跳到主要内容

Reversing - 067

备注

created by || kerszi

⏲️ Release Date // 2024-04-07

💀 Solvers // 11

🧩 Type // rev

提供了两个文件:

  • hmv067
  • hmv067-static

很明显,文件 hmv067-static 是静态编译的二进制文件,对 hmv067-static 进行反编译

int __fastcall main(int argc, const char **argv, const char **envp)
{
  char v3; // cl
  __int64 v4; // rax
  char v6[64]; // [rsp+0h] [rbp-270h] BYREF
  char v7[144]; // [rsp+40h] [rbp-230h] BYREF
  char v8[140]; // [rsp+D0h] [rbp-1A0h] BYREF
  unsigned int v9; // [rsp+15Ch] [rbp-114h] BYREF
  char v10[4]; // [rsp+160h] [rbp-110h] BYREF
  _BYTE v11[260]; // [rsp+164h] [rbp-10Ch] BYREF
  _BYTE *v12; // [rsp+268h] [rbp-8h]

  printf((unsigned int)"Enter the flag: HMV{...}:", (_DWORD)argv, (_DWORD)envp, v3);
  fgets(v10, 262LL, stdin);
  v10[j_strcspn_ifunc(v10, "\n")] = 0;
  if ((unsigned int)j_strncmp_ifunc(v10, "HMV{", 4LL) || v10[j_strlen_ifunc(v10) - 1] != 125 )
  {
    puts(&unk_79E092);
  }
  else
  {
    v10[j_strlen_ifunc(v10) - 1] = 0;
    v12 = v11;
    v4 = j_strlen_ifunc(v11);
    calculateHash(v12, v4, v6, &v9);
    toHex(v6, v7, v9);
    strcpy(
      v8,
      "3fe8b365cb64286384d9743612d857d938fadb42c359acb69fb9f2f88b96cdbfdb1cacf8a5292aa004a5efcc01fbdb27d4a72a8dd9a8b34dfff41f9e72bfb734");
    if ((unsigned int)j_strcmp_ifunc(v7, v8) )
      puts(&unk_79E07D);
    else
      puts(&unk_79E067);
  }
  return 0;
}

得到了目标哈希 3fe8b365cb64286384d9743612d857d938fadb42c359acb69fb9f2f88b96cdbfdb1cacf8a5292aa004a5efcc01fbdb27d4a72a8dd9a8b34dfff41f9e72bfb734 之后,就可以使用 hashcatrockyou 进行爆破

PS D:\_Tools\hashcat-6.2.6> .\hashcat.exe -d 1 -O -a 0 -m 1700 3fe8b365cb64286384d9743612d857d938fadb42c359acb69fb9f2f88b96cdbfdb1cacf8a5292aa004a5efcc01fbdb27d4a72a8dd9a8b34dfff41f9e72bfb734 .\dics\rockyou.txt --show

Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 1700 (SHA2-512)
Hash.Target......: 3fe8b365cb64286384d9743612d857d938fadb42c359acb69fb...bfb734
Time.Started.....: Sat Jul 06 22:42:28 2024 (0 secs)
Time.Estimated...: Sat Jul 06 22:42:28 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (.\dics\rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 13549.5 kH/s (1.64ms) @ Accel:2048 Loops:1 Thr:32 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 7865952/14344386 (54.84%)
Rejected.........: 1632/7865952 (0.02%)
Restore.Point....: 6292701/14344386 (43.87%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: ledaynes -> giselliet
Hardware.Mon.#1..: Temp: 52c Util:  9% Core:2070MHz Mem:8000MHz Bus:8

3fe8b365cb64286384d9743612d857d938fadb42c359acb69fb9f2f88b96cdbfdb1cacf8a5292aa004a5efcc01fbdb27d4a72a8dd9a8b34dfff41f9e72bfb734:i like your smile

去掉空格,即可得到 flag

HMV{ilikeyoursmile}