Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- int __cdecl main(int argc, const char **argv, const char **envp)
- {
- __int64 v4; // rdx
- __int64 v5; // r8
- __int64 v6; // r9
- __int64 v7; // rdx
- __int64 v8; // r8
- __int64 v9; // r9
- unsigned __int64 i; // [rsp+18h] [rbp-78h]
- unsigned __int64 j; // [rsp+20h] [rbp-70h]
- unsigned __int64 k; // [rsp+28h] [rbp-68h]
- char *INPUT_FLAG; // [rsp+30h] [rbp-60h]
- void *libc; // [rsp+40h] [rbp-50h]
- void *libgmp; // [rsp+48h] [rbp-48h]
- MP_INT a4; // [rsp+50h] [rbp-40h] BYREF
- MP_INT v17; // [rsp+60h] [rbp-30h] BYREF
- MP_INT mpint; // [rsp+70h] [rbp-20h] BYREF
- unsigned __int64 v19; // [rsp+88h] [rbp-8h]
- v19 = __readfsqword(0x28u);
- if ( argc > 1 )
- {
- INPUT_FLAG = (char *)argv[1];
- if ( strlen(INPUT_FLAG) == 40 )
- {
- libc = LoadLibraryA("libc.so.6");
- if ( !libc )
- __assert_fail("hLibc != NULL", "main.c", 0x4Au, "main");
- libgmp = LoadLibraryA("libgmp.so");
- if ( !libgmp )
- __assert_fail("hGMP != NULL", "main.c", 0x4Cu, "main");
- ResolveModuleFunction(libgmp, 0x71B5428D, &a4);// __gmpz_init
- ResolveModuleFunction(libgmp, 0x71B5428D, &v17);// __gmpz_init
- ResolveModuleFunction(libgmp, 0x71B5428D, &mpint);// __gmpz_init
- ResolveModuleFunction(libc, 0xFC7E7318, *(unsigned int *)main);// srandom
- ResolveModuleFunction(libc, 0x9419A860, _bss_start, 0LL);// setbuf
- printf("Checking...");
- for ( i = 0LL; i < 0x28; ++i )
- {
- if ( !(unsigned int)ResolveModuleFunction(libc, 0x4E8A031A, (unsigned int)INPUT_FLAG[i]) )// isprint
- {
- LABEL_21:
- puts("\nWrong.");
- goto LABEL_22;
- }
- }
- for ( j = 0LL; j < 0x28; j += 4LL )
- {
- ResolveModuleFunction(libgmp, 0xF122F362, &v17, 1LL);// __gmpz_set_ui
- for ( k = 0LL; k <= 2; ++k )
- {
- ResolveModuleFunction(libc, 0xD588A9, '.');// putchar
- v4 = (int)ResolveModuleFunction(libc, 0x7B6CEA5D) % 0x10000;// rand
- inc_while_can(libc, libgmp, v4, &a4, v5, v6);
- ResolveModuleFunction(libgmp, 0x347D865B, &v17, &v17, &a4);// __gmpz_mul
- }
- ResolveModuleFunction(libc, 0xD588A9, '.');// putchar
- v7 = (int)ResolveModuleFunction(libc, 0x7B6CEA5D) % 0x10000;// rand
- inc_while_can(libc, libgmp, v7, &mpint, v8, v9);
- ResolveModuleFunction(libgmp, 0xF122F362, &a4, *(unsigned int *)&INPUT_FLAG[j]);// __gmpz_set_ui
- ResolveModuleFunction(libgmp, 0x9023667E, &a4, &a4, &mpint, &v17);// __gmpz_powm
- if ( (unsigned int)ResolveModuleFunction(libgmp, 0xB1F820DC, &a4, encoded[j >> 2]) )// __gmpz_cmp_ui
- goto LABEL_21;
- }
- puts("\nCorrect!");
- LABEL_22:
- ResolveModuleFunction(libgmp, 0x31CC4F9F, &a4);
- ResolveModuleFunction(libgmp, 835473311, &v17);
- ResolveModuleFunction(libgmp, 835473311, &mpint);
- CloseHandle(libc);
- CloseHandle(libgmp);
- return 0;
- }
- else
- {
- puts("Nowhere near close.");
- return 0;
- }
- }
- else
- {
- printf("Usage: %s FLAG\n", *argv);
- return 1;
- }
- }
- unsigned __int64 __fastcall inc_while_can(void *a1, void *a2, __int64 a3, MP_INT *mpint, __int64 a5, __int64 a6)
- {
- char fmt[4]; // [rsp+3Ch] [rbp-24h] BYREF
- char int_str[24]; // [rsp+40h] [rbp-20h] BYREF
- unsigned __int64 v11; // [rsp+58h] [rbp-8h]
- v11 = __readfsqword(0x28u);
- *(_DWORD *)fmt = 0x2A4E700F; // decoded = "%Zd"
- ResolveModuleFunction(a2, 0xF122F362, mpint, 0LL, a5, a6);// __gmpz_set_ui // SET MPINT TO 0, OTHER ARGS ARE TRASH?
- ResolveModuleFunction(a1, 0xE75E0FFE, a3); // hcreate
- ResolveModuleFunction(a1, 0x1C46D38A, fmt, 4LL);// memfrob
- do
- {
- ResolveModuleFunction(a2, 0x7489AF98, int_str, fmt, mpint);// __gmp_sprintf
- ResolveModuleFunction(a2, 0xED3B7A10, mpint, mpint, 1LL);// __gmpz_add_ui
- }
- while ( ResolveModuleFunction(a1, 0x50AB4097, int_str, 0LL, 1LL) );// hsearch
- ResolveModuleFunction(a1, 0xAF4C09BD); // hdestroy
- ResolveModuleFunction(a2, 0x1C3EF940, mpint, mpint, 1LL);// __gmpz_sub_ui
- return v11 - __readfsqword(0x28u);
- }
- //
- .data:000056459C886020 encoded dq 0FE4C025C5F4h ; DATA XREF: main+381↑o
- .data:000056459C886028 dq 1B792FF17E8Ah
- .data:000056459C886030 dq 183B156AB40h
- .data:000056459C886038 dq 0BEFFCF5E5DAh
- .data:000056459C886040 dq 297CF86E251h
- .data:000056459C886048 dq 0EB3EDC1D4B4h
- .data:000056459C886050 dq 0FA10CE3A08h
- .data:000056459C886058 dq 2BDD418672h
- .data:000056459C886060 dq 5EBB5050EA46h
- .data:000056459C886068 dq 5BF9B73CF86h
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement