用户投稿10.Some Assembly Required 2
跟Some Assembly Required 1 一样
处理完比较可读的结果是这样
(async() => { const edgeId = _0x5c00; let _0x1adb5f = await fetch(./aD8SvhyVkb); let rpm_traffic = await WebAssembly["instantiate"](await _0x1adb5f["arrayBuffer"]()); let updatedEdgesById = rpm_traffic[instance]; exports = updatedEdgesById[exports];})();/** * @return {undefined} */function onButtonPress() { const navigatePop = _0x5c00; let params = document[getElementById](input)[value]; for (let i = 0; i < params["length"]; i++) { exports[copy_char](params[charCodeAt](i), i); } exports["copy_char"](0, params[length]); if (exports[check_flag]() == 1) { document["getElementById"](result)[ninnerHTML] = Correct; } else { document[getElementById](result)["innerHTML"] = Incorrect; }}
感觉是下面这行,但目前还是不对
把wasm档转成c档,还是不行
反编译wasm成dcmp档
看到check_flag(),可以看到是跟8做xor的结果
export function check_flag():int { var a:int = 0; var b:int = 1072; var c:int = 1024; var d:int = strcmp(c, b); var e:int = d; var f:int = a; var g:int = e != f; var h:int = -1; var i:int = g ^ h; var j:int = 1; var k:int = i & j; return k;}在看上面这段程式码,可以知道offset为1024,也就是8跟"xakgK\Ns>n;jl90;9:mjn9m<0n9::0::881<00?>u\00\00"这段做XOR,而flag应该是在1024位元后面,所以
data d_xakgKNsnjl909mjn9m0n9088100u(offset: 1024) =
"xakgK\Ns>n;jl90;9:mjn9m<0n9::0::881<00?>u\00\00";
进入python环境执行指令
微信扫一扫打赏
支付宝扫一扫打赏
