温馨提示:
本文最后更新于
2023-9-3,已超过半年没有更新,若内容或图片失效,请留言反馈。
main.cpp
// 编译时link dl库
// g++ main.cpp -o Crackme2 -ldl -lxy -fPIC -O3
#include <cstdio>
#include <cstdlib>
#include <dlfcn.h>
#include "main.h"
int main(int argc, char* argv[])
{
if (argc == 1) {
printf("Please input flag.\n");
return -1;
}
flag = argv[1];
}
void __error__()
{
char *error = dlerror();
if (error == NULL) return;
printf("Error: %s\n", error);
exit(-1);
}
__attribute__((destructor)) void fini()
{
handle = dlopen(LIB_NAME, RTLD_LAZY);
__error__();
if (handle == NULL || flag == NULL) exit(-1);
Void *func = (Void*) dlsym(handle, "check");
__error__();
func(flag);
dlclose(handle);
}main.h
#ifndef MAIN_H
typedef void (Void)(char*);
#define MAIN_H
#define LIB_NAME "libxy.so"
extern "C" {
void __error__();
void before();
void after();
void *handle;
char *flag;
}
#endif // MAIN_Hlibxy.cpp
// 生成动态库文件
// g++ -O3 -fPIC -shared libxy.cpp -o libxy.so
#include <iostream>
#include <cstring>
using namespace std;
inline long get(char l, int i, int ii)
{
if (i == 0) return l ^ ((2001L*615*1950/195) ^ ii);
return (l ^ (20010615*i)) ^ ii;
}
const long buffer[23] = {
0xbbc697, 0x131560c, 0x262ac98,
0x3940315, 0x4c559b0, 0x5f6b02c,
0x72806ef, 0x8595d23, 0x98ab39f,
0xabc0a52, 0xbed6081, 0xd1eb763,
0xe500db2, 0xf81647d, 0x10b2baa5,
0x11e41097, 0x13156751, 0x1446bd85,
0x15781478, 0x16a96aa1, 0x17dac16e,
0x190c17b7, 0x1a3d6e50
};
extern "C" {
bool verify(char *flag, int len)
{
int i;
for (i = 0;i < len;i++)
{
long f = get(flag[i], i, len);
if (f != buffer[i]) return false;
}
return 0x0 == ((end(buffer) - begin(buffer)) ^ len);
}
void check(char *flag)
{
if (!verify(flag, strlen(flag)))
{
cout << "Verification failed, please try again." << endl;
}
else
{
cout << "Verification successful." << endl;
}
}
}
评论一下?