555c10 <+2631>: call 0x5555555550c0 <time@plt> 0x0000555555555c15 <+2636>: mov edx,0xffffffff 0x0000555555555c1a <+2641>: xor rax,rdx 0x0000555555555c1d <+2644>: mov QWORD PTR [rbp-0x1c8],rax 0x0000555555555c24 <+2651>: mov rax,QWORD PTR [rbp-0x1e0] 0x0000555555555c2b <+2658>: add rax,0x8 0x0000555555555c2f <+2662>: mov rax,QWORD PTR [rax] 0x0000555555555c32 <+2665>: mov rdi,rax 0x0000555555555c35 <+2668>: call 0x5555555550d0 <atoi@plt> 0x0000555555555c3a <+2673>: cdqe 0x0000555555555c3c <+2675>: cmp QWORD PTR [rbp-0x1c8],rax 0x0000555555555c43 <+2682>: jne 0x555555555c6e <main+2725> 0x0000555555555c45 <+2684>: lea rdi,[rip+0x3f4] # 0x555555556040 0x0000555555555c4c <+2691>: call 0x555555555090 <puts@plt> 0x0000555555555c51 <+2696>: lea rax,[rbp-0x1c0] 0x0000555555555c58 <+2703>: mov rsi,rax 0x0000555555555c5b <+2706>: lea rdi,[rip+0x401] # 0x555555556063 0x0000555555555c62 <+2713>: mov eax,0x0 0x0000555555555c67 <+2718>: call 0x5555555550b0 <printf@plt> 0x0000555555555c6c <+2723>: jmp 0x555555555c9f <main+2774> 0x0000555555555c6e <+2725>: lea rdi,[rip+0x3f6] # 0x55555555606b 0x0000555555555c75 <+2732>: call 0x555555555090 <puts@plt> 0x0000555555555c7a <+2737>: mov eax,0xffffffff 0x0000555555555c7f <+2742>: jmp 0x555555555ca4 <main+2779> 0x0000555555555c81 <+2744>: mov rax,QWORD PTR [rbp-0x1e0] 0x0000555555555c88 <+2751>: mov rax,QWORD PTR [rax] 0x0000555555555c8b <+2754>: mov rsi,rax 0x0000555555555c8e <+2757>: lea rdi,[rip+0x3f1] # 0x555555556086 0x0000555555555c95 <+2764>: mov eax,0x0 0x0000555555555c9a <+2769>: call 0x5555555550b0 <printf@plt> 0x0000555555555c9f <+2774>: mov eax,0x0 0x0000555555555ca4 <+2779>: mov rcx,QWORD PTR [rbp-0x8] 0x0000555555555ca8 <+2783>: xor rcx,QWORD PTR fs:0x28 0x0000555555555cb1 <+2792>: je 0x555555555cb8 <main+2799> 0x0000555555555cb3 <+2794>: call 0x5555555550a0 <__stack_chk_fail@plt> 0x0000555555555cb8 <+2799>: leave 0x0000555555555cb9 <+2800>: ret End of assembler dump. gdb-peda$ b *0x0000555555555c35 Breakpoint 2 at 0x555555555c35 gdb-peda$ c Continuing. [----------------------------------registers-----------------------------------] RAX: 0x7fffffffe28c --> 0x455454554c430031 ('1') RBX: 0x0 RCX: 0x555555555cc0 (<__libc_csu_init>: endbr64) RDX: 0xffffffff RSI: 0x7fffffffdf28 --> 0x7fffffffe271 ("/mnt/hgfs/Shared/chall.bin") RDI: 0x7fffffffe28c --> 0x455454554c430031 ('1') RBP: 0x7fffffffde40 --> 0x555555555cc0 (<__libc_csu_init>: endbr64) RSP: 0x7fffffffdc60 --> 0x7fffffffdf28 --> 0x7fffffffe271 ("/mnt/hgfs/Shared/chall.bin") RIP: 0x555555555c35 (<main+2668>: call 0x5555555550d0 <atoi@plt>) R8 : 0x7ffff7dced80 --> 0x0 R9 : 0x7ffff7dced80 --> 0x0 R10: 0x0 R11: 0x0 R12: 0x5555555550e0 (<_start>: endbr64) R13: 0x7fffffffdf20 --> 0x2 R14: 0x0 R15: 0x0 EFLAGS: 0x216 (carry PARITY ADJUST zero sign trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0x555555555c2b <main+2658>: add rax,0x8 0x555555555c2f <main+2662>: mov rax,QWORD PTR [rax] 0x555555555c32 <main+2665>: mov rdi,rax => 0x555555555c35 <main+2668>: call 0x5555555550d0 <atoi@plt> 0x555555555c3a <main+2673>: cdqe 0x555555555c3c <main+2675>: cmp QWORD PTR [rbp-0x1c8],rax 0x555555555c43 <main+2682>: jne 0x555555555c6e <main+2725> 0x555555555c45 <main+2684>: lea rdi,[rip+0x3f4] # 0x555555556040 Guessed arguments: arg[0]: 0x7fffffffe28c --> 0x455454554c430031 ('1') [------------------------------------stack-------------------------------------] 0000| 0x7fffffffdc60 --> 0x7fffffffdf28 --> 0x7fffffffe271 ("/mnt/hgfs/Shared/chall.bin") 0008| 0x7fffffffdc68 --> 0x200000000 0016| 0x7fffffffdc70 --> 0x555555556008 ("Congrats, you know how to do strings ! Now reverse.") 0024| 0x7fffffffdc78 --> 0x9f3b6078 0032| 0x7fffffffdc80 ("4B5A4357515244434749324853544B594F524C45344D44514A424B455157535A4D455957593654424746424559544B454D524B5536524C504F354957595753454C4959575936535A4B354A464B57544B4C4532564533525148553D3D3D3D3D3D") 0040| 0x7fffffffdc88 ("515244434749324853544B594F524C45344D44514A424B455157535A4D455957593654424746424559544B454D524B5536524C504F354957595753454C4959575936535A4B354A464B57544B4C4532564533525148553D3D3D3D3D3D") 0048| 0x7fffffffdc90 ("4749324853544B594F524C45344D44514A424B455157535A4D455957593654424746424559544B454D524B5536524C504F354957595753454C4959575936535A4B354A464B57544B4C4532564533525148553D3D3D3D3D3D") 0056| 0x7fffffffdc98 ("53544B594F524C45344D44514A424B455157535A4D455957593654424746424559544B454D524B5536524C504F354957595753454C4959575936535A4B354A464B57544B4C4532564533525148553D3D3D3D3D3D") [------------------------------------------------------------------------------] Legend: code, data, rodata, value Breakpoint 2, 0x0000555555555c35 in main () gdb-peda$
怪しい文字列がスタック上にある。hexデコード、base32デコード、base64デコードと順に行う。
>>> s = '4B5A4357515244434749324853544B594F524C45344D44514A424B455157535A4D455957593654424746424559544B454D524B5536524C504F354957595753454C4959575936535A4B354A464B57544B4C4532564533525148553D3D3D3D3D3D'
>>> s.decode('hex')
'KZCWQRDCGI2HSTKYORLE4MDQJBKEQWSZMEYWY6TBGFBEYTKEMRKU6RLPO5IWYWSELIYWY6SZK5JFKWTKLE2VE3RQHU======'
>>> from base64 import *
>>> b32decode(s.decode('hex'))
'VEhDb24yMXtVN0pHTHZYa1lza1BLMDdUOEowQlZDZ1lzYWRUZjY5Rn0='
>>> b64decode(b32decode(s.decode('hex')))
'THCon21{U7JGLvXkYskPK07T8J0BVCgYsadTf69F}'
THCon21{U7JGLvXkYskPK07T8J0BVCgYsadTf69F}
ELF x64 - BaseJumper CrackMe (reverse)
$ gdb -q ./elf_x64_basejumper_crackme.bin Reading symbols from ./elf_x64_basejumper_crackme.bin...(no debugging symbols found)...done. gdb-peda$ set arg 1 gdb-peda$ start [----------------------------------registers-----------------------------------] RAX: 0x401196 (<main>: endbr64) RBX: 0x0 RCX: 0x401da0 (<__libc_csu_init>: endbr64) RDX: 0x7fffffffdf10 --> 0x7fffffffe279 ("CLUTTER_IM_MODULE=xim") RSI: 0x7fffffffdef8 --> 0x7fffffffe247 ("/mnt/hgfs/Shared/elf_x64_basejumper_crackme.bin") RDI: 0x2 RBP: 0x401da0 (<__libc_csu_init>: endbr64) RSP: 0x7fffffffde18 --> 0x7ffff7a03bf7 (<__libc_start_main+231>: mov edi,eax) RIP: 0x401196 (<main>: endbr64) R8 : 0x7ffff7dced80 --> 0x0 R9 : 0x7ffff7dced80 --> 0x0 R10: 0x0 R11: 0x0 R12: 0x4010b0 (<_start>: endbr64) R13: 0x7fffffffdef0 --> 0x2 R14: 0x0 R15: 0x0 EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0x40118c <__do_global_dtors_aux+44>: nop DWORD PTR [rax+0x0] 0x401190 <frame_dummy>: endbr64 0x401194 <frame_dummy+4>: jmp 0x401120 <register_tm_clones> => 0x401196 <main>: endbr64 0x40119a <main+4>: push rbp 0x40119b <main+5>: mov rbp,rsp 0x40119e <main+8>: push rbx 0x40119f <main+9>: sub rsp,0x1d8 [------------------------------------stack-------------------------------------] 0000| 0x7fffffffde18 --> 0x7ffff7a03bf7 (<__libc_start_main+231>: mov edi,eax) 0008| 0x7fffffffde20 --> 0x2 0016| 0x7fffffffde28 --> 0x7fffffffdef8 --> 0x7fffffffe247 ("/mnt/hgfs/Shared/elf_x64_basejumper_crackme.bin") 0024| 0x7fffffffde30 --> 0x200008000 0032| 0x7fffffffde38 --> 0x401196 (<main>: endbr64) 0040| 0x7fffffffde40 --> 0x0 0048| 0x7fffffffde48 --> 0xb089f42f040bfabe 0056| 0x7fffffffde50 --> 0x4010b0 (<_start>: endbr64) [------------------------------------------------------------------------------] Legend: code, data, rodata, value Temporary breakpoint 1, 0x0000000000401196 in main () gdb-peda$ disas main Dump of assembler code for function main: => 0x0000000000401196 <+0>: endbr64 0x000000000040119a <+4>: push rbp 0x000000000040119b <+5>: mov rbp,rsp 0x000000000040119e <+8>: push rbx 0x000000000040119f <+9>: sub rsp,0x1d8 0x00000000004011a6 <+16>: mov DWORD PTR [rbp-0x1d4],edi 0x00000000004011ac <+22>: mov QWORD PTR [rbp-0x1e0],rsi 0x00000000004011b3 <+29>: mov rax,QWORD PTR fs:0x28 0x00000000004011bc <+38>: mov QWORD PTR [rbp-0x18],rax 0x00000000004011c0 <+42>: xor eax,eax 0x00000000004011c2 <+44>: cmp DWORD PTR [rbp-0x1d4],0x2 0x00000000004011c9 <+51>: je 0x4011f3 <main+93> 0x00000000004011cb <+53>: mov rax,QWORD PTR [rbp-0x1e0] 0x00000000004011d2 <+60>: mov rax,QWORD PTR [rax] 0x00000000004011d5 <+63>: mov rsi,rax 0x00000000004011d8 <+66>: lea rdi,[rip+0xe29] # 0x402008 0x00000000004011df <+73>: mov eax,0x0 0x00000000004011e4 <+78>: call 0x4010a0 <printf@plt> 0x00000000004011e9 <+83>: mov eax,0xffffffff 0x00000000004011ee <+88>: jmp 0x401d7a <main+3044> 0x00000000004011f3 <+93>: mov BYTE PTR [rbp-0x19],0x0 0x00000000004011f7 <+97>: mov BYTE PTR [rbp-0x100],0x0 0x00000000004011fe <+104>: mov BYTE PTR [rbp-0x196],0x34 0x0000000000401205 <+111>: mov BYTE PTR [rbp-0x64],0x5e 0x0000000000401209 <+115>: mov BYTE PTR [rbp-0x19],0x4b 0x000000000040120d <+119>: mov BYTE PTR [rbp-0x68],0x3f 0x0000000000401211 <+123>: mov BYTE PTR [rbp-0x131],0x37 0x0000000000401218 <+130>: mov BYTE PTR [rbp-0x1b8],0x35 0x000000000040121f <+137>: mov BYTE PTR [rbp-0x1a7],0x33 0x0000000000401226 <+144>: mov BYTE PTR [rbp-0x33],0x3c 0x000000000040122a <+148>: mov BYTE PTR [rbp-0x1c0],0x34 0x0000000000401231 <+155>: mov BYTE PTR [rbp-0x1b5],0x32 0x0000000000401238 <+162>: mov BYTE PTR [rbp-0xbb],0x73 0x000000000040123f <+169>: mov BYTE PTR [rbp-0x3d],0x5e 0x0000000000401243 <+173>: mov BYTE PTR [rbp-0xd7],0x77 0x000000000040124a <+180>: mov BYTE PTR [rbp-0x1e],0x7d 0x000000000040124e <+184>: mov BYTE PTR [rbp-0x47],0x7d 0x0000000000401252 <+188>: mov BYTE PTR [rbp-0xdf],0x2a 0x0000000000401259 <+195>: mov BYTE PTR [rbp-0x1c],0x31 0x000000000040125d <+199>: mov BYTE PTR [rbp-0x108],0x33 0x0000000000401264 <+206>: mov BYTE PTR [rbp-0x81],0x6e 0x000000000040126b <+213>: mov BYTE PTR [rbp-0x75],0x5d 0x000000000040126f <+217>: mov BYTE PTR [rbp-0x11e],0x34 0x0000000000401276 <+224>: mov BYTE PTR [rbp-0x152],0x34 0x000000000040127d <+231>: mov BYTE PTR [rbp-0x175],0x33 0x0000000000401284 <+238>: mov BYTE PTR [rbp-0x137],0x33 0x000000000040128b <+245>: mov BYTE PTR [rbp-0x188],0x34 0x0000000000401292 <+252>: mov BYTE PTR [rbp-0x165],0x36 0x0000000000401299 <+259>: mov BYTE PTR [rbp-0x197],0x37 0x00000000004012a0 <+266>: mov BYTE PTR [rbp-0xcd],0x7a 0x00000000004012a7 <+273>: mov BYTE PTR [rbp-0x85],0x4d 0x00000000004012ae <+280>: mov BYTE PTR [rbp-0x178],0x35 0x00000000004012b5 <+287>: mov BYTE PTR [rbp-0x143],0x32 0x00000000004012bc <+294>: mov BYTE PTR [rbp-0x18a],0x34 0x00000000004012c3 <+301>: mov BYTE PTR [rbp-0x8d],0x41 0x00000000004012ca <+308>: mov BYTE PTR [rbp-0x17d],0x45 0x00000000004012d1 <+315>: mov BYTE PTR [rbp-0x7c],0x7a 0x00000000004012d5 <+319>: mov BYTE PTR [rbp-0x177],0x31 0x00000000004012dc <+326>: mov BYTE PTR [rbp-0x11d],0x36 0x00000000004012e3 <+333>: mov BYTE PTR [rbp-0x3f],0x3b 0x00000000004012e7 <+337>: mov BYTE PTR [rbp-0x30],0x4d 0x00000000004012eb <+341>: mov BYTE PTR [rbp-0xa5],0x67 0x00000000004012f2 <+348>: mov BYTE PTR [rbp-0x29],0x4c 0x00000000004012f6 <+352>: mov BYTE PTR [rbp-0x135],0x34 0x00000000004012fd <+359>: mov BYTE PTR [rbp-0x41],0x31 0x0000000000401301 <+363>: mov BYTE PTR [rbp-0x43],0x20 0x0000000000401305 <+367>: mov BYTE PTR [rbp-0x17c],0x34 0x000000000040130c <+374>: mov BYTE PTR [rbp-0xe3],0x32 0x0000000000401313 <+381>: mov BYTE PTR [rbp-0x144],0x34 0x000000000040131a <+388>: mov BYTE PTR [rbp-0xa6],0x4d 0x0000000000401321 <+395>: mov BYTE PTR [rbp-0xb0],0x76 0x0000000000401328 <+402>: mov BYTE PTR [rbp-0x1a5],0x34 0x000000000040132f <+409>: mov BYTE PTR [rbp-0x146],0x33 0x0000000000401336 <+416>: mov BYTE PTR [rbp-0x122],0x34 0x000000000040133d <+423>: mov BYTE PTR [rbp-0x66],0x57 0x0000000000401341 <+427>: mov BYTE PTR [rbp-0x22],0x41 0x0000000000401345 <+431>: mov BYTE PTR [rbp-0x102],0x33 0x000000000040134c <+438>: mov BYTE PTR [rbp-0x9a],0x6b 0x0000000000401353 <+445>: mov BYTE PTR [rbp-0x184],0x34 0x000000000040135a <+452>: mov BYTE PTR [rbp-0xa8],0x4d 0x0000000000401361 <+459>: mov BYTE PTR [rbp-0x38],0x48 0x0000000000401365 <+463>: mov BYTE PTR [rbp-0x32],0x58 0x0000000000401369 <+467>: mov BYTE PTR [rbp-0x10f],0x38 0x0000000000401370 <+474>: mov BYTE PTR [rbp-0x1a4],0x34 0x0000000000401377 <+481>: mov BYTE PTR [rbp-0x4d],0x4d 0x000000000040137b <+485>: mov BYTE PTR [rbp-0x18b],0x32 0x0000000000401382 <+492>: mov BYTE PTR [rbp-0x114],0x34 0x0000000000401389 <+499>: mov BYTE PTR [rbp-0x166],0x35 0x0000000000401390 <+506>: mov BYTE PTR [rbp-0x126],0x35 0x0000000000401397 <+513>: mov BYTE PTR [rbp-0xa1],0x20 0x000000000040139e <+520>: mov BYTE PTR [rbp-0x78],0x20 0x00000000004013a2 <+524>: mov BYTE PTR [rbp-0x169],0x35 0x00000000004013a9 <+531>: mov BYTE PTR [rbp-0x27],0x40 0x00000000004013ad <+535>: mov BYTE PTR [rbp-0x1bc],0x34 0x00000000004013b4 <+542>: mov BYTE PTR [rbp-0x3c],0x7e 0x00000000004013b8 <+546>: mov BYTE PTR [rbp-0x16b],0x38 0x00000000004013bf <+553>: mov BYTE PTR [rbp-0x139],0x34 0x00000000004013c6 <+560>: mov BYTE PTR [rbp-0x14f],0x41 0x00000000004013cd <+567>: mov BYTE PTR [rbp-0x9c],0x75 0x00000000004013d4 <+574>: mov BYTE PTR [rbp-0x16a],0x34 0x00000000004013db <+581>: mov BYTE PTR [rbp-0x35],0x69 0x00000000004013df <+585>: mov BYTE PTR [rbp-0x11c],0x34 0x00000000004013e6 <+592>: mov BYTE PTR [rbp-0xe1],0x5b 0x00000000004013ed <+599>: mov BYTE PTR [rbp-0xbf],0x7d 0x00000000004013f4 <+606>: mov BYTE PTR [rbp-0x93],0x73 0x00000000004013fb <+613>: mov BYTE PTR [rbp-0x1b3],0x34 0x0000000000401402 <+620>: mov BYTE PTR [rbp-0x3a],0x6e 0x0000000000401406 <+624>: mov BYTE PTR [rbp-0x79],0x78 0x000000000040140a <+628>: mov BYTE PTR [rbp-0x171],0x33 0x0000000000401411 <+635>: mov BYTE PTR [rbp-0x10a],0x33 0x0000000000401418 <+642>: mov BYTE PTR [rbp-0x7f],0x30 0x000000000040141c <+646>: mov BYTE PTR [rbp-0x53],0x6f 0x0000000000401420 <+650>: mov BYTE PTR [rbp-0x161],0x38 0x0000000000401427 <+657>: mov BYTE PTR [rbp-0x132],0x35 0x000000000040142e <+664>: mov BYTE PTR [rbp-0x1a2],0x35 0x0000000000401435 <+671>: mov BYTE PTR [rbp-0x164],0x33 0x000000000040143c <+678>: mov BYTE PTR [rbp-0x186],0x35 0x0000000000401443 <+685>: mov BYTE PTR [rbp-0x92],0x3b 0x000000000040144a <+692>: mov BYTE PTR [rbp-0xbd],0x4c 0x0000000000401451 <+699>: mov BYTE PTR [rbp-0xcb],0x2e 0x0000000000401458 <+706>: mov BYTE PTR [rbp-0x195],0x44 0x000000000040145f <+713>: mov BYTE PTR [rbp-0xd2],0x5e 0x0000000000401466 <+720>: mov BYTE PTR [rbp-0xe9],0x55 0x000000000040146d <+727>: mov BYTE PTR [rbp-0x1bd],0x41 0x0000000000401474 <+734>: mov BYTE PTR [rbp-0x70],0x3b 0x0000000000401478 <+738>: mov BYTE PTR [rbp-0x5a],0x32 0x000000000040147c <+742>: mov BYTE PTR [rbp-0x104],0x33 0x0000000000401483 <+749>: mov BYTE PTR [rbp-0x11f],0x37 0x000000000040148a <+756>: mov BYTE PTR [rbp-0x95],0x5e 0x0000000000401491 <+763>: mov BYTE PTR [rbp-0xd8],0x36 0x0000000000401498 <+770>: mov BYTE PTR [rbp-0x74],0x79 0x000000000040149c <+774>: mov BYTE PTR [rbp-0x1b],0x67 0x00000000004014a0 <+778>: mov BYTE PTR [rbp-0x16f],0x39 0x00000000004014a7 <+785>: mov BYTE PTR [rbp-0x73],0x39 0x00000000004014ab <+789>: mov BYTE PTR [rbp-0xce],0x5e 0x00000000004014b2 <+796>: mov BYTE PTR [rbp-0x5c],0x76 0x00000000004014b6 <+800>: mov BYTE PTR [rbp-0x69],0x47 0x00000000004014ba <+804>: mov BYTE PTR [rbp-0x6e],0x66 0x00000000004014be <+808>: mov BYTE PTR [rbp-0x119],0x36 0x00000000004014c5 <+815>: mov BYTE PTR [rbp-0x1b0],0x34 0x00000000004014cc <+822>: mov BYTE PTR [rbp-0x14d],0x41 0x00000000004014d3 <+829>: mov BYTE PTR [rbp-0x173],0x34 0x00000000004014da <+836>: mov BYTE PTR [rbp-0x142],0x35 0x00000000004014e1 <+843>: mov BYTE PTR [rbp-0x16e],0x35 0x00000000004014e8 <+850>: mov BYTE PTR [rbp-0xed],0x54 0x00000000004014ef <+857>: mov BYTE PTR [rbp-0x28],0x6a 0x00000000004014f3 <+861>: mov BYTE PTR [rbp-0xd0],0x3e 0x00000000004014fa <+868>: mov BYTE PTR [rbp-0x1af],0x37 0x0000000000401501 <+875>: mov BYTE PTR [rbp-0x49],0x39 0x0000000000401505 <+879>: mov BYTE PTR [rbp-0x124],0x34 0x000000000040150c <+886>: mov BYTE PTR [rbp-0xc8],0x28 0x0000000000401513 <+893>: mov BYTE PTR [rbp-0x105],0x44 0x000000000040151a <+900>: mov BYTE PTR [rbp-0x5b],0x5d 0x000000000040151e <+904>: mov BYTE PTR [rbp-0x112],0x35 0x0000000000401525 <+911>: mov BYTE PTR [rbp-0x8b],0x25 0x000000000040152c <+918>: mov BYTE PTR [rbp-0x50],0x35 0x0000000000401530 <+922>: mov BYTE PTR [rbp-0x18f],0x42 0x0000000000401537 <+929>: mov BYTE PTR [rbp-0x15f],0x37 0x000000000040153e <+936>: mov BYTE PTR [rbp-0x86],0x59 0x0000000000401545 <+943>: mov BYTE PTR [rbp-0x12b],0x34 0x000000000040154c <+950>: mov BYTE PTR [rbp-0x14e],0x35 0x0000000000401553 <+957>: mov BYTE PTR [rbp-0x5d],0x72 0x0000000000401557 <+961>: mov BYTE PTR [rbp-0x174],0x34 0x000000000040155e <+968>: mov BYTE PTR [rbp-0x190],0x34 0x0000000000401565 <+975>: mov BYTE PTR [rbp-0x48],0x55 0x0000000000401569 <+979>: mov BYTE PTR [rbp-0x58],0x6b 0x000000000040156d <+983>: mov BYTE PTR [rbp-0x62],0x2c 0x0000000000401571 <+987>: mov BYTE PTR [rbp-0x117],0x44 0x0000000000401578 <+994>: mov BYTE PTR [rbp-0xab],0x2c 0x000000000040157f <+1001>: mov BYTE PTR [rbp-0xc9],0x4c 0x0000000000401586 <+1008>: mov BYTE PTR [rbp-0x61],0x59 0x000000000040158a <+1012>: mov BYTE PTR [rbp-0xd4],0x37 0x0000000000401591 <+1019>: mov BYTE PTR [rbp-0x10b],0x44 0x0000000000401598 <+1026>: mov BYTE PTR [rbp-0xac],0x33 0x000000000040159f <+1033>: mov BYTE PTR [rbp-0x4c],0x51 0x00000000004015a3 <+1037>: mov BYTE PTR [rbp-0x176],0x35 0x00000000004015aa <+1044>: mov BYTE PTR [rbp-0xe2],0x4e 0x00000000004015b1 <+1051>: mov BYTE PTR [rbp-0xc1],0x40 0x00000000004015b8 <+1058>: mov BYTE PTR [rbp-0x4e],0x58 0x00000000004015bc <+1062>: mov BYTE PTR [rbp-0xdb],0x69 0x00000000004015c3 <+1069>: mov BYTE PTR [rbp-0x14b],0x33 0x00000000004015ca <+1076>: mov BYTE PTR [rbp-0xd1],0x23 0x00000000004015d1 <+1083>: mov BYTE PTR [rbp-0x7a],0x65 0x00000000004015d5 <+1087>: mov BYTE PTR [rbp-0xc0],0x23 0x00000000004015dc <+1094>: mov BYTE PTR [rbp-0x10e],0x35 0x00000000004015e3 <+1101>: mov BYTE PTR [rbp-0x181],0x34 0x00000000004015ea <+1108>: mov BYTE PTR [rbp-0xee],0x5e 0x00000000004015f1 <+1115>: mov BYTE PTR [rbp-0x90],0x42 0x00000000004015f8 <+1122>: mov BYTE PTR [rbp-0x1bb],0x33 0x00000000004015ff <+1129>: mov BYTE PTR [rbp-0x96],0x4c 0x0000000000401606 <+1136>: mov BYTE PTR [rbp-0x15a],0x34 0x000000000040160d <+1143>: mov BYTE PTR [rbp-0x34],0x3b 0x0000000000401611 <+1147>: mov BYTE PTR [rbp-0x145],0x33 0x0000000000401618 <+1154>: mov BYTE PTR [rbp-0x60],0x52 0x000000000040161c <+1158>: mov BYTE PTR [rbp-0x1d],0x29 0x0000000000401620 <+1162>: mov BYTE PTR [rbp-0x1b2],0x34 0x0000000000401627 <+1169>: mov BYTE PTR [rbp-0x193],0x42 0x000000000040162e <+1176>: mov BYTE PTR [rbp-0x4b],0x4c 0x0000000000401632 <+1180>: mov BYTE PTR [rbp-0x187],0x42 0x0000000000401639 <+1187>: mov BYTE PTR [rbp-0xd3],0x3d 0x0000000000401640 <+1194>: mov BYTE PTR [rbp-0x9d],0x2d 0x0000000000401647 <+1201>: mov BYTE PTR [rbp-0xbc],0x34 0x000000000040164e <+1208>: mov BYTE PTR [rbp-0x37],0x67 0x0000000000401652 <+1212>: mov BYTE PTR [rbp-0x83],0x7d 0x0000000000401659 <+1219>: mov BYTE PTR [rbp-0xaa],0x42 0x0000000000401660 <+1226>: mov BYTE PTR [rbp-0xb8],0x51 0x0000000000401667 <+1233>: mov BYTE PTR [rbp-0x109],0x44 0x000000000040166e <+1240>: mov BYTE PTR [rbp-0x12a],0x34 0x0000000000401675 <+1247>: mov BYTE PTR [rbp-0xdd],0x23 0x000000000040167c <+1254>: mov BYTE PTR [rbp-0x17e],0x34 0x0000000000401683 <+1261>: mov BYTE PTR [rbp-0x25],0x6f 0x0000000000401687 <+1265>: mov BYTE PTR [rbp-0x59],0x33 0x000000000040168b <+1269>: mov BYTE PTR [rbp-0xc4],0x67 0x0000000000401692 <+1276>: mov BYTE PTR [rbp-0x97],0x6b 0x0000000000401699 <+1283>: mov BYTE PTR [rbp-0x1a],0x75 0x000000000040169d <+1287>: mov BYTE PTR [rbp-0x7b],0x62 0x00000000004016a1 <+1291>: mov BYTE PTR [rbp-0x18e],0x35 0x00000000004016a8 <+1298>: mov BYTE PTR [rbp-0x2a],0x65 0x00000000004016ac <+1302>: mov BYTE PTR [rbp-0x159],0x36 0x00000000004016b3 <+1309>: mov BYTE PTR [rbp-0x158],0x34 0x00000000004016ba <+1316>: mov BYTE PTR [rbp-0xa0],0x79 0x00000000004016c1 <+1323>: mov BYTE PTR [rbp-0x1be],0x35 0x00000000004016c8 <+1330>: mov BYTE PTR [rbp-0x99],0x42 0x00000000004016cf <+1337>: mov BYTE PTR [rbp-0xcc],0x51 0x00000000004016d6 <+1344>: mov BYTE PTR [rbp-0xca],0x3a 0x00000000004016dd <+1351>: mov BYTE PTR [rbp-0x16c],0x34 0x00000000004016e4 <+1358>: mov BYTE PTR [rbp-0x1a8],0x35 0x00000000004016eb <+1365>: mov BYTE PTR [rbp-0x14a],0x35 0x00000000004016f2 <+1372>: mov BYTE PTR [rbp-0x192],0x34 0x00000000004016f9 <+1379>: mov BYTE PTR [rbp-0x11a],0x34 0x0000000000401700 <+1386>: mov BYTE PTR [rbp-0x168],0x35 0x0000000000401707 <+1393>: mov BYTE PTR [rbp-0x8a],0x67 0x000000000040170e <+1400>: mov BYTE PTR [rbp-0xea],0x6a 0x0000000000401715 <+1407>: mov BYTE PTR [rbp-0x162],0x35 0x000000000040171c <+1414>: mov BYTE PTR [rbp-0x118],0x34 0x0000000000401723 <+1421>: mov BYTE PTR [rbp-0x121],0x36 0x000000000040172a <+1428>: mov BYTE PTR [rbp-0x123],0x42 0x0000000000401731 <+1435>: mov BYTE PTR [rbp-0x6c],0x6c 0x0000000000401735 <+1439>: mov BYTE PTR [rbp-0x5e],0x2b 0x0000000000401739 <+1443>: mov BYTE PTR [rbp-0xc7],0x24 0x0000000000401740 <+1450>: mov BYTE PTR [rbp-0x31],0x44 0x0000000000401744 <+1454>: mov BYTE PTR [rbp-0xc3],0x5a 0x000000000040174b <+1461>: mov BYTE PTR [rbp-0x87],0x20 0x0000000000401752 <+1468>: mov BYTE PTR [rbp-0x18d],0x32 0x0000000000401759 <+1475>: mov BYTE PTR [rbp-0x9e],0x24 0x0000000000401760 <+1482>: mov BYTE PTR [rbp-0x1a9],0x38 0x0000000000401767 <+1489>: mov BYTE PTR [rbp-0x91],0x54 0x000000000040176e <+1496>: mov BYTE PTR [rbp-0x46],0x33 0x0000000000401772 <+1500>: mov BYTE PTR [rbp-0x1b1],0x33 0x0000000000401779 <+1507>: mov BYTE PTR [rbp-0x2e],0x3a 0x000000000040177d <+1511>: mov BYTE PTR [rbp-0xa2],0x2e 0x0000000000401784 <+1518>: mov BYTE PTR [rbp-0x183],0x41 0x000000000040178b <+1525>: mov BYTE PTR [rbp-0x18c],0x35 0x0000000000401792 <+1532>: mov BYTE PTR [rbp-0x1b7],0x31 0x0000000000401799 <+1539>: mov BYTE PTR [rbp-0xb7],0x6d 0x00000000004017a0 <+1546>: mov BYTE PTR [rbp-0x110],0x34 0x00000000004017a7 <+1553>: mov BYTE PTR [rbp-0x1ad],0x39 0x00000000004017ae <+1560>: mov BYTE PTR [rbp-0xa7],0x40 0x00000000004017b5 <+1567>: mov BYTE PTR [rbp-0x55],0x51 0x00000000004017b9 <+1571>: mov BYTE PTR [rbp-0x44],0x25 0x00000000004017bd <+1575>: mov BYTE PTR [rbp-0x179],0x37 0x00000000004017c4 <+1582>: mov BYTE PTR [rbp-0x56],0x38 0x00000000004017c8 <+1586>: mov BYTE PTR [rbp-0x2b],0x64 0x00000000004017cc <+1590>: mov BYTE PTR [rbp-0x19c],0x34 0x00000000004017d3 <+1597>: mov BYTE PTR [rbp-0xb2],0x7a 0x00000000004017da <+1604>: mov BYTE PTR [rbp-0xb4],0x5a 0x00000000004017e1 <+1611>: mov BYTE PTR [rbp-0x8c],0x66 0x00000000004017e8 <+1618>: mov BYTE PTR [rbp-0x9b],0x74 0x00000000004017ef <+1625>: mov BYTE PTR [rbp-0xb9],0x21 0x00000000004017f6 <+1632>: mov BYTE PTR [rbp-0x129],0x35 0x00000000004017fd <+1639>: mov BYTE PTR [rbp-0x13e],0x33 0x0000000000401804 <+1646>: mov BYTE PTR [rbp-0x16d],0x41 0x000000000040180b <+1653>: mov BYTE PTR [rbp-0x17b],0x42 0x0000000000401812 <+1660>: mov BYTE PTR [rbp-0x1aa],0x34 0x0000000000401819 <+1667>: mov BYTE PTR [rbp-0x138],0x35 0x0000000000401820 <+1674>: mov BYTE PTR [rbp-0x7d],0x30 0x0000000000401824 <+1678>: mov BYTE PTR [rbp-0x13f],0x41 0x000000000040182b <+1685>: mov BYTE PTR [rbp-0x10c],0x33 0x0000000000401832 <+1692>: mov BYTE PTR [rbp-0xd6],0x46 0x0000000000401839 <+1699>: mov BYTE PTR [rbp-0x36],0x2c 0x000000000040183d <+1703>: mov BYTE PTR [rbp-0x155],0x36 0x0000000000401844 <+1710>: mov BYTE PTR [rbp-0x160],0x34 0x000000000040184b <+1717>: mov BYTE PTR [rbp-0x189],0x36 0x0000000000401852 <+1724>: mov BYTE PTR [rbp-0xe7],0x2f 0x0000000000401859 <+1731>: mov BYTE PTR [rbp-0x1b6],0x35 0x0000000000401860 <+1738>: mov BYTE PTR [rbp-0x8f],0x28 0x0000000000401867 <+1745>: mov BYTE PTR [rbp-0x9f],0x30 0x000000000040186e <+1752>: mov BYTE PTR [rbp-0x15d],0x36 0x0000000000401875 <+1759>: mov BYTE PTR [rbp-0xa4],0x2e 0x000000000040187c <+1766>: mov BYTE PTR [rbp-0x199],0x36 0x0000000000401883 <+1773>: mov BYTE PTR [rbp-0xe6],0x3c 0x000000000040188a <+1780>: mov BYTE PTR [rbp-0x45],0x42 0x000000000040188e <+1784>: mov BYTE PTR [rbp-0x170],0x34 0x0000000000401895 <+1791>: mov BYTE PTR [rbp-0x57],0x71 0x0000000000401899 <+1795>: mov BYTE PTR [rbp-0x127],0x44 0x00000000004018a0 <+1802>: mov BYTE PTR [rbp-0x94],0x6a 0x00000000004018a7 <+1809>: mov BYTE PTR [rbp-0x13a],0x35 0x00000000004018ae <+1816>: mov BYTE PTR [rbp-0x1bf],0x42 0x00000000004018b5 <+1823>: mov BYTE PTR [rbp-0xc2],0x7b 0x00000000004018bc <+1830>: mov BYTE PTR [rbp-0x5f],0x7a 0x00000000004018c0 <+1834>: mov BYTE PTR [rbp-0x84],0x46 0x00000000004018c7 <+1841>: mov BYTE PTR [rbp-0x149],0x35 0x00000000004018ce <+1848>: mov BYTE PTR [rbp-0x182],0x35 0x00000000004018d5 <+1855>: mov BYTE PTR [rbp-0x1f],0x57 0x00000000004018d9 <+1859>: mov BYTE PTR [rbp-0x65],0x78 0x00000000004018dd <+1863>: mov BYTE PTR [rbp-0x24],0x2a 0x00000000004018e1 <+1867>: mov BYTE PTR [rbp-0xb5],0x40 0x00000000004018e8 <+1874>: mov BYTE PTR [rbp-0x1a0],0x34 0x00000000004018ef <+1881>: mov BYTE PTR [rbp-0x154],0x34 0x00000000004018f6 <+1888>: mov BYTE PTR [rbp-0xe4],0x72 0x00000000004018fd <+1895>: mov BYTE PTR [rbp-0x1ba],0x35 0x0000000000401904 <+1902>: mov BYTE PTR [rbp-0x89],0x5b 0x000000000040190b <+1909>: mov BYTE PTR [rbp-0xe5],0x42 0x0000000000401912 <+1916>: mov BYTE PTR [rbp-0xbe],0x38 0x0000000000401919 <+1923>: mov BYTE PTR [rbp-0x88],0x6a 0x0000000000401920 <+1930>: mov BYTE PTR [rbp-0x172],0x34 0x0000000000401927 <+1937>: mov BYTE PTR [rbp-0x134],0x35 0x000000000040192e <+1944>: mov BYTE PTR [rbp-0x150],0x34 0x0000000000401935 <+1951>: mov BYTE PTR [rbp-0x39],0x68 0x0000000000401939 <+1955>: mov BYTE PTR [rbp-0x136],0x33 0x0000000000401940 <+1962>: mov BYTE PTR [rbp-0x1b4],0x34 0x0000000000401947 <+1969>: mov BYTE PTR [rbp-0xad],0x5e 0x000000000040194e <+1976>: mov BYTE PTR [rbp-0x2f],0x35 0x0000000000401952 <+1980>: mov BYTE PTR [rbp-0xb3],0x6f 0x0000000000401959 <+1987>: mov BYTE PTR [rbp-0x151],0x39 0x0000000000401960 <+1994>: mov BYTE PTR [rbp-0x120],0x34 0x0000000000401967 <+2001>: mov BYTE PTR [rbp-0x98],0x34 0x000000000040196e <+2008>: mov BYTE PTR [rbp-0xba],0x54 0x0000000000401975 <+2015>: mov BYTE PTR [rbp-0x82],0x3d 0x000000000040197c <+2022>: mov BYTE PTR [rbp-0x17a],0x34 0x0000000000401983 <+2029>: mov BYTE PTR [rbp-0x6f],0x7c 0x0000000000401987 <+2033>: mov BYTE PTR [rbp-0x51],0x5b 0x000000000040198b <+2037>: mov BYTE PTR [rbp-0x2d],0x7e 0x000000000040198f <+2041>: mov BYTE PTR [rbp-0x1ac],0x33 0x0000000000401996 <+2048>: mov BYTE PTR [rbp-0x26],0x7e 0x000000000040199a <+2052>: mov BYTE PTR [rbp-0x185],0x36 0x00000000004019a1 <+2059>: mov BYTE PTR [rbp-0x4a],0x3f 0x00000000004019a5 <+2063>: mov BYTE PTR [rbp-0x157],0x46 0x00000000004019ac <+2070>: mov BYTE PTR [rbp-0x15e],0x34 0x00000000004019b3 <+2077>: mov BYTE PTR [rbp-0x1a6],0x35 0x00000000004019ba <+2084>: mov BYTE PTR [rbp-0x77],0x3c 0x00000000004019be <+2088>: mov BYTE PTR [rbp-0x167],0x33 0x00000000004019c5 <+2095>: mov BYTE PTR [rbp-0xe8],0x5a 0x00000000004019cc <+2102>: mov BYTE PTR [rbp-0x11b],0x36 0x00000000004019d3 <+2109>: mov BYTE PTR [rbp-0x115],0x37 0x00000000004019da <+2116>: mov BYTE PTR [rbp-0x106],0x33 0x00000000004019e1 <+2123>: mov BYTE PTR [rbp-0x13c],0x34 0x00000000004019e8 <+2130>: mov BYTE PTR [rbp-0x4f],0x47 0x00000000004019ec <+2134>: mov BYTE PTR [rbp-0x12f],0x42 0x00000000004019f3 <+2141>: mov BYTE PTR [rbp-0xcf],0x5b 0x00000000004019fa <+2148>: mov BYTE PTR [rbp-0xa3],0x3a 0x0000000000401a01 <+2155>: mov BYTE PTR [rbp-0x15b],0x39 0x0000000000401a08 <+2162>: mov BYTE PTR [rbp-0x54],0x72 0x0000000000401a0c <+2166>: mov BYTE PTR [rbp-0x107],0x44 0x0000000000401a13 <+2173>: mov BYTE PTR [rbp-0x180],0x34 0x0000000000401a1a <+2180>: mov BYTE PTR [rbp-0x7e],0x3d 0x0000000000401a1e <+2184>: mov BYTE PTR [rbp-0x14c],0x35 0x0000000000401a25 <+2191>: mov BYTE PTR [rbp-0xec],0x66 0x0000000000401a2c <+2198>: mov BYTE PTR [rbp-0x1a1],0x39 0x0000000000401a33 <+2205>: mov BYTE PTR [rbp-0x15c],0x34 0x0000000000401a3a <+2212>: mov BYTE PTR [rbp-0x10d],0x35 0x0000000000401a41 <+2219>: mov BYTE PTR [rbp-0x116],0x35 0x0000000000401a48 <+2226>: mov BYTE PTR [rbp-0x163],0x32 0x0000000000401a4f <+2233>: mov BYTE PTR [rbp-0x63],0x42 0x0000000000401a53 <+2237>: mov BYTE PTR [rbp-0xae],0x3b 0x0000000000401a5a <+2244>: mov BYTE PTR [rbp-0x3b],0x26 0x0000000000401a5e <+2248>: mov BYTE PTR [rbp-0xe0],0x61 0x0000000000401a65 <+2255>: mov BYTE PTR [rbp-0xda],0x50 0x0000000000401a6c <+2262>: mov BYTE PTR [rbp-0x8e],0x58 0x0000000000401a73 <+2269>: mov BYTE PTR [rbp-0x148],0x34 0x0000000000401a7a <+2276>: mov BYTE PTR [rbp-0x2c],0x6f 0x0000000000401a7e <+2280>: mov BYTE PTR [rbp-0x20],0x4f 0x0000000000401a82 <+2284>: mov BYTE PTR [rbp-0xd9],0x42 0x0000000000401a89 <+2291>: mov BYTE PTR [rbp-0xc5],0x32 0x0000000000401a90 <+2298>: mov BYTE PTR [rbp-0xdc],0x35 0x0000000000401a97 <+2305>: mov BYTE PTR [rbp-0x12e],0x35 0x0000000000401a9e <+2312>: mov BYTE PTR [rbp-0xeb],0x76 0x0000000000401aa5 <+2319>: mov BYTE PTR [rbp-0xd5],0x6b 0x0000000000401aac <+2326>: mov BYTE PTR [rbp-0x23],0x4f 0x0000000000401ab0 <+2330>: mov BYTE PTR [rbp-0x40],0x2d 0x0000000000401ab4 <+2334>: mov BYTE PTR [rbp-0x6a],0x60 0x0000000000401ab8 <+2338>: mov BYTE PTR [rbp-0x1ae],0x34 0x0000000000401abf <+2345>: mov BYTE PTR [rbp-0x19a],0x34 0x0000000000401ac6 <+2352>: mov BYTE PTR [rbp-0x72],0x6c 0x0000000000401aca <+2356>: mov BYTE PTR [rbp-0x19d],0x32 0x0000000000401ad1 <+2363>: mov BYTE PTR [rbp-0x156],0x35 0x0000000000401ad8 <+2370>: mov BYTE PTR [rbp-0x52],0x3e 0x0000000000401adc <+2374>: mov BYTE PTR [rbp-0x17f],0x42 0x0000000000401ae3 <+2381>: mov BYTE PTR [rbp-0x191],0x46 0x0000000000401aea <+2388>: mov BYTE PTR [rbp-0xaf],0x21 0x0000000000401af1 <+2395>: mov BYTE PTR [rbp-0x3e],0x3d 0x0000000000401af5 <+2399>: mov BYTE PTR [rbp-0x194],0x34 0x0000000000401afc <+2406>: mov BYTE PTR [rbp-0x19b],0x41 0x0000000000401b03 <+2413>: mov BYTE PTR [rbp-0x141],0x33 0x0000000000401b0a <+2420>: mov BYTE PTR [rbp-0x111],0x31 0x0000000000401b11 <+2427>: mov BYTE PTR [rbp-0xc6],0x23 0x0000000000401b18 <+2434>: mov BYTE PTR [rbp-0xb6],0x5a 0x0000000000401b1f <+2441>: mov BYTE PTR [rbp-0x12d],0x36 0x0000000000401b26 <+2448>: mov BYTE PTR [rbp-0x13b],0x43 0x0000000000401b2d <+2455>: mov BYTE PTR [rbp-0x101],0x44 0x0000000000401b34 <+2462>: mov BYTE PTR [rbp-0x113],0x32 0x0000000000401b3b <+2469>: mov BYTE PTR [rbp-0xde],0x78 0x0000000000401b42 <+2476>: mov BYTE PTR [rbp-0x1a3],0x42 0x0000000000401b49 <+2483>: mov BYTE PTR [rbp-0x42],0x57 0x0000000000401b4d <+2487>: mov BYTE PTR [rbp-0xb1],0x33 0x0000000000401b54 <+2494>: mov BYTE PTR [rbp-0x140],0x34 0x0000000000401b5b <+2501>: mov BYTE PTR [rbp-0x21],0x7b 0x0000000000401b5f <+2505>: mov BYTE PTR [rbp-0x133],0x33 0x0000000000401b66 <+2512>: mov BYTE PTR [rbp-0x130],0x34 0x0000000000401b6d <+2519>: mov BYTE PTR [rbp-0x103],0x44 0x0000000000401b74 <+2526>: mov BYTE PTR [rbp-0x67],0x3a 0x0000000000401b78 <+2530>: mov BYTE PTR [rbp-0xa9],0x39 0x0000000000401b7f <+2537>: mov BYTE PTR [rbp-0x71],0x72 0x0000000000401b83 <+2541>: mov BYTE PTR [rbp-0x80],0x68 0x0000000000401b87 <+2545>: mov BYTE PTR [rbp-0x19e],0x35 0x0000000000401b8e <+2552>: mov BYTE PTR [rbp-0x1ab],0x32 0x0000000000401b95 <+2559>: mov BYTE PTR [rbp-0x128],0x34 0x0000000000401b9c <+2566>: mov BYTE PTR [rbp-0x125],0x36 0x0000000000401ba3 <+2573>: mov BYTE PTR [rbp-0x12c],0x33 0x0000000000401baa <+2580>: mov BYTE PTR [rbp-0x6b],0x6b 0x0000000000401bae <+2584>: mov BYTE PTR [rbp-0x13d],0x35 0x0000000000401bb5 <+2591>: mov BYTE PTR [rbp-0x147],0x42 0x0000000000401bbc <+2598>: mov BYTE PTR [rbp-0x153],0x43 0x0000000000401bc3 <+2605>: mov BYTE PTR [rbp-0x1b9],0x37 0x0000000000401bca <+2612>: mov BYTE PTR [rbp-0x6d],0x53 0x0000000000401bce <+2616>: mov BYTE PTR [rbp-0xef],0x40 0x0000000000401bd5 <+2623>: mov BYTE PTR [rbp-0x198],0x34 0x0000000000401bdc <+2630>: mov BYTE PTR [rbp-0x76],0x6f 0x0000000000401be0 <+2634>: mov BYTE PTR [rbp-0x19f],0x46 0x0000000000401be7 <+2641>: mov DWORD PTR [rbp-0x1c4],0x0 0x0000000000401bf1 <+2651>: mov rax,QWORD PTR [rbp-0x1e0] 0x0000000000401bf8 <+2658>: add rax,0x8 0x0000000000401bfc <+2662>: mov rax,QWORD PTR [rax] 0x0000000000401bff <+2665>: movzx eax,BYTE PTR [rax] 0x0000000000401c02 <+2668>: test al,al 0x0000000000401c04 <+2670>: jne 0x401c10 <main+2682> 0x0000000000401c06 <+2672>: mov eax,0xffffffff 0x0000000000401c0b <+2677>: jmp 0x401d7a <main+3044> 0x0000000000401c10 <+2682>: mov rax,QWORD PTR [rbp-0x1e0] 0x0000000000401c17 <+2689>: add rax,0x8 0x0000000000401c1b <+2693>: mov rax,QWORD PTR [rax] 0x0000000000401c1e <+2696>: mov rdi,rax 0x0000000000401c21 <+2699>: call 0x401080 <strlen@plt> 0x0000000000401c26 <+2704>: mov rbx,rax 0x0000000000401c29 <+2707>: lea rax,[rbp-0x1c0] 0x0000000000401c30 <+2714>: mov rdi,rax 0x0000000000401c33 <+2717>: call 0x401080 <strlen@plt> 0x0000000000401c38 <+2722>: cmp rbx,rax 0x0000000000401c3b <+2725>: jne 0x401cef <main+2905> 0x0000000000401c41 <+2731>: mov DWORD PTR [rbp-0x1c4],0x0 0x0000000000401c4b <+2741>: jmp 0x401cad <main+2839> 0x0000000000401c4d <+2743>: mov rax,QWORD PTR [rbp-0x1e0] 0x0000000000401c54 <+2750>: add rax,0x8 0x0000000000401c58 <+2754>: mov rdx,QWORD PTR [rax] 0x0000000000401c5b <+2757>: mov eax,DWORD PTR [rbp-0x1c4] 0x0000000000401c61 <+2763>: cdqe 0x0000000000401c63 <+2765>: add rax,rdx 0x0000000000401c66 <+2768>: movzx edx,BYTE PTR [rax] 0x0000000000401c69 <+2771>: mov eax,DWORD PTR [rbp-0x1c4] 0x0000000000401c6f <+2777>: cdqe 0x0000000000401c71 <+2779>: movzx eax,BYTE PTR [rbp+rax*1-0x1c0] 0x0000000000401c79 <+2787>: cmp dl,al 0x0000000000401c7b <+2789>: je 0x401ca6 <main+2832> 0x0000000000401c7d <+2791>: lea rdi,[rip+0x396] # 0x40201a 0x0000000000401c84 <+2798>: call 0x401070 <puts@plt> 0x0000000000401c89 <+2803>: cmp DWORD PTR [rbp-0x1c4],0x0 0x0000000000401c90 <+2810>: jne 0x401c9c <main+2822> 0x0000000000401c92 <+2812>: mov eax,0xffffffff 0x0000000000401c97 <+2817>: jmp 0x401d7a <main+3044> 0x0000000000401c9c <+2822>: mov eax,0x11 0x0000000000401ca1 <+2827>: jmp 0x401d7a <main+3044> 0x0000000000401ca6 <+2832>: add DWORD PTR [rbp-0x1c4],0x1 0x0000000000401cad <+2839>: mov eax,DWORD PTR [rbp-0x1c4] 0x0000000000401cb3 <+2845>: movsxd rbx,eax 0x0000000000401cb6 <+2848>: mov rax,QWORD PTR [rbp-0x1e0] 0x0000000000401cbd <+2855>: add rax,0x8 0x0000000000401cc1 <+2859>: mov rax,QWORD PTR [rax] 0x0000000000401cc4 <+2862>: mov rdi,rax 0x0000000000401cc7 <+2865>: call 0x401080 <strlen@plt> 0x0000000000401ccc <+2870>: sub rax,0x1 0x0000000000401cd0 <+2874>: cmp rbx,rax 0x0000000000401cd3 <+2877>: jb 0x401c4d <main+2743> 0x0000000000401cd9 <+2883>: lea rdi,[rip+0x350] # 0x402030 0x0000000000401ce0 <+2890>: call 0x401070 <puts@plt> 0x0000000000401ce5 <+2895>: mov eax,0x2a 0x0000000000401cea <+2900>: jmp 0x401d7a <main+3044> 0x0000000000401cef <+2905>: mov DWORD PTR [rbp-0x1c4],0x0 0x0000000000401cf9 <+2915>: jmp 0x401d45 <main+2991> 0x0000000000401cfb <+2917>: mov rax,QWORD PTR [rbp-0x1e0] 0x0000000000401d02 <+2924>: add rax,0x8 0x0000000000401d06 <+2928>: mov rdx,QWORD PTR [rax] 0x0000000000401d09 <+2931>: mov eax,DWORD PTR [rbp-0x1c4] 0x0000000000401d0f <+2937>: cdqe 0x0000000000401d11 <+2939>: add rax,rdx 0x0000000000401d14 <+2942>: movzx edx,BYTE PTR [rax] 0x0000000000401d17 <+2945>: mov eax,DWORD PTR [rbp-0x1c4] 0x0000000000401d1d <+2951>: cdqe 0x0000000000401d1f <+2953>: movzx eax,BYTE PTR [rbp+rax*1-0x1c0] 0x0000000000401d27 <+2961>: cmp dl,al 0x0000000000401d29 <+2963>: je 0x401d3e <main+2984> 0x0000000000401d2b <+2965>: lea rdi,[rip+0x2e8] # 0x40201a 0x0000000000401d32 <+2972>: call 0x401070 <puts@plt> 0x0000000000401d37 <+2977>: mov eax,0xffffffff 0x0000000000401d3c <+2982>: jmp 0x401d7a <main+3044> 0x0000000000401d3e <+2984>: add DWORD PTR [rbp-0x1c4],0x1 0x0000000000401d45 <+2991>: mov eax,DWORD PTR [rbp-0x1c4] 0x0000000000401d4b <+2997>: movsxd rbx,eax 0x0000000000401d4e <+3000>: mov rax,QWORD PTR [rbp-0x1e0] 0x0000000000401d55 <+3007>: add rax,0x8 0x0000000000401d59 <+3011>: mov rax,QWORD PTR [rax] 0x0000000000401d5c <+3014>: mov rdi,rax 0x0000000000401d5f <+3017>: call 0x401080 <strlen@plt> 0x0000000000401d64 <+3022>: cmp rbx,rax 0x0000000000401d67 <+3025>: jb 0x401cfb <main+2917> 0x0000000000401d69 <+3027>: lea rdi,[rip+0x2aa] # 0x40201a 0x0000000000401d70 <+3034>: call 0x401070 <puts@plt> 0x0000000000401d75 <+3039>: mov eax,0x11 0x0000000000401d7a <+3044>: mov rcx,QWORD PTR [rbp-0x18] 0x0000000000401d7e <+3048>: xor rcx,QWORD PTR fs:0x28 0x0000000000401d87 <+3057>: je 0x401d8e <main+3064> 0x0000000000401d89 <+3059>: call 0x401090 <__stack_chk_fail@plt> 0x0000000000401d8e <+3064>: add rsp,0x1d8 0x0000000000401d95 <+3071>: pop rbx 0x0000000000401d96 <+3072>: pop rbp 0x0000000000401d97 <+3073>: ret End of assembler dump. gdb-peda$ b *0x0000000000401c33 Breakpoint 2 at 0x401c33 gdb-peda$ c Continuing. [----------------------------------registers-----------------------------------] RAX: 0x7fffffffdc50 ("4B5A4357515244434749324853544B594F524A46474D4B4F4B5252464B564A544B4E4B4751534443495A484553563258474649464F564C494A5A53554B3342534A354C54533453574B5634454D564B46474646464D57425148553D3D3D3D3D3D") RBX: 0x1 RCX: 0x17 RDX: 0x7fffffffe277 --> 0x455454554c430031 ('1') RSI: 0x7fffffffdef8 --> 0x7fffffffe247 ("/mnt/hgfs/Shared/elf_x64_basejumper_crackme.bin") RDI: 0x7fffffffdc50 ("4B5A4357515244434749324853544B594F524A46474D4B4F4B5252464B564A544B4E4B4751534443495A484553563258474649464F564C494A5A53554B3342534A354C54533453574B5634454D564B46474646464D57425148553D3D3D3D3D3D") RBP: 0x7fffffffde10 --> 0x401da0 (<__libc_csu_init>: endbr64) RSP: 0x7fffffffdc30 --> 0x7fffffffdef8 --> 0x7fffffffe247 ("/mnt/hgfs/Shared/elf_x64_basejumper_crackme.bin") RIP: 0x401c33 (<main+2717>: call 0x401080 <strlen@plt>) R8 : 0x7ffff7dced80 --> 0x0 R9 : 0x7ffff7dced80 --> 0x0 R10: 0x3 R11: 0x7ffff7b704d0 (<__strlen_avx2>: mov ecx,edi) R12: 0x4010b0 (<_start>: endbr64) R13: 0x7fffffffdef0 --> 0x2 R14: 0x0 R15: 0x0 EFLAGS: 0x202 (carry parity adjust zero sign trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0x401c26 <main+2704>: mov rbx,rax 0x401c29 <main+2707>: lea rax,[rbp-0x1c0] 0x401c30 <main+2714>: mov rdi,rax => 0x401c33 <main+2717>: call 0x401080 <strlen@plt> 0x401c38 <main+2722>: cmp rbx,rax 0x401c3b <main+2725>: jne 0x401cef <main+2905> 0x401c41 <main+2731>: mov DWORD PTR [rbp-0x1c4],0x0 0x401c4b <main+2741>: jmp 0x401cad <main+2839> Guessed arguments: arg[0]: 0x7fffffffdc50 ("4B5A4357515244434749324853544B594F524A46474D4B4F4B5252464B564A544B4E4B4751534443495A484553563258474649464F564C494A5A53554B3342534A354C54533453574B5634454D564B46474646464D57425148553D3D3D3D3D3D") [------------------------------------stack-------------------------------------] 0000| 0x7fffffffdc30 --> 0x7fffffffdef8 --> 0x7fffffffe247 ("/mnt/hgfs/Shared/elf_x64_basejumper_crackme.bin") 0008| 0x7fffffffdc38 --> 0x200000000 0016| 0x7fffffffdc40 --> 0x0 0024| 0x7fffffffdc48 --> 0xf7ffb2d8 0032| 0x7fffffffdc50 ("4B5A4357515244434749324853544B594F524A46474D4B4F4B5252464B564A544B4E4B4751534443495A484553563258474649464F564C494A5A53554B3342534A354C54533453574B5634454D564B46474646464D57425148553D3D3D3D3D3D") 0040| 0x7fffffffdc58 ("515244434749324853544B594F524A46474D4B4F4B5252464B564A544B4E4B4751534443495A484553563258474649464F564C494A5A53554B3342534A354C54533453574B5634454D564B46474646464D57425148553D3D3D3D3D3D") 0048| 0x7fffffffdc60 ("4749324853544B594F524A46474D4B4F4B5252464B564A544B4E4B4751534443495A484553563258474649464F564C494A5A53554B3342534A354C54533453574B5634454D564B46474646464D57425148553D3D3D3D3D3D") 0056| 0x7fffffffdc68 ("53544B594F524A46474D4B4F4B5252464B564A544B4E4B4751534443495A484553563258474649464F564C494A5A53554B3342534A354C54533453574B5634454D564B46474646464D57425148553D3D3D3D3D3D") [------------------------------------------------------------------------------] Legend: code, data, rodata, value Breakpoint 2, 0x0000000000401c33 in main ()
rdiレジスタが指すアドレスに怪しい文字列が入った。
>>> s = '4B5A4357515244434749324853544B594F524A46474D4B4F4B5252464B564A544B4E4B4751534443495A484553563258474649464F564C494A5A53554B3342534A354C54533453574B5634454D564B46474646464D57425148553D3D3D3D3D3D'
>>> s.decode('hex')
'KZCWQRDCGI2HSTKYORJFGMKOKRRFKVJTKNKGQSDCIZHESV2XGFIFOVLIJZSUK3BSJ5LTS4SWKV4EMVKFGFFFMWBQHU======'
>>> from base64 import *
>>> b32decode(s.decode('hex'))
'VEhDb24yMXtRS1NTbUU3SThHbFNIWW1PWUhNeEl2OW9rVUxFUE1JVX0='
>>> b64decode(b32decode(s.decode('hex')))
'THCon21{QKSSmE7I8GlSHYmOYHMxIv9okULEPMIU}'
THCon21{QKSSmE7I8GlSHYmOYHMxIv9okULEPMIU}
Rsa internal attacker (cryptography)
n, e_a, d_aがわかっているので、p, qを算出可能。あとはphiも算出できるので、e_bからd_bを算出し、復号する。
import fractions import random from Crypto.Util.number import * def factor_modulus(n, d, e): t = (e * d - 1) s = 0 while True: quotient, remainder = divmod(t, 2) if remainder != 0: break s += 1 t = quotient found = False while not found: i = 1 a = random.randint(1, n-1) while i <= s and not found: c1 = pow(a, pow(2, i-1, n) * t, n) c2 = pow(a, pow(2, i, n) * t, n) found = c1 != 1 and c1 != (-1 % n) and c2 == 1 i += 1 p = fractions.gcd(c1-1, n) q = n // p return p, q with open('output.txt', 'r') as f: n = eval(f.readline().rstrip().split(' : ')[1]) e_a, d_a = eval(f.readline().rstrip().split(' : ')[1]) e_b = eval(f.readline().rstrip().split(' : ')[1]) c = eval(f.readline().rstrip().split(' : ')[1]) p, q = factor_modulus(n, d_a, e_a) phi = (p - 1) * (q - 1) d_b = inverse(e_b, phi) m = pow(c, d_b, p * q) flag = long_to_bytes(m) print flag
THCon21{coMm0n_m0duLus_wh1th_int3rn4l_aTt4ck3r}
