查壳（两个文件，依旧是看内存大的那个文件就行）

32位，进IDA，找主函数：

int func()
{
  int result; // eax
  int v1[4]; // [esp+14h] [ebp-44h]
  unsigned __int8 v2; // [esp+24h] [ebp-34h] BYREF
  unsigned __int8 v3; // [esp+25h] [ebp-33h]
  unsigned __int8 v4; // [esp+26h] [ebp-32h]
  unsigned __int8 v5; // [esp+27h] [ebp-31h]
  unsigned __int8 v6; // [esp+28h] [ebp-30h]
  int v7; // [esp+29h] [ebp-2Fh]
  int v8; // [esp+2Dh] [ebp-2Bh]
  int v9; // [esp+31h] [ebp-27h]
  int v10; // [esp+35h] [ebp-23h]
  unsigned __int8 v11; // [esp+39h] [ebp-1Fh]
  char v12[29]; // [esp+3Bh] [ebp-1Dh] BYREF

  strcpy(v12, "Qsw3sj_lz4_Ujw@l");
  printf("Please input:");
  scanf("%s", &v2);
  result = v2;
  if ( v2 == 65 )
  {
    result = v3;
    if ( v3 == 67 )
    {
      result = v4;
      if ( v4 == 84 )
      {
        result = v5;
        if ( v5 == 70 )
        {
          result = v6;
          if ( v6 == 123 )
          {
            result = v11;
            if ( v11 == 125 )
            {
              v1[0] = v7;
              v1[1] = v8;
              v1[2] = v9;
              v1[3] = v10;
              *(_DWORD *)&v12[17] = 0;
              while ( *(int *)&v12[17] <= 15 )
              {
                if ( *((char *)v1 + *(_DWORD *)&v12[17]) > 64 && *((char *)v1 + *(_DWORD *)&v12[17]) <= 90 )
                  *((_BYTE *)v1 + *(_DWORD *)&v12[17]) = (*((char *)v1 + *(_DWORD *)&v12[17]) - 51) % 26 + 65;
                if ( *((char *)v1 + *(_DWORD *)&v12[17]) > 96 && *((char *)v1 + *(_DWORD *)&v12[17]) <= 122 )
                  *((_BYTE *)v1 + *(_DWORD *)&v12[17]) = (*((char *)v1 + *(_DWORD *)&v12[17]) - 79) % 26 + 97;
                ++*(_DWORD *)&v12[17];
              }
              *(_DWORD *)&v12[17] = 0;
              while ( *(int *)&v12[17] <= 15 )
              {
                result = (unsigned __int8)v12[*(_DWORD *)&v12[17]];
                if ( *((_BYTE *)v1 + *(_DWORD *)&v12[17]) != (_BYTE)result )
                  return result;
                ++*(_DWORD *)&v12[17];
              }
              result = printf("You are correct!");
            }
          }
        }
      }
    }
  }
  return result;
}

很明显，又是得写脚本的一天。

先看正确输出：是flag进行凯撒加密（解密）后与v12对比，如果正确，则是flag反之则不是。v12原型为：“Qsw3sj_lz4_Ujw@l”，看看方法，又是凯撒密码。脚本咯：

int32_t main() {
    ios::sync_with_stdio(0);
    cin.tie(0), cout.tie(0);
    string Des = "Qsw3sj_lz4_Ujw@l";
    string flag = "";
    for (int i = 0; i < Des.size(); i++) {
        if((Des[i] >= 'a' && Des[i] <= 'z') ||(Des[i] >= 'A' && Des[i] <= 'Z')){
            //写凯撒的加密方法
            for (int j = 'a'; j <= 'z'; j++) {
                if((j - 79) % 26 + 97 == Des[i]){
                    flag += char(j);
                    break;
                }
            }
            for (int j = 'A'; j <= 'Z'; j++) {
                if((j - 51) % 26 + 65 == Des[i]){
                    flag += char(j);
                    break;
                }
            }
        }else{
            flag += Des[i];
        }
    }
    cout << "flag{" << flag << "}" << endl;
    return 0;
}

得到flag

本栏目推荐文章
• mrctf2020_easyoverflow
• CVE-2020-11800
• 【LeetCode 1635. Hopper 公司查询 I】with recursive生成2020年每月的最后一天
• 2020-2021 ACM-ICPC, Asia Seoul Regional Contest
• [ACTF2020 新生赛]Exec 1
• “华为杯”杭州电子科技大学2023新生编程大赛 1005
• wustctf2020_getshell_2
• P6646 [CCO2020] Shopping Plans
• 电脑加速：让你的电脑重获新生
• bjdctf_2020_router

新生 ACTF 2020 rome新生actf 2020 rome 新生actf 2020 exec backupfile新生actf 2020 新生include actf 2020 frequency新生actf 2020 outguess新生actf 2020 新生easyre actf 2020 usualcrypt新生actf 2020 新生include笔记actf 新生buuctf oruga actf