逆向工程简易无剥离ELF二元

时间:2016-06-05 08:53:11

标签: debugging assembly gdb reverse-engineering x86-64

因此,在工作中,我们每周都会对欢乐时光提出挑战。本周我们获得了一个ELF二进制可执行文件,告诉他们确定位置并解决问题。

您可以在http://expirebox.com/download/632063a9aaddee378dd62399ad14ae02.html

下载

启动时,程序会要求输入用户名和密码。如果没有输入任何内容,您将获得一个简单的base64字符串,该字符串提供欢乐时光位置的答案:

NzQgNjggNjUgMjAgNzcgNjUgNmMgNmMgMjAgNjEgNzQgMjAgMzUgM2EgMzAgMzA=

如果您输入的用户名和密码的结尾格式 大于10,您将获得一个YouTube视频,通过base64编码的歌词解释base64和Rick Rolled:

close https://www.youtube.com/watch?v=xfr64zoBTAQ. or V2UncmUgbm8gc3RyYW5nZXJzIHRvIGxvdmUNCllvdSBrbm93IHRoZSBydWxlcyBhbmQgc28gZG8gSQ0KQSBmdWxsIGNvbW1pdG1lbnQncyB3aGF0IEknbSB0aGlua2luZyBvZg0KWW91IHdvdWxkbid0IGdldCB0aGlzIGZyb20gYW55IG90aGVyIGd1eQ0KDQpJIGp1c3Qgd2FubmEgdGVsbCB5b3UgaG93IEknbSBmZWVsaW5nDQpHb3R0YSBtYWtlIHlvdSB1bmRlcnN0YW5kDQoNCk5ldmVyIGdvbm5hIGdpdmUgeW91IHVwDQpOZXZlciBnb25uYSBsZXQgeW91IGRvd24NCk5ldmVyIGdvbm5hIHJ1biBhcm91bmQgYW5kIGRlc2VydCB5b3UNCk5ldmVyIGdvbm5hIG1ha2UgeW91IGNyeQ0KTmV2ZXIgZ29ubmEgc2F5IGdvb2RieWUNCk5ldmVyIGdvbm5hIHRlbGwgYSBsaWUgYW5kIGh1cnQgeW91DQoNCldlJ3ZlIGtub3duIGVhY2ggb3RoZXIgZm9yIHNvIGxvbmcNCllvdXIgaGVhcnQncyBiZWVuIGFjaGluZywgYnV0DQpZb3UncmUgdG9vIHNoeSB0byBzYXkgaXQNCkluc2lkZSwgd2UgYm90aCBrbm93IHdoYXQncyBiZWVuIGdvaW5nIG9uDQpXZSBrbm93IHRoZSBnYW1lIGFuZCB3ZSdyZSBnb25uYSBwbGF5IGl0DQoNCkFuZCBpZiB5b3UgYXNrIG1lIGhvdyBJJ20gZmVlbGluZw0KRG9uJ3QgdGVsbCBtZSB5b3UncmUgdG9vIGJsaW5kIHRvIHNlZQ0KDQpOZXZlciBnb25uYSBnaXZlIHlvdSB1cA0KTmV2ZXIgZ29ubmEgbGV0IHlvdSBkb3duDQpOZXZlciBnb25uYSBydW4gYXJvdW5kIGFuZCBkZXNlcnQgeW91DQpOZXZlciBnb25uYSBtYWtlIHlvdSBjcnkNCk5ldmVyIGdvbm5hIHNheSBnb29kYnllDQpOZXZlciBnb25uYSB0ZWxsIGEgbGllIGFuZCBodXJ0IHlvdQ0KDQpOZXZlciBnb25uYSBnaXZlIHlvdSB1cA0KTmV2ZXIgZ29ubmEgbGV0IHlvdSBkb3duDQpOZXZlciBnb25uYSBydW4gYXJvdW5kIGFuZCBkZXNlcnQgeW91DQpOZXZlciBnb25uYSBtYWtlIHlvdSBjcnkNCk5ldmVyIGdvbm5hIHNheSBnb29kYnllDQpOZXZlciBnb25uYSB0ZWxsIGEgbGllIGFuZCBodXJ0IHlvdQ0KDQooT29oLCBnaXZlIHlvdSB1cCkNCihPb2gsIGdpdmUgeW91IHVwKQ0KTmV2ZXIgZ29ubmEgZ2l2ZSwgbmV2ZXIgZ29ubmEgZ2l2ZQ0KKEdpdmUgeW91IHVwKQ0KTmV2ZXIgZ29ubmEgZ2l2ZSwgbmV2ZXIgZ29ubmEgZ2l2ZQ0KKEdpdmUgeW91IHVwKQ0KDQpXZSd2ZSBrbm93biBlYWNoIG90aGVyIGZvciBzbyBsb25nDQpZb3VyIGhlYXJ0J3MgYmVlbiBhY2hpbmcsIGJ1dA0KWW91J3JlIHRvbyBzaHkgdG8gc2F5IGl0DQpJbnNpZGUsIHdlIGJvdGgga25vdyB3aGF0J3MgYmVlbiBnb2luZyBvbg0KV2Uga25vdyB0aGUgZ2FtZSBhbmQgd2UncmUgZ29ubmEgcGxheSBpdA0KDQpJIGp1c3Qgd2FubmEgdGVsbCB5b3UgaG93IEknbSBmZWVsaW5nDQpHb3R0YSBtYWtlIHlvdSB1bmRlcnN0YW5kDQoNCk5ldmVyIGdvbm5hIGdpdmUgeW91IHVwDQpOZXZlciBnb25uYSBsZXQgeW91IGRvd24NCk5ldmVyIGdvbm5hIHJ1biBhcm91bmQgYW5kIGRlc2VydCB5b3UNCk5ldmVyIGdvbm5hIG1ha2UgeW91IGNyeQ0KTmV2ZXIgZ29ubmEgc2F5IGdvb2RieWUNCk5ldmVyIGdvbm5hIHRlbGwgYSBsaWUgYW5kIGh1cnQgeW91DQoNCk5ldmVyIGdvbm5hIGdpdmUgeW91IHVwDQpOZXZlciBnb25uYSBsZXQgeW91IGRvd24NCk5ldmVyIGdvbm5hIHJ1biBhcm91bmQgYW5kIGRlc2VydCB5b3UNCk5ldmVyIGdvbm5hIG1ha2UgeW91IGNyeQ0KTmV2ZXIgZ29ubmEgc2F5IGdvb2RieWUNCk5ldmVyIGdvbm5hIHRlbGwgYSBsaWUgYW5kIGh1cnQgeW91DQoNCk5ldmVyIGdvbm5hIGdpdmUgeW91IHVwDQpOZXZlciBnb25uYSBsZXQgeW91IGRvd24NCk5ldmVyIGdvbm5hIHJ1biBhcm91bmQgYW5kIGRlc2VydCB5b3UNCk5ldmVyIGdvbm5hIG1ha2UgeW91IGNyeQ0KTmV2ZXIgZ29ubmEgc2F5IGdvb2RieWUNCk5ldmVyIGdvbm5hIHRlbGwgYSBsaWUgYW5kIGh1cnQgeW91

如果您输入的用户名和密码的拼音更多超过10,则只能获得编码的歌词:

V2UncmUgbm8gc3RyYW5nZXJzIHRvIGxvdmUNCllvdSBrbm93IHRoZSBydWxlcyBhbmQgc28gZG8gSQ0KQSBmdWxsIGNvbW1pdG1lbnQncyB3aGF0IEknbSB0aGlua2luZyBvZg0KWW91IHdvdWxkbid0IGdldCB0aGlzIGZyb20gYW55IG90aGVyIGd1eQ0KDQpJIGp1c3Qgd2FubmEgdGVsbCB5b3UgaG93IEknbSBmZWVsaW5nDQpHb3R0YSBtYWtlIHlvdSB1bmRlcnN0YW5kDQoNCk5ldmVyIGdvbm5hIGdpdmUgeW91IHVwDQpOZXZlciBnb25uYSBsZXQgeW91IGRvd24NCk5ldmVyIGdvbm5hIHJ1biBhcm91bmQgYW5kIGRlc2VydCB5b3UNCk5ldmVyIGdvbm5hIG1ha2UgeW91IGNyeQ0KTmV2ZXIgZ29ubmEgc2F5IGdvb2RieWUNCk5ldmVyIGdvbm5hIHRlbGwgYSBsaWUgYW5kIGh1cnQgeW91DQoNCldlJ3ZlIGtub3duIGVhY2ggb3RoZXIgZm9yIHNvIGxvbmcNCllvdXIgaGVhcnQncyBiZWVuIGFjaGluZywgYnV0DQpZb3UncmUgdG9vIHNoeSB0byBzYXkgaXQNCkluc2lkZSwgd2UgYm90aCBrbm93IHdoYXQncyBiZWVuIGdvaW5nIG9uDQpXZSBrbm93IHRoZSBnYW1lIGFuZCB3ZSdyZSBnb25uYSBwbGF5IGl0DQoNCkFuZCBpZiB5b3UgYXNrIG1lIGhvdyBJJ20gZmVlbGluZw0KRG9uJ3QgdGVsbCBtZSB5b3UncmUgdG9vIGJsaW5kIHRvIHNlZQ0KDQpOZXZlciBnb25uYSBnaXZlIHlvdSB1cA0KTmV2ZXIgZ29ubmEgbGV0IHlvdSBkb3duDQpOZXZlciBnb25uYSBydW4gYXJvdW5kIGFuZCBkZXNlcnQgeW91DQpOZXZlciBnb25uYSBtYWtlIHlvdSBjcnkNCk5ldmVyIGdvbm5hIHNheSBnb29kYnllDQpOZXZlciBnb25uYSB0ZWxsIGEgbGllIGFuZCBodXJ0IHlvdQ0KDQpOZXZlciBnb25uYSBnaXZlIHlvdSB1cA0KTmV2ZXIgZ29ubmEgbGV0IHlvdSBkb3duDQpOZXZlciBnb25uYSBydW4gYXJvdW5kIGFuZCBkZXNlcnQgeW91DQpOZXZlciBnb25uYSBtYWtlIHlvdSBjcnkNCk5ldmVyIGdvbm5hIHNheSBnb29kYnllDQpOZXZlciBnb25uYSB0ZWxsIGEgbGllIGFuZCBodXJ0IHlvdQ0KDQooT29oLCBnaXZlIHlvdSB1cCkNCihPb2gsIGdpdmUgeW91IHVwKQ0KTmV2ZXIgZ29ubmEgZ2l2ZSwgbmV2ZXIgZ29ubmEgZ2l2ZQ0KKEdpdmUgeW91IHVwKQ0KTmV2ZXIgZ29ubmEgZ2l2ZSwgbmV2ZXIgZ29ubmEgZ2l2ZQ0KKEdpdmUgeW91IHVwKQ0KDQpXZSd2ZSBrbm93biBlYWNoIG90aGVyIGZvciBzbyBsb25nDQpZb3VyIGhlYXJ0J3MgYmVlbiBhY2hpbmcsIGJ1dA0KWW91J3JlIHRvbyBzaHkgdG8gc2F5IGl0DQpJbnNpZGUsIHdlIGJvdGgga25vdyB3aGF0J3MgYmVlbiBnb2luZyBvbg0KV2Uga25vdyB0aGUgZ2FtZSBhbmQgd2UncmUgZ29ubmEgcGxheSBpdA0KDQpJIGp1c3Qgd2FubmEgdGVsbCB5b3UgaG93IEknbSBmZWVsaW5nDQpHb3R0YSBtYWtlIHlvdSB1bmRlcnN0YW5kDQoNCk5ldmVyIGdvbm5hIGdpdmUgeW91IHVwDQpOZXZlciBnb25uYSBsZXQgeW91IGRvd24NCk5ldmVyIGdvbm5hIHJ1biBhcm91bmQgYW5kIGRlc2VydCB5b3UNCk5ldmVyIGdvbm5hIG1ha2UgeW91IGNyeQ0KTmV2ZXIgZ29ubmEgc2F5IGdvb2RieWUNCk5ldmVyIGdvbm5hIHRlbGwgYSBsaWUgYW5kIGh1cnQgeW91DQoNCk5ldmVyIGdvbm5hIGdpdmUgeW91IHVwDQpOZXZlciBnb25uYSBsZXQgeW91IGRvd24NCk5ldmVyIGdvbm5hIHJ1biBhcm91bmQgYW5kIGRlc2VydCB5b3UNCk5ldmVyIGdvbm5hIG1ha2UgeW91IGNyeQ0KTmV2ZXIgZ29ubmEgc2F5IGdvb2RieWUNCk5ldmVyIGdvbm5hIHRlbGwgYSBsaWUgYW5kIGh1cnQgeW91DQoNCk5ldmVyIGdvbm5hIGdpdmUgeW91IHVwDQpOZXZlciBnb25uYSBsZXQgeW91IGRvd24NCk5ldmVyIGdvbm5hIHJ1biBhcm91bmQgYW5kIGRlc2VydCB5b3UNCk5ldmVyIGdvbm5hIG1ha2UgeW91IGNyeQ0KTmV2ZXIgZ29ubmEgc2F5IGdvb2RieWUNCk5ldmVyIGdvbm5hIHRlbGwgYSBsaWUgYW5kIGh1cnQgeW91

我对所有这些东西都是全新的,而且装配对我来说没有多大意义。 Ltrace似乎表明strlen是重要的,比如可能没有设置用户名和密码? (抱歉格式化,从我的终端复制/粘贴,我用12345/123456作为我的用户名/密码):

terminal:scripts {55} ltrace ./hh1
(0, 0, 317184, -1, 0x1f25bc2)                               = 0x3391821160
__libc_start_main(0x4006b4, 1, 0x7ffc5293e3e8, 0x400850, 0x400840         
<unfinished ...>
puts("please enter the username"please enter the username)   = 26
fgets(12345
"", -566075386, 0x7ffc5293e0f0)                              = 0x7ffc5293e0f0
puts("please enter the password:"please enter the password:) = 27
fgets(123456
"", -566075385, 0x7ffc5293e1f0)                                                                                    
= 0x7ffc5293e1f0
strlen("12345\n")                                             = 6
memset(0x7ffc5293e0f5, '\000', 1)                             = 0x7ffc5293e0f5
strlen("123456\n")                                            = 7
memset(0x7ffc5293e1f6, '\000', 1)                             = 0x7ffc5293e1f6
strlen("12345")                                               = 5
strlen("123456")                                              = 6
puts("V2UncmUgbm8gc3RyYW5nZXJzIHRvIGxv"...V2UncmUgbm8gc3RyYW5nZXJzIHRvIGxvdmUNCllvdSBrbm93IHRoZSBydWxlcyBhbmQgc28gZG8gSQ0KQSBmdWxsIGNvbW1pdG1lbnQncyB3aGF0IEknbSB0aGlua2luZyBvZg0KWW91IHdvdWxkbid0IGdldCB0aGlzIGZyb20gYW55IG90aGVyIGd1eQ0KDQpJIGp1c3Qgd2FubmEgdGVsbCB5b3UgaG93IEknbSBmZWVsaW5nDQpHb3R0YSBtYWtlIHlvdSB1bmRlcnN0YW5kDQoNCk5ldmVyIGdvbm5hIGdpdmUgeW91IHVwDQpOZXZlciBnb25uYSBsZXQgeW91IGRvd24NCk5ldmVyIGdvbm5hIHJ1biBhcm91bmQgYW5kIGRlc2VydCB5b3UNCk5ldmVyIGdvbm5hIG1ha2UgeW91IGNyeQ0KTmV2ZXIgZ29ubmEgc2F5IGdvb2RieWUNCk5ldmVyIGdvbm5hIHRlbGwgYSBsaWUgYW5kIGh1cnQgeW91DQoNCldlJ3ZlIGtub3duIGVhY2ggb3RoZXIgZm9yIHNvIGxvbmcNCllvdXIgaGVhcnQncyBiZWVuIGFjaGluZywgYnV0DQpZb3UncmUgdG9vIHNoeSB0byBzYXkgaXQNCkluc2lkZSwgd2UgYm90aCBrbm93IHdoYXQncyBiZWVuIGdvaW5nIG9uDQpXZSBrbm93IHRoZSBnYW1lIGFuZCB3ZSdyZSBnb25uYSBwbGF5IGl0DQoNCkFuZCBpZiB5b3UgYXNrIG1lIGhvdyBJJ20gZmVlbGluZw0KRG9uJ3QgdGVsbCBtZSB5b3UncmUgdG9vIGJsaW5kIHRvIHNlZQ0KDQpOZXZlciBnb25uYSBnaXZlIHlvdSB1cA0KTmV2ZXIgZ29ubmEgbGV0IHlvdSBkb3duDQpOZXZlciBnb25uYSBydW4gYXJvdW5kIGFuZCBkZXNlcnQgeW91DQpOZXZlciBnb25uYSBtYWtlIHlvdSBjcnkNCk5ldmVyIGdvbm5hIHNheSBnb29kYnllDQpOZXZlciBnb25uYSB0ZWxsIGEgbGllIGFuZCBodXJ0IHlvdQ0KDQpOZXZlciBnb25uYSBnaXZlIHlvdSB1cA0KTmV2ZXIgZ29ubmEgbGV0IHlvdSBkb3duDQpOZXZlciBnb25uYSBydW4gYXJvdW5kIGFuZCBkZXNlcnQgeW91DQpOZXZlciBnb25uYSBtYWtlIHlvdSBjcnkNCk5ldmVyIGdvbm5hIHNheSBnb29kYnllDQpOZXZlciBnb25uYSB0ZWxsIGEgbGllIGFuZCBodXJ0IHlvdQ0KDQooT29oLCBnaXZlIHlvdSB1cCkNCihPb2gsIGdpdmUgeW91IHVwKQ0KTmV2ZXIgZ29ubmEgZ2l2ZSwgbmV2ZXIgZ29ubmEgZ2l2ZQ0KKEdpdmUgeW91IHVwKQ0KTmV2ZXIgZ29ubmEgZ2l2ZSwgbmV2ZXIgZ29ubmEgZ2l2ZQ0KKEdpdmUgeW91IHVwKQ0KDQpXZSd2ZSBrbm93biBlYWNoIG90aGVyIGZvciBzbyBsb25nDQpZb3VyIGhlYXJ0J3MgYmVlbiBhY2hpbmcsIGJ1dA0KWW91J3JlIHRvbyBzaHkgdG8gc2F5IGl0DQpJbnNpZGUsIHdlIGJvdGgga25vdyB3aGF0J3MgYmVlbiBnb2luZyBvbg0KV2Uga25vdyB0aGUgZ2FtZSBhbmQgd2UncmUgZ29ubmEgcGxheSBpdA0KDQpJIGp1c3Qgd2FubmEgdGVsbCB5b3UgaG93IEknbSBmZWVsaW5nDQpHb3R0YSBtYWtlIHlvdSB1bmRlcnN0YW5kDQoNCk5ldmVyIGdvbm5hIGdpdmUgeW91IHVwDQpOZXZlciBnb25uYSBsZXQgeW91IGRvd24NCk5ldmVyIGdvbm5hIHJ1biBhcm91bmQgYW5kIGRlc2VydCB5b3UNCk5ldmVyIGdvbm5hIG1ha2UgeW91IGNyeQ0KTmV2ZXIgZ29ubmEgc2F5IGdvb2RieWUNCk5ldmVyIGdvbm5hIHRlbGwgYSBsaWUgYW5kIGh1cnQgeW91DQoNCk5ldmVyIGdvbm5hIGdpdmUgeW91IHVwDQpOZXZlciBnb25uYSBsZXQgeW91IGRvd24NCk5ldmVyIGdvbm5hIHJ1biBhcm91bmQgYW5kIGRlc2VydCB5b3UNCk5ldmVyIGdvbm5hIG1ha2UgeW91IGNyeQ0KTmV2ZXIgZ29ubmEgc2F5IGdvb2RieWUNCk5ldmVyIGdvbm5hIHRlbGwgYSBsaWUgYW5kIGh1cnQgeW91DQoNCk5ldmVyIGdvbm5hIGdpdmUgeW91IHVwDQpOZXZlciBnb25uYSBsZXQgeW91IGRvd24NCk5ldmVyIGdvbm5hIHJ1biBhcm91bmQgYW5kIGRlc2VydCB5b3UNCk5ldmVyIGdvbm5hIG1ha2UgeW91IGNyeQ0KTmV2ZXIgZ29ubmEgc2F5IGdvb2RieWUNCk5ldmVyIGdvbm5hIHRlbGwgYSBsaWUgYW5kIGh1cnQgeW91  https://www.youtube.com/watch?v=cOps5tYassE)                        =      2630
exit(1 <unfinished ...>
+++ exited (status 1) +++

当我使用gdb取消主要功能时,我确定了提示的位置,但没有识别任何比较功能,如(http://manoharvanga.com/hackme/)等真棒教程中所见

0x00000000004006b4 <+0>:     push   %rbp
0x00000000004006b5 <+1>:     mov    %rsp,%rbp
0x00000000004006b8 <+4>:     sub    $0x220,%rsp
0x00000000004006bf <+11>:    mov    %edi,-0x214(%rbp)
0x00000000004006c5 <+17>:    mov    %rsi,-0x220(%rbp)
0x00000000004006cc <+24>:    lea    -0x110(%rbp),%rax
0x00000000004006d3 <+31>:    add    $0x1,%rax
0x00000000004006d7 <+35>:    mov    %rax,-0x10(%rbp)
0x00000000004006db <+39>:    movl   $0x0,-0x4(%rbp)
0x00000000004006e2 <+46>:    mov    $0x400938,%edi          <"please enter the username">
0x00000000004006e7 <+51>:    callq  0x400568 <puts@plt>
0x00000000004006ec <+56>:    mov    0x201b2d(%rip),%rax        # 0x602220 <stdin@@GLIBC_2.2.5>
0x00000000004006f3 <+63>:    mov    %rax,%rdx
0x00000000004006f6 <+66>:    lea    -0x210(%rbp),%rax
0x00000000004006fd <+73>:    mov    $0x100,%esi
0x0000000000400702 <+78>:    mov    %rax,%rdi
0x0000000000400705 <+81>:    callq  0x400598 <fgets@plt>
0x000000000040070a <+86>:    mov    $0x400952,%edi          <"please enter the password:">
0x000000000040070f <+91>:    callq  0x400568 <puts@plt>
0x0000000000400714 <+96>:    mov    0x201b05(%rip),%rax        # 0x602220 <stdin@@GLIBC_2.2.5>
0x000000000040071b <+103>:   mov    %rax,%rdx
0x000000000040071e <+106>:   lea    -0x110(%rbp),%rax
0x0000000000400725 <+113>:   mov    $0x100,%esi
0x000000000040072a <+118>:   mov    %rax,%rdi
0x000000000040072d <+121>:   callq  0x400598 <fgets@plt>
0x0000000000400732 <+126>:   lea    -0x210(%rbp),%rax
0x0000000000400739 <+133>:   mov    %rax,%rdi
0x000000000040073c <+136>:   callq  0x4005a8 <strlen@plt>
0x0000000000400741 <+141>:   lea    -0x1(%rax),%rdx
0x0000000000400745 <+145>:   lea    -0x210(%rbp),%rax
0x000000000040074c <+152>:   add    %rdx,%rax
0x000000000040074f <+155>:   mov    $0x1,%edx
0x0000000000400754 <+160>:   mov    $0x0,%esi
0x0000000000400759 <+165>:   mov    %rax,%rdi
0x000000000040075c <+168>:   callq  0x400558 <memset@plt>
0x0000000000400761 <+173>:   lea    -0x110(%rbp),%rax
0x0000000000400768 <+180>:   mov    %rax,%rdi
0x000000000040076b <+183>:   callq  0x4005a8 <strlen@plt>
0x0000000000400770 <+188>:   lea    -0x1(%rax),%rdx
0x0000000000400774 <+192>:   lea    -0x110(%rbp),%rax
0x000000000040077b <+199>:   add    %rdx,%rax
0x000000000040077e <+202>:   mov    $0x1,%edx
0x0000000000400783 <+207>:   mov    $0x0,%esi
0x0000000000400788 <+212>:   mov    %rax,%rdi
0x000000000040078b <+215>:   callq  0x400558 <memset@plt>
0x0000000000400790 <+220>:   lea    -0x210(%rbp),%rax
0x0000000000400797 <+227>:   mov    %rax,%rdi
0x000000000040079a <+230>:   callq  0x4005a8 <strlen@plt>
0x000000000040079f <+235>:   cmp    $0x5,%rax
0x00000000004007a3 <+239>:   ja     0x4007ba <main+262>
0x00000000004007a5 <+241>:   lea    -0x110(%rbp),%rax
0x00000000004007ac <+248>:   mov    %rax,%rdi
0x00000000004007af <+251>:   callq  0x4005a8 <strlen@plt>
0x00000000004007b4 <+256>:   cmp    $0x5,%rax
0x00000000004007b8 <+260>:   jbe    0x4007ce <main+282>
0x00000000004007ba <+262>:   mov    $0x400970,%edi
0x00000000004007bf <+267>:   callq  0x400568 <puts@plt>
0x00000000004007c4 <+272>:   mov    $0x1,%edi
0x00000000004007c9 <+277>:   callq  0x400578 <exit@plt>
0x00000000004007ce <+282>:   movzbl -0x110(%rbp),%edx
0x00000000004007d5 <+289>:   movzbl -0x210(%rbp),%eax
0x00000000004007dc <+296>:   cmp    %al,%dl
0x00000000004007de <+298>:   jne    0x400819 <main+357>
0x00000000004007e0 <+300>:   mov    -0x10(%rbp),%rax
0x00000000004007e4 <+304>:   mov    %rax,%rdi
0x00000000004007e7 <+307>:   callq  0x4005b8 <atoi@plt>
0x00000000004007ec <+312>:   mov    %eax,%ecx
0x00000000004007ee <+314>:   mov    $0x66666667,%edx
0x00000000004007f3 <+319>:   mov    %ecx,%eax
0x00000000004007f5 <+321>:   imul   %edx
0x00000000004007f7 <+323>:   sar    $0x2,%edx
0x00000000004007fa <+326>:   mov    %ecx,%eax
0x00000000004007fc <+328>:   sar    $0x1f,%eax
0x00000000004007ff <+331>:   sub    %eax,%edx
0x0000000000400801 <+333>:   mov    %edx,%eax
0x0000000000400803 <+335>:   shl    $0x2,%eax
0x0000000000400806 <+338>:   add    %edx,%eax
0x0000000000400808 <+340>:   add    %eax,%eax
0x000000000040080a <+342>:   mov    %ecx,%edx
0x000000000040080c <+344>:   sub    %eax,%edx
0x000000000040080e <+346>:   test   %edx,%edx
0x0000000000400810 <+348>:   jne    0x400819 <main+357>
0x0000000000400812 <+350>:   movl   $0x1,-0x4(%rbp)
0x0000000000400819 <+357>:   cmpl   $0x1,-0x4(%rbp)
0x000000000040081d <+361>:   jne    0x40082b <main+375>
0x000000000040081f <+363>:   mov    $0x4013b8,%edi
0x0000000000400824 <+368>:   callq  0x400568 <puts@plt>
0x0000000000400829 <+373>:   jmp    0x40083d <main+393>
0x000000000040082b <+375>:   mov    $0x401400,%eax
0x0000000000400830 <+380>:   mov    %rax,%rdi
0x0000000000400833 <+383>:   mov    $0x0,%eax
0x0000000000400838 <+388>:   callq  0x400548 <printf@plt>
0x000000000040083d <+393>:   leaveq
0x000000000040083e <+394>:   retq

我想知道的是,还有更多要找的东西。是否有特定的用户名/密码可以为我提供不同的解决方案?我是否想过这个?这应该是非常容易的......

谢谢!

0 个答案:

没有答案
相关问题
最新问题