Take instruction

To viewmainThe function can tell if there is an abnormal jump. Look at the assembly, where C is the code.Then remove the flower instruction in turn, and then disassemble the main function pseudocode.

The main function is not short, first according to the parameters of the approximate function name, you can see that the normal input encryption check.

The next step analysis is combined with dynamic debugging.

Initial check with custom struct initializationThe variables v3, V4, and V5 appear in this section only in the final if statement. You can see what this code does by looking directly at the values to the left of the comparison.Put a breakpoint on the comparison and you know that the value is the length of the input, so this code essentially calculates the input length. That is, the input length is 64.

And then we initialize the data and we go into a loop.You can see that the loop increments the address of the input string by 8 each time until it reaches the end of the string. Therefore, the loop should process every 8 characters of input. Loop 8 times.

Each loop first calls the sub_401DB0 function, taking the starting address of the 8 bytes processed by the loop and the constant 8. Analyze.

The length of the string must be 0123456789ABCDEF, otherwise 0 will be returned. If the string is 16 characters in uppercase hexadecimal format, the length of the string will be 16.

similar

Binascii. A2b_hex (v) Looking at the previous loop, there are two similar operations, one for the 8 dWords that are converted from the input, and the other for the 8 dwords that are fixed in the data segment.

Store it in the second dword of every nine dwords in buF_CHAR_72 and buF_CHAR_360, respectively.

The while loop computes a value based on the data, which is stored in the first of every nine Dwords. If the value is 12345678, the value is 4. If the value is 00345678, the value is 3. If the input is all 0 or invalid (not in 0123456789ABCDEF), the value is 0. Essentially, it holds the number of valid bytes of the value.Buf_char_72 and buF_char_360 may be structures, and should be used to store the input data and the final encrypted result, respectively.

The following structure can be created.Set buf_char_72 and buf_char_360 to struc_data arrays of length 8, and rename the variables.Then the loop looks like this.After the cycle is encrypted and modified by XTEA and TEA, the sub_403460 function is called four times, the sub_4029E0 function twice, and the sub_402030 function twice, respectively.According to the parameters, it is obvious that the data converted from input is used in the following four function calls, and each two are encrypted as a group. The key is the parameter V25-V28 of sub_403460 function. Since v25-V28 is not used before, the sub_403460 function should assign a value to it and initialize the key. (Since it is encrypted in groups of two and the key data is 4, it can be guessed that it is tea encryption, and it is not found by Findcrypt, indicating that the constant may have been changed)

Check the sub_403460 function.Obviously, depending on the parameters passed, each call to this function will cause sub_401EF0 to generate a value, similar to the previous processing of input and encryption results, and the number of valid bytes from this value. Guess this is a structure similar to the previous one.

Set the structure as well.Then four calls can generate four key values, and the data is fixed. So you can get four keys. The larger the value of the second parameter, the longer the running time, do not want to analyzesub_401EF0The function waits.

The relevant values are as follows.

key1 = 0x0FFFD  valid_flag = 2
key2 = 0x1FFFD  valid_flag = 3
key3 = 0x3FFFD  valid_flag = 3
key4 = 0x7FFFD  valid_flag = 3

Copy the code

Go back to the sub_4029E0 encryption function. Code is very long, first remove the flower instruction. Rename some of the variables and take a look.

According to the variable reference you can see that the following is a whole part.

If the valid bytes range from 0 to 4, the if statement can only go to the last two cases. If the default valid length of data is 4, you can see that the first data is stored at V53 [0].

After observing several similar parts of the code, the offset calculation shows that the two input data and the four key values are essentially dumped (according to the custom data structure).Set the above structure accordingly, in combination with the memory address. Resets data types and variable names.A loop after the input and dump of the key should be the key encryption. If 0x70C88617 is subtracted from sum for each loop and the value iS 0xE6EF3D20 at the end of the loop, the number of loops is 32. Tea cryptography, obviously. According to the obvious >> 11) & 3 can be known as XTEA encryption.

v = 0 i = 0 while v! =0xE6EF3D20: i+=1 v -= 0x70C88617 v &= 0xffff_ffff print(i) # 32Copy the code

Based on xTEA encryption and related parameters, the role of each function can be deduced. Guess these functions are specific to the valid_flag+data structure implementation of various operations.This is where the data is encrypted by magic xTEA. Keep looking back.After that, the function that was called when the key was generatedcreate_data_based_constIt generates another value. Then, the valid number of bytes is calculated to form a custom data structure, and the encrypted datA1 is xOR.Then it is similar to the first code, which dumps the xOR results back to the original input address.

The create_data_based_const function is called with different arguments. The create_data_based_const function generates a value that is xOR with data2 and then dumped back.

The XOR value can be obtained by tuning, modifying the parameter and running it where the key was previously generated. Create_data_based_const (3,5) = 0xFD create_data_based_const(3,6) = 0x1FD

At this point, the sub_4029E0 encryption function is analyzed, that is, the first four dWORD data generated by input are respectively encrypted with magic xTEA and then xor with fixed data.

Next, look at the sub_402030 function. Like the sub_4029E0 function, it is encrypted by TEA, where delta is given by 0x1E3F4AEF^0x230A6353. Create_data_based_const (3,7) = 0x3FD; create_data_based_const(3,8) = 0x7FD; That is, the last four DWord data generated by input are respectively encrypted with magic tea and then xor with fixed data.

After encrypting the main function, it is the check part.According to the known check data, we can know that the encrypted VALID_flag values are 4. In this case, first check whether the number of valid bytes of the encryption result and the check data is the same.V30 [-0xd8] and V30 [-0xd8] are essentially the addresses of input_data and res_data.

Print (hex(0x48+0xd84)) # 0x3A8 print(hex(0x48+0x484)) # 0x168

Summary and decryption, encryption and check process is roughly as follows.

len(input) == 64 every_char in ‘0123456789ABCDEF’ data = binascii.a2b_hex(input) xtea_encrypt_xor(data[:4]) Tea_encrypt_xor (data[4:8]), combined with some confusion, and the code associated with implementing the custom structure (counting the number of bytes that are valid, and the operations associated with the structure), makes the code large and difficult.

Finally, write the reverse decryption script.

def xtea_xor_decipher(value, key): v0, v1 = value[0], value[1] v0 ^= 0xFD v1 ^= 0x1FD delta = 0x70C88617 su = 0xE6EF3D20 for i in range(32): v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (su + key[(su >> 11) & 3]) v1 &= 0xffff_ffff su = (su + delta) & 0xffff_ffff v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (su + key[su & 3]) v0 &= 0xffff_ffff value[0] = v0 value[1] = v1 def tea_xor_decipher(value, key): v0, v1 = value[0], value[1] k0, k1, k2, k3 = key[0], key[1], key[2], key[3] v0 ^= 0x3FD v1 ^= 0x7FD delta = 0x1E3F4AEF^0x230A6353 su = (32*delta)&0xffff_ffff for i in range(32): v1 -= ((v0<<4) + k2) ^ ((v0>>5) + k3) ^ (v0 + su) v1 &= 0xffff_ffff v0 -= ((v1<<4) + k0) ^ ((v1>>5) + k1) ^ (v1 + su) v0  &= 0xffff_ffff su = su - delta value[0] = v0 value[1] = v1 res = [0x1F306772, 0xB75B0C29, 0x4A7CDBE3, 0x2877BDDF, 0x1354C485 ,0x357C3C3A, 0x738AF06C, 0x89B7F537] key = [0x0FFFD,0x1FFFD,0x3FFFD,0x7FFFD] flag = '' for i in range(0, len(res)//2, 2): tmp = [res[i], res[i + 1]] xtea_xor_decipher(tmp, key) res[i], res[i + 1] = tmp[0], tmp[1] flag += hex(res[i])[2:] + hex(res[i+1])[2:] for i in range(len(res)//2, len(res), 2): tmp = [res[i], res[i + 1]] tea_xor_decipher(tmp, key) res[i], res[i + 1] = tmp[0], tmp[1] flag += hex(res[i])[2:] + hex(res[i+1])[2:] print(flag.upper()) # CD402B6A139283822F0DEA49E65794356F44EA9B3F56652F2DA39881EC491878Copy the code

Verify that the flag is correct.

Need network security learning video/toolkit/penetration testing/emergency response/vulnerability and other architecture data point I [get data]