CTF, помогите я тупой

LightMan · 02.07.2023

C:

#include "out.h"


int _init(EVP_PKEY_CTX * ctx) {
    int iVar1;

    iVar1 = __gmon_start__();
    return iVar1;
}

void FUN_00101020(void) {
    // WARNING: Treating indirect jump as call
    ( * (code * )(undefined * ) 0x0)();
    return;
}

void __cxa_finalize(void) {
    __cxa_finalize();
    return;
}

// WARNING: Unknown calling convention -- yet parameter storage is locked

int putchar(int __c) {
    int iVar1;

    iVar1 = putchar(__c);
    return iVar1;
}

// WARNING: Unknown calling convention -- yet parameter storage is locked

int puts(char * __s) {
    int iVar1;

    iVar1 = puts(__s);
    return iVar1;
}

void __stack_chk_fail(void) {
    // WARNING: Subroutine does not return
    __stack_chk_fail();
}

// WARNING: Unknown calling convention -- yet parameter storage is locked

int printf(char * __format, ...) {
    int iVar1;

    iVar1 = printf(__format);
    return iVar1;
}

// WARNING: Unknown calling convention -- yet parameter storage is locked

void *memset(void * __s, int __c, size_t __n) {
        void * pvVar1;

        pvVar1 = memset(__s, __c, __n);
        return pvVar1;
    }

// WARNING: Unknown calling convention -- yet parameter storage is locked

int memcmp(void * __s1, void * __s2, size_t __n) {
    int iVar1;

    iVar1 = memcmp(__s1, __s2, __n);
    return iVar1;
}

// WARNING: Unknown calling convention -- yet parameter storage is locked

int getchar(void) {
    int iVar1;

    iVar1 = getchar();
    return iVar1;
}

// WARNING: Unknown calling convention -- yet parameter storage is locked

void *memcpy(void * __dest, void * __src, size_t __n) {
        void * pvVar1;

        pvVar1 = memcpy(__dest, __src, __n);
        return pvVar1;
    }

// WARNING: Unknown calling convention -- yet parameter storage is locked

void *malloc(size_t __size) {
        void * pvVar1;

        pvVar1 = malloc(__size);
        return pvVar1;
    }

// WARNING: Unknown calling convention -- yet parameter storage is locked

void exit(int __status) {
    // WARNING: Subroutine does not return
    exit(__status);
}

void _start(undefined8 param_1, undefined8 param_2, undefined8 param_3) {
    undefined8 unaff_retaddr;
    undefined auStack_8[8];

    __libc_start_main(main, unaff_retaddr, & stack0x00000008, 0, 0, param_3,
        auStack_8);
    do {
        // WARNING: Do nothing block with infinite loop
    }
    while (true);
}

// WARNING: Removing unreachable block (ram,0x001011c3)
// WARNING: Removing unreachable block (ram,0x001011cf)

void deregister_tm_clones(void) {
    return;
}

// WARNING: Removing unreachable block (ram,0x00101204)
// WARNING: Removing unreachable block (ram,0x00101210)

void register_tm_clones(void) {
    return;
}

void __do_global_dtors_aux(void) {
    if (completed_0 != '\0') {
        return;
    }
    __cxa_finalize( & __dso_handle);
    deregister_tm_clones();
    completed_0 = 1;
    return;
}

void frame_dummy(void) {
    register_tm_clones();
    return;
}

void initializeVM(void * param_1, void * param_2, int param_3, void * param_4,
    int param_5) {
    *(undefined4 * )((long) param_1 + 0x5c) = 0xffffffff;
    *(undefined4 * )((long) param_1 + 0x58) = 0;
    memset(param_1, 0, 0x40);
    memset((void * )((long) param_1 + 0x40), 0, 0x18);
    memset((void * )((long) param_1 + 0x60), 0, 0x800);
    memset((void * )((long) param_1 + 0x860), 0, 0x400);
    *(undefined * )((long) param_1 + 0xc60) = 0xff;
    memcpy((void * )((long) param_1 + 0x60), param_2, (long) param_3);
    memcpy((void * )((long) param_1 + 0x860), param_4, (long) param_5);
    *(undefined4 * )((long) param_1 + 0xffc) = 0x12;
    return;
}

void push(long param_1, int param_2) {
    param_2 = param_2 + -1;
    if ((( * (int * )(param_1 + 0x5c) < 0xf) && (-1 < param_2)) && (param_2 < 6)) {
        *(int * )(param_1 + 0x5c) = * (int * )(param_1 + 0x5c) + 1;
        *(undefined4 * )(param_1 + (long) * (int * )(param_1 + 0x5c) * 4) = *
        (undefined4 * )(param_1 + ((long) param_2 + 0x10) * 4);
        return;
    }
    puts("Stack overflow!");
    // WARNING: Subroutine does not return
    exit(1);
}

void pop(long param_1, int param_2) {
    int iVar1;

    param_2 = param_2 + -1;
    if (((-1 < * (int * )(param_1 + 0x5c)) && (-1 < param_2)) && (param_2 < 6)) {
        iVar1 = * (int * )(param_1 + 0x5c);
        *(int * )(param_1 + 0x5c) = iVar1 + -1;
        *(undefined4 * )(param_1 + ((long) param_2 + 0x10) * 4) = *
        (undefined4 * )(param_1 + (long) iVar1 * 4);
        return;
    }
    puts("Stack underflow!");
    // WARNING: Subroutine does not return
    exit(1);
}

void mov(long param_1, int param_2, undefined4 param_3) {
    param_2 = param_2 + -1;
    if ((-1 < param_2) && (param_2 < 6)) {
        *(undefined4 * )(param_1 + ((long) param_2 + 0x10) * 4) = param_3;
        return;
    }
    printf("[mov] Invalid register index");
    // WARNING: Subroutine does not return
    exit(1);
}

void mov_b(long param_1, int param_2, int param_3) {
    param_2 = param_2 + -1;
    param_3 = param_3 + -1;
    if ((((-1 < param_2) && (param_2 < 6)) && (-1 < param_3)) && (param_3 < 6)) {
        *(int * )(param_1 + ((long) param_2 + 0x10) * 4) =
        (int) * (char * )(param_1 +
            *
            (int * )(param_1 + ((long) param_3 + 0x10) * 4));
        return;
    }
    printf("[mov_a] Invalid register index");
    // WARNING: Subroutine does not return
    exit(1);
}

void mov_a(long param_1, int param_2, int param_3) {
    param_2 = param_2 + -1;
    param_3 = param_3 + -1;
    if ((((-1 < param_2) && (param_2 < 6)) && (-1 < param_3)) && (param_3 < 6)) {
        *(char * )(param_1 + * (int * )(param_1 + ((long) param_2 + 0x10) * 4)) =
        (char) * (undefined4 * )(param_1 + ((long) param_3 + 0x10) * 4);
        return;
    }
    printf("[mov_b] Invalid register index");
    // WARNING: Subroutine does not return
    exit(1);
}

void xor(long param_1, int param_2, int param_3) {
    param_2 = param_2 + -1;
    param_3 = param_3 + -1;
    if ((((-1 < param_2) && (param_2 < 6)) && (-1 < param_3)) && (param_3 < 6)) {
        *(uint * )(param_1 + ((long) param_2 + 0x10) * 4) = *
        (uint * )(param_1 + ((long) param_2 + 0x10) * 4) ^
        *
        (uint * )(param_1 + ((long) param_3 + 0x10) * 4);
        return;
    }
    printf("[xor] Invalid register index");
    // WARNING: Subroutine does not return
    exit(1);
}

void add(long param_1, int param_2, int param_3) {
    param_2 = param_2 + -1;
    param_3 = param_3 + -1;
    if ((((-1 < param_2) && (param_2 < 6)) && (-1 < param_3)) && (param_3 < 6)) {
        *(int * )(param_1 + ((long) param_2 + 0x10) * 4) = *
        (int * )(param_1 + ((long) param_2 + 0x10) * 4) +
        *
        (int * )(param_1 + ((long) param_3 + 0x10) * 4);
        return;
    }
    printf("[add] Invalid register index");
    // WARNING: Subroutine does not return
    exit(1);
}

void sub(long param_1, int param_2, int param_3) {
    param_2 = param_2 + -1;
    param_3 = param_3 + -1;
    if ((((-1 < param_2) && (param_2 < 6)) && (-1 < param_3)) && (param_3 < 6)) {
        *(int * )(param_1 + ((long) param_2 + 0x10) * 4) = *
        (int * )(param_1 + ((long) param_2 + 0x10) * 4) -
        *
        (int * )(param_1 + ((long) param_3 + 0x10) * 4);
        return;
    }
    printf("[sub] Invalid register index");
    // WARNING: Subroutine does not return
    exit(1);
}

void and(long param_1, int param_2, int param_3) {
    param_2 = param_2 + -1;
    param_3 = param_3 + -1;
    if ((((-1 < param_2) && (param_2 < 6)) && (-1 < param_3)) && (param_3 < 6)) {
        *(uint * )(param_1 + ((long) param_2 + 0x10) * 4) = *
        (uint * )(param_1 + ((long) param_2 + 0x10) * 4) &
        *
        (uint * )(param_1 + ((long) param_3 + 0x10) * 4);
        return;
    }
    printf("[add] Invalid register index");
    // WARNING: Subroutine does not return
    exit(1);
}

int cmp(void * param_1, void * param_2) {
    int iVar1;
    int iVar2;
    int in_EDX;

    iVar1 = (int) param_2 + -1;
    iVar2 = in_EDX + -1;
    if ((((-1 < iVar1) && (iVar1 < 6)) && (-1 < iVar2)) && (iVar2 < 6)) {
        if ( * (int * )((long) param_1 + ((long) iVar1 + 0x10) * 4) ==
            *
            (int * )((long) param_1 + ((long) iVar2 + 0x10) * 4)) {
            *(undefined * )((long) param_1 + 0xc60) = 0;
        } else if ( * (int * )((long) param_1 + ((long) iVar1 + 0x10) * 4) <
            *
            (int * )((long) param_1 + ((long) iVar2 + 0x10) * 4)) {
            *(undefined * )((long) param_1 + 0xc60) = 0xff;
        } else {
            *(undefined * )((long) param_1 + 0xc60) = 1;
        }
        return (int) param_1;
    }
    printf("[cmp] Invalid register index");
    // WARNING: Subroutine does not return
    exit(1);
}

void je(long param_1, int param_2) {
    if (-1 < param_2) {
        if ( * (char * )(param_1 + 0xc60) == '\0') {
            *(int * )(param_1 + 0x58) = param_2 + -3;
        }
        return;
    }
    printf("[je] Invalid addr");
    // WARNING: Subroutine does not return
    exit(1);
}

void jne(long param_1, int param_2) {
    if (-1 < param_2) {
        if ( * (char * )(param_1 + 0xc60) != '\0') {
            *(int * )(param_1 + 0x58) = param_2 + -3;
        }
        return;
    }
    printf("[jne] Invalid addr");
    // WARNING: Subroutine does not return
    exit(1);
}

void jmp(long param_1, int param_2) {
    if (-1 < param_2) {
        *(int * )(param_1 + 0x58) = param_2 + -3;
        return;
    }
    printf("[jmp] Invalid addr");
    // WARNING: Subroutine does not return
    exit(1);
}

void push_v(long param_1, uint param_2) {
    if ( * (int * )(param_1 + 0x5c) < 0xf) {
        *(int * )(param_1 + 0x5c) = * (int * )(param_1 + 0x5c) + 1;
        *(uint * )(param_1 + (long) * (int * )(param_1 + 0x5c) * 4) =
        param_2 & 0xff;
        return;
    }
    puts("Stack overflow!");
    // WARNING: Subroutine does not return
    exit(1);
}

void inpt(undefined8 param_1) {
    int iVar1;

    iVar1 = getchar();
    push_v(param_1, iVar1);
    return;
}

void vm_putc(long param_1, int param_2) {
    uint uVar1;

    param_2 = param_2 + -1;
    uVar1 = * (uint * )(param_1 + ((long) param_2 + 0x10) * 4);
    if ((((-1 < (int) uVar1) && (uVar1 < 0xc65)) && (-1 < param_2)) &&
        (param_2 < 6)) {
        putchar((int) *
            (char * )(param_1 +
                *
                (int * )(param_1 + ((long) param_2 + 0x10) * 4)));
        return;
    }
    printf("[putc] Invalid addr");
    // WARNING: Subroutine does not return
    exit(1);
}

void executeVM(void * param_1) {
    uint uVar1;
    uint uVar2;
    undefined4 uVar3;
    int iVar4;
    void * __dest;

    while (true) {
        uVar1 = *
            (uint * )((long) param_1 +
                ((long) * (int * )((long) param_1 + 0x58) + 0x18) * 4);
        uVar2 = *
            (uint * )((long) param_1 +
                ((long)( * (int * )((long) param_1 + 0x58) + 1) +
                    0x18) * 4);
        uVar3 = *
            (undefined4 * )((long) param_1 +
                ((long)( * (int * )((long) param_1 + 0x58) + 2) +
                    0x18) * 4);
        if (0x12 < (int) uVar1)
            break;
        switch (uVar1) {
        case 1:
            push(param_1, uVar2);
            break;
        case 2:
            pop(param_1, uVar2);
            break;
        case 3:
            mov(param_1, uVar2, uVar3);
            break;
        case 4:
            mov_a(param_1, uVar2, uVar3);
            break;
        case 5:
            mov_b(param_1, uVar2, uVar3);
            break;
        case 6:
            xor(param_1, uVar2, uVar3);
            break;
        case 7:
            add(param_1, uVar2, uVar3);
            break;
        case 8:
            sub(param_1, uVar2, uVar3);
            break;
        case 9:
            cmp(param_1, (void * )(ulong) uVar2);
            break;
        case 10:
            break;
        case 0xb
            je(param_1, uVar2);
            break;
        case 0xc:
            jne(param_1, uVar2);
            break;
        case 0xd:
            jmp(param_1, uVar2);
            break;
        case 0xe:
            inpt(param_1);
            break;
        case 0xf:
            vm_putc(param_1, uVar2);
            break;
        case 0x10:
            and(param_1, uVar2, uVar3);
            break;
        default:
            goto switchD_00101b76_caseD_11;
        case 0x12:
            puts("Something went wrong:(");
            // WARNING: Subroutine does not return
            exit(1);
        }
        *(int * )((long) param_1 + 0x58) = * (int * )((long) param_1 + 0x58) + 3;
    }
    if (uVar1 == 999) {
        __dest = malloc(0x28);
        memcpy(__dest, (void * )((long) param_1 + 0x5dc), 0x28);
        iVar4 = memcmp((void * )((long) param_1 + 0x9a0), __dest, 0x28);
        if ((iVar4 == 0) &&
            (iVar4 =
                memcmp("flag{c0nGratz_yo", (void * )((long) param_1 + 0x950),
                    0x14), iVar4 == 0)) {
            *(undefined * )((long) param_1 + 0x978) = 0;
            printf("Congratz! The flag is: %s", (long) param_1 + 0x950);
        } else {
            puts("Wrong:(");
        }
        // WARNING: Subroutine does not return
        exit(0);
    }
    switchD_00101b76_caseD_11:
        printf("Invalid instruction: %d\n", (ulong) uVar1);
    // WARNING: Subroutine does not return
    exit(1);
}

int main(void) {
    long lVar1;
    undefined8 * puVar2;
    undefined8 * puVar3;
    long in_FS_OFFSET;
    undefined8 local_1228[182];
    undefined local_c78[3176];
    long local_10;

    local_10 = * (long * )(in_FS_OFFSET + 0x28);
    puVar2 = & DAT_00102240;
    puVar3 = local_1228;
    for (lVar1 = 0xb6; lVar1 != 0; lVar1 = lVar1 + -1) {
        * puVar3 = * puVar2;
        puVar2 = puVar2 + 1;
        puVar3 = puVar3 + 1;
    }
    initializeVM(local_c78, local_1228, 0x5b0, "Enter pin:\nEnter pass:",
        0x16);
    executeVM(local_c78);
    if (local_10 != * (long * )(in_FS_OFFSET + 0x28)) {
        // WARNING: Subroutine does not return
        __stack_chk_fail();
    }
    return 0;
}

void _fini(void) {
    return;
}

Gufi · 02.07.2023

LightMan сказал(а):

C:

#include "out.h"


int _init(EVP_PKEY_CTX * ctx) {
    int iVar1;

    iVar1 = __gmon_start__();
    return iVar1;
}

void FUN_00101020(void) {
    // WARNING: Treating indirect jump as call
    ( * (code * )(undefined * ) 0x0)();
    return;
}

void __cxa_finalize(void) {
    __cxa_finalize();
    return;
}

// WARNING: Unknown calling convention -- yet parameter storage is locked

int putchar(int __c) {
    int iVar1;

    iVar1 = putchar(__c);
    return iVar1;
}

// WARNING: Unknown calling convention -- yet parameter storage is locked

int puts(char * __s) {
    int iVar1;

    iVar1 = puts(__s);
    return iVar1;
}

void __stack_chk_fail(void) {
    // WARNING: Subroutine does not return
    __stack_chk_fail();
}

// WARNING: Unknown calling convention -- yet parameter storage is locked

int printf(char * __format, ...) {
    int iVar1;

    iVar1 = printf(__format);
    return iVar1;
}

// WARNING: Unknown calling convention -- yet parameter storage is locked

void *memset(void * __s, int __c, size_t __n) {
        void * pvVar1;

        pvVar1 = memset(__s, __c, __n);
        return pvVar1;
    }

// WARNING: Unknown calling convention -- yet parameter storage is locked

int memcmp(void * __s1, void * __s2, size_t __n) {
    int iVar1;

    iVar1 = memcmp(__s1, __s2, __n);
    return iVar1;
}

// WARNING: Unknown calling convention -- yet parameter storage is locked

int getchar(void) {
    int iVar1;

    iVar1 = getchar();
    return iVar1;
}

// WARNING: Unknown calling convention -- yet parameter storage is locked

void *memcpy(void * __dest, void * __src, size_t __n) {
        void * pvVar1;

        pvVar1 = memcpy(__dest, __src, __n);
        return pvVar1;
    }

// WARNING: Unknown calling convention -- yet parameter storage is locked

void *malloc(size_t __size) {
        void * pvVar1;

        pvVar1 = malloc(__size);
        return pvVar1;
    }

// WARNING: Unknown calling convention -- yet parameter storage is locked

void exit(int __status) {
    // WARNING: Subroutine does not return
    exit(__status);
}

void _start(undefined8 param_1, undefined8 param_2, undefined8 param_3) {
    undefined8 unaff_retaddr;
    undefined auStack_8[8];

    __libc_start_main(main, unaff_retaddr, & stack0x00000008, 0, 0, param_3,
        auStack_8);
    do {
        // WARNING: Do nothing block with infinite loop
    }
    while (true);
}

// WARNING: Removing unreachable block (ram,0x001011c3)
// WARNING: Removing unreachable block (ram,0x001011cf)

void deregister_tm_clones(void) {
    return;
}

// WARNING: Removing unreachable block (ram,0x00101204)
// WARNING: Removing unreachable block (ram,0x00101210)

void register_tm_clones(void) {
    return;
}

void __do_global_dtors_aux(void) {
    if (completed_0 != '\0') {
        return;
    }
    __cxa_finalize( & __dso_handle);
    deregister_tm_clones();
    completed_0 = 1;
    return;
}

void frame_dummy(void) {
    register_tm_clones();
    return;
}

void initializeVM(void * param_1, void * param_2, int param_3, void * param_4,
    int param_5) {
    *(undefined4 * )((long) param_1 + 0x5c) = 0xffffffff;
    *(undefined4 * )((long) param_1 + 0x58) = 0;
    memset(param_1, 0, 0x40);
    memset((void * )((long) param_1 + 0x40), 0, 0x18);
    memset((void * )((long) param_1 + 0x60), 0, 0x800);
    memset((void * )((long) param_1 + 0x860), 0, 0x400);
    *(undefined * )((long) param_1 + 0xc60) = 0xff;
    memcpy((void * )((long) param_1 + 0x60), param_2, (long) param_3);
    memcpy((void * )((long) param_1 + 0x860), param_4, (long) param_5);
    *(undefined4 * )((long) param_1 + 0xffc) = 0x12;
    return;
}

void push(long param_1, int param_2) {
    param_2 = param_2 + -1;
    if ((( * (int * )(param_1 + 0x5c) < 0xf) && (-1 < param_2)) && (param_2 < 6)) {
        *(int * )(param_1 + 0x5c) = * (int * )(param_1 + 0x5c) + 1;
        *(undefined4 * )(param_1 + (long) * (int * )(param_1 + 0x5c) * 4) = *
        (undefined4 * )(param_1 + ((long) param_2 + 0x10) * 4);
        return;
    }
    puts("Stack overflow!");
    // WARNING: Subroutine does not return
    exit(1);
}

void pop(long param_1, int param_2) {
    int iVar1;

    param_2 = param_2 + -1;
    if (((-1 < * (int * )(param_1 + 0x5c)) && (-1 < param_2)) && (param_2 < 6)) {
        iVar1 = * (int * )(param_1 + 0x5c);
        *(int * )(param_1 + 0x5c) = iVar1 + -1;
        *(undefined4 * )(param_1 + ((long) param_2 + 0x10) * 4) = *
        (undefined4 * )(param_1 + (long) iVar1 * 4);
        return;
    }
    puts("Stack underflow!");
    // WARNING: Subroutine does not return
    exit(1);
}

void mov(long param_1, int param_2, undefined4 param_3) {
    param_2 = param_2 + -1;
    if ((-1 < param_2) && (param_2 < 6)) {
        *(undefined4 * )(param_1 + ((long) param_2 + 0x10) * 4) = param_3;
        return;
    }
    printf("[mov] Invalid register index");
    // WARNING: Subroutine does not return
    exit(1);
}

void mov_b(long param_1, int param_2, int param_3) {
    param_2 = param_2 + -1;
    param_3 = param_3 + -1;
    if ((((-1 < param_2) && (param_2 < 6)) && (-1 < param_3)) && (param_3 < 6)) {
        *(int * )(param_1 + ((long) param_2 + 0x10) * 4) =
        (int) * (char * )(param_1 +
            *
            (int * )(param_1 + ((long) param_3 + 0x10) * 4));
        return;
    }
    printf("[mov_a] Invalid register index");
    // WARNING: Subroutine does not return
    exit(1);
}

void mov_a(long param_1, int param_2, int param_3) {
    param_2 = param_2 + -1;
    param_3 = param_3 + -1;
    if ((((-1 < param_2) && (param_2 < 6)) && (-1 < param_3)) && (param_3 < 6)) {
        *(char * )(param_1 + * (int * )(param_1 + ((long) param_2 + 0x10) * 4)) =
        (char) * (undefined4 * )(param_1 + ((long) param_3 + 0x10) * 4);
        return;
    }
    printf("[mov_b] Invalid register index");
    // WARNING: Subroutine does not return
    exit(1);
}

void xor(long param_1, int param_2, int param_3) {
    param_2 = param_2 + -1;
    param_3 = param_3 + -1;
    if ((((-1 < param_2) && (param_2 < 6)) && (-1 < param_3)) && (param_3 < 6)) {
        *(uint * )(param_1 + ((long) param_2 + 0x10) * 4) = *
        (uint * )(param_1 + ((long) param_2 + 0x10) * 4) ^
        *
        (uint * )(param_1 + ((long) param_3 + 0x10) * 4);
        return;
    }
    printf("[xor] Invalid register index");
    // WARNING: Subroutine does not return
    exit(1);
}

void add(long param_1, int param_2, int param_3) {
    param_2 = param_2 + -1;
    param_3 = param_3 + -1;
    if ((((-1 < param_2) && (param_2 < 6)) && (-1 < param_3)) && (param_3 < 6)) {
        *(int * )(param_1 + ((long) param_2 + 0x10) * 4) = *
        (int * )(param_1 + ((long) param_2 + 0x10) * 4) +
        *
        (int * )(param_1 + ((long) param_3 + 0x10) * 4);
        return;
    }
    printf("[add] Invalid register index");
    // WARNING: Subroutine does not return
    exit(1);
}

void sub(long param_1, int param_2, int param_3) {
    param_2 = param_2 + -1;
    param_3 = param_3 + -1;
    if ((((-1 < param_2) && (param_2 < 6)) && (-1 < param_3)) && (param_3 < 6)) {
        *(int * )(param_1 + ((long) param_2 + 0x10) * 4) = *
        (int * )(param_1 + ((long) param_2 + 0x10) * 4) -
        *
        (int * )(param_1 + ((long) param_3 + 0x10) * 4);
        return;
    }
    printf("[sub] Invalid register index");
    // WARNING: Subroutine does not return
    exit(1);
}

void and(long param_1, int param_2, int param_3) {
    param_2 = param_2 + -1;
    param_3 = param_3 + -1;
    if ((((-1 < param_2) && (param_2 < 6)) && (-1 < param_3)) && (param_3 < 6)) {
        *(uint * )(param_1 + ((long) param_2 + 0x10) * 4) = *
        (uint * )(param_1 + ((long) param_2 + 0x10) * 4) &
        *
        (uint * )(param_1 + ((long) param_3 + 0x10) * 4);
        return;
    }
    printf("[add] Invalid register index");
    // WARNING: Subroutine does not return
    exit(1);
}

int cmp(void * param_1, void * param_2) {
    int iVar1;
    int iVar2;
    int in_EDX;

    iVar1 = (int) param_2 + -1;
    iVar2 = in_EDX + -1;
    if ((((-1 < iVar1) && (iVar1 < 6)) && (-1 < iVar2)) && (iVar2 < 6)) {
        if ( * (int * )((long) param_1 + ((long) iVar1 + 0x10) * 4) ==
            *
            (int * )((long) param_1 + ((long) iVar2 + 0x10) * 4)) {
            *(undefined * )((long) param_1 + 0xc60) = 0;
        } else if ( * (int * )((long) param_1 + ((long) iVar1 + 0x10) * 4) <
            *
            (int * )((long) param_1 + ((long) iVar2 + 0x10) * 4)) {
            *(undefined * )((long) param_1 + 0xc60) = 0xff;
        } else {
            *(undefined * )((long) param_1 + 0xc60) = 1;
        }
        return (int) param_1;
    }
    printf("[cmp] Invalid register index");
    // WARNING: Subroutine does not return
    exit(1);
}

void je(long param_1, int param_2) {
    if (-1 < param_2) {
        if ( * (char * )(param_1 + 0xc60) == '\0') {
            *(int * )(param_1 + 0x58) = param_2 + -3;
        }
        return;
    }
    printf("[je] Invalid addr");
    // WARNING: Subroutine does not return
    exit(1);
}

void jne(long param_1, int param_2) {
    if (-1 < param_2) {
        if ( * (char * )(param_1 + 0xc60) != '\0') {
            *(int * )(param_1 + 0x58) = param_2 + -3;
        }
        return;
    }
    printf("[jne] Invalid addr");
    // WARNING: Subroutine does not return
    exit(1);
}

void jmp(long param_1, int param_2) {
    if (-1 < param_2) {
        *(int * )(param_1 + 0x58) = param_2 + -3;
        return;
    }
    printf("[jmp] Invalid addr");
    // WARNING: Subroutine does not return
    exit(1);
}

void push_v(long param_1, uint param_2) {
    if ( * (int * )(param_1 + 0x5c) < 0xf) {
        *(int * )(param_1 + 0x5c) = * (int * )(param_1 + 0x5c) + 1;
        *(uint * )(param_1 + (long) * (int * )(param_1 + 0x5c) * 4) =
        param_2 & 0xff;
        return;
    }
    puts("Stack overflow!");
    // WARNING: Subroutine does not return
    exit(1);
}

void inpt(undefined8 param_1) {
    int iVar1;

    iVar1 = getchar();
    push_v(param_1, iVar1);
    return;
}

void vm_putc(long param_1, int param_2) {
    uint uVar1;

    param_2 = param_2 + -1;
    uVar1 = * (uint * )(param_1 + ((long) param_2 + 0x10) * 4);
    if ((((-1 < (int) uVar1) && (uVar1 < 0xc65)) && (-1 < param_2)) &&
        (param_2 < 6)) {
        putchar((int) *
            (char * )(param_1 +
                *
                (int * )(param_1 + ((long) param_2 + 0x10) * 4)));
        return;
    }
    printf("[putc] Invalid addr");
    // WARNING: Subroutine does not return
    exit(1);
}

void executeVM(void * param_1) {
    uint uVar1;
    uint uVar2;
    undefined4 uVar3;
    int iVar4;
    void * __dest;

    while (true) {
        uVar1 = *
            (uint * )((long) param_1 +
                ((long) * (int * )((long) param_1 + 0x58) + 0x18) * 4);
        uVar2 = *
            (uint * )((long) param_1 +
                ((long)( * (int * )((long) param_1 + 0x58) + 1) +
                    0x18) * 4);
        uVar3 = *
            (undefined4 * )((long) param_1 +
                ((long)( * (int * )((long) param_1 + 0x58) + 2) +
                    0x18) * 4);
        if (0x12 < (int) uVar1)
            break;
        switch (uVar1) {
        case 1:
            push(param_1, uVar2);
            break;
        case 2:
            pop(param_1, uVar2);
            break;
        case 3:
            mov(param_1, uVar2, uVar3);
            break;
        case 4:
            mov_a(param_1, uVar2, uVar3);
            break;
        case 5:
            mov_b(param_1, uVar2, uVar3);
            break;
        case 6:
            xor(param_1, uVar2, uVar3);
            break;
        case 7:
            add(param_1, uVar2, uVar3);
            break;
        case 8:
            sub(param_1, uVar2, uVar3);
            break;
        case 9:
            cmp(param_1, (void * )(ulong) uVar2);
            break;
        case 10:
            break;
        case 0xb
            je(param_1, uVar2);
            break;
        case 0xc:
            jne(param_1, uVar2);
            break;
        case 0xd:
            jmp(param_1, uVar2);
            break;
        case 0xe:
            inpt(param_1);
            break;
        case 0xf:
            vm_putc(param_1, uVar2);
            break;
        case 0x10:
            and(param_1, uVar2, uVar3);
            break;
        default:
            goto switchD_00101b76_caseD_11;
        case 0x12:
            puts("Something went wrong:(");
            // WARNING: Subroutine does not return
            exit(1);
        }
        *(int * )((long) param_1 + 0x58) = * (int * )((long) param_1 + 0x58) + 3;
    }
    if (uVar1 == 999) {
        __dest = malloc(0x28);
        memcpy(__dest, (void * )((long) param_1 + 0x5dc), 0x28);
        iVar4 = memcmp((void * )((long) param_1 + 0x9a0), __dest, 0x28);
        if ((iVar4 == 0) &&
            (iVar4 =
                memcmp("flag{c0nGratz_yo", (void * )((long) param_1 + 0x950),
                    0x14), iVar4 == 0)) {
            *(undefined * )((long) param_1 + 0x978) = 0;
            printf("Congratz! The flag is: %s", (long) param_1 + 0x950);
        } else {
            puts("Wrong:(");
        }
        // WARNING: Subroutine does not return
        exit(0);
    }
    switchD_00101b76_caseD_11:
        printf("Invalid instruction: %d\n", (ulong) uVar1);
    // WARNING: Subroutine does not return
    exit(1);
}

int main(void) {
    long lVar1;
    undefined8 * puVar2;
    undefined8 * puVar3;
    long in_FS_OFFSET;
    undefined8 local_1228[182];
    undefined local_c78[3176];
    long local_10;

    local_10 = * (long * )(in_FS_OFFSET + 0x28);
    puVar2 = & DAT_00102240;
    puVar3 = local_1228;
    for (lVar1 = 0xb6; lVar1 != 0; lVar1 = lVar1 + -1) {
        * puVar3 = * puVar2;
        puVar2 = puVar2 + 1;
        puVar3 = puVar3 + 1;
    }
    initializeVM(local_c78, local_1228, 0x5b0, "Enter pin:\nEnter pass:",
        0x16);
    executeVM(local_c78);
    if (local_10 != * (long * )(in_FS_OFFSET + 0x28)) {
        // WARNING: Subroutine does not return
        __stack_chk_fail();
    }
    return 0;
}

void _fini(void) {
    return;
}

Откуда задание? Что за CTF?

LightMan · 02.07.2023

Gufi сказал(а):

Откуда задание? Что за CTF?

Это приватное, его нет в гугле

Gufi · 02.07.2023

LightMan сказал(а):

Это приватное, его нет в гугле

Это то что от 1 до 2 числа?)

GreenLifePeper · 04.07.2023

В функции main объявляются следующие переменные:
- lVar1: тип long, используется в цикле.
- puVar2 и puVar3: указатели на тип undefined8, используются для копирования данных.
- local_1228: массив из 182 элементов типа undefined8.
- local_c78: массив из 3176 элементов типа undefined.
- local_10: тип long, используется для проверки целостности стека.
После объявления переменных устанавливается значение переменной local_10 равным значению, находящемуся по адресу (in_FS_OFFSET + 0x28). Это используется для проверки целостности стека позже.
Затем происходит инициализация массива local_1228 путем копирования значений из массива DAT_00102240. Для этого используются указатели puVar2 и puVar3, а также переменная lVar1, которая уменьшается с каждой итерацией цикла.
После инициализации массива вызывается функция initializeVM, которой передаются следующие параметры:
- local_c78: массив local_c78, который используется в качестве памяти виртуальной машины.
- local_1228: массив local_1228, который содержит инструкции для виртуальной машины.
- 0x5b0: значение 0x5b0.
- "Enter pin:\nEnter pass:": строка "Enter pin:\nEnter pass:".
- 0x16: значение 0x16.
После инициализации виртуальной машины вызывается функция executeVM, которая выполняет инструкции виртуальной машины, используя переданный массив local_c78.
В конце функции main происходит проверка целостности стека. Если значение переменной local_10 не равно значению, находящемуся по адресу (in_FS_OFFSET + 0x28), вызывается функция __stack_chk_fail.
Функция _fini не содержит кода и выполняется при завершении программы.

Таким образом, данный код создает виртуальную машину, инициализирует ее с помощью переданных параметров, выполняет инструкции виртуальной машины и проверяет целостность стека.
Это для тех кто не хочет читать весь код, что с ним делать я хз
UPD. отдебажить и найти где вызывы не правильно работают с стеком ( я так думаю) .

CTF, помогите я тупой

LightMan

RAID-массив

Gufi

(L2) cache

LightMan

RAID-массив

Gufi

(L2) cache

GreenLifePeper

HDD-drive