BUUCTF在线评测 (buuoj.cn)
查壳,64位elf文件,ida打开,定位入口函数
进入main里面,再看看sub_78A
猜测是个迷宫,看看byte_201020里是不是地图
_BOOL8 __fastcall sub_78A(__int64 a1)
{int v2; // [rsp+Ch] [rbp-Ch]int v3; // [rsp+10h] [rbp-8h]int v4; // [rsp+14h] [rbp-4h]v2 = 0;v3 = 5;v4 = 0;while ( byte_201020[v2] != 33 ){v2 -= v4;if ( *(_BYTE *)(v3 + a1) != 'W' || v4 == -16 ){if ( *(_BYTE *)(v3 + a1) != 'E' || v4 == 1 ){if ( *(_BYTE *)(v3 + a1) != 77 || v4 == 16 ){if ( *(_BYTE *)(v3 + a1) != 74 || v4 == -1 )return 0LL;v4 = -1;}else{v4 = 16;}}else{v4 = 1;}}else{v4 = -16;}++v3;while ( !byte_201020[v2] ){if ( v4 == -1 && (v2 & 0xF) == 0 )return 0LL;if ( v4 == 1 && v2 % 16 == 15 )return 0LL;if ( v4 == 16 && (unsigned int)(v2 - 240) <= 0xF )return 0LL;if ( v4 == -16 && (unsigned int)(v2 + 15) <= 30 )return 0LL;v2 += v4;}}return *(_BYTE *)(v3 + a1) == 125;
}这么多数据,是地图没错了,shift+E提取数据
用c++画个地图
#include<stdio.h>
int main(){int ida_chars[] =
{0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 35, 35, 35, 35, 0, 0, 0, 35, 35, 0, 0, 0, 79, 79, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 79, 79, 0, 80, 80, 0, 0, 0, 0, 0, 0, 76, 0, 79, 79, 0, 79, 79, 0, 80, 80, 0, 0, 0, 0, 0, 0, 76, 0, 79, 79, 0, 79, 79, 0, 80, 0, 0, 0, 0, 0, 0, 76, 76, 0, 79, 79, 0, 0, 0, 0, 80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 79, 79, 0, 0, 0, 0, 80, 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 77, 77, 77, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 77, 77, 77, 0, 0, 0, 0, 69, 69, 0, 0, 0, 48, 0, 77, 0, 77, 0, 77, 0, 0, 0, 0, 69, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 69, 69, 84, 84, 84, 73, 0, 77, 0, 77, 0, 77, 0, 0, 0, 0, 69, 0, 0, 84, 0, 73, 0, 77, 0, 77, 0, 77, 0, 0, 0, 0, 69, 0, 0, 84, 0, 73, 0, 77, 0, 77, 0, 77, 33, 0, 0, 0, 69, 69
};
int i,j;
for(j=0;j<16;j++){for(i=0;i<16;i++){printf(" %.2d",ida_chars[i+j*16]);
}
printf("\n");
}
}上面我们知道w为上,e为右,m为下,j为左,而且最左边一列不能向左走,最右边一列不能向右走,最上面一行不能向上走,最下面一行不能向下走,这就需要我们碰墙才能拐弯,碰四周不能拐弯,不能直接从四周出去
ok,写出flag
flag{MEWEMEWJMEWJM}
本题是个迷宫题,此题不像别的迷宫一步一步走,而是一个方向碰墙就拐弯地走,比较新颖,注意的点就是不可以从四周直接出去,比如你向左走,但是左边全是0,那么就记作失败了,一定要碰到非0数字才行
