逆向神器：Ghidra簡介及使用方法

[圖片上傳失敗...(image-95eae5-1689514318099)]

https://github.com/NationalSecurityAgency/ghidra

jdk

https://adoptium.net/zh-CN/temurin/releases/

 binwalk '/home/giantbranch/Desktop/RE_Cirno.jpg' 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             JPEG image data, JFIF standard 1.01
10764         0x2A0C          Zip archive data, at least v2.0 to extract, compressed size: 35016, uncompressed size: 172091, name: re.exe
45904         0xB350          End of Zip archive


binwalk -Me '/home/giantbranch/Desktop/RE_Cirno.jpg' 

Scan Time:     2023-07-09 07:35:21
Target File:   /home/giantbranch/Desktop/RE_Cirno.jpg
MD5 Checksum:  5ad8668b8bcd9ad5b9e0944063aa4d33
Signatures:    344

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             JPEG image data, JFIF standard 1.01
10764         0x2A0C          Zip archive data, at least v2.0 to extract, compressed size: 35016, uncompressed size: 172091, name: re.exe
45904         0xB350          End of Zip archive


Scan Time:     2023-07-09 07:35:21
Target File:   /home/giantbranch/_RE_Cirno.jpg.extracted/re.exe
MD5 Checksum:  6df009ab420867a9248befca5f829bb3
Signatures:    344

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             Microsoft executable, portable (PE)



giantbranch@ubuntu:~/_RE_Cirno.jpg.extracted$ binwalk '/home/giantbranch/Desktop/RE_Cirno.jpg' 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             JPEG image data, JFIF standard 1.01
10764         0x2A0C          Zip archive data, at least v2.0 to extract, compressed size: 35016, uncompressed size: 172091, name: re.exe
45904         0xB350          End of Zip archive

giantbranch@ubuntu:~/_RE_Cirno.jpg.extracted$ 

[圖片上傳失敗...(image-6ec5cc-1689514318099)]

use ghidra！

[圖片上傳失敗...(image-b04aa8-1689514318099)]

[圖片上傳失敗...(image-fbbffa-1689514318099)]

[圖片上傳失敗...(image-e6c8c3-1689514318099)]

[圖片上傳失敗...(image-75914e-1689514318099)]

[圖片上傳失敗...(image-a5da2e-1689514318099)]

[圖片上傳失敗...(image-e3ddf2-1689514318099)]

void FUN_0040f350(void)

{
  int iVar1;
  undefined4 *puVar2;
  undefined4 local_b0 [16];
  uint local_70;
  uint local_6c;
  int local_68;
  int local_64 [24];
  
  puVar2 = local_b0;
  for (iVar1 = 0x2b; iVar1 != 0; iVar1 = iVar1 + -1) {
    *puVar2 = 0xcccccccc;
    puVar2 = puVar2 + 1;
  }
  local_64[0] = 0x73;
  local_64[1] = 0x5e;
  local_64[2] = 0x61;
  local_64[3] = 0x72;
  local_64[4] = 0x67;
  local_64[5] = 0x2f;
  local_64[6] = 0x6b;
  local_64[7] = 0x72;
  local_64[8] = 0x41;
  local_64[9] = 0x30;
  local_64[10] = 0x31;
  local_64[11] = 0x69;
  local_64[12] = 0x75;
  local_64[13] = 0x76;
  local_64[14] = 0x65;
  local_64[15] = 0x30;
  local_64[16] = 0x71;
  local_64[17] = 0x5f;
  local_64[18] = 99;
  local_64[19] = 0x2f;
  local_64[20] = 0x5c;
  local_64[21] = 0x74;
  local_64[22] = 0x5d;
  local_64[23] = 0x66;
  for (local_68 = 0; local_68 < 0x18; local_68 = local_68 + 1) {
    local_70 = local_64[local_68] + 9U ^ 9;
    local_6c = local_70;
  }
  FUN_00401150(&DAT_00422fac);
  FUN_0040f240("pause");
  local_64[23] = 0x40f478;
  __chkesp();
  return;
}

change the code泪电！

#include<stdio.h>


void FUN_0040f350(void);


int main(void){
    FUN_0040f350();

return 0;   
    
}
void FUN_0040f350(void)

{

  int local_70;
  //int local_6c;
  int local_68;
  int local_64 [24];
  int local_64_2[24];

  local_64[0] = 0x73;
  local_64[1] = 0x5e;
  local_64[2] = 0x61;
  local_64[3] = 0x72;
  local_64[4] = 0x67;
  local_64[5] = 0x2f;
  local_64[6] = 0x6b;
  local_64[7] = 0x72;
  local_64[8] = 0x41;
  local_64[9] = 0x30;
  local_64[10] = 0x31;
  local_64[11] = 0x69;
  local_64[12] = 0x75;
  local_64[13] = 0x76;
  local_64[14] = 0x65;
  local_64[15] = 0x30;
  local_64[16] = 0x71;
  local_64[17] = 0x5f;
  local_64[18] = 99;
  local_64[19] = 0x2f;
  local_64[20] = 0x5c;
  local_64[21] = 0x74;
  local_64[22] = 0x5d;
  local_64[23] = 0x66;
  
  for (local_68 = 0; local_68 < 0x18; local_68 = local_68 + 1) {
    local_70 = (local_64[local_68] + 0x9) ^ 0x9;
    //local_6c = local_70;
    local_64_2[local_68]=local_70;
    printf("%c",local_70 );
    
  }
  //cout>>endl;
  printf("\n");
  for (local_68 = 23; local_68 > -1; local_68 = local_68 - 1) {
    //local_70 = (local_64[local_68] + 0x9) ^ 0x9;
    //local_6c = local_70;
    
    printf("%c",local_64_2[local_68] );
    
  }
  
  
  //return 0;
}

[圖片上傳失敗...(image-9caddd-1689514318099)]

[圖片上傳失敗...(image-6560-1689514318099)]

fotl1eas0gvw{30Cr}1yrcnu

flag{C1rno1sv3rycute0w0}

some files状土！
涉及的實例
https://download.csdn.net/download/m0_47210241/88053587