«

Crackme2.0源代码

hujiayucc 发布于 阅读:2592 默认


main.cpp

// 编译时link dl库
// g++ main.cpp -o Crackme2 -ldl -lxy -fPIC -O3

#include <cstdio>
#include <cstdlib>
#include <dlfcn.h>
#include "main.h"

int main(int argc, char* argv[])
{
    if (argc == 1) {
        printf("Please input flag.\n");
        return -1;
    }

    flag = argv[1];
}

void __error__()
{
    char *error = dlerror();
    if (error == NULL) return;
    printf("Error: %s\n", error);
    exit(-1);
}

__attribute__((destructor)) void fini()
{
    handle = dlopen(LIB_NAME, RTLD_LAZY);
    __error__();
    if (handle == NULL || flag == NULL) exit(-1);
    Void *func = (Void*) dlsym(handle, "check");
    __error__();
    func(flag);
    dlclose(handle);
}

main.h

#ifndef MAIN_H
typedef void (Void)(char*);
#define MAIN_H
#define LIB_NAME "libxy.so"
extern "C" {
    void __error__();
    void before();
    void after();
    void *handle;
    char *flag;
}
#endif // MAIN_H

libxy.cpp

// 生成动态库文件
// g++ -O3 -fPIC -shared libxy.cpp -o libxy.so
#include <iostream>
#include <cstring>

using namespace std;

inline long get(char l, int i, int ii)
{
    if (i == 0) return l ^ ((2001L*615*1950/195) ^ ii);
    return (l ^ (20010615*i)) ^ ii;
}

const long buffer[23] = {
    0xbbc697, 0x131560c, 0x262ac98,
    0x3940315, 0x4c559b0, 0x5f6b02c,
    0x72806ef, 0x8595d23, 0x98ab39f,
    0xabc0a52, 0xbed6081, 0xd1eb763,
    0xe500db2, 0xf81647d, 0x10b2baa5,
    0x11e41097, 0x13156751, 0x1446bd85,
    0x15781478, 0x16a96aa1, 0x17dac16e,
    0x190c17b7, 0x1a3d6e50
};

extern "C" {
    bool verify(char *flag, int len)
    {
        int i;
        for (i = 0;i < len;i++)
        {
            long f = get(flag[i], i, len);

            if (f != buffer[i]) return false;
        }
        return 0x0 == ((end(buffer) - begin(buffer)) ^ len);
    }

    void check(char *flag)
    {
        if (!verify(flag, strlen(flag)))
        {
            cout << "Verification failed, please try again." << endl;
        }
        else
        {
            cout << "Verification successful." << endl;
        }
    }
}

C++ CrackMe