安洵杯——game(混淆控制流平坦化)
生活随笔
收集整理的這篇文章主要介紹了
安洵杯——game(混淆控制流平坦化)
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
文章目錄
- 查殼
- 拖進ida
- main函數
- 分析
- general_inspection((int (*)[9])sudoku)
- blank_num((int (*)[9])sudoku)
- 代碼
- 第一步
- 第二步
- 第三步
- 第四步
- 第五步
- 總結
- trace(sudoku, v5, v4);
- 代碼
- 第一步
- 第二步
- 第三步:
- 第四步
- 第五步
- 第六步
- 第七步(第五步的第二種情況)
- 總結
- check(int (*a1)[9])
- 代碼
- __int64 __fastcall findvalue(__int64 a1, int *a2)
- 代碼
- 第一步
- 第二步
- check1(char *a1)
- 代碼
- check3(char *a1)
- 代碼
- check2(char *a1)
- 代碼
查殼
拖進ida
main函數
printf("input your flag:", argv, envp);gets(&v8);v10 = general_inspection((int (*)[9])sudoku);v7 = -1804515313;while ( 1 ){while ( 1 ){while ( v7 == -2071121728 ){v4 = blank_num((int (*)[9])sudoku);v5 = mem_alloc(v4);trace(sudoku, v5, v4);check((int (*)[9])sudoku);check1(&v8);check3(&v8);v9 = 0;v7 = -303742386;}if ( v7 != -1804515313 )break;v3 = -2071121728;if ( v10 )v3 = 664169471;v7 = v3;}if ( v7 == -303742386 )break;if ( v7 == 664169471 ){printf("error");check((int (*)[9])sudoku);v9 = 0;v7 = -303742386;}}分析
主函數中,需要分析的函數有general_inspection((int (*)[9])sudoku),blank_num((int (*)[9])sudoku),trace(sudoku, v5, v4);,check((int (*)[9])sudoku);,check1(&v8);,check3(&v8);check3函數中還有個check2(a1)需要分析
general_inspection((int (*)[9])sudoku)
這里的v10一直是0,sudoku在前后也并非發生什么改變。。。忽略不計
blank_num((int (*)[9])sudoku)
代碼
__int64 __fastcall blank_num(int (*a1)[9]) {signed int v1; // eaxsigned int v2; // eaxsigned int v3; // eaxsigned int v5; // [rsp+2Ch] [rbp-18h]unsigned int v6; // [rsp+30h] [rbp-14h]signed int v7; // [rsp+34h] [rbp-10h]signed int v8; // [rsp+38h] [rbp-Ch]v6 = 0;v8 = 0;v5 = 1046773218;while ( 1 ){while ( v5 == -1892951115 ){v7 = 0;v5 = -1048142948;}if ( v5 == -1585203536 )break;switch ( v5 ){case -1237447983:v5 = 1058605341;break;case -1048142948:v2 = -1237447983;if ( v7 < 9 )v2 = 1501457574;v5 = v2;break;case -1026222996:++v7;v5 = -1048142948;break;case -516195663:++v6;v5 = 710936108;break;case 710936108:v5 = -1026222996;break;case 1046773218:v1 = -1585203536;if ( v8 < 9 )v1 = -1892951115;v5 = v1;break;case 1058605341:++v8;v5 = 1046773218;break;case 1501457574:v3 = 710936108;if ( !(*a1)[9 * v8 + v7] )v3 = -516195663;v5 = v3;break;}}return v6; }第一步
case 1046773218: v1 = -1585203536; if ( v8 < 9 )v1 = -1892951115; v5 = v1;break;v8 < 9的話,就會進入-1892951115,否則進入-1585203536;
我們先看v8>9的情況:
直接退出。。。所以v8必須<9才出現下一步。
第二步
while ( v5 == -1892951115 ){v7 = 0; // 初始化v7v5 = -1048142948;}這里初始化了一個v7,留心即可。
第三步
case -1048142948:v2 = -1237447983; if ( v7 < 9 )v2 = 1501457574; v5 = v2;break;這里判斷了v7的大小,利用v7來判斷程序的執行流程,感覺應該是個for循環,
老樣子,看看v7>9的情況
繼續往下:
case 1058605341:++v8;v5 = 1046773218;break;這里進行了v8自增,還沒看出有什么貓膩,繼續往下:
v5 = 1046773218;這不就是回到了第一步嘛?????嗯哼,回去了。.。
但是v7 < 9的話,流程進到1501457574;
第四步
case 1501457574: v3 = 710936108; if ( !(*sudoku)[9 * v8 + v7] )v3 = -516195663; v5 = v3;break;這里為什么是v8*9+v7呢?我個人認為它把這個數組分成一個二維數組,每行是九個,v8也就代表行數,v7代表列數,當v7大于9時,那么只需要把行數+1(即v8自增,然后v7清零即可)。這個二維數組有9行9列,當行數大于9時(即v8>9時,那么就遍歷完了,然后直接退出即可)
流程代碼不用管
case 710936108:v5 = -1026222996;break;依然是流程代碼:
case -1026222996:++v7;v5 = -1048142948;break;v7自增,然后進行流程代碼,往下進行。
v5 = -1048142948;這個流程-1048142948;直接回到第三步。。滅了
2. 當數組中的元素值為0時
流程進到了下一步:
第五步
case -516195663:++v6;v5 = 710936108;break;這里v6++,也就是統計0的個數,
case 710936108:v5 = -1026222996;break;這里全是流程代碼,沒必要分開寫了
case -1026222996:++v7;v5 = -1048142948;break;緊接著流程回到第三步v5 = -1048142948;
總結
它把這個數組分成一個二維數組,每行是九個,v8也就代表行數,v7代表列數,當v7大于9時,那么只需要把行數+1(即v8自增,然后v7清零即可)。這個二維數組有9行9列,當行數大于9時(即v8>9時,那么就遍歷完了,然后直接退出即可)
也就是一個遍歷,然后把0的個數找出來,也就是v6自增。(v6就代表0的個數,最后返回是v6,也就是這個數組中0的個數)
trace(sudoku, v5, v4);
代碼
void __fastcall trace(__int64 a1, signed int *a2, int a3) {signed int v3; // eaxsigned int v4; // eaxsigned int v5; // eaxsigned int v6; // eaxint v7; // eaxsigned int v8; // er8signed int v9; // eaxsigned int v10; // eaxsigned int v11; // eaxsigned int v12; // eaxsigned int v13; // [rsp+78h] [rbp-28h]int v14; // [rsp+7Ch] [rbp-24h]signed int v15; // [rsp+80h] [rbp-20h]signed int v16; // [rsp+84h] [rbp-1Ch]signed int v17; // [rsp+88h] [rbp-18h]int v18; // [rsp+8Ch] [rbp-14h]v18 = a3;v14 = 0;v13 = 671940414;while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( v13 == -2124394493 ){v4 = 338033522;if ( v17 < 9 )v4 = -1264962160;v13 = v4;}if ( v13 != -2084617164 )break;++v18;v17 = a2[12 * v14];v16 = a2[12 * v14 + 1];v13 = 295419890;}if ( v13 != -2069701336 )break;v5 = 942378879;if ( v16 < 9 )v5 = 1672958513;v13 = v5;}if ( v13 != -1561315505 )break;v13 = 2016120547;}if ( v13 != -1361654796 )break;++v16;v13 = -2069701336;}if ( v13 != -1289862082 )break;v13 = -1361654796;}if ( v13 != -1264962160 )break;v16 = 0;v13 = -2069701336;}if ( v13 == -1246113443 )break;if ( v13 == -446534017 ){v9 = 1764791757;if ( !a2[12 * v14 + 2] )v9 = 1923573299;v13 = v9;}else if ( v13 == -264375465 ){*(_DWORD *)(36LL * a2[12 * v14] + a1 + 4LL * a2[12 * v14 + 1]) = 0;++v18;--v14;v13 = -446534017;}else if ( v13 == -127108152 ){a2[12 * v14] = v17;a2[12 * v14 + 1] = v16;v7 = findvalue(a1, &a2[12 * v14]);v8 = 295419890;*(_DWORD *)(36LL * v17 + a1 + 4LL * v16) = v7;if ( *(_DWORD *)(36LL * v17 + a1 + 4LL * v16) == -1 )v8 = 1601744610;v13 = v8;}else if ( v13 == 67917660 ){*(_DWORD *)(36LL * a2[12 * v14] + a1 + 4LL * a2[12 * v14 + 1]) = v15;a2[12 * v14 + 2 + v15] = 1;--a2[12 * v14 + 2];v13 = -2084617164;}else if ( v13 == 295419890 ){++v14;v18 = v18 - 1146223301 + 1146223300;v13 = -1289862082;}else if ( v13 == 338033522 ){v13 = 671940414;}else if ( v13 == 376448068 ){v17 = 0;v13 = -2124394493;}else if ( v13 == 599244415 ){v11 = -2084617164;if ( v15 < 10 )v11 = 1332608024;v13 = v11;}else if ( v13 == 671940414 ){v3 = -1246113443;if ( v18 )v3 = 376448068;v13 = v3;}else if ( v13 == 942378879 ){v13 = 1396614849;}else if ( v13 == 1332608024 ){v12 = -1561315505;if ( !a2[12 * v14 + 2 + v15] )v12 = 67917660;v13 = v12;}else if ( v13 == 1396614849 ){++v17;v13 = -2124394493;}else if ( v13 == 1601744610 ){*(_DWORD *)(36LL * v17 + a1 + 4LL * v16) = 0;--v14;v13 = -446534017;}else if ( v13 == 1672958513 ){v6 = -1289862082;if ( !*(_DWORD *)(36LL * v17 + a1 + 4LL * v16) )v6 = -127108152;v13 = v6;}else{if ( v13 == 1751405620 ){printf(aGameOver);exit(1);}switch ( v13 ){case 1764791757:v15 = 1;v13 = 599244415;break;case 1923573299:v10 = -264375465;if ( !v14 )v10 = 1751405620;v13 = v10;break;case 2016120547:++v15;v13 = 599244415;break;}}}free(a2); }第一步
else if ( v13 == 671940414 ) {v3 = -1246113443; if ( v18 )v3 = 376448068;v13 = v3;}這里利用v18來控制流程,先假設反面,v18為0,v3 = -1246113443;,
if ( v13 == -1246113443 )break;好了,直接退出。,所以v18必不可能為0.
第二步
else if ( v13 == 376448068 ){i = 0;v13 = -2124394493;}i賦值為0,然后緊接流程代碼
while ( v13 == -2124394493 ){v4 = 338033522; if ( i < 9 )v4 = -1264962160; v13 = v4;}判斷了i值和9,先假設壞情況,i>9,v4 = 338033522;,
else if ( v13 == 338033522 ){v13 = 671940414;}流程代碼,直接進行下一個(好家伙,回到第一步了。回到第一步呢,緊接著就會執行第二步,也就是把i置零。):
else if ( v13 == 671940414 ) {v3 = -1246113443; if ( v18 )v3 = 376448068;v13 = v3;}接下來來分析一下i<9的情況v4 = -1264962160;
第三步:
if ( v13 != -1264962160 )break;j = 0;v13 = -2069701336;}這里給j賦值了,然后接下來是流程代碼
if ( v13 != -2069701336 )break;v5 = 942378879; if ( j < 9 )v5 = 1672958513; v13 = v5;}這里判斷j值,然后再來進行程序的執行,反向,j>9時v5 = 942378879;,
else if ( v13 == 942378879 ){v13 = 1396614849;}流程代碼,繼續往下:
else if ( v13 == 1396614849 ){++i;v13 = -2124394493;}好家伙,i自增,那么這個i就是行數,大于9然后++,盲猜下一步要把j置零。
while ( v13 == -2124394493 ){v4 = 338033522; if ( i < 9 )v4 = -1264962160; v13 = v4;}這里判斷了行數是否大于9,那么不大于9的話,下一步就是列數置零嘍
if ( v13 != -1264962160 )break;j = 0;v13 = -2069701336;}好了,我們繼續分析,列數小于9,
if ( j < 9 )v5 = 1672958513; v13 = v5;}流程代碼,繼續分析:
第四步
else if ( v13 == 1672958513 ) {v6 = -1289862082; if ( !*(_DWORD *)(36LL * i + sudoku + 4LL * j) )v6 = -127108152; v13 = v6;}這里又來判斷元素是否為0嘍。。。。假設非0,v6 = -1289862082;
if ( v13 != -1289862082 )break;v13 = -1361654796;}流程代碼:
if ( v13 != -1361654796 )break;++j;v13 = -2069701336;}也就是繼續遍歷下一個元素嘍。直到遇到0,好了,我們假設0吧:
第五步
else if ( v13 == -127108152 ) // step5{v5_1[12 * v14] = i;v5_1[12 * v14 + 1] = j;v7 = findvalue(sudoku, &v5_1[12 * v14]);v8 = 295419890;*(_DWORD *)(36LL * i + sudoku + 4LL * j) = v7;if ( *(_DWORD *)(36LL * i + sudoku + 4LL * j) == -1 )v8 = 1601744610;v13 = v8;}這里把0位置的行數和列數記在一個新數組中,然后,先往下吧,v8 = 295419890;
else if ( v13 == 295419890 ){++v14;v18 = v18 - 1146223301 + 1146223300; v13 = -1289862082;}v14自增,然后v18自減,接著流程代碼
if ( v13 != -1289862082 )break;v13 = -1361654796;}流程代碼,不用管,接著走。
if ( v13 != -1361654796 )break;++j;v13 = -2069701336;}繼續遍歷下一個元素,那沒事了。。。。
第六步
繼續下一種情況:v8 = 1601744610;
else if ( v13 == 1601744610 ){*(_DWORD *)(36LL * i + sudoku + 4LL * j) = 0;--v14;v13 = -446534017;}把數組相應位置賦0,然后v14自減。接著流程代碼:
if ( v13 == -446534017 ){v9 = 1764791757;if ( !v5_1[12 * v14 + 2] )v9 = 1923573299;v13 = v9;}此處判斷所處的數組元素是否為0,為0的話v9 = 1764791757;,
case 1764791757:v15 = 1;v13 = 599244415;break;v15賦值1,然后流程代碼
v13 = 599244415;break;流程代碼,
else if ( v13 == 599244415 ){v11 = -2084617164;if ( v15 < 10 )v11 = 1332608024;v13 = v11;}再來判斷是否小于10,首先假設大于10,v11 = -2084617164;
if ( v13 != -2084617164 )break;++v18;i = v5_1[12 * v14];j = v5_1[12 * v14 + 1];v13 = 295419890;}i ,j被利用數組中的值賦上,然后v18自增,緊接著流程代碼:
繞回來了:
然后假設小于10,v11 = 1332608024;
else if ( v13 == 1332608024 ){v12 = -1561315505;if ( !v5_1[12 * v14 + 2 + v15] )v12 = 67917660;v13 = v12;}然后判斷數組元素是否為0,非零情況下:v12 = -1561315505;
if ( v13 != -1561315505 )break;v13 = 2016120547;}流程代碼,繼續,
case 2016120547:++v15;v13 = 599244415;break;v15自增,流程代碼:
else if ( v13 == 599244415 ){v11 = -2084617164;if ( v15 < 10 )v11 = 1332608024;v13 = v11;}為0情況下,v12 = 67917660;:
else if ( v13 == 67917660 ){*(_DWORD *)(36LL * v5_1[12 * v14] + sudoku + 4LL * v5_1[12 * v14 + 1]) = v15;v5_1[12 * v14 + 2 + v15] = 1;--v5_1[12 * v14 + 2];v13 = -2084617164;}改變了數組的內容,緊接著流程代碼,然后回到上級
if ( v13 != -2084617164 )break;++v18;i = v5_1[12 * v14];j = v5_1[12 * v14 + 1];v13 = 295419890;}第七步(第五步的第二種情況)
v8 = 1601744610;這時流程代碼如下:
else if ( v13 == 1601744610 ){*(_DWORD *)(36LL * i + sudoku + 4LL * j) = 0;--v14;v13 = -446534017;}數組元素被賦值0,v14自減,緊接著流程代碼:
if ( v13 == -446534017 ){v9 = 1764791757;if ( !v5_1[12 * v14 + 2] )v9 = 1923573299;v13 = v9;}然后又返回去了。
總結
check(int (*a1)[9])
代碼
__int64 __fastcall check(int (*a1)[9]) {__int64 result; // raxsigned int v2; // eaxsigned int v3; // eaxsigned int v4; // [rsp+24h] [rbp-18h]signed int v5; // [rsp+2Ch] [rbp-10h]signed int v6; // [rsp+30h] [rbp-Ch]v6 = 0;v4 = 1715923540;while ( 1 ){while ( 1 ){while ( v4 == -1955732718 )v4 = 927738670;if ( v4 != -1010822917 )break;v5 = 0;v4 = -135298689;}result = (unsigned int)(v4 + 849866751);if ( v4 == -849866751 )break;switch ( v4 ){case -135298689:v3 = 623468669;if ( v5 < 9 )v3 = -1955732718;v4 = v3;break;case 623468669:v4 = 2055416056;break;case 927738670:++v5;v4 = -135298689;break;case 1715923540:v2 = -849866751;if ( v6 < 9 )v2 = -1010822917;v4 = v2;break;case 2055416056:++v6;v4 = 1715923540;break;}}return result; }__int64 __fastcall findvalue(__int64 a1, int *a2)
代碼
__int64 __fastcall findvalue(__int64 a1, int *a2) {signed int v2; // eaxsigned int v3; // eaxsigned int v4; // eaxsigned int v5; // eaxsigned int v6; // eaxsigned int v7; // eaxsigned int v8; // eaxsigned int v9; // eaxsigned int v10; // eaxsigned int v12; // [rsp+8Ch] [rbp-2Ch]int v13; // [rsp+90h] [rbp-28h]int v14; // [rsp+94h] [rbp-24h]signed int v15; // [rsp+98h] [rbp-20h]signed int v16; // [rsp+9Ch] [rbp-1Ch]unsigned int v17; // [rsp+B4h] [rbp-4h]v14 = *a2;v13 = a2[1];v16 = 0;v12 = -791724132;while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( v12 == -1704444406 ){v17 = v16;v12 = 981711445;}if ( v12 != -1635553414 )break;++v16;v12 = 1796887582;}if ( v12 != -1431966323 )break;++v15;v12 = -53637786;}if ( v12 != -1235584672 )break;++v16;v12 = 156864788;}if ( v12 != -1228737224 )break;v8 = -1104998472;if ( v16 < 10 )v8 = -890529193;v12 = v8;}if ( v12 != -1144155234 )break;++v16;v12 = -1228737224;}if ( v12 != -1104998472 )break;v10 = -1704444406;if ( v16 == 10 )v10 = 2089198738;v12 = v10;}if ( v12 != -890529193 )break;v9 = 862823000;if ( !a2[v16 + 2] )v9 = 771361621;v12 = v9;}if ( v12 != -791724132 )break;v2 = -611155481;if ( v16 < 10 )v2 = 1792341902;v12 = v2;}if ( v12 != -611155481 )break;v16 = 1;v12 = 522488884;}if ( v12 != -248881259 )break;++a2[2];v12 = 1986744843;}if ( v12 != -53637786 )break;v5 = -32951658;if ( v15 < 3 )v5 = 432619495;v12 = v5;}if ( v12 != -32951658 )break;v12 = -1635553414;}if ( v12 != 156864788 )break;v6 = 507587421;if ( v16 < 10 )v6 = 810472009;v12 = v6;}if ( v12 != 432619495 )break;a2[*(signed int *)(36LL * (v16 - -3 * (v14 / 3)) + a1 + 4LL * (v15 - -3 * (v13 / 3))) + 2] = 1;v12 = -1431966323;}if ( v12 != 507587421 )break;v16 = 1;v12 = -1228737224;}if ( v12 != 522488884 )break;v3 = 1921980522;if ( v16 < 10 )v3 = 1524139080;v12 = v3;}if ( v12 != 771361621 )break;a2[v16 + 2] = 1;--a2[2];v12 = -1104998472;}if ( v12 != 810472009 )break;v7 = 1986744843;if ( !a2[v16 + 2] )v7 = -248881259;v12 = v7;}if ( v12 != 862823000 )break;v12 = -1144155234;}if ( v12 == 981711445 )break;switch ( v12 ){case 1044110222:++v16;v12 = -791724132;break;case 1275000702:++v16;v12 = 522488884;break;case 1353319228:a2[2] = 0;v16 = 1;v12 = 156864788;break;case 1404549511:v15 = 0;v12 = -53637786;break;case 1524139080:a2[*(signed int *)(36LL * v14 + a1 + 4LL * (v16 - 1)) + 2] = 1;a2[*(signed int *)(36LL * (v16 - 832240230 + 832240229) + a1 + 4LL * v13) + 2] = 1;v12 = 1275000702;break;case 1792341902:a2[v16 + 2] = 0;v12 = 1044110222;break;case 1796887582:v4 = 1353319228;if ( v16 < 3 )v4 = 1404549511;v12 = v4;break;case 1921980522:v16 = 0;v12 = 1796887582;break;case 1986744843:v12 = -1235584672;break;case 2089198738:v17 = -1;v12 = 981711445;break;}}return v17; }第一步
if ( v12 != -791724132 )break;v2 = -611155481;控制流代碼,沒什么好說的,v2 = -611155481;
if ( v12 != -611155481 )break;v16 = 1;v12 = 522488884;v16賦值1,然后控制流代碼,v12 = 522488884;
if ( v12 != 522488884 )break;v3 = 1921980522;控制流代碼v3 = 1921980522;
case 1921980522:v16 = 0;v12 = 1796887582;break;v16被賦值0,然后控制流代碼v12 = 1796887582;
case 1796887582:v4 = 1353319228;if ( v16 < 3 )v4 = 1404549511;v12 = v4;break;這里利用v16來判斷接下來的流程,先看v16>3的情況吧,
case 1353319228:a2[2] = 0;v16 = 1;v12 = 156864788;break;數組的第三個元素被賦值為0,然后v16被賦值為1,然后流程代碼,v12 = 156864788;
if ( v12 != 156864788 )break;v6 = 507587421;if ( v16 < 10 )v6 = 810472009;v12 = v6;這里又來進行第二波判斷,v16的值,假設大于10,流程代碼,v6 = 507587421;
if ( v12 != 507587421 )break;v16 = 1;v12 = -1228737224;}v16被賦值為1,然后流程代碼,
if ( v12 != -1228737224 )break;v8 = -1104998472;if ( v16 < 10 )v8 = -890529193;v12 = v8;}v16>10的話,v8 = -1104998472
if ( v12 != -1104998472 )break;v10 = -1704444406;if ( v16 == 10 )v10 = 2089198738;v12 = v10;返回-1,然后退出,if ( v12 == 981711445 ) break;
v16賦給v17,然后退出
if ( v12 == 981711445 )break;然后來看看v16<3的情況
if ( v12 != 432619495 )break;a2[*(signed int *)(36LL * (v16 - -3 * (v14 / 3)) + a1 + 4LL * (v15 - -3 * (v13 / 3))) + 2] = 1;v12 = -1431966323;把你賦值給a2數組的某個位置,然后流程控制代碼
if ( v12 != -1431966323 )break;++v15;v12 = -53637786;v15自增,緊接著流程控制代碼,然后執行回去,近一步探索
if ( v12 != -53637786 )break;v5 = -32951658;if ( v15 < 3 )v5 = 432619495;v12 = v5;最上面的v16的值,小于10時,流程代碼,v6 = 810472009;
if ( v12 != 810472009 )break;v7 = 1986744843;if ( !a2[v16 + 2] )v7 = -248881259;v12 = v7;判斷數組元素是否為0,
流程代碼:
if ( v12 != -1235584672 )break;++v16;v12 = 156864788;}v16自增,然后流程代碼,
if ( v12 != 156864788 )break;v6 = 507587421;if ( v16 < 10 )v6 = 810472009;v12 = v6;第二步
v16<10的話,v8 = -890529193
if ( v12 != -890529193 )break;v9 = 862823000;if ( !a2[v16 + 2] )v9 = 771361621;v12 = v9;判斷數組元素是否為0,
流程代碼:
if ( v12 != -1144155234 )break;++v16;v12 = -1228737224;v16自增,然后流程代碼,
if ( v12 != -1228737224 )break;v8 = -1104998472;if ( v16 < 10 )v8 = -890529193;v12 = v8;check1(char *a1)
代碼
__int64 __fastcall check1(char *a1) {__int64 result; // raxsize_t v2; // raxsigned int v3; // ecxchar v4; // ST6F_1size_t v5; // raxsigned int v6; // ecxchar v7; // ST6E_1size_t v8; // raxsigned int v9; // ecxsigned int v10; // [rsp+68h] [rbp-18h]int v11; // [rsp+70h] [rbp-10h]int v12; // [rsp+74h] [rbp-Ch]v12 = strlen(a1) >> 1;v11 = 0;v10 = 1519002972;while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( v10 == -2084833488 ){v8 = strlen(a1);v9 = -67245798;if ( v12 < v8 )v9 = 1974939745;v10 = v9;}if ( v10 != -1988665894 )break;v12 = 0;v10 = -2084833488;}if ( v10 != -1393133668 )break;v5 = strlen(a1);v6 = -1988665894;if ( v12 < v5 )v6 = -1018472136;v10 = v6;}if ( v10 != -1018472136 )break;v7 = a1[v12];a1[v12] = a1[v12 + 1];a1[v12 + 1] = v7;v10 = -146751883;}if ( v10 != -831482631 )break;++v12;v10 = -2084833488;}if ( v10 != -291294424 )break;++v11;++v12;v10 = 1519002972;}if ( v10 != -146751883 )break;v12 += 2;v10 = -1393133668;}result = (unsigned int)(v10 + 67245798);if ( v10 == -67245798 )break;switch ( v10 ){case 75381312:v4 = a1[v12];a1[v12] = a1[v11];a1[v11] = v4;v10 = -291294424;break;case 1519002972:v2 = strlen(a1);v3 = 1555725255;if ( v11 < v2 >> 1 )v3 = 75381312;v10 = v3;break;case 1555725255:v12 = 0;v10 = -1393133668;break;case 1974939745:a1[v12] = (a1[v12] & 0xF3 | ~a1[v12] & 0xC) - 20;v10 = -831482631;break;}}return result; }check3(char *a1)
代碼
__int64 __fastcall check3(char *a1) {__int64 result; // raxsigned int v2; // eaxsigned int v3; // [rsp+28h] [rbp-18h]int v4; // [rsp+3Ch] [rbp-4h]v4 = check2(a1);v3 = 16123822;while ( 1 ){while ( v3 == 16123822 ){v2 = 1478060410;if ( !v4 )v2 = 1274132590;v3 = v2;}result = (unsigned int)(v3 - 824643665);if ( v3 == 824643665 )break;if ( v3 == 1274132590 ){v3 = 824643665;printf("error!\n");}else if ( v3 == 1478060410 ){v3 = 824643665;printf("you get it!\n");}}return result; }check2(char *a1)
代碼
__int64 __fastcall check2(char *a1) {size_t v1; // raxsigned int v2; // ecxsigned int v3; // eaxsigned int v4; // eaxsigned int v5; // eaxsigned int v6; // eaxsigned int v7; // eaxsigned int v8; // eaxsigned int v9; // eaxsigned int v11; // [rsp+8Ch] [rbp-C4h]unsigned int v12; // [rsp+90h] [rbp-C0h]int v13; // [rsp+94h] [rbp-BCh]signed int v14; // [rsp+98h] [rbp-B8h]signed int v15; // [rsp+9Ch] [rbp-B4h]int v16[42]; // [rsp+A0h] [rbp-B0h]char *s; // [rsp+148h] [rbp-8h]s = a1;v13 = 0;v12 = 1;v15 = 0;v11 = -2671583;while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( 1 ){while ( v11 == -2119125118 ){++v15;v11 = -94879051;}if ( v11 != -1998111552 )break;v6 = 396170963;if ( v15 < 9 )v6 = -512482015;v11 = v6;}if ( v11 != -1695072055 )break;++v15;v11 = -1998111552;}if ( v11 != -1658909923 )break;v8 = -1129833658;if ( D0g3[9 * v15 + v14] != sudoku[9 * v15 + v14] )v8 = -528396247;v11 = v8;}if ( v11 != -1613667829 )break;v11 = -2119125118;}if ( v11 != -1369143226 )break;v14 = 0;v11 = -740861019;}if ( v11 != -1244045086 )break;D0g3[9 * v15 + v14] = v16[v13++];v11 = 1611237474;}if ( v11 != -1129833658 )break;v11 = -90011013;}if ( v11 != -740861019 )break;v4 = -1613667829;if ( v14 < 9 )v4 = 705300330;v11 = v4;}if ( v11 != -528396247 )break;v12 = 0;v11 = 1954800504;}if ( v11 != -512482015 )break;v14 = 0;v11 = 564268595;}if ( v11 != -334121999 )break;v15 = 0;v11 = -1998111552;}if ( v11 != -94879051 )break;v3 = -334121999;if ( v15 < 9 )v3 = -1369143226;v11 = v3;}if ( v11 != -90011013 )break;++v14;v11 = 564268595;}if ( v11 != -2671583 )break;v1 = strlen(s);v2 = 2101131376;if ( v15 < v1 )v2 = 441246003;v11 = v2;}if ( v11 == 396170963 )break;switch ( v11 ){case 430996436:++v15;v11 = -2671583;break;case 441246003:v16[v15] = s[v15] - 232084296 + 232084248;v11 = 430996436;break;case 564268595:v7 = 1954800504;if ( v14 < 9 )v7 = -1658909923;v11 = v7;break;case 705300330:v5 = 1611237474;if ( !D0g3[9 * v15 + v14] )v5 = -1244045086;v11 = v5;break;case 1611237474:v11 = 2119231421;break;case 1908623879:v11 = -1695072055;break;case 1954800504:v9 = 1908623879;if ( !v12 )v9 = 2014359934;v11 = v9;break;case 2014359934:v11 = 396170963;break;case 2101131376:v15 = 0;v11 = -94879051;printf("\n");break;case 2119231421:++v14;v11 = -740861019;break;}}return v12; }總結
以上是生活随笔為你收集整理的安洵杯——game(混淆控制流平坦化)的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: BUUCTF 新年快乐 内涵的软件 J
- 下一篇: 虎符杯——虚拟机逆向