GDOUCTF Tea
分析
sub_140011339
sub_1400112B7
可以看到这是对xtea进行了魔改
1.这里的v6的第一轮先是032×0xF462900,一直到最后一轮是8×0xF46290040×0xF462900,那么逆向写脚本的时候就要从最后一轮一直往前走
2.然后就是这里有一个v6的异或是多的记得填上
3.这里的加密不是两两一组加密完就结束,而是第一个和第二个加密完后,再用第二个与第三个进行加密如此往复
sub_140011352
脚本
#include<stdio.h>
int decode(unsigned int* a1, unsigned int* a2)
{
__int64 result;
int v3;
int i;
unsigned int v5;
unsigned int v6;
for (i = 8; i >=0; --i)
{
v5 = 0;
v6 = 0xF462900 * i;
for (int j = 0; j <= 0x20; j++)
{
v6 += 0xF462900;
}
v3 = i + 1;
do
{
++v5;
v6 -= 0xF462900;
a1[v3] -= (v6 + a2[(v6 >> 11) & 3]) ^ (a1[i] + ((a1[i] >> 5) ^ (16 * a1[i])));
a1[i] -= v6 ^ (a1[v3] + ((a1[v3] >> 5) ^ (16 * a1[v3]))) ^ (v6 + a2[(v6 & 3)]);
} while (v5 <= 0x20);
result = (i + 1);
}
return result;
}
int main()
{
unsigned int v7[4];
unsigned int v8[10];
v7[0] = 2233;
v7[1] = 4455;
v7[2] = 6677;
v7[3] = 8899;
v8[0] = 0x1A800BDA;
v8[1] = 0xF7A6219B;
v8[2] = 0x491811D8;
v8[3] = 0xF2013328;
v8[4] = 0x156C365B;
v8[5] = 0x3C6EAAD8;
v8[6] = 0x84D4BF28;
v8[7] = 0xF11A7EE7;
v8[8] = 0x3313B252;
v8[9] = 0xDD9FE279;
decode(v8, v7);
for (int k = 0; k < 10; ++k)
{
for (int l = 3; l >= 0; --l)
printf("%c", (v8[k] >> (8 * l)));
}
}
|
