Record-Topic

丢丢茶

#include "cstdio"
#include "cstdlib"
#include "cstring"
#include "windows.h"
#include <csetjmp>
#include <csignal>
#include <cstdint>

typedef uint8_t byte;
typedef uint16_t word;
typedef uint32_t dword;
typedef uint64_t qword;
typedef qword (__stdcall *lpPlus)(qword,qword);
typedef qword (__stdcall *lpMul)(qword,qword);
typedef qword (__stdcall *lpXor)(qword,qword);
typedef bool (__stdcall *lpCheck)(char*);

dword flag_len;
struct Function{
    HMODULE h;
    lpXor aXor;
    lpMul mul;
    lpPlus plus;
    char* key;
    dword* delta;
    lpCheck Check;
}function;

byte * DllData;

void LoadFunction(){
    char Allpath[MAX_PATH];
    GetTempPath(MAX_PATH,Allpath);
    snprintf(Allpath,MAX_PATH,"%sEnc",Allpath);
    function.h = LoadLibrary(Allpath);
    function.plus = (lpPlus ) GetProcAddress(function.h,(char*)1);
    function.mul = (lpMul ) GetProcAddress(function.h, (char*)3);
    function.aXor = (lpXor ) GetProcAddress(function.h,(char*)5);
    function.delta = (dword*) GetProcAddress(function.h,(char*)11);
    function.key = (char*) GetProcAddress(function.h,(char*)10);
    function.Check = (lpCheck ) GetProcAddress(function.h,(char*)12);
}

void Encrypt(char* flag){
    dword* enc = (dword*)flag;
    for (auto i = 0; i < flag_len; i+=2) {
        dword sum = 0;
        for (auto j = 0; j < 32; ++j) {
            sum += *(function.delta);
            enc[i] += ((dword)function.mul(enc[i+1],16) + *(dword*)(function.key)) ^ (dword)function.plus(enc[i+1] , sum) ^ ((enc[i+1]>>5) + *(dword*)(function.key+1));
            enc[i+1] += ((dword)function.mul(enc[i],16) + *(dword*)(function.key+2)) ^ (dword)function.plus(enc[i] , sum) ^ ((enc[i]>>5) + *(dword*)(function.key+3));
        }
    }
}

void hello(){
    puts("Buy you a cup of tea, brother!");
    puts("You got a cup or something? Give it to me:");
}

void Check(char* flag){
    if(function.Check(flag)){
        puts("Right,Now enjoy your tea");
        exit(0);
    }else puts("Noooooooo!");

}

jmp_buf jumpBuffer;
void signalHandler(int sig) {
    if (sig == SIGSEGV) {
        longjmp(jumpBuffer, 1);
    }
}
void LoadDll(){
    FILE* fp = fopen("Enc.dll","r+b");
    if(!fp){
        puts("This file does not exist!");
        return;
    }
    fseek(fp,0,SEEK_END);
    qword DllSize = ftell(fp);
    rewind(fp);

    DllData = (byte*)malloc(DllSize);
    fread(DllData,1,DllSize,fp);
    qword e_lfanew = *(dword*)(DllData+0x3c);
    qword NumberOfSection = *(word*)(DllData+e_lfanew+0x6);
    qword OpHeaderSize = *(word*)(DllData+e_lfanew+0x14);
    qword SectionPtr = (e_lfanew+0x18+OpHeaderSize);
    for (auto i = 0; i < 0x3c; ++i)
        if(*(DllData+i))*(DllData+i) ^= NumberOfSection;

    memset(DllData+0x40,'h',0x40);
    char tell[] ="Is this really a dll? ty is lying to me, damn ty!";
    memcpy(DllData+0x40,tell, strlen(tell));
    for (auto i = 0; i < 0x24; ++i)
        if(*(DllData + SectionPtr + i))*(DllData + SectionPtr + i) ^= NumberOfSection;
    for (auto i = 0; i < 0x6; ++i)
        if(*(DllData+e_lfanew+i))*(DllData+e_lfanew+i) ^= NumberOfSection;

    char TempPath[MAX_PATH];
    GetTempPath(MAX_PATH,TempPath);
    snprintf(TempPath,MAX_PATH,"%sEnc.dll",TempPath);
    fp = fopen(TempPath,"w+b");
    fwrite(DllData,1,DllSize,fp);
    fclose(fp);
    free(DllData);
}

int main(){
    LoadDll();
    signal(SIGSEGV, signalHandler);
    char* flag = (char*) malloc(0x100);
    hello();
    scanf("%s",flag);
    flag_len = strlen((const char*)flag)/4;

    if(setjmp(jumpBuffer) == 0){
        Encrypt(flag);
        Check(flag);
    } else{
        perror("Eorrrrrrr");
        Sleep(1000);
        puts("Hold on, fixing error.......");
        Sleep(1000);
        puts("Dont!");
        Sleep(1000);
        system("CLS");
        Sleep(1000);
        LoadFunction();
        Encrypt(flag);
        Check(flag);
    }
    free(flag);

    return 0;
}

#include "Header/TestDll.h"
#include "Header/DataTpye.h"
#include "cstdio"

char key[] = "Do_y0u_kn0w_d11!";
dword delta = 0x9e3779c8;
int8_t ans[] = {122,21,-11,118,-96,65,-30,-72,-98,125,5,72,-46,30,25,-71,30,19,-76,-52,47,35,-3,-102,43,74,-29,117,-72,-44,-99,63,67,-46
        ,125,41,-18,63,-90,60,20,-109,43,89,73,-80,-90,-81,};

qword __stdcall Add(qword x,qword y){
    return x+y;
}
qword __stdcall Sub(qword x,qword y){
    return x-y;
}
qword __stdcall Mul(qword x,qword y){
    return x*y;
}

qword __stdcall Div(qword x,qword y){
    return x/y;
}

qword __stdcall Xor(qword x,qword y){
    return x^y;
}

qword __stdcall Or(qword x,qword y){
    return x|y;
}

qword __stdcall And(qword x,qword y){
    return x&y;
}

qword __stdcall Not(qword x){
    return !x;
}

bool __stdcall CheckFlag(char* flag){
    for (auto i = 0; *(flag+i); ++i) {
        if(*(flag+i) != ans[i])return false;
    }
    return true;
}
---------------------------------------------------------------------------------------
//.h
#ifndef EXTERN_LIBRARY_TESTDLL_H
#define EXTERN_LIBRARY_TESTDLL_H

#include "DataTpye.h"
qword __stdcall Add(qword x,qword y);
qword __stdcall Sub(qword x,qword y);
qword __stdcall Mul(qword x,qword y);
qword __stdcall Div(qword x,qword y);
qword __stdcall Xor(qword x,qword y);
qword __stdcall Or(qword x,qword y);
qword __stdcall And(qword x,qword y);
qword __stdcall Not(qword x);
bool __stdcall CheckFlag(char* flag);
#endif //EXTERN_LIBRARY_TESTDLL_H
----------------------------------------------------------------------------------------
//.def
EXPORTS

Add     @1 NONAME
Sub     @2 NONAME
Mul     @3 NONAME
Div     @4 NONAME
Xor     @5 NONAME
Or      @6 NONAME
And     @7 NONAME
Not     @8 NONAME
key     @10 NONAME DATA
delta   @11 NONAME DATA
CheckFlag   @12 NONAME

if (MSVC)
    add_compile_options(/Gy)  # 允许 COMDAT 折叠
#    add_link_options(/OPT:REF)  # 删除未使用的函数
    #   关闭CRT
#    set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreadedDLL")  # 设置运行时库为多线程 DLL（/MD）

#    set(CMAKE_CXX_FLAGS_DEBUG "/MDd /Od /Zi")  # 关闭优化，启用调试信息
#    set(CMAKE_CXX_FLAGS_RELEASE "/MD /O2 /Ob2 /DNDEBUG")  # 高级优化
#    set(CMAKE_CXX_FLAGS_RELWITHDEBINFO "/MD /O2 /Zi")  # 既优化又保留调试信息
#    set(CMAKE_CXX_FLAGS_MINSIZEREL "/MD /O1")  # 以最小尺寸优化
    # 关闭随机地址
    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /DYNAMICBASE:NO")
    set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} /DYNAMICBASE:NO")
endif()

Rc4_1

#include "HeaderFile/DataType.h"
#include "cstdio"
#include "cstdlib"
#include "cstring"

byte key[] = "5ew_3eme3t2r_n2w_atm03ph2re!";
//byte flag[] = "flag{Wow_you_actually_mastered_c4!}";
byte ans[] = {0xb2,0xe4,0x4e,0xa6,0x1f,0x2b,0x67,0xe6,0x94,0xae,0x84,0xaa,0xd6,0x4c,0x7e,0xc1,0x85,0x16,0xfb,0xd0,0xe4,0x5b,0x8c,0xc0,
              0xfb,0x11,0xf9,0xd8,0xb1,0xec,0x70,0xa2,0x50,0x5d,0x75,};
int main(){
    puts("New semester, I think you already know what c4 is");
    puts("Now, give me your c4");
    byte *flag = (byte*) malloc(100);
    scanf("%s",flag);

    dword key_length = strlen((const char*)key);
    dword* kye = (dword*)key;
    word S[512];
    for (auto i = 0; i < 512; ++i) S[i] = i&0xff;
    word j = 0;
    for (auto i = 0; i < 512; ++i) {
        j = i + S[i] + (*kye);
        j %= 256;
        word tmp = S[i];
        S[i] = S[j];
        S[j] = tmp;
    }
    byte *K = (byte*) malloc(key_length);
    for (auto i = 0; i < 512; ++i) {
        j = S[i] % 512;
        K[i%key_length] = S[(S[i] + S[j])%512];
    }
    byte flag_len = strlen((const char *) flag);
    if(flag) {
        for (auto i = 0; i < flag_len; ++i) {
            *(flag + i) ^= K[i%key_length] ^ *(kye + (i % 7));
            if(*(flag + i) != ans[i]){
                perror("Learn more!");
                return 0;
            }
        }
        printf("[!]\tGreat!");
    }

    free(K);
    free(flag);
    return 0;
}