題目來源:https://ctflearn.com/index.php?action=find_problem_details&problem_id=368
原題:
Bite-code
I dunno what bytecode is. Could you tell me what?input?of 'checkNum' will return true? The flag is just a 32-bit signed integer as a decimal (nothing else.) https://mega.nz/#!1qoFgBoS!zaTNExq3Bm1MjJnePjTGQyvnvLX_xZxhbGaMv_ypaxo
打開鏈接是一個(gè)文本文件,文件原文如下:
public static boolean checkNum(int);
descriptor: (I)Z
flags: ACC_PUBLIC, ACC_STATIC
Code:
stack=2, locals=3, args_size=1
0: iload_0
1: iconst_3
2: ishl
3: istore_1
4: iload_0
5: ldc #2 // int 525024598
7: ixor
8: istore_2
9: iload_1
10: iload_2
11: ixor
12: ldc #3 // int -889275714
14: if_icmpne 21
17: iconst_1
18: goto 22
21: iconst_0
22: ireturn
LineNumberTable:
line 3: 0
line 4: 4
line 5: 9
StackMapTable: number_of_entries = 2
frame_type = 253 /* append */
offset_delta = 21
locals = [ int, int ]
frame_type = 64 /* same_locals_1_stack_item */
stack = [ int ]
根據(jù)題目提示和文件的格式,我們可以知道這是java 的字節(jié)碼嚷节。在網(wǎng)上查閱了字節(jié)碼的命令之后我寫了如下注釋:
public static boolean checkNum(int);
descriptor: (I)Z //接收一個(gè)int參數(shù)返回布爾值
flags: ACC_PUBLIC, ACC_STATIC
Code:
stack=2, locals=3, args_size=1 //stack:最大操作數(shù)棧,這里操作棧深度為2些楣;locals:局部變量所需的存儲(chǔ)空間;args_size:方法參數(shù)個(gè)數(shù)
0: iload_0 從局部變量0中裝載int類型值
1: iconst_3 將int類型常量3壓入棧,棧頂=3
2:?ishl?執(zhí)行int類型的向左移位操作
3: istore_1 將long類型值存入局部變量1
4: iload_0 從局部變量0中裝載int類型值
5:?ldc?#2 // int 525024598 把常量池中的項(xiàng)壓入棧
7:?ixor?對(duì)int類型值進(jìn)行“邏輯異或”操作
8: istore_2 將int類型值存入局部變量2
9: iload_1 從局部變量1中裝載int類型值
10: iload_2 從局部變量2中裝載int類型值
11:?ixor?對(duì)int類型值進(jìn)行“邏輯異或”操作
12:?ldc?#3 // int -889275714 把常量池中的項(xiàng)壓入棧
14: if_icmpne 21 如果兩個(gè)int類型值不相等,則跳轉(zhuǎn)
17: iconst_1 將int類型常量1壓入棧
18: goto 22
21: iconst_0 將int類型常量0壓入棧
22:?ireturn?從方法中返回int類型的數(shù)據(jù)
LineNumberTable:
line 3: 0
line 4: 4
line 5: 9
StackMapTable: number_of_entries = 2
frame_type = 253 /* append */
offset_delta = 21
locals = [ int, int ]
frame_type = 64 /* same_locals_1_stack_item */
stack = [ int ]
可以看出來這個(gè)函數(shù)將整型形參x向左移動(dòng)移動(dòng)三位存入第一個(gè)整型變量n1空幻。再將x與常量n2做異或得到的值存入n2烁峭。判斷n1異或n2的值是否與常量n3相等容客,如果相等則返回true,否則返回false约郁。這個(gè)函數(shù)寫成C語言將會(huì)是這個(gè)的:
我們可以寫一個(gè)程序來暴力破解出答案缩挑,經(jīng)過計(jì)算得到正確的值為-1352854872
Flag值就是這個(gè)數(shù)值。
