强网杯 2024 All RE wp
2024qwb
mips
作者用qemu模拟器加载mips_bin文件并手动实现了hook
我们只解mips_bin文件的话会解出一个假的flag
ida,alt+t直接搜索 23000,定位到关键函数的位置
交叉引用的话,可以发现程序对flag头与flag的长度进行了检查
之后程序对字符串进行了一个魔改的rc4加密,同时进行了一个异或操作
给出解密脚本:
#include <stdio.h>
#include <malloc.h>
#include "h_IDA.h"
unsigned char N_str[] = {0xDE, 0xAD, 0xBE, 0xEF};
unsigned char map1[256] ;
unsigned char map2[256] ;
void swap(unsigned char *inp, int x, int y) {
unsigned char ch = inp[x];
inp[x] = inp[y];
inp[y] = ch;
}
void init(){
for (int i = 0; i < 256; i++) {
unsigned char v3 = ((((unsigned char)(i << 7) | (i >> 1)) << 6) ^ 0xC0 |((unsigned char)((i << 7) | (i >> 1)) >> 2) ^ 0x3B) ^0xBE;
unsigned char out =(((unsigned char)(((16 * (((32 * v3) | (v3 >> 3)) ^ 0xAD)) | ((unsigned char)(((32 * v3) | (v3 >> 3)) ^ 0xAD) >>4)) ^ 0xDE) >>5) | (8 * (((16 * (((32 * v3) | (v3 >> 3)) ^ 0xAD)) |((unsigned char)(((32 * v3) | (v3 >> 3)) ^ 0xAD) >> 4)) ^ 0xDE)));
map1[out] = i;
map2[i] = out;
}
// for(int i=0;i<256;i++){
// printf("0x%x ",map1[i]);
// }
// puts("");
// for(int i=0;i<256;i++){
// printf("0x%x ",map2[i]);
// }
// puts("");
}
unsigned char *__fastcall en_rc4(unsigned __int8 *inp)
{
int x_1; // edx
unsigned __int8 v3; // [rsp+15h] [rbp-17Bh]
int i; // [rsp+18h] [rbp-178h]
int y; // [rsp+1Ch] [rbp-174h]
unsigned int i_1; // [rsp+20h] [rbp-170h]
int x; // [rsp+24h] [rbp-16Ch]
int v8; // [rsp+28h] [rbp-168h]
int j; // [rsp+2Ch] [rbp-164h]
int a; // [rsp+30h] [rbp-160h]
int j_1; // [rsp+34h] [rbp-15Ch]
int aa; // [rsp+3Ch] [rbp-154h]
char *key; // [rsp+40h] [rbp-150h]
unsigned __int8 *output; // [rsp+48h] [rbp-148h]
unsigned __int8 m[256]; // [rsp+80h] [rbp-110h] BYREF
__int16 v16; // [rsp+180h] [rbp-10h]
unsigned __int64 v17; // [rsp+188h] [rbp-8h]
memset(m, 0, sizeof(m));
v16 = 0;
for ( i = 0; i <= 255; ++i )
m[i] = i;
y = 0;
i_1 = 0;
key = "6105t3";
do
{
a = m[i_1];
j_1 = (unsigned __int8)(key++)[(int)(2 * (i_1 / 6 - (((0xAAAAAAAB * (unsigned __int64)i_1) >> 32) & 0xFFFFFFFC)))];
y += a + j_1;
x_1 = i_1++;
m[x_1] = m[(unsigned __int8)y];
m[(unsigned __int8)y] = a;
}
while ( i_1 != 256 );
x = 0;
v8 = 0;
output = (unsigned __int8 *)malloc(256LL);
for ( j = 0; j != 22; ++j )
{
aa = m[(unsigned __int8)++x];
v8 += aa;
m[(unsigned __int8)x] = m[(unsigned __int8)v8];
m[(unsigned __int8)v8] = aa;
output[j] = m[(unsigned char)(m[x] + m[v8])] ^ N_str[j & 3] ^ map2[inp[j + 5]];
}
return output;
}
unsigned char *__fastcall de_rc4(unsigned __int8 *inp)
{
int x_1; // edx
unsigned __int8 v3; // [rsp+15h] [rbp-17Bh]
int i; // [rsp+18h] [rbp-178h]
int y; // [rsp+1Ch] [rbp-174h]
unsigned int i_1; // [rsp+20h] [rbp-170h]
unsigned char x; // [rsp+24h] [rbp-16Ch]
unsigned char v8; // [rsp+28h] [rbp-168h]
int j; // [rsp+2Ch] [rbp-164h]
int a; // [rsp+30h] [rbp-160h]
int j_1; // [rsp+34h] [rbp-15Ch]
int aa; // [rsp+3Ch] [rbp-154h]
char *key; // [rsp+40h] [rbp-150h]
unsigned __int8 *output; // [rsp+48h] [rbp-148h]
unsigned __int8 m[256]; // [rsp+80h] [rbp-110h] BYREF
__int16 v16; // [rsp+180h] [rbp-10h]
unsigned __int64 v17; // [rsp+188h] [rbp-8h]
memset(m, 0, sizeof(m));
v16 = 0;
for ( i = 0; i <= 255; ++i )
m[i] = i;
y = 0;
i_1 = 0;
key = "6105t3";
do
{
a = m[i_1];
j_1 = (unsigned __int8)(key++)[(int)(2 * (i_1 / 6 - (((0xAAAAAAAB * (unsigned __int64)i_1) >> 32) & 0xFFFFFFFC)))];
y += a + j_1;
x_1 = i_1++;
m[x_1] = m[(unsigned __int8)y];
m[(unsigned __int8)y] = a;
}
while ( i_1 != 256 );
for(int i=0;i<256;i++){
printf("0x%x ",m[i]);
}
puts("");
x = 0;
v8 = 0;
output = (unsigned __int8 *)malloc(256LL);
for ( j = 0; j != 22; ++j )
{
aa = m[(unsigned __int8)++x];
v8 += aa;
m[(unsigned __int8)x] = m[(unsigned __int8)v8];
m[(unsigned __int8)v8] = aa;
output[j] = map1[ m[(unsigned char)(m[x] + m[v8])] ^ N_str[j & 3] ^ inp[j]];
// printf("0x%x - 0x%x - 0x%x", m[(unsigned char)(m[x] + m[v8])], N_str[j & 3],inp[j]);
}
puts("");
return output;
}
int main(){
init();
unsigned char cip[] = {0x000000C4, 0x000000EE, 0x0000003C, 0x000000BB, 0x000000E7, 0x000000FD, 0x00000067, 0x0000001D, 0x000000F8, 0x00000097, 0x00000068, 0x0000009D, 0x0000000B, 0x0000007F, 0x000000C7, 0x00000080, 0x000000DF, 0x000000F9, 0x0000004B, 0x000000A0, 0x00000046, 0x00000091};
swap(cip, 12, 16);
swap(cip, 7, 11);
for (int i = 0; i < 22; i++) {
cip[i] ^= 0xa;
}
unsigned char *m = de_rc4(cip);
printf("flag{");
for (int i = 0; i < 22; i++) {
printf("%c", (unsigned char)m[i]);
}
return 0;
}
// flag{QeMu_r3v3rs3in9_h@ck6}
其中 异或的值有反调试,调试或者attach状态下都拿不到,我们可以尝试爆破、patch、epbftrace等方法拿到
patch的话,就像这样:
patch出一个write系统调用
bpbftrace命令如下:
sudo bpftrace -e '
watchpoint:0x0007FFFF76FF942:8:x
{
$addr = 0x0007FFFF7FF4324;
printf("before rc4 watch n_STR and input \n");
@i = 0;
printf("n_STR: ");
unroll (4) {
printf("%02x,", *(uint8*)($addr + @i));
@i++;
}
printf("\n");
}
' -p pid
remem
先修elf文件,之后调试程序,注意到程序每次都会mmap,并且把shellcode放入mmap内存中执行,之后销毁,在固定基址后,mmap申请的位置是固定的,我们可以获取到每个mmap的shellcode片段,整理下来如下:
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 61626364h
0x7F722B88300C: mul rax
0x7F722B88300F: leaveq
0x7F722B883011: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 250BB52207267F10h
0x7F722B88300F: mov rbx, 3
0x7F722B883016: mul rbx
0x7F722B883019: leaveq
0x7F722B88301B: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 61626364h
0x7F722B88300C: mov rbx, 65666768h
0x7F722B883013: mul rbx
0x7F722B883016: leaveq
0x7F722B883018: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 2692C5C033CD9CA0h
0x7F722B88300F: mov rbx, 6
0x7F722B883016: mul rbx
0x7F722B883019: leaveq
0x7F722B88301B: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 65666768h
0x7F722B88300C: mov rbx, 52h ; 'R'
0x7F722B883013: mul rbx
0x7F722B883016: leaveq
0x7F722B883018: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 65666768h
0x7F722B88300C: mov rbx, 6
0x7F722B883013: mul rbx
0x7F722B883016: leaveq
0x7F722B883018: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 61626364h
0x7F722B88300C: mul rax
0x7F722B88300F: leaveq
0x7F722B883011: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 250BB52207267F10h
0x7F722B88300F: mov rbx, 2
0x7F722B883016: mul rbx
0x7F722B883019: leaveq
0x7F722B88301B: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 65666768h
0x7F722B88300C: mov rbx, 0Dh
0x7F722B883013: mul rbx
0x7F722B883016: leaveq
0x7F722B883018: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 61626364h
0x7F722B88300C: mov rbx, 11h
0x7F722B883013: mul rbx
0x7F722B883016: leaveq
0x7F722B883018: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 61626364h
0x7F722B88300C: mov rbx, 696A6B6Ch
0x7F722B883013: mul rbx
0x7F722B883016: leaveq
0x7F722B883018: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 2819D65E6074BA30h
0x7F722B88300F: mov rbx, 5
0x7F722B883016: mul rbx
0x7F722B883019: leaveq
0x7F722B88301B: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 696A6B6Ch
0x7F722B88300C: mul rax
0x7F722B88300F: leaveq
0x7F722B883011: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 2B68785BBA837590h
0x7F722B88300F: mov rbx, 5
0x7F722B883016: mul rbx
0x7F722B883019: leaveq
0x7F722B88301B: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 696A6B6Ch
0x7F722B88300C: mov rbx, 58h ; 'X'
0x7F722B883013: mul rbx
0x7F722B883016: leaveq
0x7F722B883018: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 6D6E6F70h
0x7F722B88300C: mov rbx, 696A6B6Ch
0x7F722B883013: mul rbx
0x7F722B883016: leaveq
0x7F722B883018: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 2D0FC95A678AD340h
0x7F722B88300F: mov rbx, 4
0x7F722B883016: mul rbx
0x7F722B883019: leaveq
0x7F722B88301B: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 696A6B6Ch
0x7F722B88300C: mul rax
0x7F722B88300F: leaveq
0x7F722B883011: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 2B68785BBA837590h
0x7F722B88300F: mov rbx, 5
0x7F722B883016: mul rbx
0x7F722B883019: leaveq
0x7F722B88301B: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 6D6E6F70h
0x7F722B88300C: mov rbx, 0E8h
0x7F722B883013: mul rbx
0x7F722B883016: leaveq
0x7F722B883018: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 6D6E6F70h
0x7F722B88300C: mul rax
0x7F722B88300F: leaveq
0x7F722B883011: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 2EC73A8954C25100h
0x7F722B88300F: mov rbx, 23h ; '#'
0x7F722B883016: mul rbx
0x7F722B883019: leaveq
0x7F722B88301B: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 71727374h
0x7F722B88300C: mov rbx, 8
0x7F722B883013: mul rbx
0x7F722B883016: leaveq
0x7F722B883018: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 71727374h
0x7F722B88300C: mul rax
0x7F722B88300F: leaveq
0x7F722B883011: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 32463D176F616C90h
0x7F722B88300F: mov rbx, 10h
0x7F722B883016: mul rbx
0x7F722B883019: leaveq
0x7F722B88301B: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 38B939BA0h
0x7F722B88300F: mov rbx, 2463D176F616C900h
0x7F722B883019: add rax, rbx
0x7F722B88301C: leaveq
0x7F722B88301E: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 2463D17A81AA64A0h
0x7F722B88300F: mov rbx, 653D00C696911300h
0x7F722B883019: sub rax, rbx
0x7F722B88301C: leaveq
0x7F722B88301E: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 0BF26D0B3EB1951A0h
0x7F722B88300F: mov rbx, 5E2F4391h
0x7F722B883016: xor rdx, rdx
0x7F722B883019: div rbx
0x7F722B88301C: mov rax, rdx
0x7F722B88301F: leaveq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 0D90A59CAA4914BD0h
0x7F722B88300F: mov rbx, 632C14FD80h
0x7F722B883019: add rax, rbx
0x7F722B88301C: leaveq
0x7F722B88301E: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 0D90A5A2DD0A64950h
0x7F722B88300F: mov rbx, 0B43F25699E2B4D00h
0x7F722B883019: sub rax, rbx
0x7F722B88301C: leaveq
0x7F722B88301E: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 24CB34C4327AFC50h
0x7F722B88300F: mov rbx, 5E2F4391h
0x7F722B883016: xor rdx, rdx
0x7F722B883019: div rbx
0x7F722B88301C: mov rax, rdx
0x7F722B88301F: leaveq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 0D90A59CAA4914BD0h
0x7F722B88300F: mov rbx, 243C94ED20h
0x7F722B883019: add rax, rbx
0x7F722B88301C: leaveq
0x7F722B88301E: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 0D90A59EEE12638F0h
0x7F722B88300F: mov rbx, 0C8812FD7E247A2F0h
0x7F722B883019: sub rax, rbx
0x7F722B88301C: leaveq
0x7F722B88301E: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 10892A16FEDE9600h
0x7F722B88300F: mov rbx, 5E2F4391h
0x7F722B883016: xor rdx, rdx
0x7F722B883019: div rbx
0x7F722B88301C: mov rax, rdx
0x7F722B88301F: leaveq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 526334048h
0x7F722B88300F: mov rbx, 6778899A4h
0x7F722B883019: add rax, rbx
0x7F722B88301C: leaveq
0x7F722B88301E: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 4A176A440E4CFE20h
0x7F722B88300F: mov rbx, 0B9DBBD9ECh
0x7F722B883019: add rax, rbx
0x7F722B88301C: leaveq
0x7F722B88301E: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 4A176A4FAC08D80Ch
0x7F722B88300F: mov rbx, 5E2F4391h
0x7F722B883016: xor rdx, rdx
0x7F722B883019: div rbx
0x7F722B88301C: mov rax, rdx
0x7F722B88301F: leaveq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 207ACD1F50h
0x7F722B88300F: mov rbx, 260666C70h
0x7F722B883019: add rax, rbx
0x7F722B88301C: leaveq
0x7F722B88301E: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 0E770A28136D1ABC0h
0x7F722B88300F: mov rbx, 22DB338BC0h
0x7F722B883019: add rax, rbx
0x7F722B88301C: leaveq
0x7F722B88301E: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 0E770A2A412053780h
0x7F722B88300F: mov rbx, 6F231F6615737D30h
0x7F722B883019: sub rax, rbx
0x7F722B88301C: leaveq
0x7F722B88301E: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 784D833DFC91BA50h
0x7F722B88300F: mov rbx, 5E2F4391h
0x7F722B883016: xor rdx, rdx
0x7F722B883019: div rbx
0x7F722B88301C: mov rax, rdx
0x7F722B88301F: leaveq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 286A77D6h
0x7F722B88300C: mov rbx, 42DB9F06h
0x7F722B883013: xor rax, rbx
0x7F722B883016: leaveq
0x7F722B883018: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 5E867B43h
0x7F722B88300C: mov rbx, 35368926h
0x7F722B883013: xor rax, rbx
0x7F722B883016: leaveq
0x7F722B883018: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 3AB4599Bh
0x7F722B88300C: mov rbx, 509A3978h
0x7F722B883013: xor rax, rbx
0x7F722B883016: leaveq
0x7F722B883018: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 43D5705Dh
0x7F722B88300C: mov rbx, 1EBFA92Fh
0x7F722B883013: xor rax, rbx
0x7F722B883016: leaveq
0x7F722B883018: retnq
0x7F722B883000: push rbp
0x7F722B883002: mov rbp, rsp
0x7F722B883005: mov rax, 464560F0h
0x7F722B88300C: mov rbx, 555CC98Ch
0x7F722B883013: xor rax, rbx
0x7F722B883016: leaveq
0x7F722B883018: retnq
之后编写vm解析器:
from capstone import *
opcode=[0x0F2,0x0,0x0F2,0x3,0x0F7,0x0F2,0x3,0x0F2,0x3,0x0F7,0x0F2,
3,0x0F7,0x0F2,0x3,0x0F7,0x0F2,0x0,0x0F2,0x3,0x0F7,0x0F2,
3,0x0F7,0x0F2,0x3,0x0F7,0x0F2,0x3,0x0F2,0x3,0x0F7,0x0F2,
0,0x0F2,0x3,0x0F7,0x0F2,0x3,0x0F7,0x0F2,0x3,0x0F2,0x3,0x0F7,
0x0F2,0x0,0x0F2,0x3,0x0F7,0x0F2,0x3,0x0F7,0x0F2,0x0,0x0F2,
3,0x0F7,0x0F2,0x3,0x0F7,0x0F2,0x0,0x0F2,0x3,0x0F7,0x0F0,
0,0x3,0x0F1,0x0,0x3,0x0F6,0x3,0x0F0,0x0,0x3,0x0F1,0x0,0x3,0x0F6,
3,0x0F0,0x0,0x3,0x0F1,0x0,0x3,0x0F6,0x3,0x0F0,0x0,0x3,0x0F0,
0,0x3,0x0F6,0x3,0x0F0,0x0,0x3,0x0F0,0x0,0x3,0x0F1,0x0,0x3,0x0F6,
3,0x0F7,0x0F3,0x0,0x3,0x0F3,0x0,0x3,0x0F3,0x0,0x3,0x0F3,0x0,
3,0x0F3,0x0,0x3,0x0F8]
arr=[0]*11
arr[0] = 0x61626364
arr[1] = 0x65666768
arr[2] = 0x69707172
arr[3] = 0x73747576
arr[4] = 0x7778797A
arr[5] = 0x5E2F4391
arr[6] = 0x42DB9F06
arr[7] = 0x35368926
arr[8] = 0x509A3978
arr[9] = 0x1EBFA92F
arr[10] = 0x555CC98C
v16=[0]*18
v16[0] = arr[0]
v16[1] = arr[0]
v16[2] = arr[1]
v16[3] = arr[1]
v16[4] = arr[0]
v16[5] = arr[1]
v16[6] = arr[0]
v16[7] = arr[0]
v16[8] = arr[2]
v16[9] = arr[2]
v16[10] = arr[3]
v16[11] = arr[2]
v16[12] = arr[3]
v16[13] = arr[3]
v16[14] = arr[4]
v16[15] = arr[4]
v16[16] = 0
v16[17] = 0
v15=[0]*6
ptr=[0]*9
v13 = 1
v14 = arr[0]
v10 = 0
v11 = 0
rip=0
while True:
if opcode[rip] == 0xF0:
v10-=1
# v0 = v16[v10 + 18]
print(f'{rip} v0 = v16[{v10+18}]')
v10-=1
# v1 = func0(v16[v10 + 18], v0)
print(f'{rip} v1=func0(v16[{v10+18},v0])')
# v16[v10 + 18] = v1
print(f'{rip} v16[{v10+18}] = v1')
v10+=1
rip += 3
# print('F0',end=' ')
#
elif opcode[rip] == 0xF1:
v10-=1
# v2 = v16[v10 + 18]
print(f'{rip} v2 = v16[{v10+18}]')
v10-=1
# v3 = func1(v16[v10 + 18], v2)
print(f'{rip} v3=func1(v16[{v10+18},v2])')
# v16[v10 + 18] = v3
print(f'{rip} v16[{v10+18}] = v3')
v10+=1
rip += 3
# print('F1',end=' ')
#
if opcode[rip] == 0xF2:
# v14=func2(v14)
print(f'{rip} v14=func2(v14)')
rip += 2
# print('F2',end=' ')
elif opcode[rip] == 0xF3:
v11-=1
# v14 = func3(v14 ^ v15[v11])
print(f'{rip} v14=func3(v14^v15[{v11}])')
rip += 3
# print('F3',end=' ')
#
elif opcode[rip] == 0xF5:
v10-=1
# v4 = v16[v10 + 18]
print(f'{rip} v4 = v16[{v10+18}]')
v10-=1
# v14 = func4(v16[v10 + 18], v4)
print(f'{rip} v14=func5(v16[{v10+18},v4])')
rip += 3
# print('F5',end=' ')
#
elif opcode[rip] == 0xF6:
v10-=1
print(f'{rip} v5=func5(v16[{v10+18},{hex(arr[5])}])')
print(f'{rip} v15[{v11}] = v5')
# v5 = func5(v16[v10 + 18], arr[5]%0xffffffff)
# v15[v11] = v5
rip += 2
v11+=1
# print('F6',end=' ')
#
elif opcode[rip] == 0xF7:
v6 = v10
v10+=1
# v16[v6 + 18] = v14
print(f"{rip} v16[{v6+18}] = v14")
v7 = v13
v13+=1
# v14 = v16[v7]
print(f"{rip} v14 = v16[{v7}]")
rip+=1
elif opcode[rip] == 0xF8:
print('F8',end=' ')
break
# if v14!=0:
# print('fail!')
# F2 F2 F7 F2 F2 F7 F2 F7 F2 F7 F2 F2 F7 F2 F7 F2 F7 F2 F2 F7 F2 F2 F7 F2 F7 F2 F2 F7 F2 F2 F7 F2 F7 F2 F2 F7 F2 F7 F2 F2 F7 F0 F1 F6 F0 F1 F6 F0 F1 F6 F0 F0 F6 F0 F0 F1 F6 F7 F3 F3 F3 F3 F3 F8
得到:
0 v14=func2(v14) // v14 = part1 * part1
2 v14=func2(v14) // v14 = v14 * 3
4 v16[18] = v14 // v16[18] = v14 ==> 0x6f231f6615737d30
4 v14 = v16[1] // v14 = part1
5 v14=func2(v14) // v14 = part1 * part2
7 v14=func2(v14) // v14 = v14 * 6
9 v16[19] = v14 // v16[19] = v14
9 v14 = v16[2] // v14 = part2
10 v14=func2(v14) // v14 = part2 * 0x52
12 v16[20] = v14 // v16[20] = v14
12 v14 = v16[3] // v14 = part2
13 v14=func2(v14) // v14 = part2*6
15 v16[21] = v14 // v16[21] = v14
15 v14 = v16[4] // v14 = v16[4]
16 v14=func2(v14) // v14 = part1 * part1
18 v14=func2(v14) // v14 = v14 * 2
20 v16[22] = v14 // v16[22] = v14
20 v14 = v16[5] // v14 = v16[5]
21 v14=func2(v14) // v14 = part2 * 0xd
23 v16[23] = v14 // v16[23] = v14
23 v14 = v16[6] // v14 = v16[6]
24 v14=func2(v14) // v14 = part1 * 0x11
26 v16[24] = v14 // v16[24] = v14
26 v14 = v16[7] // v14 = v16[7]
27 v14=func2(v14) // v14 = part1 * part3
29 v14=func2(v14) // v14 = v14 * 5
31 v16[25] = v14 // v16[25] = v14
31 v14 = v16[8] // v14 = v16[8]
32 v14=func2(v14) // v14 = part3 * part3
34 v14=func2(v14) // v14 = v14 * 5
36 v16[26] = v14 // v16[26] = v14
36 v14 = v16[9] // v14 = v16[9]
37 v14=func2(v14) // v14 = part3 * 0x58
39 v16[27] = v14 // v16[27] = v14
39 v14 = v16[10] // v14 = v16[10]
40 v14=func2(v14) // v14 = part3 * part4
42 v14=func2(v14) // v14 *= 4;
44 v16[28] = v14 // v16[28] = v14
44 v14 = v16[11] // v14 = v16[11]
45 v14=func2(v14) // v14 = part3 * part3
47 v14=func2(v14) // v14 *= 5
49 v16[29] = v14 // v16[29] = v14
49 v14 = v16[12] // v14 = v16[12]
50 v14=func2(v14) // v14 = part4 * 0xE8
52 v16[30] = v14 // v16[30] = v14
52 v14 = v16[13] // v14 = v16[13]
53 v14=func2(v14) // v14 = part4 * part4
55 v14=func2(v14) // v14 = v14 * 0x23
57 v16[31] = v14 // v16[31] = v14
57 v14 = v16[14] // v14 = v16[14]
58 v14=func2(v14) // v14 = part5 * 8
60 v16[32] = v14 // v16[32] = v14
60 v14 = v16[15] // v14 = v16[15]
61 v14=func2(v14) // v14 = part5*part5
63 v14=func2(v14) // v14 = v14 * 0x10
65 v16[33] = v14 // v16[33] = v14
65 v14 = v16[16] // v14 = v16[16]
66 v0 = v16[33] // v0 = v16[33]
66 v1=func0(v16[32,v0]) // v1 = v16[32] + v16[33]
66 v16[32] = v1 // v16[32] = v1
69 v2 = v16[32] // v2 = v16[32]
69 v3=func1(v16[31,v2]) // v3=v16[32] - v16[31]
69 v16[31] = v3 // v16[31] = v3
72 v5=func5(v16[31,0x5e2f4391]) // v5 = v16[31] % 0x5e2f4391
72 v15[0] = v5 // v15[0] = v5
74 v0 = v16[30] // v0 = v16[30]
74 v1=func0(v16[29,v0]) // v1 = v16[29] +v16[30]
74 v16[29] = v1 // v16[29] = v1
77 v2 = v16[29] // v2 = v16[29]
77 v3=func1(v16[28,v2]) // v3 =v16[29] -v16[28]
77 v16[28] = v3 // v16[28] = v3
80 v5=func5(v16[28,0x5e2f4391]) // v5 = v3 % 0x5e2f4391
80 v15[1] = v5 // v15[1] = v5
82 v0 = v16[27] // v0 = v16[27]
82 v1=func0(v16[26,v0]) // v1 = v16[26] + v16[27]
82 v16[26] = v1 // v16[26] = v1
85 v2 = v16[26] // v2 = v16[26]
85 v3=func1(v16[25,v2]) // v3 = v16[26] - v16[25]
85 v16[25] = v3 // v16[25] = v3
88 v5=func5(v16[25,0x5e2f4391]) // v5 =v16[25] % 0x5e2f4391
88 v15[2] = v5 // v15[2] = v5
90 v0 = v16[24] // v0 = v16[24]
90 v1=func0(v16[23,v0]) // v1 = v16[23] + v16[24]
90 v16[23] = v1 // v16[23] = v1
93 v0 = v16[23] // v0 = v16[23]
93 v1=func0(v16[22,v0]) // v1 = v16[22] + v16[23]
93 v16[22] = v1 // v16[22] = v1
96 v5=func5(v16[22,0x5e2f4391]) // v5 = v16[22] % 0x5e2f4391
96 v15[3] = v5 // v15[3] = v5
98 v0 = v16[21] // v0 = v16[21]
98 v1=func0(v16[20,v0]) // v1 = v16[21] + v16[20]
98 v16[20] = v1 // v16[20] = v1
101 v0 = v16[20] // v0 = v16[20]
101 v1=func0(v16[19,v0]) // v1 = v16[19] + v16[20]
101 v16[19] = v1 // v16[19] = v1
104 v2 = v16[19] // v2 = v16[19]
104 v3=func1(v16[18,v2]) // v3 = v16[19] - v16[18]
104 v16[18] = v3 // v16[18] = v3
107 v5=func5(v16[18,0x5e2f4391]) // v5 = v16[18] % 0x5e2f4391
107 v15[4] = v5 // v15[4] = v5
109 v16[18] = v14 // v16[18] = v14
109 v14 = v16[17] // v14 = v16[17]
110 v14=func3(v14^v15[4]) // v14 = v16[17] ^ v15[4] ^ 0x42DB9F06
113 v14=func3(v14^v15[3]) // v14 = v14 ^ v15[3] ^ 0x35368926
116 v14=func3(v14^v15[2]) // v14 = v14 ^ v15[2] ^ 0x509A3978
119 v14=func3(v14^v15[1]) // v14 = v14 ^ v15[1] ^ 0x1EBFA92F
122 v14=func3(v14^v15[0]) // v14 = v14 ^ v15[0] ^ 0x555CC98C
分析写出c语言代码:
#include <stdio.h>
unsigned char inp[100] = {0};
unsigned long long int part1,part2,part3,part4,part5;
unsigned long long int v14;
unsigned long long int v16[100];
unsigned long long int v0,v1,v2,v3,v4,v5,v6;
unsigned long long int v15[10];
int main(){
// 0x61626364 0x65666768 0x696A6B6C 0x6D6E6F70 0x71727374
// scanf("%s",inp);
scanf("%x",&part1);
scanf("%x",&part2);
scanf("%x",&part3);
scanf("%x",&part4);
scanf("%x",&part5);
// printf("0x%x\n",part1);
// printf("0x%x\n",part2);
// printf("0x%x\n",part3);
// printf("0x%x\n",part4);
// printf("0x%x\n",part5);
// part1 = inp
v14 = part1 * part1; ;
v14 = v14 * 3; ;
v16[18] = v14; ;
v14 = part1; ;
v14 = part1 * part2; ;
v14 = v14 * 6; ;
v16[19] = v14; ;
v14 = part2; ;
v14 = part2 * 0x52; ;
v16[20] = v14; ;
v14 = part2 ;
v14 = part2*6 ;
v16[21] = v14 ;
v14 = v16[4] ;
v14 = part1 * part1 ;
v14 = v14 * 2 ;
v16[22] = v14 ;
v14 = v16[5] ;
v14 = part2 * 0xd ;
v16[23] = v14 ;
v14 = v16[6] ;
v14 = part1 * 0x11 ;
v16[24] = v14 ;
v14 = v16[7] ;
v14 = part1 * part3 ;
v14 = v14 * 5 ;
v16[25] = v14 ;
v14 = v16[8] ;
v14 = part3 * part3 ;
v14 = v14 * 5 ;
v16[26] = v14 ;
v14 = v16[9] ;
v14 = part3 * 0x58 ;
v16[27] = v14 ;
v14 = v16[10] ;
v14 = part3 * part4 ;
v14 *= 4; ;
v16[28] = v14 ;
v14 = v16[11] ;
v14 = part3 * part3 ;
v14 *= 5 ;
v16[29] = v14 ;
v14 = v16[12] ;
v14 = part4 * 0xE8 ;
v16[30] = v14 ;
v14 = v16[13] ;
v14 = part4 * part4 ;
v14 = v14 * 0x23 ;
v16[31] = v14 ;
v14 = v16[14] ;
v14 = part5 * 8 ;
v16[32] = v14 ;
v14 = v16[15] ;
v14 = part5*part5 ;
v14 = v14 * 0x10 ;
v16[33] = v14 ;
v14 = v16[16] ;
v0 = v16[33] ;
v1 = v16[32] + v16[33] ;
v16[32] = v1 ;
v2 = v16[32] ;
v3=v16[32] - v16[31] ;
v16[31] = v3 ;
v5 = v16[31] % 0x5e2f4391 ;
v15[0] = v5 ;
v0 = v16[30] ;
v1 = v16[29] +v16[30] ;
v16[29] = v1 ;
v2 = v16[29] ;
v3 =v16[29] -v16[28] ;
v16[28] = v3 ;
v5 = v3 % 0x5e2f4391 ;
v15[1] = v5 ;
v0 = v16[27] ;
v1 = v16[26] + v16[27] ;
v16[26] = v1 ;
v2 = v16[26] ;
v3 = v16[26] - v16[25] ;
v16[25] = v3 ;
v5 =v16[25] % 0x5e2f4391 ;
v15[2] = v5 ;
v0 = v16[24] ;
v1 = v16[23] + v16[24] ;
v16[23] = v1 ;
v0 = v16[23] ;
v1 = v16[22] + v16[23] ;
v16[22] = v1 ;
v5 = v16[22] % 0x5e2f4391 ;
v15[3] = v5 ;
v0 = v16[21] ;
v1 = v16[21] + v16[20] ;
v16[20] = v1 ;
v0 = v16[20] ;
v1 = v16[19] + v16[20] ;
v16[19] = v1 ;
v2 = v16[19] ;
v3 = v16[19] - v16[18] ;
v16[18] = v3 ;
v5 = v16[18] % 0x5e2f4391 ;
v15[4] = v5 ;
v16[18] = v14 ;
v14 = v16[17] ;
v14 = v16[17] ^ v15[4] ^ 0x42DB9F06 ;
v14 = v14 ^ v15[3] ^ 0x35368926 ;
v14 = v14 ^ v15[2] ^ 0x509A3978 ;
v14 = v14 ^ v15[1] ^ 0x1EBFA92F ;
v14 = v14 ^ v15[0] ^ 0x555CC98C ;
// printf("0x%x\n",v14);
printf("0x%x\n",v15[0]);
printf("0x%x\n",v15[1]);
printf("0x%x\n",v15[2]);
printf("0x%x\n",v15[3]);
printf("0x%x\n",v15[4]);
if(v15[0] != 0x555CC98C && v15[1] != 0x1EBFA92F && v15[2] != 0x509A3978 && v15[3] != 0x35368926 && v15[4] != 0x42DB9F06){
printf("error\n");
}else{
printf("success\n");
}
// for(int i=0;i<34;i++){
// printf("%d : 0x%llx\n",i,v16[i]);
// }
// puts("");
// printf("v14 : 0x%x",v14);
}
gcc编译并开O3优化;
整理出来,实际是一个求同余式问题:
( (16 * part5 * part5 + 8 * part5) - 35 * part4 * part4) % 1580155793 == 1432144268;
((( 5 * part3 * part3) + 232 * part4) - 4 * part3 * part4) % 1580155793 == 515877167;
( (88 * part3 + (5 * part3 * part3) ) - 5 * part1 * part3) % 1580155793 == 1352284536;
( 2 * part1 * part1 + ( 13 * part2 + 17 * part1)) % 1580155793 == 892766502;
( (0x58 * part2 + 6 * part2 * part1) - 3 * part1 * part1) % 1580155793 == 1121689350;
其中第四个与第五个等式只含part1与part2变量,并且第四个等式的part2可以用part1来表示:
part2 = (892766502 - 2 * part1 * part1 - 17 * part1) * 13^(-1) (mod 1580155793) // 这里的13^(-1) 是13关于1580155793的逆元
那么我们直接尝试爆破:
爆破part1,2:
for part1 in range(0x20202020,0x80808080):
part2 = ((0x35368926 - 2 * part1 * part1 - 17 * part1) * 0x39f5b36d)% 0x5e2f4391
if ((0x58 * part2 + 6 * part2 * part1) - 3 * part1 * part1) % 0x5e2f4391 == 0x42DB9F06:
print(hex(part1),hex(part2));
得到:
part1 = 0x33636662
part2 = 0x336f1d5 + 0x5e2f4391
爆破 part3:
part1 = 0x33636662
for part3 in range(0x20202020,0x80808080):
if ( (88 * part3 + (5 * part3 * part3) ) - 5 * part1 * part3) % 1580155793 == 1352284536:
print(hex(part3))
爆破part4:
for part4 in range(0x20202020,0x80808080):
if ((( 5 * part3 * part3) + 232 * part4) - 4 * part3 * part4) % 1580155793 == 515877167 :
print(hex(part4))
for part1 in range(0x20202020,0x80808080):
part2 = ((0x35368926 - 2 * part1 * part1 - 17 * part1) * 0x39f5b36d)% 0x5e2f4391
if ((0x58 * part2 + 6 * part2 * part1) - 3 * part1 * part1) % 0x5e2f4391 == 0x42DB9F06:
print(hex(part1),hex(part2));
break
part1 = 0x33636662
part2 = 0x336f1d5 + 0x5e2f4391
part1 = 0x33636662
for part3 in range(0x30303030,0x80808080):
if ( (88 * part3 + (5 * part3 * part3) ) - 5 * part1 * part3) % 1580155793 == 1352284536:
print(hex(part3))
break
part3 = 0x39613138
for part4 in range(0x20202020,0x80808080):
if ((( 5 * part3 * part3) + 232 * part4) - 4 * part3 * part4) % 1580155793 == 515877167 :
print(hex(part4))
break
part4 = 0x33383261
for part5 in range(0x20202020,0x80808080):
if ( (16 * part5 * part5 + 8 * part5) - 35 * part4 * part4) % 1580155793 == 1432144268:
print(hex(part5))
from struct import pack
flag = pack(">I",0x33636662) + pack(">I",0x336f1d5 + 0x5e2f4391) +pack(">I",0x39613138) + pack(">I",0x33383261) + pack(">I",0x6132337d)
最后得到flag:
flag{3cfbaf5f9a18382aa23}
ez_vm
这道题被队友开局直接秒了,tql,下面说说我的思路
这里存在系统调用,我们对照着这张表可以恢复一些符号.
https://j00ru.vexillium.org/syscalls/nt/64/
之后手动定义结构体:
struct context{
_QWORD res_opcode;
_QWORD new_rsp;
_QWORD rax;
_QWORD rcx;
_QWORD rdx;
_QWORD rbx;
_QWORD rsp;
_QWORD rbp;
_QWORD rsi;
_QWORD rdi;
_QWORD r8;
_QWORD r9;
_QWORD r10;
_QWORD r11;
_QWORD r12;
_QWORD r13;
_QWORD r14;
_QWORD r15; // mov [rax+88h], r15
_QWORD empty1 ;
_QWORD empty2 ;
_QWORD empty3 ;
_QWORD empty4 ;
_QWORD empty5 ;
_QWORD empty6 ;
_QWORD empty7 ;
_QWORD empty8 ;
_QWORD empty9 ;
_QWORD empty10 ;
_QWORD empty11 ;
_QWORD empty12 ;
_QWORD empty13 ;
_QWORD empty14 ;
_QWORD empty15 ;
_QWORD empty16 ;
_QWORD empty17 ;
_QWORD empty18 ;
_QWORD empty19 ;
_QWORD empty20 ;
_QWORD empty21 ;
_QWORD empty22 ;
_QWORD empty23 ;
_QWORD empty24 ;
_QWORD empty25 ;
_QWORD empty26 ;
_QWORD empty27 ;
_QWORD empty28 ;
_QWORD empty29 ;
_QWORD empty30 ;
_QWORD empty31 ;
_QWORD empty32 ;
_QWORD empty33 ;
_QWORD empty34 ;
_QWORD empty35 ;
_QWORD empty36 ;
_QWORD empty37 ;
_QWORD empty38 ;
_QWORD empty39 ;
_QWORD empty40 ;
_QWORD empty41 ;
_QWORD empty42 ;
_QWORD empty43 ;
_QWORD empty44 ;
_QWORD empty45 ;
_QWORD empty46 ;
_QWORD empty47 ;
_QWORD empty48 ;
_QWORD cntBaseAddr ; // +0x210
_QWORD stackBaseAddr ; // size: 0x8000
_QWORD what3 ; // 0i64
_QWORD what4 ; // 0x1000i64
_QWORD base_addr2_rwx ; // size: 0x1000
_QWORD what6 ; // 0i64
_QWORD what7 ;
}
就像这样
下面我们可以开始分析这个vm题目了
我们对输入下内存访问断点,不断的跟踪输入流的流向,并手动打log
跟踪的过程中,发现了存储输入的地址,其中的数据发生了这样的变化:
11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff
\===>
11 66 bc ef 55 aa ff 44 99 ef 33 88 de 22 77
类似于AES的行移位
之后继续打log:
x = inp[0] << 2;
add x , 0x0000000140013000
add x, 0
x1 = x[0]
\==>
x = inp[0] << 2;
x1 = 0x0000000140013000[x+0]; ==> 0x000000009662140C
y[0] = x1
x = inp[1] << 2;
x1 = 0x0000000140013400[x+0] ==>0x000000006E600A75
y[1] = x1;
\====> 000000000014FCA0
x = inp[3] << 2;
x1 = 0x0000000140013800[x+0] => 140013AEC[0] ==> 0x00000000103DCFB3
y[2] = x[1];
4、3701215Bh
y[3]=x[1];
x = y[0]; //0x000000009662140C
x /= 2; // 0x000000004B310A06
x /= 2; // 0x0000000025988503
x /= 2; // 0x0000000012CC4281
x /= 2; // 0x0000000009662140
x /=2 ; //0x0000000004B310A0
x /= 2; //0x0000000002598850;
x /=2; // 0x00000000012CC428
x /=2; // 0x0000000000966214
x /= 2; // 0x00000000004B310A
x /= 2; //0x0000000000259885
x /= 2; // 0x000000000012CC42
x /=2; // 0x0000000000096621
x /=2 ; //0x000000000004B310
x /=2 ; //0x0000000000025988
x /=2 ; //0x0000000000012CC4
x /=2 ; //0x0000000000009662
x /=2 ; //0x0000000000004B31
x /=2 ; //0x0000000000002598
x /=2 ; //0x00000000000012CC
x /=2 ; //0x0000000000000966
x /=2 ; //0x00000000000004B3
x /=2 ; //0x0000000000000259
x /=2 ; //0x000000000000012C
x /=2 ; //0x0000000000000096
x /=2 ; //0x000000000000004B
x /=2 ; //0x0000000000000025
x /=2 ; //0x0000000000000012
x /=2 ; //0x0000000000000009
x = 0xf & x
x <<= 4;
x1 = &0x000000014005F000[x] , 14005F090h =====> 0000000000907CC0
x1 = x1[0]
x = y[1]
x = 0xf & x
x = x << 0
...
随着log的不断增加,我们可以发现这个算法用了很多关于表,并且可以发现AES白盒的特征。其实这个vm就是实现的aes白盒,明白这个之后,我们用常规的差分故障分析即可求出flag(上文有讲)
snake
贪吃蛇脚本:
注意 输入的序列最少!!! 这是重点!
import hashlib
import copy
lpAddress = [0xBD, 0xBD, 0xBD, 0xBD, 0xBD, 0xBD, 0xBD, 0xBD, 0xBD, 0xBD, 0xBD, 0x38, 0x4C, 0xB0, 0x38, 0x6D, 0xEE, 0x3F, 0xC4, 0xB4, 0xB4, 0x09, 0x6A, 0xF0, 0x38, 0x2C, 0x79, 0xF6, 0x34, 0xE9, 0x89, 0x38, 0xAC, 0x7F, 0x35, 0xD4, 0xB4, 0xB4, 0x38, 0x6D, 0x77, 0xF6, 0xB6, 0x38, 0x6D, 0x78, 0xF6, 0xB6, 0x2B, 0x18, 0xB4, 0xB4, 0xB4, 0x3B, 0x81, 0x81, 0x81, 0x81, 0xEF, 0x4E, 0x38, 0x4C, 0x7D, 0xF6, 0x33, 0xD4, 0xB4, 0xB4, 0xB0, 0xE8, 0xF4, 0xB4, 0xB4, 0xB4, 0xB4, 0xB0, 0xE8, 0xF6, 0x2B, 0x27, 0xA3, 0x1D, 0x3B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xC0, 0xB4, 0xB0, 0xF8, 0x04, 0x38, 0x89, 0xE3, 0xC3, 0xCA, 0x3B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xC0, 0xC4, 0xB0, 0xF8, 0x04, 0x38, 0xB3, 0x67, 0xE3, 0x16, 0x3B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xC0, 0xD4, 0xB0, 0xF8, 0x04, 0x38, 0xB6, 0xD3, 0xB6, 0xA9, 0x3B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xC0, 0xE4, 0xB0, 0xF8, 0x04, 0x38, 0x89, 0xD8, 0xC7, 0x33, 0x3B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xC0, 0xB4, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xB4, 0x38, 0x4C, 0xED, 0xB5, 0xD4, 0xB4, 0xB4, 0x4C, 0xF4, 0xD4, 0x2C, 0xF8, 0x85, 0x37, 0x3B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xC0, 0xC4, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xC4, 0x38, 0x4C, 0xED, 0xB5, 0xD4, 0xB4, 0xB4, 0x4C, 0xF4, 0xD4, 0x2C, 0xF8, 0x85, 0x37, 0x3B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xC0, 0xD4, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xD4, 0x38, 0x4C, 0xED, 0xB5, 0xD4, 0xB4, 0xB4, 0x4C, 0xF4, 0xD4, 0x2C, 0xF8, 0x85, 0x37, 0x3B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xC0, 0xE4, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xE4, 0x38, 0x4C, 0xED, 0xB5, 0xD4, 0xB4, 0xB4, 0x4C, 0xF4, 0xD4, 0x2C, 0xF8, 0x85, 0x37, 0xB0, 0xEC, 0xFE, 0xB4, 0xB4, 0xB4, 0xB4, 0xB4, 0xB4, 0xB4, 0x6F, 0x14, 0x4C, 0xEC, 0xFE, 0xB4, 0xB4, 0xB4, 0x2F, 0xC0, 0x2C, 0xEC, 0xFE, 0xB4, 0xB4, 0xB4, 0xCC, 0x6C, 0xFE, 0xB4, 0xB4, 0xB4, 0xB6, 0x24, 0xCC, 0x72, 0xB4, 0xB4, 0xB4, 0x3B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xC0, 0xB4, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xC4, 0x4C, 0x79, 0x85, 0x37, 0xD0, 0xD2, 0xF4, 0x5B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xE1, 0xC4, 0x4C, 0xF9, 0x05, 0x37, 0xD0, 0x62, 0x04, 0xE3, 0x60, 0x5B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xE1, 0xC4, 0xE4, 0x79, 0x05, 0x37, 0x4C, 0xE9, 0xF4, 0xCC, 0xE2, 0xE4, 0x4C, 0xE1, 0x4C, 0xF9, 0xED, 0x38, 0xF8, 0x4C, 0xE8, 0xF4, 0xF8, 0xE4, 0xE0, 0xA8, 0x4C, 0xC1, 0xE3, 0x60, 0xE4, 0x79, 0x04, 0x37, 0x4C, 0xD0, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xB4, 0x2C, 0xF8, 0x85, 0x37, 0x4C, 0xE8, 0xF6, 0x4C, 0x69, 0xF4, 0xE4, 0x40, 0x4C, 0xD0, 0x2C, 0xE8, 0xF4, 0x3B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xC0, 0xC4, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xB4, 0x4C, 0x79, 0x85, 0x37, 0xD0, 0xD2, 0xF4, 0x5B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xE1, 0xB4, 0x4C, 0xF9, 0x05, 0x37, 0xD0, 0x62, 0x04, 0xE3, 0x60, 0x5B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xE1, 0xB4, 0xE4, 0x79, 0x05, 0x37, 0x4C, 0xE9, 0xF4, 0xD0, 0x62, 0x64, 0xCC, 0xE2, 0xE4, 0x4C, 0xE1, 0x4C, 0xF9, 0xED, 0x38, 0xF8, 0x4C, 0xE8, 0xF4, 0xF8, 0xE4, 0xE0, 0xA8, 0x4C, 0xC1, 0xE3, 0x60, 0xE4, 0x79, 0x04, 0x37, 0x4C, 0xD0, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xC4, 0x2C, 0xF8, 0x85, 0x37, 0x52, 0x54, 0x2F, 0x2F, 0x2F, 0xB0, 0xEC, 0x00, 0xB4, 0xB4, 0xB4, 0xB4, 0xB4, 0xB4, 0xB4, 0x6F, 0x14, 0x4C, 0xEC, 0x00, 0xB4, 0xB4, 0xB4, 0x2F, 0xC0, 0x2C, 0xEC, 0x00, 0xB4, 0xB4, 0xB4, 0xCC, 0x6C, 0x00, 0xB4, 0xB4, 0xB4, 0xB6, 0x24, 0xCC, 0x72, 0xB4, 0xB4, 0xB4, 0x3B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xC0, 0xD4, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xE4, 0x4C, 0x79, 0x85, 0x37, 0xD0, 0xD2, 0xF4, 0x5B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xE1, 0xE4, 0x4C, 0xF9, 0x05, 0x37, 0xD0, 0x62, 0x04, 0xE3, 0x60, 0x5B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xE1, 0xE4, 0xE4, 0x79, 0x05, 0x37, 0x4C, 0xE9, 0xF4, 0xCC, 0xE2, 0xE4, 0x4C, 0xE1, 0x4C, 0xF9, 0xED, 0x38, 0xF8, 0x4C, 0xE8, 0xF4, 0xF8, 0xE4, 0xE0, 0xA8, 0x4C, 0xC1, 0xE3, 0x60, 0xE4, 0x79, 0x04, 0x37, 0x4C, 0xD0, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xD4, 0x2C, 0xF8, 0x85, 0x37, 0x4C, 0xE8, 0xF6, 0x4C, 0x69, 0xF4, 0xE4, 0x40, 0x4C, 0xD0, 0x2C, 0xE8, 0xF4, 0x3B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xC0, 0xE4, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xD4, 0x4C, 0x79, 0x85, 0x37, 0xD0, 0xD2, 0xF4, 0x5B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xE1, 0xD4, 0x4C, 0xF9, 0x05, 0x37, 0xD0, 0x62, 0x04, 0xE3, 0x60, 0x5B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xE1, 0xD4, 0xE4, 0x79, 0x05, 0x37, 0x4C, 0xE9, 0xF4, 0xD0, 0x62, 0x64, 0xCC, 0xE2, 0xE4, 0x4C, 0xE1, 0x4C, 0xF9, 0xED, 0x38, 0xF8, 0x4C, 0xE8, 0xF4, 0xF8, 0xE4, 0xE0, 0xA8, 0x4C, 0xC1, 0xE3, 0x60, 0xE4, 0x79, 0x04, 0x37, 0x4C, 0xD0, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xE4, 0x2C, 0xF8, 0x85, 0x37, 0x52, 0x54, 0x2F, 0x2F, 0x2F, 0x3B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xC0, 0xB4, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xD4, 0x4C, 0x79, 0x85, 0x37, 0x4C, 0xF8, 0x04, 0x37, 0xE3, 0xD0, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xB4, 0x2C, 0xF8, 0x85, 0x37, 0x3B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xC0, 0xC4, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xE4, 0x4C, 0x79, 0x85, 0x37, 0x4C, 0xF8, 0x04, 0x37, 0xE3, 0xD0, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xC4, 0x2C, 0xF8, 0x85, 0x37, 0x3B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xC0, 0xE4, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xB4, 0x4C, 0x79, 0x85, 0x37, 0x4C, 0xF8, 0x04, 0x37, 0xE3, 0xD0, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xE4, 0x2C, 0xF8, 0x85, 0x37, 0x3B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0xC0, 0xC4, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xD4, 0x4C, 0x79, 0x85, 0x37, 0x4C, 0xF8, 0x04, 0x37, 0xE3, 0xD0, 0x2B, 0xF4, 0xB4, 0xB4, 0xB4, 0x38, 0x4A, 0x50, 0xD4, 0x2C, 0xF8, 0x85, 0x37, 0xA0, 0xEC, 0x42, 0xB4, 0xB4, 0xB4, 0x3D, 0xA0, 0xEC, 0x52, 0xB4, 0xB4, 0xB4, 0xBE, 0xA0, 0xEC, 0x62, 0xB4, 0xB4, 0xB4, 0x51, 0xA0, 0xEC, 0x6F, 0xB4, 0xB4, 0xB4, 0x3D, 0xA0, 0xEC, 0x7F, 0xB4, 0xB4, 0xB4, 0x5B, 0xA0, 0xEC, 0x12, 0xB4, 0xB4, 0xB4, 0x8D, 0xA0, 0xEC, 0x22, 0xB4, 0xB4, 0xB4, 0x65, 0xA0, 0xEC, 0x32, 0xB4, 0xB4, 0xB4, 0xA7, 0xA0, 0xEC, 0xBF, 0xB4, 0xB4, 0xB4, 0x4D, 0xA0, 0xEC, 0xCF, 0xB4, 0xB4, 0xB4, 0xAC, 0xA0, 0xEC, 0xDF, 0xB4, 0xB4, 0xB4, 0xF8, 0xA0, 0xEC, 0xEF, 0xB4, 0xB4, 0xB4, 0x06, 0xA0, 0xEC, 0xFF, 0xB4, 0xB4, 0xB4, 0xE9, 0xA0, 0xEC, 0x8F, 0xB4, 0xB4, 0xB4, 0x3B, 0xA0, 0xEC, 0x9F, 0xB4, 0xB4, 0xB4, 0xA3, 0xA0, 0xEC, 0xAF, 0xB4, 0xB4, 0xB4, 0x31, 0xB0, 0xEC, 0xF5, 0xC4, 0xB4, 0xB4, 0xB4, 0xB4, 0xB4, 0xB4, 0x6F, 0x14, 0x4C, 0xEC, 0xF5, 0xC4, 0xB4, 0xB4, 0x2F, 0xC0, 0x2C, 0xEC, 0xF5, 0xC4, 0xB4, 0xB4, 0xCC, 0x6C, 0xF5, 0xC4, 0xB4, 0xB4, 0xB5, 0x68, 0xE6, 0x38, 0xCA, 0xEC, 0xF5, 0xC4, 0xB4, 0xB4, 0x24, 0x1B, 0xF8, 0x04, 0x37, 0x38, 0xCA, 0x6D, 0xF5, 0xC4, 0xB4, 0xB4, 0x24, 0x1B, 0x7D, 0x85, 0x42, 0xB4, 0xB4, 0xB4, 0x63, 0xD0, 0xF7, 0xF4, 0xD3, 0xC0, 0x6F, 0xF4, 0x6F, 0x00, 0xBB, 0xC4, 0x38, 0x4C, 0x3F, 0xBD, 0xBD, 0xBD, 0xBD, 0xBD]
def left(inp=None): # 向左,low-1
if inp==None:
global lpAddress
v7 = lpAddress[:]
for i in range(1152):
lpAddress[i] = v7[(i + 6) % 1152];
else:
for lpaddr in inp:
v7 = lpaddr[:]
for i in range(1152):
lpaddr[i] = v7[(i + 6) % 1152];
def right(inp=None): # 向右,low+1
if inp == None:
global lpAddress
for i in range(1152):
lpAddress[i] += 30
lpAddress[i] &= 0xff
else:
for lpaddr in inp:
for i in range(1152):
lpaddr[i] += 30
lpaddr[i] &= 0xff
def reright(inp=None): # 向右,low+1
if inp == None:
global lpAddress
for i in range(1152):
lpAddress[i] -= 30
lpAddress[i] &= 0xff
else:
for lpaddr in inp:
for i in range(1152):
lpaddr[i] -= 30
lpaddr[i] &= 0xff
def up(inp=None): # 向上,high-1
if inp ==None:
global lpAddress
for i in range(1152):
lpAddress[i] -= 0x66;
lpAddress[i] &= 0xff
else:
for lpaddr in inp:
for i in range(1152):
lpaddr[i] -= 0x66;
lpaddr[i] &= 0xff
def down(inp=None): # 向下,high+1
if inp == None:
global lpAddress
for i in range(1152):
lpAddress[i] = ((lpAddress[i] >> 5) | (lpAddress[i] << 3)) & 0xff
else:
for lpaddr in inp:
for i in range(1152):
lpaddr[i] = ((lpaddr[i] >> 5) | (lpaddr[i] << 3)) & 0xff
low_now = low_begin = 0xa
high_now = high_begin = 0xa
low_list = [0x11,0xc,0x3,0xf,0xd,0x4,0xc,0xe,0x3,0x13,0xa,0x0,0x10,0x0,0xd,0x11,0xf,0x10,0x3,0xd,0x12,0xa,0x9,0xc,0x6,0x3,0x3,0x10,0x0,0x7,0x10,0xd,0x4,0xa,0x4,0x0,0x6,0x10,0x10,0x5,0x0,0x1,0xa,0x2,0xa,0x6,0x12,0x13,0xa,0x12,0x6,0x11,0xc,0xa,0xe,0x2,0x2,0x12,0x5,0x8,0x1,0xa,0xf,0x12,0xb,0x1,0x10,0x6,0xf,0x1,0xb,0x5,0x0,0xd,0x11,0xe,0xa,0xa,0x2,0xf,0x8,0x6,0x4,0x12,0x8,0x10,0xf,0x9,0x2,0xa,0x6,0xa,0x11,0x6,0x8,0x8,0x10,0x12,0x10,0xd,0x3,0x13,0x6,0xa,0x0,0xe,0x10,0xe,0x6,0x2,0x12,0x3,0x11,0x4,0x5,0x8,0x10,0x13,0x10,0x1,0x9,0xc,0x12,0x6,0x9,0xf,0x9,0x8,0x9,0xc,0x13,0x6,0xe,0x13,0x8,0x1,0xa,0xc,0x5,0x4,0xd,0x8,0x0,0x2,0x2,0xe,0x12,0xb,0x7,0x3,0x7,0x12,0x10,0xb,0x9,0x2,0x3,0x1,0xa,0x5,0x11,0xf,0x1,0x3,0x5,0x10,0xd,0x1,0x0,0x4,0x2,0x13,0x10,0xb,0x2,0x1,0xd,0xe,0xe,0x3,0x5,0x5,0x12,0xd,0x1,0xb,0xc,0x4,0x1,0x11,0x9,0x2,0x9,0x13,0xb,0x2,0x7,0x12,0x11,0xe,0xe,0x0,0x7,0x8,0x11,0x7,0xf,0x9,0x0,0xf,0x9,0x9,0xa,0x13,0x0,0x5,0xa,0x0,0x2,0x7,0x7,0x12,0x10,0x2,0x3,0x11,0x3,0xb,0x10,0xd,0x1,0xd,0xe,0x6,0xe,0x1,0x6,0x11,0x10,0xf,0xf,0x5,0x3,0x0,0x3,0xb,0x11,0x2,0x6,0x13,0xf,0x13,0xb,0xc,0xe,0x2,0x1,0x8,0xf,0xc,0x10,0x12,0x8,0x10,0x6,0xe,0x1,0x4,0x6,0x10,0x3,0x12,0x8,0x5,0x5,0x10,0x13,0x4,0x12,0x10,0x9,0x3,0x7,0x5,0x13,0x10,0x3,0xc,0x7,0x8,0x3,0x13,0x13,0xb,0x6,0x1,0x11,0xe,0x7,0x1]
high_list = [0x0,0xa,0xb,0x9,0x12,0xa,0xa,0x10,0x7,0xe,0xb,0xf,0xb,0x10,0x3,0xc,0x3,0xe,0x13,0x11,0x9,0x11,0x8,0x4,0x3,0xb,0x6,0x5,0x1,0x4,0xa,0x7,0x13,0x8,0xd,0xc,0xf,0x7,0x6,0x10,0x9,0xc,0xc,0x9,0x8,0xf,0xd,0xa,0x0,0xb,0x4,0xc,0x13,0x9,0x4,0x10,0x3,0xf,0xe,0x4,0xf,0xd,0x4,0x1,0x9,0x13,0x10,0xe,0x1,0xd,0xd,0x4,0xd,0x12,0x7,0x4,0xc,0x6,0x12,0x9,0x7,0x4,0x7,0x3,0x12,0x1,0xe,0x10,0x4,0x3,0xd,0x3,0xb,0x2,0x13,0x10,0x9,0x6,0xa,0x11,0x2,0x13,0x12,0x5,0x10,0x10,0x4,0x7,0x9,0x11,0x10,0xf,0xc,0xd,0x4,0xe,0x9,0x11,0xe,0x1,0x0,0xf,0x1,0x2,0x12,0x7,0xd,0x7,0x8,0x6,0x12,0x8,0x1,0x12,0xa,0x5,0x1,0x3,0x10,0xb,0x1,0x1,0x9,0xa,0xc,0x3,0x7,0x11,0x1,0xd,0xd,0xa,0x2,0xb,0x8,0x9,0x6,0x5,0x5,0x12,0x10,0x1,0x1,0x8,0x13,0x8,0x13,0xe,0x8,0xd,0x6,0x2,0x3,0xc,0x11,0x9,0xe,0xd,0xc,0xd,0x3,0x2,0x6,0xb,0xe,0x4,0x11,0x1,0x2,0xb,0x4,0x11,0x3,0x11,0x11,0xc,0x12,0x13,0x3,0x8,0x11,0x4,0x12,0x2,0x7,0xc,0xa,0x0,0xe,0x13,0x8,0x1,0x8,0xb,0x9,0x8,0xd,0x9,0xc,0xd,0xb,0xd,0x4,0x8,0x10,0x9,0x0,0xc,0x0,0xa,0xe,0x1,0x9,0x13,0x8,0x2,0x11,0x10,0x12,0xc,0x8,0x11,0xe,0xd,0x3,0x10,0xa,0x6,0x6,0x13,0x12,0x5,0x6,0x7,0x7,0x10,0x10,0xa,0x9,0xc,0x0,0xe,0x12,0x3,0xf,0x13,0x5,0xa,0x12,0x1,0xc,0x4,0x10,0xf,0x12,0x1,0x8,0xa,0x6,0x10,0x9,0x10,0x2,0xe,0xc,0xa,0x10,0x8,0xd,0x6,0x9,0x10,0x13,0xd,0x5,0x9,0xf,0xe,0x8,0xf]
md5_cip = "9c06c08f882d7981e91d663364ce5e2e"
def pan_md5(inp=None):
global md5_cip
if inp==None:
global lpAddress
md5 = hashlib.md5()
md5.update(bytes(lpAddress))
encrypted_string = md5.hexdigest()
return encrypted_string == md5_cip
else:
for lpaddr in inp:
md5 = hashlib.md5()
md5.update(bytes(lpaddr))
encrypted_string = md5.hexdigest()
if encrypted_string == md5_cip:
return 1
return 0
shellcode_list = []
shellcode_list.append(copy.deepcopy(lpAddress) )
last_dir = ["","right"] # 给定初始方向
for i in range(300):
dy = high_list[i] - high_now
dx = low_list[i] - low_now
print(f"before <=> ({last_dir[0]},{last_dir[1]})")
print(f"({low_now},{high_now}) ==> ({low_list[i]},{high_list[i]}) === ({dx},{dy}) ")
if dx == 0 and dy == 0:
continue
elif dx == 0 or dy == 0:
if dx == 0:
if dy > 0: # down
if last_dir[1] == "down":
pass
elif last_dir[1] == "up":
assert 0 # 情况比较复杂,先不考虑
elif last_dir[1] == "left":
down(shellcode_list)
last_dir[1] = "down"
elif last_dir[1] == "right":
down(shellcode_list)
last_dir[1] = "down"
else:
if last_dir[1] == "down":
assert 0 # 情况比较复杂,先不考虑
elif last_dir[1] == "up":
up(shellcode_list)
last_dir[1] = "up"
elif last_dir[1] == "left":
up(shellcode_list)
last_dir[1] = "up"
elif last_dir[1] == "right":
up(shellcode_list)
last_dir[1] = "up"
elif dy == 0:
if dx > 0:
if last_dir[1] == "right":
pass
elif last_dir[1] == "left":
assert 0 # 情况比较复杂,先不考虑
elif last_dir[1] == "up":
right(shellcode_list)
last_dir[1] = "right"
elif last_dir[1] == "down":
right(shellcode_list)
last_dir[1] = "right"
else:
if last_dir[1] == "right":
assert 0 # 情况比较复杂,先不考虑
elif last_dir[1] == "left":
pass
elif last_dir[1] == "up":
left(shellcode_list)
last_dir[1] = "left"
elif last_dir[1] == "down":
left(shellcode_list)
last_dir[1] = "left"
high_now = high_list[i]
low_now = low_list[i]
elif dx > 0 and dy > 0: # 向右 + 向下
print(f"round: {i} | high_now: {high_now} | low_now: {low_now}")
print(f" | high_list[i]:{high_list[i]} | low_list[i]: {low_list[i]}")
if "right" == last_dir[1]: # 上右,下右,左下,右下
down(shellcode_list)
last_dir = ["right","down"]
elif "down" == last_dir[1]:
right(shellcode_list)
last_dir = ["down","right"]
else:
if last_dir[1] == "left":
down(shellcode_list)
right(shellcode_list)
last_dir = ["down","right"]
elif last_dir[1] == "up":
right(shellcode_list)
down(shellcode_list)
last_dir = ["right","down"]
high_now = high_list[i]
low_now = low_list[i]
elif dx > 0 and dy < 0: # 向右 + 向上
if "right" == last_dir[1]:
up(shellcode_list)
last_dir = ["right","up"]
elif "up" == last_dir[1]:
right(shellcode_list)
last_dir = ["up","right"]
else: # 之前是左下/下左方向,那我们只能按照右上/上右的顺序来到达终点
if last_dir[1] == "left":
last_dir = ["up","right"]
elif last_dir[1] == "down":
last_dir = ["right","up"]
right(shellcode_list)
up(shellcode_list)
high_now = high_list[i]
low_now = low_list[i]
elif dx < 0 and dy > 0: # 向左 + 向下
if "left" == last_dir[1]:
down(shellcode_list)
last_dir = ["left","down"]
elif "down" == last_dir[1]:
left(shellcode_list)
last_dir = ["down","left"]
else:
if last_dir[1] == "right":
last_dir = ["down","left"]
elif last_dir[1] == "up":
last_dir = ["left","down"]
left(shellcode_list)
down(shellcode_list)
high_now = high_list[i]
low_now = low_list[i]
elif dx < 0 and dy < 0: # 向左 + 向上
if "left" == last_dir[1]:
up(shellcode_list)
last_dir = ["left","up"]
elif "up" == last_dir[1]:
left(shellcode_list)
last_dir = ["up","left"]
else:
if last_dir[1] == "right":
last_dir = ["up","left"]
elif last_dir[1] == "down":
last_dir = ["left","up"]
left(shellcode_list)
up(shellcode_list)
high_now = high_list[i]
low_now = low_list[i]
if pan_md5(shellcode_list):
fp = open("./xcode.bin","wb")
fp.write(bytes(shellcode_list[0]))
fp.close()
assert 0
之后把得到的 xcode.bin文件patch到snake的程序上就能看到加密逻辑:
一个小改的tea加密
exp:
#include <cstdio>
#include <cstdint>
int main()
{
unsigned char answer[17] = { 0 };
answer[0] = 0x98;
answer[1] = 0xA0;
answer[2] = 0xD9;
answer[3] = 0x98;
answer[4] = 0xBA;
answer[5] = 0x97;
answer[6] = 0x1B;
answer[7] = 0x71;
answer[8] = 0x9B;
answer[9] = 0x81;
answer[10] = 0x44;
answer[11] = 0x2F;
answer[12] = 0x55;
answer[13] = 0xB8;
answer[14] = 0x37;
answer[15] = 0xDF;
unsigned char k[] = "W31c0m3. 2 QWBs8";
uint32_t* v = (uint32_t*)answer;
uint32_t* key = (uint32_t*)k;
v[2] ^= v[1];
v[3] ^= v[0];
v[1] ^= v[3];
v[0] ^= v[2];
constexpr uint32_t delta = 0x9E3779B9;
uint32_t sum = 0;
for (int i = 0; i < 64; ++i)
sum += delta;
for (int k = 0; k < 32; ++k)
{
v[3] -= (key[(sum >> 11) & 3] + sum) ^ (v[2] + ((v[2] >> 5) ^ (16 * v[2])));
sum -= delta;
v[2] -= (key[sum & 3] + sum) ^ (v[3] + ((v[3] >> 5) ^ (16 * v[3])));
}
for (int j = 0; j < 32; ++j)
{
v[1] -= (key[(sum >> 11) & 3] + sum) ^ (v[0] + ((v[0] >> 5) ^ (16 * v[0])));
sum -= delta;
v[0] -= (key[sum & 3] + sum) ^ (v[1] + ((v[1] >> 5) ^ (16 * v[1])));
}
printf("%s\n", answer);
return 0;
}
flag{G0@d_Snake}
mapp
推箱子小游戏,注意是要求的是箱子的移动次数
在github上找到了一个开源项目(地址忘了)
我们改一下配置文件,换成题目给的推箱子地图,即可实现自动推箱子
最后得到的箱子最小移动次数是:2、12、13、9、 21、13、25、31、3
flag求md5 再加上qwb!即可
solve2-apk
题目思路
jadx反编译不出来关键函数,字符串也搜不成功,拥抱jeb了。
安装app后,输入错误的字符串会存在一个 failure回显,jeb直接搜字符串就能定位关键函数。
这个函数混淆严重,直接copy到IJ里调试。
手动插桩一下:
cmp length
arr_v = new int[]{0x5E5440B0, 2057046228, 0x4A1ED228, 0x233FE7C, 0x96461450, -2002358035, 0xF79BFC89, 0x20C3D75F};
arr_v1 = new int[8];
arr_v1[0] |= (arr_b[0] & 0xFF) << 24
++v3
arr_v1[0] |= (arr_b[1] & 0xFF) << 16
++v3
arr_v1[0] |= (arr_b[2] & 0xFF) << 8
++v3
arr_v1[0] |= (arr_b[3] & 0xFF) << 0
++v3
arr_v1[1] |= (arr_b[4] & 0xFF) << 24
++v3
arr_v1[1] |= (arr_b[5] & 0xFF) << 16
++v3
arr_v1[1] |= (arr_b[6] & 0xFF) << 8
++v3
arr_v1[1] |= (arr_b[7] & 0xFF) << 0
++v3
arr_v1[2] |= (arr_b[8] & 0xFF) << 24
++v3
arr_v1[2] |= (arr_b[9] & 0xFF) << 16
++v3
arr_v1[2] |= (arr_b[10] & 0xFF) << 8
++v3
arr_v1[2] |= (arr_b[11] & 0xFF) << 0
++v3
arr_v1[3] |= (arr_b[12] & 0xFF) << 24
++v3
arr_v1[3] |= (arr_b[13] & 0xFF) << 16
++v3
arr_v1[3] |= (arr_b[14] & 0xFF) << 8
++v3
arr_v1[3] |= (arr_b[15] & 0xFF) << 0
++v3
arr_v1[4] |= (arr_b[16] & 0xFF) << 24
++v3
arr_v1[4] |= (arr_b[17] & 0xFF) << 16
++v3
arr_v1[4] |= (arr_b[18] & 0xFF) << 8
++v3
arr_v1[4] |= (arr_b[19] & 0xFF) << 0
++v3
arr_v1[5] |= (arr_b[20] & 0xFF) << 24
++v3
arr_v1[5] |= (arr_b[21] & 0xFF) << 16
++v3
arr_v1[5] |= (arr_b[22] & 0xFF) << 8
++v3
arr_v1[5] |= (arr_b[23] & 0xFF) << 0
++v3
arr_v1[6] |= (arr_b[24] & 0xFF) << 24
++v3
arr_v1[6] |= (arr_b[25] & 0xFF) << 16
++v3
arr_v1[6] |= (arr_b[26] & 0xFF) << 8
++v3
arr_v1[6] |= (arr_b[27] & 0xFF) << 0
++v3
arr_v1[7] |= (arr_b[28] & 0xFF) << 24
++v3
arr_v1[7] |= (arr_b[29] & 0xFF) << 16
++v3
arr_v1[7] |= (arr_b[30] & 0xFF) << 8
++v3
arr_v1[7] |= (arr_b[31] & 0xFF) << 0
++v3
v3 = 0
cmp v3 >= 8?
v4 = arr_v1[0];
v5 = arr_v1[1];
v2 = 0
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
arr_v1[0] = v4;
arr_v1[1] = v5;
v3 += 2
cmp v3 >= 8?
v4 = arr_v1[2];
v5 = arr_v1[3];
v2 = 0
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
arr_v1[2] = v4;
arr_v1[3] = v5;
v3 += 2
cmp v3 >= 8?
v4 = arr_v1[4];
v5 = arr_v1[5];
v2 = 0
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
arr_v1[4] = v4;
arr_v1[5] = v5;
v3 += 2
cmp v3 >= 8?
v4 = arr_v1[6];
v5 = arr_v1[7];
v2 = 0
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
v2 -= 0x61c88647
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
arr_v1[6] = v4;
arr_v1[7] = v5;
v3 += 2
cmp v3 >= 8?
v3 = 0
很显然是魔改的tea算法,写出解密脚本:
#tea
from ctypes import *
def encrypt(v, k):
v0, v1 = c_uint32(v[0]), c_uint32(v[1])
delta = 0x61c88647
k0, k1, k2, k3 = k[0], k[1], k[2], k[3]
total = c_uint32(0)
for i in range(32):
total.value -= delta
v0.value += (v1.value<<4 ^ v1.value) + (total.value ^ v1.value >> 5)
v1.value += (v0.value<<4 ^ v0.value) + (v0.value >> 5 ^ total.value)
return v0.value, v1.value
def decrypt(v, k):
v0, v1 = c_uint32(v[0]), c_uint32(v[1])
delta = 0x61c88647
k0, k1, k2, k3 = k[0], k[1], k[2], k[3]
total = c_uint32((-delta) * 32)
for i in range(32):
v1.value -= (v0.value<<4 ^ v0.value) + (v0.value >> 5 ^ total.value)
v0.value -= (v1.value<<4 ^ v1.value) + (total.value ^ v1.value >> 5)
total.value += delta
return v0.value, v1.value
def detea(inp:bytes,key:bytes):
from struct import pack,unpack
k = unpack("<4I",key)
inp_len = len(inp) // 4
# print(inp_len)
value = unpack(f"<{inp_len}I",inp)
res = b""
for i in range(0,inp_len,2):
v = [value[i],value[i+1]]
# x = encrypt(v,k)
x = decrypt(v,k)
res += pack("<2I",*x)
return res
def entea(inp:bytes,key:bytes):
from struct import pack,unpack
k = unpack("<4I",key)
inp_len = len(inp) // 4
# print(inp_len)
value = unpack(f"<{inp_len}I",inp)
res = b""
for i in range(0,inp_len,2):
v = [value[i],value[i+1]]
x = encrypt(v,k)
# x = decrypt(v,k)
res += pack("<2I",*x)
return res
from struct import pack
cip = [0x5e5440b0,0x7a9c08d4,0x4a1ed228,0x233fe7c,0x96461450,0x88a670ed,0xf79bfc89,0x20c3d75f]
inp = b""
for i in cip:
inp += pack("<I",i)
key = b"\x00"*16
ret = detea(inp,key)
list_ret = list((ret[0:4])[::-1] + (ret[4:8])[::-1] + (ret[8:12])[::-1] + (ret[12:16])[::-1] + (ret[16:20])[::-1] + (ret[20:24])[::-1] + (ret[24:28])[::-1] + (ret[28:32])[::-1])
print(list_ret)
# inp = b"flag{00112233445566778899aabbcc}"
# inp = (inp[0:4])[::-1] + (inp[4:8])[::-1] + (inp[8:12])[::-1] + (inp[12:16])[::-1] + (inp[16:20])[::-1] + (inp[20:24])[::-1] + (inp[24:28])[::-1] + (inp[28:32])[::-1]
# key = b"\x00"*16
# ret = entea(inp,key)
# print(ret.hex())
然鹅得到的不可见字符:
[17, 195, 233, 4, 248, 101, 84, 71, 227, 90, 246, 152, 90, 226, 43, 85, 217, 59, 232, 190, 102, 70, 79, 110, 211, 86, 122, 226, 100, 224, 42, 201]
题目还有第二层,在通过第一层的tea加密与校验后,题目会检查输入的后32字节,就在这个 successWithString函数中
同样copy代码到IJ中进行调试、手动源码插桩,得到:
0x67616c66 ^= iArr23[0](0x4a3f345a); ==> 0x2d5e583c
0x3130307b ^= iArr23[1];(0xf7aedde9) ==> 0xc69eed92 |------1
0x33323231 ^= iArr23[2]; ==> 0xdb8bd63e// 0xe8b9e40f
0x35343433 ^= iArr23[3](0xd8794bcf); ==> 0xed4d7ffc
0x19fd7394 = b(0x2d5e583c, 0, iArr20);3
0x22897166 = b(0xc69eed92, 3, iArr20);6
0xdb8bd63e ^= (0x19fd7394 + 0x22897166) + iArr23[0x8]; ==> 0x86f2e9ff // 0x20f25ac7 ===3
0xc37974ff = (0x86f2e9ff >>> 1) | (0x86f2e9ff << 31);
0xda9afff9 = (0xed4d7ffc << 1) | (0xed4d7ffc >>> 31);2
0xda9afff9 ^= ((0x22897166 * 2) + 0x19fd7394) + iArr23[0x9](0x16250e5e); ==> 0xafaf9b47 ===4
0x497ab833 = b(0xc37974ff, 0, iArr20);4
0x30ff9538 = b(0xafaf9b47, 3, iArr20);
0x2d5e583c ^= (0x497ab833 + 0x30ff9538) + iArr23[0xa]; ==> 0xf101f355//0x61e55dfe ===2
0xf880f9aa = (0xf101f355 >>> 1) | (0xf101f355 << 31);
0x8d3ddb25 = (0xc69eed92 << 1) | (0xc69eed92 >>> 31); ||||
0x2df2cbac = (((0x30ff9538 * 2) + 0x497ab833) + iArr23[0xb]) ^ 0x8d3ddb25; // 0xf5552de6 |3
0x6787df4b = b(0xf880f9aa, 0, iArr20);3
0x9d41b5e = b(0x2df2cbac, 3, iArr20);6
0xc37974ff ^= (0x6787df4b + 0x9d41b5e) + iArr23[0xc]; ==> 0x6dbae9d9 // 0x3d67a27d ===3
0xb6dd74ec = (0x6dbae9d9 >>> 1) | (0x6dbae9d9 << 31);
0x5f5f368f = (0xafaf9b47 << 1) | (0xafaf9b47 >>> 31);2
0x5f5f368f ^= ((0x9d41b5e * 2) + 0x6787df4b) + iArr23[0xd](0x21ecb038); ==> 0xc243f0b0 ===4
0x1fb2c954 = b(0xb6dd74ec, 0, iArr20);4
0x43ccd623 = b(0xc243f0b0, 3, iArr20);
0xf880f9aa ^= (0x1fb2c954 + 0x43ccd623) + iArr23[0xe]; ==> 0x3a6c9122//0x5f6cc911 ===2
0x1d364891 = (0x3a6c9122 >>> 1) | (0x3a6c9122 << 31);
0x5be59758 = (0x2df2cbac << 1) | (0x2df2cbac >>> 31); ||||
0x8695a30c = (((0x43ccd623 * 2) + 0x1fb2c954) + iArr23[0xf]) ^ 0x5be59758; // 0x3623beba |3
0xcff94abd = b(0x1d364891, 0, iArr20);3
0x540f5a39 = b(0x8695a30c, 3, iArr20);6
0xb6dd74ec ^= (0xcff94abd + 0x540f5a39) + iArr23[0x10]; ==> 0xc8e585f // 0x964a87bd ===3
0x86472c2f = (0xc8e585f >>> 1) | (0xc8e585f << 31);
0x8487e161 = (0xc243f0b0 << 1) | (0xc243f0b0 >>> 31);2
0x8487e161 ^= ((0x540f5a39 * 2) + 0xcff94abd) + iArr23[0x11](0xee57fd73); ==> 0xe2e81dc3 ===4
0x1a08621b = b(0x86472c2f, 0, iArr20);4
0x6b0391f8 = b(0xe2e81dc3, 3, iArr20);
0x1d364891 ^= (0x1a08621b + 0x6b0391f8) + iArr23[0x12]; ==> 0xc35f07bc//0x595d5b1a ===2
0x61af83de = (0xc35f07bc >>> 1) | (0xc35f07bc << 31);
0xd2b4619 = (0x8695a30c << 1) | (0x8695a30c >>> 31); ||||
0x2ff94fce = (((0x6b0391f8 * 2) + 0x1a08621b) + iArr23[0x13]) ^ 0xd2b4619; // 0x32c283cc |3
0x4661dd00 = b(0x61af83de, 0, iArr20);3
0x8bf89c61 = b(0x2ff94fce, 3, iArr20);6
0x86472c2f ^= (0x4661dd00 + 0x8bf89c61) + iArr23[0x14]; ==> 0x23e490f5 // 0xd3494379 ===3
0x91f2487a = (0x23e490f5 >>> 1) | (0x23e490f5 << 31);
0xc5d03b87 = (0xe2e81dc3 << 1) | (0xe2e81dc3 >>> 31);2
0xc5d03b87 ^= ((0x8bf89c61 * 2) + 0x4661dd00) + iArr23[0x15](0xbccb79b0); ==> 0xdeceb4f5 ===4
0x31b07561 = b(0x91f2487a, 0, iArr20);4
0x6790ca96 = b(0xdeceb4f5, 3, iArr20);
0x61af83de ^= (0x31b07561 + 0x6790ca96) + iArr23[0x16]; ==> 0x8fe6a61c//0x5507e5cb ===2
0x47f3530e = (0x8fe6a61c >>> 1) | (0x8fe6a61c << 31);
0x5ff29f9c = (0x2ff94fce << 1) | (0x2ff94fce >>> 31); ||||
0xeff622f4 = (((0x6790ca96 * 2) + 0x31b07561) + iArr23[0x17]) ^ 0x5ff29f9c; // 0xaf32b2db |3
0x474d7304 = b(0x47f3530e, 0, iArr20);3
0x5fd432f1 = b(0xeff622f4, 3, iArr20);6
0x91f2487a ^= (0x474d7304 + 0x5fd432f1) + iArr23[0x18]; ==> 0x33364523 // 0xfba26764 ===3
0x999b2291 = (0x33364523 >>> 1) | (0x33364523 << 31);
0xbd9d69eb = (0xdeceb4f5 << 1) | (0xdeceb4f5 >>> 31);2
0xbd9d69eb ^= ((0x5fd432f1 * 2) + 0x474d7304) + iArr23[0x19](0x54e5392f); ==> 0xe6467bfe ===4
0x177c0f76 = b(0x999b2291, 0, iArr20);4
0x3b4fa32b = b(0xe6467bfe, 3, iArr20);
0x47f3530e ^= (0x177c0f76 + 0x3b4fa32b) + iArr23[0x1a]; ==> 0x739a5452//0xe19d54bb ===2
0x39cd2a29 = (0x739a5452 >>> 1) | (0x739a5452 << 31);
0xdfec45e9 = (0xeff622f4 << 1) | (0xeff622f4 >>> 31); ||||
0xd48e563b = (((0x3b4fa32b * 2) + 0x177c0f76) + iArr23[0x1b]) ^ 0xdfec45e9; // 0x7d46be06 |3
0x5c8a91bd = b(0x39cd2a29, 0, iArr20);3
0xea722412 = b(0xd48e563b, 3, iArr20);6
0x999b2291 ^= (0x5c8a91bd + 0xea722412) + iArr23[0x1c]; ==> 0x852ab142 // 0xd5b4de04 ===3
0x429558a1 = (0x852ab142 >>> 1) | (0x852ab142 << 31);
0xcc8cf7fd = (0xe6467bfe << 1) | (0xe6467bfe >>> 31);2
0xcc8cf7fd ^= ((0xea722412 * 2) + 0x5c8a91bd) + iArr23[0x1d](0x2589f418); ==> 0x9a743a04 ===4
0xc975685 = b(0x429558a1, 0, iArr20);4
0x7a975dc0 = b(0x9a743a04, 3, iArr20);
0x39cd2a29 ^= (0xc975685 + 0x7a975dc0) + iArr23[0x1e]; ==> 0xff9357b8//0x3f2fc94c ===2
0x7fc9abdc = (0xff9357b8 >>> 1) | (0xff9357b8 << 31);
0xa91cac77 = (0xd48e563b << 1) | (0xd48e563b >>> 31); ||||
0x18f4c030 = (((0x7a975dc0 * 2) + 0xc975685) + iArr23[0x1f]) ^ 0xa91cac77; // 0xb0225a42 |3
0x89d6ba0f = b(0x7fc9abdc, 0, iArr20);3
0xc674cb34 = b(0x18f4c030, 3, iArr20);6
0x429558a1 ^= (0x89d6ba0f + 0xc674cb34) + iArr23[0x20]; ==> 0x5c9f732e // 0xcdbea64c ===3
0x2e4fb997 = (0x5c9f732e >>> 1) | (0x5c9f732e << 31);
0x34e87409 = (0x9a743a04 << 1) | (0x9a743a04 >>> 31);2
0x34e87409 ^= ((0xc674cb34 * 2) + 0x89d6ba0f) + iArr23[0x21](0xcc7ded88); ==> 0xd7d649f6 ===4
0x6b5a3141 = b(0x2e4fb997, 0, iArr20);4
0x3bf01654 = b(0xd7d649f6, 3, iArr20);
0x7fc9abdc ^= (0x6b5a3141 + 0x3bf01654) + iArr23[0x22]; ==> 0x2d657a15//0xab628a34 ===2
0x96b2bd0a = (0x2d657a15 >>> 1) | (0x2d657a15 << 31);
0x31e98060 = (0x18f4c030 << 1) | (0x18f4c030 >>> 31); ||||
0xb7b0d8b8 = (((0x3bf01654 * 2) + 0x6b5a3141) + iArr23[0x23]) ^ 0x31e98060; // 0xa31efaef |3
0x64ec4e34 = b(0x96b2bd0a, 0, iArr20);3
0x82e4ece7 = b(0xb7b0d8b8, 3, iArr20);6
0x2e4fb997 ^= (0x64ec4e34 + 0x82e4ece7) + iArr23[0x24]; ==> 0xd7bc1e35 // 0x12226c87 ===3
0xebde0f1a = (0xd7bc1e35 >>> 1) | (0xd7bc1e35 << 31);
0xafac93ed = (0xd7d649f6 << 1) | (0xd7d649f6 >>> 31);2
0xafac93ed ^= ((0x82e4ece7 * 2) + 0x64ec4e34) + iArr23[0x25](0x5a7315c8); ==> 0x6a85ae27 ===4
0xfeb287a4 = b(0xebde0f1a, 0, iArr20);4
0x36fe6679 = b(0x6a85ae27, 3, iArr20);
0x96b2bd0a ^= (0xfeb287a4 + 0x36fe6679) + iArr23[0x26]; ==> 0x4163ca4c//0xa2208929 ===2
0x20b1e526 = (0x4163ca4c >>> 1) | (0x4163ca4c << 31);
0x6f61b171 = (0xb7b0d8b8 << 1) | (0xb7b0d8b8 >>> 31); ||||
0x812f8133 = (((0x36fe6679 * 2) + 0xfeb287a4) + iArr23[0x27]) ^ 0x6f61b171; // 0x819edbac |3
0xebde0f1a ^= iArr23[4](0xe1429065) ==> 0xa9c9f7f // 0xe1429065
0x6a85ae27 ^= iArr23[5](0xb67e9807); ==> 0xdcfb3620
0x20b1e526 ^= iArr23[6](0x704d77b4); ==> 0x50fc9292
0x812f8133 ^= iArr23[7](0xedd067b7); ==> 0x6cffe684
cmp en_inp, final_cip
dump en_inp:
0x7f,0x9f,0x9c,0xa,0x20,0x36,0xfb,0xdc,0x92,0x92,0xfc,0x50,0x84,0xe6,0xff,0x6c,
dump final cip:
0x9f,0x2e,0x80,0xd3,0x38,0x22,0x16,0xdf,0xec,0x96,0xfc,0x8f,0x1a,0x22,0x88,0x73,
整理出加密函数为:
void enc() {
unsigned int N1 = inp1 ^ iArr23[0];
unsigned int N2 = inp2 ^ iArr23[1];
unsigned int N3 = inp3 ^ iArr23[2];
unsigned int N4 = inp4 ^ iArr23[3];
unsigned int x1 = 0;
unsigned int x2 = 0;
for (int i = 0; i < 8; i += 1) {
x1 = b(N1, 0, iArr20);
x2 = b(N2, 3, iArr20);
N3 ^= (x1 + x2) + iArr23[8 + i * 4 + 0];
N3 = Rror(N3, 1);
N4 = Lror(N4, 1);
N4 ^= ((x2 * 2) + x1) + iArr23[8 + i * 4 + 1];
x1 = b(N3, 0, iArr20);
x2 = b(N4, 3, iArr20);
N1 ^= (x1 + x2) + iArr23[8 + i * 4 + 2];
N1 = Rror(N1, 1);
N2 = Lror(N2, 1);
N2 ^= (((x2 * 2) + x1) + iArr23[8 + i * 4 + 3]);
}
N3 ^= iArr23[4];
N4 ^= iArr23[5];
N1 ^= iArr23[6];
N2 ^= iArr23[7];
}
exp
事实上这只是前16字节的加密,还有后16字节的加密,加密算法并不一样,不过后16字节的加密就一个 xor
给出后32字节的exp:
#include <stdio.h>
unsigned int inp1 = 0x67616c66;
unsigned int inp2 = 0x3130307b;
unsigned int inp3 = 0x33323231;
unsigned int inp4 = 0x35343433;
unsigned int iArr23[40] = { 0x4a3f345a,0xf7aedde9,0xe8b9e40f,0xd8794bcf,0xe1429065,0xb67e9807,0x704d77b4,0xedd067b7,0x20f25ac7,0x16250e5e,0x61e55dfe,0xf5552de6,0x3d67a27d,0x21ecb038,0x5f6cc911,0x3623beba,0x964a87bd,0xee57fd73,0x595d5b1a,0x32c283cc,0xd3494379,0xbccb79b0,0x5507e5cb,0xaf32b2db,0xfba26764,0x54e5392f,0xe19d54bb,0x7d46be06,0xd5b4de04,0x2589f418,0x3f2fc94c,0xb0225a42,0xcdbea64c,0xcc7ded88,0xab628a34,0xa31efaef,0x12226c87,0x5a7315c8,0xa2208929,0x819edbac };
unsigned int iArr20[1024] = { 0x9797f5c4,0x6929a9a9,0xd8d888a0,0x33d17c7c,0xc3c399b4,0x4fb22121,0xa3a35c97,0x6ec1f6f6,0x6e6ecf2b,0x77840b0b,0x1a1ae09d,0xef3af9f9,0x94948f36,0xa7608787,0x6d6db5d9,0x3bdb7272,0xb5b53d79,0xaa346161,0x3131272c,0x6526a0a0,0xeaead57e,0xf321ecec,0xededd07a,0x5d108a8a,0x2c2cc2b5,0x9a084545,0x161661ee,0x485a7e7e,0x404086e5,0x2576d0d0,0xe8e85e05,0xd5ba6464,0x73732ab2,0x2e918686,0xcccc6235,0xa5d63030,0x5c5c92f5,0xccff9999,0xdbdbf252,0x78665a5a,0x9999ffcc,0x396dc5c5,0xababa212,0x82165757,0x3e3edcad,0xaf6a8989,0xbcbc3275,0x62ceffff,0xf9f93aef,0xb499c3c3,0xcfcf18c7,0xae316666,0x9f9f0b41,0xd309d4d4,0x18186be6,0xe5864040,0x5a5a6678,0xbe75656,0x88889b26,0xa23e6f6f,0x3939d9a9,0xa088d8d8,0x7070504,0x27c06767,0x6767c027,0x1c1b1515,0x70705040,0x95ea1414,0x2828bd43,0xe730f7f7,0x9090f0c0,0xa9d93939,0xcaca96b8,0xc8fa9e9e,0x272746c2,0x73810c0c,0xf8f8cb66,0xb896caca,0x494989e9,0xe8d2a6a6,0xb1b1428f,0x951e1e1,0xbebeb90e,0xeb3ffefe,0xe7e7a584,0x8e195e5e,0x53536974,0x5efdd2d2,0xfefe3feb,0x181e1212,0x8585ebdc,0x85fe0808,0x42420d9e,0xecd7a1a1,0x6969ca2f,0x9cbbf5f5,0x4e4e8ced,0x154af4f4,0xb4b4ccf0,0xd54e6e6,0xacaca716,0x72dae3e3,0x9c9c71b3,0x52f2dbdb,0x77775544,0xb1c72b2b,0x12121e18,0xd6573c3c,0xc7c7e642,0x229e8f8f,0xf3f34f11,0xb3719c9c,0xe5e52eff,0xf8c6baba,0x98980e45,0xdceb8585,0x525298fd,0x4c5f7979,0xf7f730e7,0xe0d8a8a8,0xa6a6d2e8,0xc4f59797,0xc9c9ec4a,0xba207d7d,0xa0a75fe,0xed8c4e4e,0x7575de3f,0xd9b56d6d,0x111164ea,0x53a93434,0x5d5d637c,0x59158d8d,0x101f189,0x8df40606,0x7c7cd133,0x6f9a1919,0x808065a3,0xdb03dada,0x29294cca,0xca4c2929,0x6b6b4154,0x3fde7575,0x2222c8bd,0x834db8b8,0x7f7fabc1,0xd4e18b8b,0x32325dde,0xff2ee5e5,0xdada03db,0x86135050,0x1414ea95,0x584e6262,0xbfbf4887,0x7d38b2b2,0x7b7bd437,0xb09cc4c4,0x7e7e5a48,0x2d7cdede,0x9b9b74b7,0xfe25151,0xfbfbb194,0x60784848,0x4a4af31b,0x303c2424,0x3a3aa35b,0x44557777,0xdfdf8da4,0xd2523b3b,0x1c1c1410,0x47b82f2f,0x2b2bc7b1,0x89f10101,0x2f2fb847,0x5af8d5d5,0x8d8d1559,0xb9cd2525,0x4b4b0292,0x6c774141,0xd2d2fd5e,0xee611616,0xdede7c2d,0x13f94444,0x9e9efac8,0x5ba33a3a,0xa2a2ad1e,0x2b6b7b7,0xb2b2387d,0xf1975b5b,0x89896aaf,0xa3658080,0x5e5e198e,0x7532bcbc,0x6f6f3ea2,0xbb7b9292,0x202043c6,0xc1ab7f7f,0x9a9a853e,0x9de01a1a,0xa1a1d7ec,0xeb9bebe,0xd0d07625,0x328a9393,0xf0f035e3,0xcf12c1c1,0xd3d30cd7,0xc718cfcf,0xf4f44a15,0x49019191,0x5b5b97f1,0x8b47b6b6,0x15151b1c,0xf4c9b3b3,0xaeae2c6d,0x2173d7d7,0x1313ef91,0x54416b6b,0x4343fc17,0xc0f09090,0x3434a953,0xbf7e9595,0x6363bfd1,0x94b1fbfb,0xe4e4df76,0x14111b1b,0xcecee94e,0x16a7acac,0x57571682,0x8f42b1b1,0xfafa401d,0x7ed5eaea,0x7676a4cd,0xe335f0f0,0xe6e6540d,0x9f56adad,0x8a8a105d,0x242d3f3f,0x606f48d,0xe66b1818,0x666631ae,0xb22a7373,0xeeeeaa88,0xf0ccb4b4,0x6464bad5,0x450e9898,0xafafdde4,0x1eada2a2,0x4141776c,0xd8ee8282,0x8b8be1d4,0x1bf34a4a,0x3b3b52d2,0x2fca6969,0x84841a55,0x9e0d4242,0x4545089a,0xcda47676,0xaaaa539b,0x3d68c2c2,0x6a6ab0dd,0x99e51d1d,0x8282eed8,0xea641111,0x4f4f7d64,0xfd985252,0xf1f1c46a,0xf724ebeb,0x7d7d20ba,0x56f7dcdc,0xd6d682a8,0x6d2caeae,0x8e8e6fab,0xbc93cdcd,0x4d4df61f,0x8748bfbf,0xa8a8d8e0,0x975ca3a3,0x74742fb6,0x1aa8a5a5,0x7272db3b,0xde5d3232,0x10109563,0x2c273131,0xb7b7b602,0xbe257a7a,0xd9d97929,0x4bb72626,0x93938a32,0xc31dc8c8,0xbabac6f8,0x9b53aaaa,0x46467268,0xe4ddafaf,0x68683ba6,0x9359a4a4,0xb3b3c9f4,0xfcc3bdbd,0x8181942a,0x511f8383,0x1e1e9f6b,0x3e859a9a,0xcbcb6731,0x57ac3333,0xa4a45993,0x551a8484,0x3f3f2d24,0x6123a7a7,0x9090f0c,0x63951010,0xe0e0a08,0x10141c1c,0xe9e9af8c,0x67901717,0xc6c617cb,0x6b9f1e1e,0x19199a6f,0x37d47b7b,0xd0d70fa,0xc9a17171,0x17179067,0x7b8b0202,0x83831f51,0x7e85f5f,0xefef5b01,0x50446c6c,0x3c3c57d6,0xb62f7474,0xa7a72361,0x1d40fafa,0xe0e0a080,0x46e3c0c0,0xc2c2683d,0xd70cd3d3,0xb9b9bc0a,0x4aecc9c9,0x2d2d333c,0xf27a0303,0x79795f4c,0x368f9494,0xdcdcf756,0x40507070,0xa9a92969,0xc5ae7878,0x92927bbb,0x1945fdfd,0x353558da,0x20283838,0xa0a02665,0x38362a2a,0x5058e7f,0xddb06a6a,0xfcfcb490,0x0,0xbdbdc3fc,0x55ee8e8,0x1f1f6ee2,0x76dfe4e4,0x8f8f9e22,0x410b9f9f,0x9d9d803a,0xe26e1f1f,0xd5d5f85a,0x88aaeeee,0xdddd06df,0xa1d33737,0x91910149,0x81fb0f0f,0x59591c8a,0x66cbf8f8,0x54546c70,0x3a809d9d,0x8c8ce4d0,0x4050707,0x6060c523,0xcb17c6c6,0x2028b7b,0x793db5b5,0x48487860,0x98bef2f2,0x2626b74b,0xc2462727,0xd7d77321,0x42e6c7c7,0xf6f6c16e,0x1ff64d4d,0x50501386,0x92024b4b,0x1b1b1114,0x7c635d5d,0xd1d187ac,0xdf06dddd,0x23233934,0x8a1c5959,0x9696044d,0x6ac4f1f1,0x808fe85,0x2bcf6e6e,0xecec21f3,0x5c4b6565,0xc1c112cf,0xa882d6d6,0x95957ebf,0xfa700d0d,0x3030d6a5,0xe1834747,0x7878aec5,0xf5925c5c,0x5f5fe807,0x269b8888,0x2121b24f,0xda583535,0x1d1de599,0x2979d9d9,0xe2e22bfb,0xd1bf6363,0x2525cdb9,0x3167cbcb,0x3333ac57,0xf67f0404,0x474783e1,0x80a0e0e,0x5151e20f,0x17fc4343,0x6c6c4450,0x43bd2828,0x7171a1c9,0xb7749b9b,0x3737d3a1,0x74695353,0xc5c56d39,0x114ff3f3,0xc0c0e346,0x706c5454,0xa5a5a81a,0x80a0e0e0,0x0,0x2a948181,0x4c4c0796,0x84a5e7e7,0xcdcd93bc,0xfe750a0a,0x878760a7,0x15befef,0x36362228,0x7f8e0505,0x55559df9,0x3c332d2d,0x616134aa,0xf99d5555,0xb0b8477,0x68724646,0x2e2e49ce,0xc6432020,0x5656e70b,0xbdc82222,0x2a2a3638,0x7ad0eded,0x8686912e,0xab6f8e8e,0x65654b5c,0xac87d1d1,0x7a7a25be,0x4d049696,0xf0ffb81,0xe9894949,0xf5f5bb9c,0x34392323,0xe1e15109,0xa63b6868,0x4444f913,0x3ed5858,0x3037af2,0x5fa63d3d,0x38382820,0x90b4fcfc,0xc4c49cb0,0xfb2be2e2,0xb6b6478b,0x6b3b0b0,0xfdfd4519,0x96074c4c,0xd4d409d3,0x23c56060,0x24243c30,0x3562cccc,0xbbbb3771,0x91ef1313,0xc0c8173,0xaddc3e3e,0xb0b0b306,0x28223636,0xf2f2be98,0x12a2abab,0xadad569f,0xd0e48c8c,0x5858ed03,0xce492e2e,0x62624e58,0x7137bbbb,0x3d3da65f,0x8cafe9e9,0xebeb24f7,0x647d4f4f,0xffffce62,0xc0f0909,0xe3e3da72,0xabcb9b9,0xb8b84d83,0x4ee9cece,0x4047ff6,0xa48ddfdf,0xc8c81dc3,0xb5c22c2c,0x5d7c5d63,0xee82d8ee,0x9cb39c71,0xb6b702b6,0x29ca294c,0x8347e183,0xbe0ebeb9,0x5f794c5f,0x74b6742f,0x1914901,0xf59cf5bb,0x56ad9f56,0xfc90fcb4,0xe3c046e3,0x35da3558,0xea1495ea,0x89af896a,0x6c54706c,0xab12aba2,0xdb723bdb,0xdddfdd06,0x9b88269b,0xed7aedd0,0xbf63d1bf,0x5cf55c92,0x8f94368f,0xd8a0d888,0xceff62ce,0x16ee1661,0xcbf866cb,0x5f075fe8,0xa171c9a1,0x1fe21f6e,0xdae372da,0x4d1f4df6,0x8459a08,0x3cd63c57,0x95106395,0x39a939d9,0xada21ead,0x20c62043,0xde753fde,0xb770b84,0x1dc8c31d,0xd4d3d409,0xf090c0f,0x9845980e,0x492ece49,0xad9fad56,0xf64d1ff6,0x32de325d,0x573cd657,0xf866f8cb,0xd17c33d1,0x88508fe,0xe7560be7,0x149514ea,0xcf6e2bcf,0x9d3a9d80,0xed5803ed,0x66ae6631,0x91862e91,0x3a5b3aa3,0xa5e784a5,0x3f243f2d,0xab7fc1ab,0xa6e8a6d2,0xb3b006b3,0xd6a8d682,0x7e95bf7e,0xae6dae2c,0xca692fca,0xcb31cb67,0x79d92979,0xf810ffb,0xc56023c5,0xd55ad5f8,0x859a3e85,0xdadbda03,0x6f8eab6f,0x6b546b41,0x975bf197,0x8d598d15,0xe85f07e8,0x441344f9,0x32bc7532,0x17671790,0x7b92bb7b,0xbc75bc32,0xba64d5ba,0xbf87bf48,0xff99ccff,0x602360c5,0xe6c742e6,0xc730c81,0x2d3f242d,0x57825716,0x1a84551a,0xa8e0a8d8,0x750afe75,0x6c506c44,0x3af9ef3a,0x196f199a,0x42b18f42,0xf66ef6c1,0x700dfa70,0x9f419f0b,0xc72bb1c7,0xb006b0b3,0x6580a365,0x78c578ae,0xf94413f9,0x10631095,0xfa9ec8fa,0xe2fbe22b,0x72466872,0x49e94989,0xb06addb0,0xe372e3da,0x12c1cf12,0xd1acd187,0x4627c246,0x90c090f0,0x3ffeeb3f,0xd929d979,0xfdd25efd,0x2ece2e49,0xb9f410b,0x73b2732a,0xbef298be,0x76cd76a4,0x158d5915,0x812a8194,0x749bb774,0x214f21b2,0x96cab896,0x9436948f,0xc6baf8c6,0x655c654b,0x13508613,0xcab8ca96,0x9e8f229e,0x459a4508,0x77416c77,0xa397a35c,0xb82f47b8,0x580358ed,0x24ebf724,0x794c795f,0xa63d5fa6,0xaa9baa53,0x6116ee61,0x22bd22c8,0x1f83511f,0xbdfcbdc3,0xd630a5d6,0xb883b84d,0x87d1ac87,0x2d3c2d33,0x23a76123,0x7e487e5a,0x2be2fb2b,0xcdbccd93,0x6dc5396d,0xcfc7cf18,0x55774455,0xa493a459,0xc1f66ec1,0x63d163bf,0xbbf59cbb,0xbaf8bac6,0x59a49359,0x1c101c14,0x332d3c33,0x1d991de5,0xf10189f1,0x70407050,0x6dddf06,0xc6cbc617,0x62cc3562,0x431743fc,0x16578216,0x47e14783,0x4964d04,0x1218121e,0xaaee88aa,0x8455841a,0xc22cb5c2,0x2cb52cc2,0x4b655c4b,0x2bb12bc7,0xa8a51aa8,0xb27db238,0xd337a1d3,0x5e8e5e19,0xb7264bb7,0x264b26b7,0x8e057f8e,0x87a78760,0xa2ab12a2,0xde2dde7c,0xb9be0eb9,0xb702b7b6,0x3b68a63b,0x71c971a1,0xe9ce4ee9,0xe5ffe52e,0x840b7784,0x4f644f7d,0x51e10951,0xc94ac9ec,0x9cc4b09c,0xc046c0e3,0x37bb7137,0x1a9d1ae0,0xa0e080a,0xa1eca1d7,0x54e60d54,0xf7e7f730,0xa7ac16a7,0xd721d773,0xa33a5ba3,0x57f058e,0xf8d55af8,0xfd19fd45,0x5835da58,0x52fd5298,0x48bf8748,0xe98ce9af,0x719cb371,0x4a1b4af3,0x39233439,0x6add6ab0,0x4af4154a,0x2a382a36,0x8c4eed8c,0xe476e4df,0x27312c27,0x77447755,0xd5ea7ed5,0x6dd96db5,0x5ee8055e,0x50865013,0x29a96929,0x68a6683b,0x8a93328a,0x7b377bd4,0x30f7e730,0x40e54086,0x207dba20,0x92bb927b,0xe2510fe2,0x38203828,0xc3bdfcc3,0x964d9604,0xf090c0f0,0x27b028b,0x94812a94,0x753f75de,0xb2214fb2,0xebf7eb24,0xfe0885fe,0x723b72db,0x108a5d10,0x90c090f,0x68c23d68,0x692f69ca,0x3e6fa23e,0xea7eead5,0x2ee5ff2e,0x8cd08ce4,0x53aa9b53,0x8826889b,0x8640e586,0xc1cfc112,0x47b68b47,0x9a3e9a85,0xe01a9de0,0x8bd48be1,0x3dadb03,0xef01ef5b,0x1b151c1b,0xa761a723,0xa93453a9,0xe805e85e,0x67cb3167,0x3bd23b52,0x22362822,0x68d06f4,0x635d7c63,0xf415f44a,0xa476cda4,0x30a530d6,0xe48cd0e4,0x7dba7d20,0x4ff3114f,0x151c151b,0xddafe4dd,0xfb94fbb1,0x4320c643,0xdfa0d70,0x8b027b8b,0x7fc17fab,0x5bef015b,0xb4f0b4cc,0x665a7866,0xe60de654,0xccb4f0cc,0xd25ed2fd,0x7f04f67f,0x7abe7a25,0xd47b37d4,0x8eab8e6f,0xef1391ef,0x61aa6134,0x195e8e19,0xc4b0c49c,0xdfe476df,0xb68bb647,0x5070405,0x36283622,0xd8a8e0d8,0x510f51e2,0xd2a6e8d2,0x560b56e7,0x2cae6d2c,0x5bf15b97,0x4db8834d,0x18e6186b,0xe98450e,0xff62ffce,0x9d4d309,0x11ea1164,0xcd3d70c,0xb579b53d,0x7a03f27a,0x5a785a66,0x6b18e66b,0xb18fb142,0xd0ed7ad0,0x335733ac,0xeb85dceb,0x4b924b02,0xc822bdc8,0x8a5d8a10,0x3db5793d,0x6258624e,0xb56dd9b5,0x4eed4e8c,0x9a196f9a,0x598a591c,0x35f0e335,0xc23dc268,0x6e1fe26e,0x46684672,0xd429e0d,0xc742c7e6,0x9852fd98,0x9bb79b74,0xfc4317fc,0x37a137d3,0x3461aa34,0x80a38065,0xfb0f81fb,0xd3d7d30c,0x9f1e6b9f,0xdfa4df8d,0xe51d99e5,0x2f472fb8,0x6a89af6a,0xfeebfe3f,0xf2db52f2,0x9332938a,0x50704050,0xfa1dfa40,0xd7a1ecd7,0xe080e0a0,0xbcb90abc,0x672767c0,0x446c5044,0x53745369,0x925cf592,0xbb71bb37,0x5d32de5d,0xb90ab9bc,0x74c9607,0xcc35cc62,0xc06727c0,0x25b925cd,0xcd25b9cd,0x862e8691,0x4e62584e,0x5470546c,0x3166ae31,0x416c4177,0xdc3eaddc,0xc3b4c399,0x362a3836,0x85dc85eb,0xc9b3f4c9,0xecf3ec21,0x257abe25,0xe784e7a5,0x1c598a1c,0xf311f34f,0x8949e989,0x312c3127,0xc4f16ac4,0xafe0a75,0xf34a1bf3,0x1e6b1e9f,0xf4068df4,0xdb52dbf2,0x17c6cb17,0x3d5f3da6,0x28382028,0x7c337cd1,0x24b9202,0x99cc99ff,0x90176790,0x2430243c,0x8ddfa48d,0x55f9559d,0x6087a760,0x4f6047f,0xbd2843bd,0xa065a026,0xafe98caf,0xf9eff93a,0x73d72173,0x48604878,0xd939a9d9,0x8f228f9e,0x809d3a80,0xd025d076,0x141c1014,0x345334a9,0x416b5441,0x1b141b11,0x82d6a882,0x91499101,0xa0e080a0,0x27c22746,0x78486078,0xf16af1c4,0xac3357ac,0xb3f4b3c9,0x76d02576,0x9ec89efa,0xb4fc90b4,0x8351831f,0x5a7e485a,0xe080e0a,0xf7dc56f7,0x64d564ba,0x88d8a088,0xdc56dcf7,0xae78c5ae,0x97c497f5,0x7cde2d7c,0x6e2b6ecf,0x810c7381,0xf298f2be,0x38b27d38,0x4c964c07,0x2a73b22a,0xe109e151,0x3c24303c,0xf0e3f035,0xe18bd4e1,0xc8c3c81d,0x45fd1945,0x23342339,0xb1fb94b1,0x82d882ee,0x7d4f647d,0x3f2037a,0x523bd252,0xa51aa5a8,0x21ecf321,0x18901f1,0x26a06526,0x7040705,0xf597c4f5,0xee88eeaa,0x9d55f99d,0xa21ea2ad,0x69537469,0xce4ecee9,0x93cdbc93,0xa969a929,0xecc94aec,0x429e420d,0x5ca3975c,0x139113ef,0x4c29ca4c,0x95bf957e,0x40fa1d40,0x0,0x1e12181e,0x3ead3edc,0x18cfc718,0xac16aca7,0x6411ea64,0xafe4afdd,0x2f74b62f,0x284328bd,0x99c3b499,0xc539c56d,0x111b1411,0x6fa26f3e,0x0 };
unsigned int Rror(unsigned int m, int cnt) {
return (m >> cnt) | (m << (32 - cnt));
}
unsigned int Lror(unsigned int m, int cnt) {
return (m << cnt) | (m >> (32 - cnt));
}
unsigned char get_byte1(unsigned int v) {
return v >> 8 & 0xFF;
}
unsigned char get_byte2(unsigned int v) {
return v >> 16 & 0xFF;
}
unsigned char get_high_byte(unsigned int v) {
return v >> 24 & 0xFF;
}
unsigned char get_byte_by_mode(unsigned int v, int mode) {
switch (mode % 4) {
case 0: {
return v & 0xFF;
}
case 1: {
return get_byte1(v);
}
case 2: {
return get_byte2(v);
}
case 3: {
return get_high_byte(v);
}
default: {
return 0;
}
}
}
unsigned int b(unsigned int v, int mode_0_3, unsigned int arr_v[]) {
unsigned v2 = arr_v[get_byte_by_mode(v, mode_0_3) * 2] ^ arr_v[get_byte_by_mode(v, mode_0_3 + 1) * 2 + 1] ^ arr_v[get_byte_by_mode(v, mode_0_3 + 2) * 2 + 0x200];
return arr_v[get_byte_by_mode(v, mode_0_3 + 3) * 2 + 0x201] ^ v2;
}
void enc() {
unsigned int N1 = inp1 ^ iArr23[0];
unsigned int N2 = inp2 ^ iArr23[1];
unsigned int N3 = inp3 ^ iArr23[2];
unsigned int N4 = inp4 ^ iArr23[3];
unsigned int x1 = 0;
unsigned int x2 = 0;
for (int i = 0; i < 8; i += 1) {
x1 = b(N1, 0, iArr20);
x2 = b(N2, 3, iArr20);
N3 ^= (x1 + x2) + iArr23[8 + i * 4 + 0];
N3 = Rror(N3, 1);
N4 = Lror(N4, 1);
N4 ^= ((x2 * 2) + x1) + iArr23[8 + i * 4 + 1];
x1 = b(N3, 0, iArr20);
x2 = b(N4, 3, iArr20);
N1 ^= (x1 + x2) + iArr23[8 + i * 4 + 2];
N1 = Rror(N1, 1);
N2 = Lror(N2, 1);
N2 ^= (((x2 * 2) + x1) + iArr23[8 + i * 4 + 3]);
}
N3 ^= iArr23[4];
N4 ^= iArr23[5];
N1 ^= iArr23[6];
N2 ^= iArr23[7];
printf("0x%x --- 0x%x --- 0x%x --- 0x%x\n", N3, N4, N1, N2);
}
void hexdump(unsigned int inp) {
printf("%c", inp & 0xff);
printf("%c", (inp >> 8) & 0xff);
printf("%c", (inp >> 16) & 0xff);
printf("%c", (inp >> 24) & 0xff);
}
bool test_dec() {
unsigned int N3 = 0xa9c9f7f;
unsigned int N4 = 0xdcfb3620;
unsigned int N1 = 0x50fc9292;
unsigned int N2 = 0x6cffe684;
unsigned int x1 = 0;
unsigned int x2 = 0;
N3 ^= iArr23[4];
N4 ^= iArr23[5];
N1 ^= iArr23[6];
N2 ^= iArr23[7];
for (int i = 7; i >= 0; i--) {
x1 = b(N3, 0, iArr20);
x2 = b(N4, 3, iArr20);
N1 = Lror(N1, 1);
N1 ^= (x1 + x2) + iArr23[8 + i * 4 + 2];
N2 ^= (((x2 * 2) + x1) + iArr23[8 + i * 4 + 3]);
N2 = Rror(N2, 1);
x1 = b(N1, 0, iArr20);
x2 = b(N2, 3, iArr20);
N3 = Lror(N3, 1);
N3 ^= (x1 + x2) + iArr23[8 + i * 4 + 0];
N4 ^= ((x2 * 2) + x1) + iArr23[8 + i * 4 + 1];
N4 = Rror(N4, 1);
}
unsigned int inp1 = N1 ^ iArr23[0];
unsigned int inp2 = N2 ^ iArr23[1];
unsigned int inp3 = N3 ^ iArr23[2];
unsigned int inp4 = N4 ^ iArr23[3];
if (inp1 != 0x67616c66 || inp2 != 0x3130307b || inp3 != 0x33323231 || inp4 != 0x35343433) {
return 0;
}
//hexdump(inp1);
//hexdump(inp2);
//hexdump(inp3);
//hexdump(inp4);
return 1;
}
void dec1() {
if (!test_dec()) {
printf("error dec algorithm!!!\n");
getchar();
return;
}
unsigned int N3 = 0xd3802e9f;
unsigned int N4 = 0xdf162238;
unsigned int N1 = 0x8ffc96ec;
unsigned int N2 = 0x7388221a;
unsigned int x1 = 0;
unsigned int x2 = 0;
N3 ^= iArr23[4];
N4 ^= iArr23[5];
N1 ^= iArr23[6];
N2 ^= iArr23[7];
for (int i = 7; i >= 0; i--) {
x1 = b(N3, 0, iArr20);
x2 = b(N4, 3, iArr20);
N1 = Lror(N1, 1);
N1 ^= (x1 + x2) + iArr23[8 + i * 4 + 2];
N2 ^= (((x2 * 2) + x1) + iArr23[8 + i * 4 + 3]);
N2 = Rror(N2, 1);
x1 = b(N1, 0, iArr20);
x2 = b(N2, 3, iArr20);
N3 = Lror(N3, 1);
N3 ^= (x1 + x2) + iArr23[8 + i * 4 + 0];
N4 ^= ((x2 * 2) + x1) + iArr23[8 + i * 4 + 1];
N4 = Rror(N4, 1);
}
unsigned int inp1 = N1 ^ iArr23[0];
unsigned int inp2 = N2 ^ iArr23[1];
unsigned int inp3 = N3 ^ iArr23[2];
unsigned int inp4 = N4 ^ iArr23[3];
hexdump(inp1);
hexdump(inp2);
hexdump(inp3);
hexdump(inp4);
//printf("\n");
}
void dec2() {
unsigned char cip[] = { 0xa9,0xd9,0x76,0xbd ,0x77,0xbb,0x56,0x9a ,0x31,0xb3,0xde,0xa8 ,0x65,0x8e,0x1a,0x32 };
unsigned char key[] = { 0xe9 ,0x9c,0x40,0xf9,0x47,0xe2,0x19,0xcc,0x6,0xdb,0x97,0xc6,0xe,0xdd,0x2a,0x4f };
for (int i = 0; i < 16; i++) {
printf("%c", cip[i] ^ key[i]);
}
puts("");
}
int main() {
//enc();
dec1();
dec2();
return 0;
}
得到flag:
flag{iT3N0t7H@tH@E6D0YOV7hInkS0}
校验一下flag
var flag = String("flag{00112233445566778899aabbcc}flag{iT3N0t7H@tH@E6D0YOV7hInkS0}");
Java.perform(function(){
var targetClass = Java.use("H0.a");
var ret = targetClass.successWithString(flag);
console.log(ret);
});
这里我用frida主动调用来校验flag是否正确:
事实证明是正确的
附件
附手动源码插桩的java文件:
./main.java:
import java.util.Arrays;
import java.lang.Thread;
public class Main {
public static void main(String[] args) throws InterruptedException {
op_input();
System.out.println("finish~");
}
static boolean z;
public static void op_input() throws InterruptedException {
String s = "flag{00112233445566778899aabbcc}flag{00112233445566778899aabbcc}";
// String s = "flag{00112233445566778899aabbcc}xxxx{xxxxxxxxxxxxxxxxxxxxxxxxxx}";
// String s = "flag{00112233445566778899aabbcc}flag{iT3N0t7H@tH@E6D0YOV7hInkS0}";
byte[] arr_b = new byte[0];
int[] arr_v = new int[0];
int[] arr_v1 = new int[0];
int v1 = 0;
int v2 = 0;
int v3 = 0;
int v4 = 0;
int v5 = 0;
int v6 = 0;
long v7 = 0x5BE935D0EDBFE83CL;
int v8 = 24;
System.out.printf("v2 = 0\n");
while(Long.compare(v7, 0L) != 0) {
long v9 = 0x404C98D80D628D27L;
if(Long.compare(v7, 0x404C98D80D628D27L) == 0) {
arr_v1[v1] = 0;
v7 = 0x767AEC22C91BE2BFL;
}
long v10 = 8904566903685903062L;
if(Long.compare(v7, 8904566903685903062L) == 0) {
v7 = 0x29CB0C5AA5BA5210L;
}
long v11 = 0x7F6F5B8E28C072CFL;
if(Long.compare(v7, 0x7F6F5B8E28C072CFL) == 0) {
v2 -= 1640531527;
System.out.printf("v2 -= 0x61c88647\n");
v7 = 0x1E7D57CBFEE24485L;
}
long v12 = 0x123CFD69BDE0364DL;
if(Long.compare(v7, 0x123CFD69BDE0364DL) == 0) {
++v3;
System.out.printf("++v3\n");
v7 = 0x3C57CEFFB4FFAFF4L;
}
long v13 = 2705319197673083720L;
if(Long.compare(v7, 2705319197673083720L) == 0) {
v7 = v8 == 0 ? 0x250D59D18CBA666DL : 0x7032C3F4B5EFAB31L;
}
long v14 = 0x41593FC8BF139758L;
if(Long.compare(v7, 0x41593FC8BF139758L) == 0) {
v7 = 0x69E4449C056151ACL;
v8 = 24;
}
if(Long.compare(v7, 0x1F45282B0E978C91L) == 0) {
v7 = 0x380BE8BE1044EE6DL;
}
long v15 = 0x2CEBD4941DD371AAL;
if(Long.compare(v7, 0x29CB0C5AA5BA5210L) == 0) {
v3 = 0;
System.out.printf("v3 = 0\n");
v7 = 0x2CEBD4941DD371AAL;
}
if(Long.compare(v7, 0x5260B3C741DB1316L) == 0) {
v7 = 0x39E2DF14B65FB5B7L;
}
if(v7 == 0x380BE8BE1044EE6DL) {
arr_v1[v1] |= (arr_b[v3] & 0xFF) << v8;
System.out.printf("arr_v1[%d] |= (arr_b[%d] & 0xFF) << %d\n",v1,v3,v8);
}
else {
v13 = v7;
}
if(Long.compare(v13, 0x2CEBD4941DD371AAL) == 0) {
v13 = v3 >= 8 ? 0x2A7EB92B8AF86758L : 2503205216640455778L;
System.out.printf("cmp v3 >= 8?\n");
}
long v16 = 0x55CB210B059B852DL;
long v17 = 0x5335127A3A0A4907L;
if(Long.compare(v13, 0x55CB210B059B852DL) == 0) {
v8 += -8;
v13 = 0x5335127A3A0A4907L;
}
long v18 = 2368350050472760653L;
if(Long.compare(v13, 2368350050472760653L) == 0) {
v13 = 0x5A88D049059402F6L;
}
long v19 = 0x26D3DBBBECB952A4L;
if(v13 == 0x26D3DBBBECB952A4L) {
z = false;
System.out.println("errror");
break;
}
if(v13 != 0x7032C3F4B5EFAB31L) {
v16 = v13;
}
if(v16 == 0x5335127A3A0A4907L) {
++v3;
System.out.printf("++v3\n");
v16 = 0x767AEC22C91BE2BFL;
}
if(v16 == 0x69E4449C056151ACL) {
++v1;
}
else {
v17 = v16;
}
long v20 = 0x169A506C8792840DL;
if(v17 == 0x169A506C8792840DL) {
v3 += 2;
System.out.printf("v3 += 2\n");
}
else {
v15 = v17;
}
long v21 = 8829928630187910250L;
if(v15 != 8829928630187910250L) {
v11 = v15;
}
if(Long.compare(v11, 0x1E7D57CBFEE24485L) == 0) {
v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;
System.out.printf("v4 = (v5 << 4 ^ v5) + (v2 ^ v5 >>> 5) + v4;\n");
v11 = 0x50E57F91E168FAC9L;
}
long v22 = 8153458827322010710L;
long v23 = 0x2654EF16F510CF25L;
if(Long.compare(v11, 8153458827322010710L) == 0) {
v2 = 0;
System.out.printf("v2 = 0\n");
v11 = 0x2654EF16F510CF25L;
}
long v24 = 0x2981462384F2153CL;
if(Long.compare(v11, 0x2981462384F2153CL) == 0) {
arr_v = new int[]{0x5E5440B0, 2057046228, 0x4A1ED228, 0x233FE7C, 0x96461450, -2002358035, 0xF79BFC89, 0x20C3D75F};
System.out.printf("arr_v = new int[]{0x5E5440B0, 2057046228, 0x4A1ED228, 0x233FE7C, 0x96461450, -2002358035, 0xF79BFC89, 0x20C3D75F};\n");
v11 = 0x62E816E54253B307L;
}
if(Long.compare(v11, 0x33C51F874ED9F174L) == 0) {
v6 = 0x20;
v11 = 0x4D784B3DF54B096FL;
}
if(v11 != 0x767AEC22C91BE2BFL) {
v10 = v11;
}
else if(v3 < 0x20) {
v10 = 0x1F45282B0E978C91L;
}
if(v10 == 0x2A7EB92B8AF86758L) {
v3 = 0;
System.out.printf("v3 = 0\n");
v10 = 0x3C57CEFFB4FFAFF4L;
}
if(Long.compare(v10, 0x2654EF16F510CF25L) != 0) {
v21 = v10;
}
else if(v6 > 0) {
--v6;
}
else {
--v6;
v21 = 0x1E65F68B123E6E17L;
}
if(Long.compare(v21, 0x5BE935D0EDBFE83CL) == 0) {
v21 = s.length() >= 0x20 ? 0x1E47617FF0CE8BE3L : 0x7C99975CB23FC36BL;
System.out.printf("cmp length\n");
}
if(v21 == 0x1E47617FF0CE8BE3L) {
arr_b = Arrays.copyOf(s.getBytes(), 0x20);
arr_b = new byte[]{17, (byte)195, (byte)233, 4, (byte)248, 101, 84, 71, (byte)227, 90, (byte)246, (byte)152, 90, (byte)226, 43, 85, (byte)217, 59, (byte)232, (byte)190, 102, 70, 79, 110, (byte)211, 86, 122, (byte)226, 100, (byte)224, 42, (byte)201};
}
else {
v24 = v21;
}
if(Long.compare(v24, 0x1E65F68B123E6E17L) == 0) {
arr_v1[v3] = v4;
System.out.printf("arr_v1[%d] = v4;\n",v3);
v24 = 0x6F35E9E1070E87BEL;
}
if(Long.compare(v24, 0x3C57CEFFB4FFAFF4L) != 0) {
v18 = v24;
}
else if(v3 >= 8) {
v18 = 0x752D25A60BA93D48L;
}
if(v18 == 0x752D25A60BA93D48L) {
z = H0.a.successWithString(s);
System.out.println("call successWithString...");
// Thread.sleep(5000);
break;
}
if(v18 != 0x250D59D18CBA666DL) {
v14 = v18;
}
if(v14 == 0x62E816E54253B307L) {
arr_v1 = new int[8];
System.out.printf("arr_v1 = new int[8];\n");
}
else {
v9 = v14;
}
if(v9 != 0x5A88D049059402F6L) {
v12 = v9;
}
else if(arr_v1[v3] != arr_v[v3]) {
v12 = 0x5260B3C741DB1316L;
System.out.printf("arr_v1[%d] != arr_v[%d]\n",v3,v3);
}
if(v12 != 0x7C99975CB23FC36BL) {
v19 = v12;
}
if(v19 == 2503205216640455778L) {
v19 = 0x33C51F874ED9F174L;
}
if(v19 == 0x6F35E9E1070E87BEL) {
arr_v1[v3 + 1] = v5;
System.out.printf("arr_v1[%d] = v5;\n",v3+1);
}
else {
v20 = v19;
}
v7 = 0x491A503216BAC9F4L;
if(v20 == 0x491A503216BAC9F4L) {
v5 = arr_v1[v3 + 1];
System.out.printf("v5 = arr_v1[%d];\n",v3 + 1);
}
else {
v22 = v20;
}
if(v22 == 0x50E57F91E168FAC9L) {
v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;
System.out.printf("v5 = (v4 << 4 ^ v4) + (v4 >>> 5 ^ v2) + v5;\n");
}
else {
v23 = v22;
}
if(v23 != 0x39E2DF14B65FB5B7L) {
if(v23 == 0x4D784B3DF54B096FL) {
v4 = arr_v1[v3];
System.out.printf("v4 = arr_v1[%d];\n",v3);
continue;
}
v7 = v23;
continue;
}
z = false;
System.out.println("errorrrr");
break;
}
System.out.printf("dump N_cip:\n");
for(int i=0;i<8;i++){
System.out.printf("0x%x,",arr_v[i]);
}
System.out.printf("\n");
System.out.printf("dump inp_Cip:\n");
for(int i=0;i<8;i++){
System.out.printf("0x%x,",arr_v1[i]);
}
System.out.printf("\n");
if (z == true){
System.out.println("success");
Thread.sleep(5000);
}
}
}
./H0/a.java:
package H0;
import java.lang.reflect.Array;
import java.util.Arrays;
/* loaded from: classes.dex */
public abstract class a {
/* renamed from: a */
public static final byte[][] f318a = {new byte[]{-87, 103, -77, -24, 4, -3, -93, 118, -102, -110, Byte.MIN_VALUE, 120, -28, -35, -47, 56, 13, -58, 53, -104, 24, -9, -20, 108, 67, 117, 55, 38, -6, 19, -108, 72, -14, -48, -117, 48, -124, 84, -33, 35, 25, 91, 61, 89, -13, -82, -94, -126, 99, 1, -125, 46, -39, 81, -101, 124, -90, -21, -91, -66, 22, 12, -29, 97, -64, -116, 58, -11, 115, 44, 37, 11, -69, 78, -119, 107, 83, 106, -76, -15, -31, -26, -67, 69, -30, -12, -74, 102, -52, -107, 3, 86, -44, 28, 30, -41, -5, -61, -114, -75, -23, -49, -65, -70, -22, 119, 57, -81, 51, -55, 98, 113, -127, 121, 9, -83, 36, -51, -7, -40, -27, -59, -71, 77, 68, 8, -122, -25, -95, 29, -86, -19, 6, 112, -78, -46, 65, 123, -96, 17, 49, -62, 39, -112, 32, -10, 96, -1, -106, 92, -79, -85, -98, -100, 82, 27, 95, -109, 10, -17, -111, -123, 73, -18, 45, 79, -113, 59, 71, -121, 109, 70, -42, 62, 105, 100, 42, -50, -53, 47, -4, -105, 5, 122, -84, Byte.MAX_VALUE, -43, 26, 75, 14, -89, 90, 40, 20, 63, 41, -120, 60, 76, 2, -72, -38, -80, 23, 85, 31, -118, 125, 87, -57, -115, 116, -73, -60, -97, 114, 126, 21, 34, 18, 88, 7, -103, 52, 110, 80, -34, 104, 101, -68, -37, -8, -56, -88, 43, 64, -36, -2, 50, -92, -54, 16, 33, -16, -45, 93, 15, 0, 111, -99, 54, 66, 74, 94, -63, -32}, new byte[]{117, -13, -58, -12, -37, 123, -5, -56, 74, -45, -26, 107, 69, 125, -24, 75, -42, 50, -40, -3, 55, 113, -15, -31, 48, 15, -8, 27, -121, -6, 6, 63, 94, -70, -82, 91, -118, 0, -68, -99, 109, -63, -79, 14, Byte.MIN_VALUE, 93, -46, -43, -96, -124, 7, 20, -75, -112, 44, -93, -78, 115, 76, 84, -110, 116, 54, 81, 56, -80, -67, 90, -4, 96, 98, -106, 108, 66, -9, 16, 124, 40, 39, -116, 19, -107, -100, -57, 36, 70, 59, 112, -54, -29, -123, -53, 17, -48, -109, -72, -90, -125, 32, -1, -97, 119, -61, -52, 3, 111, 8, -65, 64, -25, 43, -30, 121, 12, -86, -126, 65, 58, -22, -71, -28, -102, -92, -105, 126, -38, 122, 23, 102, -108, -95, 29, 61, -16, -34, -77, 11, 114, -89, 28, -17, -47, 83, 62, -113, 51, 38, 95, -20, 118, 42, 73, -127, -120, -18, 33, -60, 26, -21, -39, -59, 57, -103, -51, -83, 49, -117, 1, 24, 35, -35, 31, 78, 45, -7, 72, 79, -14, 101, -114, 120, 92, 88, 25, -115, -27, -104, 87, 103, Byte.MAX_VALUE, 5, 100, -81, 99, -74, -2, -11, -73, 60, -91, -50, -23, 104, 68, -32, 77, 67, 105, 41, 46, -84, 21, 89, -88, 10, -98, 110, 71, -33, 52, 53, 106, -49, -36, 34, -55, -64, -101, -119, -44, -19, -85, 18, -94, 13, 82, -69, 2, 47, -87, -41, 97, 30, -76, 80, 4, -10, -62, 22, 37, -122, 86, 85, 9, -66, -111}};
/* renamed from: b */
public static final int[][] f319b = (int[][]) Array.newInstance((Class<?>) Integer.TYPE, 4, 256);
static {
int i2;
int i3;
int i4;
int i5;
int i6;
int i7;
int i8;
int i9;
int i10;
for (int i11 = 0; i11 < 256; i11++) {
byte[][] bArr = f318a;
byte b2 = bArr[0][i11];
int i12 = b2 & 255;
int i13 = i12 >> 2;
int i14 = b2 & 2;
int i15 = 180;
if (i14 != 0) {
i2 = 180;
} else {
i2 = 0;
}
int i16 = i2 ^ i13;
int i17 = b2 & 1;
if (i17 != 0) {
i3 = 90;
} else {
i3 = 0;
}
int i18 = ((i16 ^ i3) ^ i12) & 255;
int i19 = i12 >> 1;
if (i17 != 0) {
i4 = 180;
} else {
i4 = 0;
}
int i20 = (i19 ^ i4) ^ i12;
if (i14 != 0) {
i5 = 180;
} else {
i5 = 0;
}
int i21 = i13 ^ i5;
if (i17 != 0) {
i6 = 90;
} else {
i6 = 0;
}
int i22 = ((i6 ^ i21) ^ i20) & 255;
int i23 = bArr[1][i11];
int i24 = i23 & 255;
int[] iArr = {i12, i24};
int i25 = i24 >> 2;
int i26 = i23 & 2;
if (i26 != 0) {
i7 = 180;
} else {
i7 = 0;
}
int i27 = i7 ^ i25;
int i28 = i23 & 1;
if (i28 != 0) {
i8 = 90;
} else {
i8 = 0;
}
int[] iArr2 = {i18, ((i27 ^ i8) ^ i24) & 255};
int i29 = i24 >> 1;
if (i28 != 0) {
i9 = 180;
} else {
i9 = 0;
}
int i30 = i24 ^ (i29 ^ i9);
if (i26 == 0) {
i15 = 0;
}
int i31 = i25 ^ i15;
if (i28 != 0) {
i10 = 90;
} else {
i10 = 0;
}
int[] iArr3 = {i22, ((i10 ^ i31) ^ i30) & 255};
int[][] iArr4 = f319b;
int[] iArr5 = iArr4[0];
int i32 = iArr[1] | (iArr2[1] << 8);
int i33 = iArr3[1];
iArr5[i11] = i32 | (i33 << 16) | (i33 << 24);
int[] iArr6 = iArr4[1];
int i34 = iArr3[0];
iArr6[i11] = i34 | (i34 << 8) | (iArr2[0] << 16) | (iArr[0] << 24);
int[] iArr7 = iArr4[2];
int i35 = iArr2[1];
int i36 = iArr3[1];
iArr7[i11] = i35 | (i36 << 8) | (iArr[1] << 16) | (i36 << 24);
int[] iArr8 = iArr4[3];
int i37 = iArr2[0];
iArr8[i11] = (iArr3[0] << 16) | (iArr[0] << 8) | i37 | (i37 << 24);
}
}
// public static final int a(int i2, int i3, int[] input)
public static int cnt=0;
public static final int a(int i2, int i3, int[] iArr) {
System.out.printf("0x%08x --- 0x%08x\n",iArr[0],iArr[1]);
int i4;
int i5;
int i6 = i3 & 255;
int g2 = g(i3);
int h2 = h(i3);
int i7 = i(i3);
int i8 = iArr[0];
int i9 = iArr[1];
int i10 = iArr[2];
int i11 = iArr[3];
int i12 = i2 & 3;
int[][] iArr2 = f319b;
byte[][] bArr = f318a;
cnt += 1;
if (cnt==40){
System.out.printf("here\n");
}
System.out.printf("cnt: %d === i3: 0x%x\n",cnt,i3);
if (i12 != 0) {
if (i12 != 1) {
if (i12 != 2) {
if (i12 != 3) {
return 0;
}
}
int[] iArr3 = iArr2[0];
byte[] bArr2 = bArr[0];
i5 = (iArr3[(bArr2[(bArr2[i6] & 255) ^ (i9 & 255)] & 255) ^ (i8 & 255)] ^ iArr2[1][(bArr2[(bArr[1][g2] & 255) ^ g(i9)] & 255) ^ g(i8)]) ^ iArr2[2][(bArr[1][(bArr[0][h2] & 255) ^ h(i9)] & 255) ^ h(i8)];
int[] iArr4 = iArr2[3];
byte[] bArr3 = bArr[1];
i4 = iArr4[(bArr3[(bArr3[i7] & 255) ^ i(i9)] & 255) ^ i(i8)];
return i5 ^ i4;
}
int[] iArr5 = iArr2[0];
byte[] bArr4 = bArr[0];
i5 = (iArr5[(bArr4[i6] & 255) ^ (i8 & 255)] ^ iArr2[1][(bArr4[g2] & 255) ^ g(i8)]) ^ iArr2[2][(bArr[1][h2] & 255) ^ h(i8)];
i4 = iArr2[3][(bArr[1][i7] & 255) ^ i(i8)];
return i5 ^ i4;
}
i6 = (i11 & 255) ^ (bArr[1][i6] & 255);
g2 = g(i11) ^ (bArr[0][g2] & 255);
h2 = h(i11) ^ (bArr[0][h2] & 255);
i7 = i(i11) ^ (bArr[1][i7] & 255);
byte[] bArr5 = bArr[1];
i6 = (i10 & 255) ^ (bArr5[i6] & 255);
g2 = (bArr5[g2] & 255) ^ g(i10);
h2 = (bArr[0][h2] & 255) ^ h(i10);
i7 = i(i10) ^ (bArr[0][i7] & 255);
int[] iArr32 = iArr2[0];
byte[] bArr22 = bArr[0];
i5 = (iArr32[(bArr22[(bArr22[i6] & 255) ^ (i9 & 255)] & 255) ^ (i8 & 255)] ^ iArr2[1][(bArr22[(bArr[1][g2] & 255) ^ g(i9)] & 255) ^ g(i8)]) ^ iArr2[2][(bArr[1][(bArr[0][h2] & 255) ^ h(i9)] & 255) ^ h(i8)];
int[] iArr42 = iArr2[3];
byte[] bArr32 = bArr[1];
i4 = iArr42[(bArr32[(bArr32[i7] & 255) ^ i(i9)] & 255) ^ i(i8)];
return i5 ^ i4;
}
public static int cnt2 = 0;
public static final int b(int i2, int i3, int[] iArr) {
cnt2 += 1;
// System.out.printf("%d\n",cnt2);
if(cnt2 == 32){
System.out.printf("hereeeee\n");
System.out.printf("dump iArr20...\n");
for(int i=0;i<1024;i++){
System.out.printf("0x%x,",iArr[i]);
}
System.out.printf("\n");
}
return iArr[(e(i2, i3 + 3) * 2) + 513] ^ ((iArr[e(i2, i3) * 2] ^ iArr[(e(i2, i3 + 1) * 2) + 1]) ^ iArr[(e(i2, i3 + 2) * 2) + 512]);
}
public static final int c(int i2, int i3) {
for (int i4 = 0; i4 < 4; i4++) {
i3 = d(i3);
}
int i5 = i2 ^ i3;
for (int i6 = 0; i6 < 4; i6++) {
i5 = d(i5);
}
return i5;
}
public static final int d(int i2) {
int i3;
int i4 = i2 >>> 24;
int i5 = i4 & 255;
int i6 = i5 << 1;
int i7 = 0;
if ((i4 & 128) != 0) {
i3 = 333;
} else {
i3 = 0;
}
int i8 = (i6 ^ i3) & 255;
int i9 = i5 >>> 1;
if ((i4 & 1) != 0) {
i7 = 166;
}
int i10 = (i9 ^ i7) ^ i8;
return ((((i2 << 8) ^ (i10 << 24)) ^ (i8 << 16)) ^ (i10 << 8)) ^ i5;
}
public static final int e(int i2, int i3) {
int i4 = i3 % 4;
if (i4 == 0) {
return i2 & 255;
}
if (i4 == 1) {
return g(i2);
}
if (i4 == 2) {
return h(i2);
}
if (i4 != 3) {
return 0;
}
return i(i2);
}
public static final int f(int i2) {
return i2 & 255;
}
public static final int g(int i2) {
return (i2 >>> 8) & 255;
}
public static final int h(int i2) {
return (i2 >>> 16) & 255;
}
public static final int i(int i2) {
return (i2 >>> 24) & 255;
}
public static boolean successWithString(String input) {
byte[] bArr;
int i2;
int[] iArr;
int i3;
int i4;
int i5;
byte[] input_part4;
int i6;
int i7;
int i8;
byte[] bArr2;
int[] iArr2;
int i9;
int[] iArr3;
int[] iArr4;
int[] iArr5;
byte[] bArr3;
byte[] input__part4;
byte[] bArr4;
int i10;
int[] iArr6;
int[] iArr7;
int[] iArr8;
int i11;
int i12;
int i13;
boolean z2;
int i14;
int i15;
int[] iArr9;
int i16;
int[] iArr10;
int i17;
int i18;
int[] iArr11;
int i19;
byte[] bArr5;
int i20;
char c2;
int[] iArr12;
int i21;
char c3;
int i22;
int i23;
int i24;
byte[][] bArr6;
int i25;
int[] iArr13;
int i26;
int i27;
int i28;
int i29;
int i30;
int[] iArr14;
byte[] input_partt4;
int i31;
int[] iArr15;
int i32;
byte[] bArr7;
int i33;
int i34;
int[] iArr16;
int[] iArr17;
char c4;
int[] iArr18;
long j2;
int[] iArr19 = null;
int[] iArr20 = null;
int[] iArr21 = null;
byte[] bArr8 = null;
int[] iArr22 = null;
byte[] bArr9 = null;
byte[] bArr10 = null;
byte[] bArr11 = null;
byte[] input_part3 = null;
int[] iArr23 = null;
long j3 = 4731072527315935075L;
int i35 = 0;
int i36 = 0;
int i37 = 0;
int i38 = 0;
int i39 = 0;
int i40 = 0;
int i41 = 0;
int i42 = 0;
int i43 = 0;
int i44 = 0;
int i45 = 0;
int i46 = 0;
int i47 = 0;
int i48 = 0;
int i49 = 0;
int i50 = 0;
int i51 = 0;
int i52 = 0;
int i53 = 0;
int i54 = 0;
int i55 = 0;
int i56 = 0;
byte b2 = 0;
int i57 = 0;
int i58 = 0;
int i59 = 0;
int i60 = 0;
int i61 = 0;
int i62 = 0;
int i63 = 0;
byte[] final_cip = null;
while (j3 != 0) {
if (j3 == 1344274946653272861L) {
bArr = bArr10;
j3 = 1791603831984298670L;
input_part3 = Arrays.copyOfRange(input.getBytes(), 32, 48);
} else {
bArr = bArr10;
}
if (j3 == 2624883423877033675L) {
i41 = a(i38, 0x1010101 + i39, iArr19);
j3 = 6791763692716894148L;
}
long j4 = j3;
if (j3 == 1235382496194677124L) {
j4 = i35 < 16 ? 1265064075323142964L : 1258015405620320613L;
}
if (j4 == 9217510483877698234L) {
final_cip[14] = 26;
j4 = 1206168581136677569L;
}
if (j4 == 2018356045126754964L) {
final_cip[3] = -67;
j4 = 3996485562340421897L;
}
if (j4 == 7439146434853463828L) {
final_cip[10] = -34;
j4 = 4125034680230680057L;
}
if (j4 == 7166648683214755429L) {
j4 = 3232348833396235159L;
i35 = 0;
}
if (j4 == 6456065269618269061L) {
final_cip[12] = 101;
j4 = 9128083677415659622L;
}
if (j4 == 2940914719786750343L) {
final_cip = new byte[16];
j4 = 1298355068347161880L;
}
if (j4 == 6556735160628504425L) {
j4 = 8518748339665995304L;
i40 = 0;
}
if (j4 == 8545670441877195089L) {
int i64 = i40 + 3;
i2 = i39;
int i65 = ((input_part3[i40 + 1] & 255) << 8) | (input_part3[i40] & 255) | ((input_part3[i40 + 2] & 255) << 16);
i40 += 4;
i45 = i65 | ((input_part3[i64] & 255) << 24);
j4 = 2685803154186139471L;
} else {
i2 = i39;
}
if (j4 == 2774930016233698765L) {
j4 = 1917218271936056345L;
}
if (j4 == 3771045416936191600L) {
final_cip[0] = -87;
j4 = 3561976962102531662L;
}
if (j4 == 4721983077526601781L) {
j4 = i35 < 16 ? 5449112193696891016L : 7828254552561955106L;
}
if (j4 == 3066500687241056891L) {
j4 = 4002981753480083424L;
i44 = 0;
}
if (j4 == 1949128521960768022L) {
final_cip = new byte[16];
j4 = 4582825124030923023L;
}
if (j4 == 3963581958469081827L) {
final_cip[4] = 56;
j4 = 7755442445806274292L;
}
if (j4 == 6235468836233699857L) {
int i66 = i40 + 3;
int i67 = ((input_part3[i40 + 1] & 255) << 8) | (input_part3[i40] & 255) | ((input_part3[i40 + 2] & 255) << 16);
i40 += 4;
i42 = i67 | ((input_part3[i66] & 255) << 24);
System.out.printf("i42 = i67 | ((input_part3[i66] & 255) << 24);\n");
j4 = 1960953289592796381L;
}
if (j4 == 2093361175579585723L) {
j4 = 7491020394721445997L;
}
if (j4 == 4503359345410430401L) {
i41 = (i41 << 8) | (i41 >>> 24);
j4 = 6400104566594303800L;
}
if (j4 == 4729681422063648060L) {
int i68 = i40 + 3;
int i69 = ((input_part3[i40 + 1] & 255) << 8) | (input_part3[i40] & 255) | ((input_part3[i40 + 2] & 255) << 16);
i40 += 4;
i42 = i69 | ((input_part3[i68] & 255) << 24);
System.out.printf("i42 = 0x%x\n",i42);
j4 = 2619183670644040407L;
}
if (j4 == 1931444552567951803L) {
final_cip[12] = 26;
j4 = 4406359568694291741L;
}
if (j4 == 4550460380187288280L) {
final_cip[6] = 86;
j4 = 7259606742125695098L;
}
if (j4 == 1557189065681442799L) {
int i70 = i40 + 3;
int i71 = ((input_part3[i40 + 1] & 255) << 8) | (input_part3[i40] & 255) | ((input_part3[i40 + 2] & 255) << 16);
i40 += 4;
i59 = i71 | ((input_part3[i70] & 255) << 24);
System.out.printf("i59 = i71 | ((input_part3[i70] & 255) << 24);\n");
j4 = 4529813231791050890L;
}
if (j4 == 5724730743879706941L) {
final_cip[14] = 26;
j4 = 1745476098101140696L;
}
if (j4 == 3664515501258973547L) {
int rev = i42;
i42 = (i42 << 1) | (i42 >>> 31);
System.out.printf("0x%x = (0x%x << 1) | (0x%x >>> 31);2\n",i42,rev,rev);
j4 = 3798078227232544657L;
}
int i72 = i42;
if (j4 == 3269202292537843991L) {
final_cip[5] = -69;
j4 = 7100981003187767618L;
}
if (j4 == 3027876831777635167L) {
j4 = 3638715073757882335L;
}
if (j4 == 2381872149833716276L) {
i48 = b(i72, 3, iArr20);
System.out.printf("0x%x = b(0x%x, 3, iArr20);\n",i48,i72);
j4 = 4687532178299999822L;
}
if (j4 == 3454830691820322386L) {
i43 += 2;
j4 = 5747130514941805881L;
}
int i73 = i43;
if (j4 == 1693417113814409015L) {
final_cip = new byte[16];
j4 = 3293997730919338008L;
}
if (j4 == 7434671091395572559L) {
int i74 = i44 + 3;
iArr = iArr19;
int i75 = ((bArr8[i44 + 2] & 255) << 16) | ((bArr8[i44 + 1] & 255) << 8) | (bArr8[i44] & 255);
i44 += 4;
iArr21[i35] = i75 | ((bArr8[i74] & 255) << 24);
j4 = 2244588298960877871L;
} else {
iArr = iArr19;
}
int i76 = i44;
if (j4 == 3749337558494560640L) {
i35++;
j4 = 4721983077526601781L;
}
if (j4 == 8576495708234852385L) {
j4 = 2643541622786400324L;
i35 = 0;
}
if (j4 == 7938615863272599159L) {
i57 = i38 - 1;
j4 = 6150867844939017811L;
}
if (j4 == 8885026426954417173L) {
i51 = iArr22[1];
j4 = 3776736958491573516L;
}
if (j4 == 1516524683227842992L) {
bArr8[i35] = (byte) i35;
j4 = 1704106780884375804L;
}
if (j4 == 1923774560246569152L) {
int rev = i45;
i45 = (i45 << 1) | (i45 >>> 31);
System.out.printf("0x%x = (0x%x << 1) | (0x%x >>> 31); |||| \n",i45 ,rev,rev);
j4 = 8865616538709174935L;
}
if (j4 == 1976739577957879234L) {
j4 = 6846653198359909058L;
i35 = 0;
}
if (j4 == 7187511718077947057L) {
j4 = i35 < 16 ? 2995178518753654243L : 7237318116944859580L;
}
if (j4 == 5750672483363983940L) {
j4 = 1499582615124426815L;
iArr23 = new int[i36];
}
if (j4 == 1448425356520503711L) {
i38 = i37 / 8;
j4 = 6813145705137374739L;
}
if (j4 == 1959318858079064627L) {
final_cip[6] = 22;
j4 = 6847264319992049185L;
}
if (j4 == 8138934693726466556L) {
final_cip = new byte[16];
j4 = 6316099258019509927L;
}
if (j4 == 2670312744982717376L) {
i46 = (i46 >>> 1) | (i46 << 31);
j4 = 6742529599724506157L;
}
if (j4 == 2207722750320310621L) {
j4 = 2647830346389990788L;
i35 = 0;
}
if (j4 == 8710549355152942959L) {
final_cip[3] = -67;
j4 = 6840550518655151485L;
}
if (j4 == 6062811699616037457L) {
j4 = (i35 >= 4 || i76 >= i37) ? 5634423947985751522L : 7105550752828252141L;
}
if (j4 == 8450049976084005921L) {
int rev = i45;
i45 ^= iArr23[1];
System.out.printf("0x%x ^= iArr23[1];(0x%x) ==> 0x%x |------1\n",rev,iArr23[1],i45);
j4 = 8139682663513707735L;
}
if (j4 == 7965698667281418869L) {
i48 = b(i72, 3, iArr20);
System.out.printf("0x%x = b(0x%x, 3, iArr20);\n",i48,i72);
j4 = 2915651820630837601L;
}
if (j4 == 8712522692857598416L) {
j4 = i35 < 256 ? 6258186781956124801L : 5432899031047016039L;
}
if (j4 == 1406293758239810889L) {
j4 = 6960008337303110994L;
}
if (j4 == 4390863030597796170L) {
int i77 = iArr22[3];
j4 = 6121095475008891355L;
}
if (j4 == 1330376841649282870L) {
i51 = iArr22[1];
j4 = 6248631473184684104L;
}
if (j4 == 5329812806323573738L) {
j4 = 4141065487333702108L;
}
if (j4 == 4878474884038157657L) {
return false;
}
if (j4 == 3132205735905595925L) {
i45 ^= ((i48 * 2) + i47) + iArr23[i49];
i49++;
j4 = 5507786416351883958L;
}
if (j4 == 2540221427897138037L) {
final_cip[5] = 34;
j4 = 9187919677985842561L;
}
if (j4 == 5935421846599899027L) {
final_cip[12] = 26;
j4 = 3629825694819376798L;
}
if (j4 == 8693574105114856330L) {
i45 ^= iArr23[1];
j4 = 1607272796917644293L;
}
int i78 = i45;
if (j4 == 6858362739340846367L) {
final_cip[7] = -102;
j4 = 2328180056253180144L;
}
if (j4 == 7837308487840170804L) {
i48 = b(i78, 3, iArr20);
System.out.printf("i48 = b(i78, 3, iArr20);\n");
j4 = 5106069083976822048L;
}
if (j4 == 4433736888020758873L) {
i3 = 16;
j4 = i73 < 16 ? 8658034048742640241L : 5223925646383245751L;
} else {
i3 = 16;
}
if (j4 == 1210447254521047538L) {
j4 = i35 < i3 ? 3027876831777635167L : 8861860503648848567L;
}
if (j4 == 6742543001969080469L) {
i4 = i76;
i5 = i35;
input_part4 = Arrays.copyOfRange(input.getBytes(), 48, 64);
j4 = 3309839572505684939L;
} else {
i4 = i76;
i5 = i35;
input_part4 = bArr;
}
if (j4 == 9205148841603072616L) {
j4 = 7155080874485808131L;
}
if (j4 == 7442085785176969176L) {
j4 = 7857940782209243597L;
i4 = 0;
}
if (j4 == 1565736080187942985L) {
j4 = 5021944871100814321L;
i5 = 0;
}
if (j4 == 1221161945297932730L) {
j4 = bArr9[i5] != final_cip[i5] ? 3809429621901428327L : 8606637167793465408L;
System.out.printf("cmp en_inp, final_cip\n");
System.out.printf("dump en_inp:\n");
for(int i=0;i<16;i++){
System.out.printf("0x%x,",bArr9[i]);
}
System.out.printf("\n");
System.out.printf("dump final cip:\n");
for(int i=0;i<16;i++){
System.out.printf("0x%x,",final_cip[i]);
}
System.out.printf("\n");
System.out.printf("dump iArr23\n");
for(int i=0;i<40;i++){
System.out.printf("0x%x,",iArr23[i]);
}
System.out.printf("\n");
}
if (j4 == 6156216816975470944L) {
j4 = 5158554594830700929L;
i6 = 0;
} else {
i6 = i5;
}
if (j4 == 3889131894744472679L) {
int i79 = i40 + 3;
i7 = i36;
int i80 = ((input_part3[i40 + 2] & 255) << 16) | ((input_part3[i40 + 1] & 255) << 8) | (input_part3[i40] & 255);
i40 += 4;
i78 = ((input_part3[i79] & 255) << 24) | i80;
j4 = 7445081137528894062L;
} else {
i7 = i36;
}
if (j4 == 5081598064245946139L) {
final_cip[4] = 56;
j4 = 9025636051433876555L;
}
if (j4 == 4582825124030923023L) {
final_cip[0] = -87;
j4 = 2168699168102359386L;
}
byte[][] bArr12 = f318a;
int[][] iArr24 = f319b;
if (j4 == 4844213572013444662L) {
i8 = i37;
iArr20[(i6 * 2) + 1] = iArr24[1][(bArr12[0][(bArr12[1][i50] & 255) ^ g(i51)] & 255) ^ g(i52)];
j4 = 1189820553702033682L;
} else {
i8 = i37;
}
if (j4 == 2479939902309983355L) {
j4 = i6 < 256 ? 4414711808604472165L : 3816401808965634220L;
}
if (j4 == 6539778732394021364L) {
i6++;
j4 = 3288829365377197701L;
}
if (j4 == 4406359568694291741L) {
final_cip[13] = 34;
j4 = 3717774128157910605L;
}
if (j4 == 8467294207452721452L) {
j4 = i6 < 16 ? 5577077923868017099L : 5035786145376624859L;
}
if (j4 == 1446293772852257370L) {
j4 = 4019322378267872035L;
}
if (j4 == 5780988963199426860L) {
j4 = 7029503371282280059L;
}
if (j4 == 3853058995086597827L) {
j4 = 2827565969431776290L;
i6 = 0;
}
if (j4 == 7650200577204707019L) {
bArr9[i6] = (byte) (input_part4[i6] ^ bArr11[i53]);
j4 = 8049116761699692167L;
}
if (j4 == 7828254552561955106L) {
return true;
}
if (j4 == 1542568896301610920L) {
return false;
}
if (j4 == 5674382685779100318L) {
return true;
}
if (j4 == 3799650815120663631L) {
int rev = i46;
i46 = (i46 >>> 1) | (i46 << 31);
System.out.printf("0x%x = (0x%x >>> 1) | (0x%x << 31);\n",i46,rev,rev);
j4 = 3664515501258973547L;
}
if (j4 == 5785321344550860296L) {
j4 = 2380097332528943626L;
i6 = 0;
i2 = 0;
}
if (j4 == 3635089787362081630L) {
i78 = (i78 >>> 31) | (i78 << 1);
j4 = 7606829752949254081L;
}
if (j4 == 6870659348541134994L) {
int rev = i72;
i72 ^= iArr23[5];
System.out.printf("0x%x ^= iArr23[5](0x%x); ==> 0x%x\n",rev,iArr23[5],i72);
j4 = 7957423564036594724L;
}
if (j4 == 3651248876173446844L) {
j4 = i6 < bArr8.length ? 3261491808297697902L : 6154526864824538477L;
}
if (j4 == 8429256749154793372L) {
i6++;
j4 = 7559115683265846437L;
}
if (j4 == 6684206521967284343L) {
final_cip[7] = -102;
j4 = 6629490099819822416L;
}
if (j4 == 4489495459518801626L) {
i6++;
j4 = 6065652472169461293L;
}
if (j4 == 4913171088445306692L) {
j4 = 7102882857441765884L;
i55 = ((bArr11[i54] & 255) + i55) & 255;
}
if (j4 == 2971360862616034517L) {
i46 ^= iArr23[2];
j4 = 7679858687335731309L;
}
if (j4 == 5632710845036330174L) {
final_cip[15] = 115;
j4 = 2999075064852109317L;
}
if (j4 == 8712993034539386972L) {
i41 = (i41 << 8) | (i41 >>> 24);
j4 = 2385330523779930222L;
}
if (j4 == 4069681874230164976L) {
bArr11[i56] = b2;
j4 = 8995230908817835821L;
}
if (j4 == 1383509948187139942L) {
iArr22[i57] = c(iArr21[i6], iArr[i6]);
j4 = 2165639815662633400L;
}
if (j4 == 3641357321518337437L) {
j4 = i6 < 16 ? 4367072516203707509L : 9155753144681893636L;
}
if (j4 == 7338973850236663134L) {
i46 ^= iArr23[4];
j4 = 5687179084370450098L;
}
if (j4 == 8147838551163462352L) {
j4 = i6 < bArr8.length ? 1515150366864584833L : 7268096038668322638L;
}
if (j4 == 2267521650283250943L) {
j4 = 1543835537816689303L;
}
if (j4 == 6066511524528422362L) {
final_cip[13] = 34;
j4 = 7916273223981762345L;
}
if (j4 == 7627928995385457046L) {
bArr11[i56] = b2;
j4 = 8642648116757711055L;
}
if (j4 == 8858813628494679889L) {
iArr20 = new int[1024];
j4 = 5002450969468452359L;
}
if (j4 == 7830774370852576407L) {
int i81 = i4 + 3;
bArr2 = input_part4;
int i82 = ((bArr8[i4 + 2] & 255) << 16) | ((bArr8[i4 + 1] & 255) << 8) | (bArr8[i4] & 255);
i4 += 4;
iArr[i6] = i82 | ((bArr8[i81] & 255) << 24);
j4 = 4253974366483718512L;
} else {
bArr2 = input_part4;
}
if (j4 == 2006261316763383880L) {
i6++;
j4 = 4268434749325211515L;
}
if (j4 == 4981578060776525784L) {
int i83 = iArr22[2];
j4 = 2354860184047444979L;
}
if (j4 == 5665212773913217619L) {
bArr11[i6] = (byte) i6;
j4 = 7936308356012564598L;
}
if (j4 == 1925267828353292404L) {
i52 = iArr22[0];
j4 = 3141556051555878191L;
}
if (j4 == 7477109834176307884L) {
final_cip[1] = -39;
j4 = 6536862633203215031L;
}
if (j4 == 5733075732827349729L) {
final_cip[11] = -88;
j4 = 6456065269618269061L;
}
if (j4 == 2979491677337701483L) {
final_cip[0] = -87;
j4 = 1186625407244930214L;
}
if (j4 == 8806141432899778163L) {
j4 = 3658748673678459194L;
iArr2 = new int[4];
} else {
iArr2 = iArr;
}
if (j4 == 5158554594830700929L) {
j4 = i6 < 256 ? 5680233300170691155L : 5985635937414591521L;
}
if (j4 == 3857582825715051590L) {
final_cip[9] = -106;
j4 = 5712797840902770362L;
}
if (j4 == 3239610692754448539L) {
i57--;
j4 = 6062811699616037457L;
}
if (j4 == 2228412114913783121L) {
i9 = 40;
j4 = 7048362897848211972L;
} else {
i9 = i7;
}
if (j4 == 2464113797535833870L) {
j4 = 1874544657470527590L;
}
if (j4 == 8899342501041115189L) {
bArr9 = new byte[16];
j4 = 6856100014110617486L;
}
if (j4 == 4502191866101741942L) {
final_cip[3] = -45;
j4 = 6003035240079781244L;
}
if (j4 == 6239062422289160234L) {
i46 ^= (i47 + i48) + iArr23[i49];
i49++;
j4 = 2558574102511333837L;
}
if (j4 == 3944034548958798065L) {
iArr3 = iArr21;
j4 = 1715651793431489116L;
i53 = ((bArr11[i54] & 255) + (bArr11[i55] & 255)) & 255;
} else {
iArr3 = iArr21;
}
if (j4 == 8601808016329414299L) {
return false;
}
if (j4 == 1576871852716234009L) {
i46 ^= (i47 + i48) + iArr23[i49];
j4 = 7122579587187539743L;
i49++;
}
if (j4 == 7134777286922640409L) {
i6++;
j4 = 7742223888133137430L;
}
if (j4 == 3408812674582655891L) {
j4 = 4546317725273286940L;
iArr4 = new int[4];
} else {
iArr4 = iArr3;
}
if (j4 == 6291717555241868931L) {
iArr5 = iArr22;
bArr3 = bArr9;
input__part4 = Arrays.copyOfRange(input.getBytes(), 48, 64);
j4 = 1477878882031581069L;
} else {
iArr5 = iArr22;
bArr3 = bArr9;
input__part4 = bArr2;
}
if (j4 == 5830459252270867373L) {
j4 = 1307281791046846137L;
i40 = 0;
}
if (j4 == 2272798444665954523L) {
j4 = i6 < 16 ? 7922265040538291434L : 1949128521960768022L;
}
if (j4 == 5030664747537294245L) {
final_cip[11] = -113;
j4 = 3645268212325467906L;
}
if (j4 == 2243047018611698496L) {
bArr4 = input__part4;
iArr20[(i6 * 2) + 512] = iArr24[2][(bArr12[1][(bArr12[0][i58] & 255) ^ h(i51)] & 255) ^ h(i52)];
j4 = 2012634943331272739L;
} else {
bArr4 = input__part4;
}
if (j4 == 1230993959279055670L) {
j4 = i73 < 16 ? 1671474751395228828L : 6230299255924766997L;
}
if (j4 == 8614510693619874143L) {
int rev = i59;
i59 ^= (i47 + i48) + iArr23[i49];
System.out.printf("0x%x ^= (0x%x + 0x%x) + iArr23[0x%x](0x%x); ==> 0x%x ===1\n",rev,i47,i48,i49,iArr23[i49],i59);
j4 = 2101580866933054237L;
i49++;
}
int i84 = i59;
if (j4 == 2642256598463014223L) {
final_cip[12] = 26;
j4 = 5546371364110668020L;
}
if (j4 == 8571264530881593712L) {
final_cip[13] = -114;
j4 = 2136818370012310171L;
}
if (j4 == 1776589645593272517L) {
final_cip[8] = -20;
j4 = 1536915158700845943L;
}
if (j4 == 3216270323582324779L) {
final_cip[6] = 86;
j4 = 8354771225526520440L;
}
if (j4 == 5128669412318362325L) {
j4 = 8858626231332964772L;
}
if (j4 == 6203948773157381693L) {
int i85 = i4 + 3;
i10 = i73;
int i86 = ((bArr8[i4 + 1] & 255) << 8) | (bArr8[i4] & 255) | ((bArr8[i4 + 2] & 255) << 16);
i4 += 4;
iArr2[i6] = i86 | ((bArr8[i85] & 255) << 24);
j4 = 6140926885576835727L;
} else {
i10 = i73;
}
if (j4 == 2143903162775120184L) {
i6++;
j4 = 6965451223574289359L;
}
if (j4 == 3524251343514742352L) {
i72 = (i72 << 1) | (i72 >>> 31);
j4 = 3232129143333112632L;
}
if (j4 == 2765340047003677131L) {
i47 = b(i84, 0, iArr20);
System.out.printf("0x%x = b(0x%x, 0, iArr20);\n",i47,i84);
j4 = 8320362214494129059L;
}
if (j4 == 8113068425133703218L) {
i2 += 33686018;
j4 = 1615637139671222434L;
}
if (j4 == 1922411276633870490L) {
iArr6 = new int[4];
j4 = 2983171159703272091L;
} else {
iArr6 = iArr5;
}
if (j4 == 4249658298115383554L) {
iArr7 = iArr6;
iArr20[(i6 * 2) + 512] = iArr24[2][(bArr12[1][(bArr12[0][i58] & 255) ^ h(i51)] & 255) ^ h(i52)];
j4 = 7796303291830281045L;
} else {
iArr7 = iArr6;
}
if (j4 == 8256907239556468412L) {
final_cip[9] = -77;
j4 = 3498352284358828315L;
}
if (j4 == 6505983967259753973L) {
bArr11[i55] = b2;
j4 = 5439844282370393304L;
}
if (j4 == 9171905176519800148L) {
j4 = input.length() < 64 ? 4195029094423679636L : 3757062276099973803L;
}
if (j4 == 8045731683183909714L) {
j4 = 7885522936240168470L;
i55 = 0;
}
if (j4 == 9058600938452428912L) {
int rev = i84;
i84 = (i84 << 31) | (i84 >>> 1);
System.out.printf("i84 = (i84 << 31) | (i84 >>> 1);\n",i84,rev,rev);
j4 = 5744181537574184685L;
}
if (j4 == 9069075618791280805L) {
final_cip[5] = 34;
j4 = 1843429843798473511L;
}
if (j4 == 3689168917021238793L) {
iArr20[(i6 * 2) + 512] = iArr24[2][(bArr12[1][(bArr12[0][i58] & 255) ^ h(i51)] & 255) ^ h(i52)];
j4 = 3564308124560413862L;
}
if (j4 == 5301379100569539273L) {
j4 = 6399356390896869309L;
i55 = 0;
}
if (j4 == 3918062052349580671L) {
j4 = 2466964143165741837L;
i56 = 0;
}
if (j4 == 4967406293272637771L) {
int rev1 = i46;
int rev2 = iArr23[4];
i46 ^= iArr23[4];
// System.out.printf("i46: 0x%x\n",i46);
System.out.printf("0x%x ^= iArr23[4](0x%x) ==> 0x%x // 0x%x\n",rev1,iArr23[4],i46,rev2);
j4 = 6870659348541134994L;
}
int i87 = i46;
if (j4 == 4655572712013400706L) {
j4 = 4597609935169428732L;
}
if (j4 == 3166750012504996540L) {
int rev = i78;
i78 ^= iArr23[7];
System.out.printf("0x%x ^= iArr23[7](0x%x); ==> 0x%x\n",rev,iArr23[7],i78);
j4 = 6017806319896199361L;
}
if (j4 == 3759730075617569039L) {
j4 = 5454795868479267733L;
iArr8 = new int[4];
} else {
iArr8 = iArr7;
}
if (j4 == 6069099502938214271L) {
j4 = 7738313729691083676L;
i6 = 0;
i2 = 0;
}
if (j4 == 8733995111375603342L) {
return false;
}
if (j4 == 8474438945361269523L) {
i48 = b(i78, 3, iArr20);
System.out.printf("i48 = b(i78, 3, iArr20);1\n");
j4 = 6628989894226553698L;
}
if (j4 == 6882462805502957432L) {
final_cip[1] = -39;
j4 = 6379026488496223403L;
}
if (j4 == 8451739037481316613L) {
i6++;
j4 = 2460950143244437765L;
}
if (j4 == 1506771280779625252L) {
j4 = i6 < i9 / 2 ? 3691596519119015595L : 7571741907448362931L;
}
if (j4 == 1700983361891594708L) {
j4 = 6236359899965482168L;
i6 = 0;
i11 = 0;
} else {
i11 = i2;
}
if (j4 == 6791763692716894148L) {
i41 = (i41 << 8) | (i41 >>> 24);
j4 = 6641130065549689505L;
}
if (j4 == 5143211481986516166L) {
i12 = i78;
i13 = i11;
iArr8[i57] = c(iArr4[i6], iArr2[i6]);
j4 = 7891276519961275113L;
} else {
i12 = i78;
i13 = i11;
}
if (j4 == 6742635737946316261L) {
i60 += i41;
j4 = 3392984551034355170L;
}
if (j4 == 7423862695494096725L) {
final_cip[14] = -120;
j4 = 5025360563600307522L;
}
if (j4 == 1298355068347161880L) {
z2 = false;
final_cip[0] = -97;
j4 = 4192332344726786256L;
} else {
z2 = false;
}
if (j4 == 1872248020497693162L) {
return z2;
}
if (j4 == 7113837318717080147L) {
i14 = bArr8.length;
j4 = 3460300782170937607L;
} else {
i14 = i8;
}
if (j4 == 8689932493166301704L) {
i6++;
j4 = 2559141778370937007L;
}
if (j4 == 2712255506212294232L) {
b2 = bArr11[i6];
j4 = 2637559127033415801L;
}
if (j4 == 7895119885594720875L) {
final_cip[2] = Byte.MIN_VALUE;
j4 = 4797263790202639931L;
}
if (j4 == 4723608467462860668L) {
i47 = b(i87, 0, iArr20);
j4 = 4494853218025089243L;
}
if (j4 == 2417995832646284659L) {
j4 = 4227288482303383078L;
}
if (j4 == 4646339510735050251L) {
i60 += i41;
j4 = 1818157425461567934L;
}
if (j4 == 4369458919546020466L) {
i15 = i14;
iArr20[(i6 * 2) + 1] = iArr24[1][(bArr12[0][(bArr12[1][i50] & 255) ^ g(i51)] & 255) ^ g(i52)];
j4 = 2243047018611698496L;
} else {
i15 = i14;
}
if (j4 == 3169104890646436008L) {
j4 = i6 < 256 ? 3490326607433591043L : 6156216816975470944L;
}
if (j4 == 8328790806156357318L) {
final_cip[12] = 101;
j4 = 1687871497192565496L;
}
if (j4 == 4876709113984680946L) {
bArr11[i6] = (byte) i6;
j4 = 2757157254562105502L;
}
if (j4 == 4967752726726655102L) {
i87 ^= iArr23[4];
j4 = 1881227562238638542L;
}
if (j4 == 6629490099819822416L) {
final_cip[8] = 49;
j4 = 8256907239556468412L;
}
if (j4 == 4253974366483718512L) {
iArr8[i57] = c(iArr4[i6], iArr2[i6]);
j4 = 3348113858426447674L;
}
if (j4 == 5328979100626095900L) {
j4 = 6583809806457227315L;
i49 = 8;
}
if (j4 == 9139492487154675731L) {
i48 = b(i72, 3, iArr20);
System.out.printf("0x%x = b(0x%x, 3, iArr20);2\n",i48,i72);
j4 = 3676839726527528229L;
}
if (j4 == 3232348833396235159L) {
j4 = i6 < 256 ? 2774930016233698765L : 5830459252270867373L;
}
if (j4 == 8790842551072430122L) {
j4 = 5809570720048932031L;
i53 = ((bArr11[i54] & 255) + (bArr11[i55] & 255)) & 255;
}
if (j4 == 3195178661704652520L) {
b2 = bArr11[i6];
j4 = 6597678744472727573L;
}
if (j4 == 7225103017975505690L) {
bArr11[i54] = bArr11[i55];
j4 = 1341808814515513048L;
}
if (j4 == 2119690742806089054L) {
j4 = 7697030109774584633L;
i54 = (i54 + 1) & 255;
}
if (j4 == 1404052937569931777L) {
j4 = 3553147099752082898L;
}
if (j4 == 9037117679071136801L) {
int i88 = i40 + 3;
iArr9 = iArr4;
int i89 = ((input_part3[i40 + 2] & 255) << 16) | ((input_part3[i40 + 1] & 255) << 8) | (input_part3[i40] & 255);
i40 += 4;
i16 = ((input_part3[i88] & 255) << 24) | i89;
System.out.printf("i16 = ((input_part3[i88] & 255) << 24) | i89;\n");
j4 = 2683712846824466970L;
} else {
iArr9 = iArr4;
i16 = i12;
}
if (j4 == 5249992174669506009L) {
i47 = b(i84, 0, iArr20);
System.out.printf("0x%x = b(0x%x, 0, iArr20);3\n",i47,i84);
j4 = 1757468250215542428L;
}
if (j4 == 8113126029116536782L) {
final_cip[5] = 34;
j4 = 7215458347621232043L;
}
if (j4 == 5346212181092580745L) {
i87 ^= iArr23[2];
j4 = 3552493032350408280L;
}
if (j4 == 8226334980212259602L) {
j4 = 5613764015967390693L;
}
if (j4 == 8867156692366178090L) {
i6++;
j4 = 3645427461145798578L;
}
if (j4 == 3603503257907849991L) {
j4 = i6 < i9 / 2 ? 3563910683601917326L : 4132824574133018925L;
}
if (j4 == 3498352284358828315L) {
final_cip[10] = -34;
j4 = 5733075732827349729L;
}
if (j4 == 4915374719664229127L) {
j4 = 7851583652737565876L;
}
if (j4 == 7370392102556209775L) {
final_cip[14] = 26;
j4 = 2968432505771842589L;
}
if (j4 == 7922265040538291434L) {
j4 = 3256821261585855975L;
}
if (j4 == 6797381422692238257L) {
i6++;
j4 = 8484923127125558638L;
}
if (j4 == 8822634336683979982L) {
final_cip[11] = -88;
j4 = 2283802967392970500L;
}
if (j4 == 2799049228121383361L) {
bArr8[i6] = (byte) i6;
j4 = 4616176720591788319L;
}
if (j4 == 7303333862302918217L) {
i6++;
j4 = 2771646971449226877L;
}
if (j4 == 1157556858167321294L) {
i60 += i41;
j4 = 6761671813385298993L;
}
if (j4 == 8533640950399556720L) {
j4 = 7816334058516889118L;
i53 = ((bArr11[i54] & 255) + (bArr11[i55] & 255)) & 255;
}
if (j4 == 2240421224603994624L) {
i16 ^= iArr23[7];
System.out.printf("i16 ^= iArr23[7];\n");
j4 = 4851634851769503870L;
}
if (j4 == 7430299891549265788L) {
i47 = b(i87, 0, iArr20);
j4 = 6998551651859783261L;
}
if (j4 == 3108054655050818576L) {
j4 = 2849892291077788860L;
i55 = ((bArr11[i54] & 255) + i55) & 255;
}
if (j4 == 5889839625189711156L) {
i6++;
j4 = 7592770177733069920L;
}
if (j4 == 8513954143616756791L) {
iArr20 = new int[1024];
j4 = 4199913159470633820L;
}
if (j4 == 6385765029630073007L) {
final_cip[8] = -20;
j4 = 2741486890114654248L;
}
if (j4 == 3805451690314712856L) {
j4 = 5235021199741258527L;
iArr10 = new int[4];
} else {
iArr10 = iArr9;
}
if (j4 == 5407125151982145331L) {
iArr23[(i6 * 2) + 1] = (i60 << 9) | (i60 >>> 23);
j4 = 2006261316763383880L;
}
byte[] bArr13 = bArr8;
if (j4 == 6017806319896199361L) {
j4 = 2940914719786750343L;
bArr3 = new byte[]{(byte) i87, (byte) (i87 >>> 8), (byte) (i87 >>> 16), (byte) (i87 >>> 24), (byte) i72, (byte) (i72 >>> 8), (byte) (i72 >>> 16), (byte) (i72 >>> 24), (byte) i84, (byte) (i84 >>> 8), (byte) (i84 >>> 16), (byte) (i84 >>> 24), (byte) i16, (byte) (i16 >>> 8), (byte) (i16 >>> 16), (byte) (i16 >>> 24)};
}
if (j4 == 6353868812675907408L) {
i17 = i13;
i60 = a(i38, i17, iArr10);
j4 = 7193859361834778956L;
} else {
i17 = i13;
}
if (j4 == 5680233300170691155L) {
j4 = 7720877091476958305L;
}
if (j4 == 6246276100940706152L) {
final_cip[4] = 119;
j4 = 3269202292537843991L;
}
if (j4 == 7608592725865706243L) {
i6++;
j4 = 6621328629503001747L;
}
if (j4 == 6317465591117429424L) {
int rev = i84;
i84 ^= iArr23[6];
System.out.printf("0x%x ^= iArr23[6];// 0x%x \n",rev,iArr23[6]);
j4 = 8990284059334595524L;
}
if (j4 == 2137603072377791592L) {
i18 = i72;
j4 = bArr3[i6] != final_cip[i6] ? 3696715939049432759L : 4319018985115126267L;
} else {
i18 = i72;
}
if (j4 == 2776803616288623434L) {
i60 = a(i38, i17, iArr10);
j4 = 2624883423877033675L;
}
if (j4 == 4390732763753961871L) {
int i90 = i40 + 3;
iArr11 = iArr2;
int i91 = ((input_part3[i40 + 2] & 255) << 16) | ((input_part3[i40 + 1] & 255) << 8) | (input_part3[i40] & 255);
i40 += 4;
i19 = ((input_part3[i90] & 255) << 24) | i91;
System.out.printf("i19 = ((input_part3[i90] & 255) << 24) | i91;");
j4 = 8271636431825400542L;
} else {
iArr11 = iArr2;
i19 = i18;
}
if (j4 == 2168699168102359386L) {
final_cip[1] = -39;
j4 = 7377732012589796128L;
}
if (j4 == 6922153080934778037L) {
iArr23[i6 * 2] = i60;
j4 = 7063269725703171761L;
}
if (j4 == 8139682663513707735L) {
int rev1 = i87;
int rev2 = iArr23[2];
i87 ^= iArr23[2];
System.out.printf("0x%x ^= iArr23[2]; ==> 0x%x// 0x%x\n",rev1,i87,rev2);
j4 = 1818264258760743319L;
}
if (j4 == 6258872612775795445L) {
bArr5 = new byte[16];
j4 = 6728389485969756476L;
} else {
bArr5 = bArr13;
}
if (j4 == 3885594324910219477L) {
i19 ^= iArr23[5];
System.out.printf("i19 ^= iArr23[5];\n");
j4 = 5107504885568133637L;
}
if (j4 == 3593043533289075260L) {
j4 = 3635178025052271786L;
i56 = 0;
}
if (j4 == 2435557629452229653L) {
j4 = 5509768734639095146L;
}
if (j4 == 4766834611894299394L) {
final_cip[9] = -106;
j4 = 1515725586281083405L;
}
if (j4 == 2763205489416023289L) {
final_cip[10] = -34;
j4 = 1376792466778633276L;
}
if (j4 == 6583809806457227315L) {
j4 = 2100408234106893388L;
i10 = 0;
}
if (j4 == 6816337433391007991L) {
final_cip[8] = -20;
j4 = 8844440844274236713L;
}
if (j4 == 2330796828706545701L) {
j4 = 6265501985217721867L;
i54 = 0;
}
if (j4 == 1206664505993188401L) {
j4 = 4416966639446818591L;
i10 = 0;
}
if (j4 == 7152594270267019474L) {
j4 = 8601808016329414299L;
}
if (j4 == 3193075933208574218L) {
j4 = 5311422641086316628L;
i6 = 0;
}
if (j4 == 2134414655671570111L) {
final_cip[15] = 50;
j4 = 8077015324826886926L;
}
if (j4 == 7615576072437806969L) {
i6++;
j4 = 3169104890646436008L;
}
if (j4 == 7342767995630740962L) {
j4 = 5594187482349100765L;
i49 = 8;
}
if (j4 == 2012634943331272739L) {
int[] iArr25 = iArr24[3];
byte[] bArr14 = bArr12[1];
i20 = i87;
iArr20[(i6 * 2) + 513] = iArr25[(bArr14[(bArr14[i61] & 255) ^ i(i51)] & 255) ^ i(i52)];
j4 = 8016446346432534725L;
} else {
i20 = i87;
}
if (j4 == 3124355357281158283L) {
j4 = bArr3[i6] != final_cip[i6] ? 8401000026215651795L : 3749337558494560640L;
System.out.printf("cmp en_inp222, final_cip222\n");
System.out.printf("dump en_inp222:\n");
for(int i=0;i<16;i++){
System.out.printf("0x%x,",bArr3[i]);
}
System.out.printf("\n");
System.out.printf("dump final_cip222:\n");
for(int i=0;i<16;i++){
System.out.printf("0x%x,",final_cip[i]);
}
System.out.printf("\n");
// System.out.printf("dump iArr23\n");
// for(int i=0;i<40;i++){
// System.out.printf("0x%x,",iArr23[i]);
// }
// System.out.printf("\n");
}
if (j4 == 7738313729691083676L) {
j4 = i6 < i9 / 2 ? 4202436593687076484L : 7628593932436149125L;
}
if (j4 == 3638715073757882335L) {
if(i6 ==15){
System.out.printf("hhh\n");
}
j4 = bArr3[i6] != final_cip[i6] ? 4765566201281400311L : 7708592395920482331L;
System.out.printf("cmp en_inp, final_cip\n");
System.out.printf("dump en_inp:\n");
for(int i=0;i<16;i++){
System.out.printf("0x%x,",bArr3[i]);
}
System.out.printf("\n");
System.out.printf("dump final cip:\n");
for(int i=0;i<16;i++){
System.out.printf("0x%x,",final_cip[i]);
}
System.out.printf("\n");
System.out.printf("dump iArr23\n");
for(int i=0;i<40;i++){
System.out.printf("0x%x,",iArr23[i]);
}
System.out.printf("\n");
}
if (j4 == 7084261336607768407L) {
j4 = 1372428978400526091L;
i54 = 0;
}
if (j4 == 2469602840783646837L) {
j4 = 2610219915628716936L;
}
if (j4 == 2886594228447074028L) {
j4 = bArr3[i6] != final_cip[i6] ? 7812355649959096589L : 9206504687413913692L;
}
if (j4 == 7235245031966433308L) {
j4 = i6 < 256 ? 3879487290150562409L : 2908355311707016655L;
}
if (j4 == 6783335171051007387L) {
iArr23[(i6 * 2) + 1] = (i60 << 9) | (i60 >>> 23);
j4 = 3698409039146345710L;
}
if (j4 == 8494914655617116318L) {
j4 = 3308045856010871254L;
}
if (j4 == 7391897490478601836L) {
j4 = i6 < 16 ? 1947295455057318086L : 1784429727674430321L;
}
if (j4 == 9128083677415659622L) {
final_cip[13] = -114;
j4 = 9217510483877698234L;
}
if (j4 == 1729443654799488062L) {
i57--;
j4 = 8797484323472943077L;
}
if (j4 == 5592042121434727091L) {
final_cip[5] = -69;
j4 = 1323827752692402101L;
}
if (j4 == 1818264258760743319L) {
c2 = 3;
int rev = i19;
i19 ^= iArr23[3];
// System.out.printf("i19 ^= iArr23[3];1\n");
System.out.printf("0x%x ^= iArr23[3](0x%x); ==> 0x%x\n",rev,iArr23[3],i19);
j4 = 5328979100626095900L;
} else {
c2 = 3;
}
if (j4 == 6418068088604690665L) {
i19 ^= iArr23[c2];
System.out.printf("i19 ^= iArr23[c2];\n");
j4 = 1503792404112071770L;
}
if (j4 == 4594646578689629539L) {
j4 = 3365615621264263466L;
bArr3 = new byte[16];
}
if (j4 == 9195216308108861773L) {
final_cip[8] = 49;
j4 = 3200337655383209956L;
}
if (j4 == 1577535481649201043L) {
j4 = 3478198951987437965L;
i6 = 0;
}
if (j4 == 3759219415620181525L) {
i57 = i38 - 1;
j4 = 6062811699616037457L;
}
if (j4 == 3256821261585855975L) {
j4 = 3779293355388292368L;
i54 = (i54 + 1) & 255;
}
if (j4 == 6329663680677574624L) {
final_cip[15] = 50;
j4 = 4912547151723290384L;
}
if (j4 == 6187038164260617255L) {
j4 = 1311781772751449630L;
i6 = 0;
}
if (j4 == 2685803154186139471L) {
int i92 = i40 + 3;
iArr12 = iArr10;
int i93 = ((input_part3[i40 + 1] & 255) << 8) | (input_part3[i40] & 255) | ((input_part3[i40 + 2] & 255) << 16);
i40 += 4;
i21 = i93 | ((input_part3[i92] & 255) << 24);
j4 = 4729681422063648060L;
} else {
iArr12 = iArr10;
i21 = i20;
}
if (j4 == 3504079853553908765L) {
i6++;
j4 = 8954707163893861550L;
}
if (j4 == 6600686903247428085L) {
c3 = 3;
int i94 = iArr8[3];
j4 = 8816681305993860676L;
} else {
c3 = 3;
}
if (j4 == 7573029167043807009L) {
int i95 = iArr8[c3];
j4 = 8002130431631985630L;
}
if (j4 == 5388008578103207358L) {
j4 = 3805431862040669091L;
i51 = iArr8[1];
}
if (j4 == 1868667817538176147L) {
int i96 = i40 + 3;
int i97 = ((input_part3[i40 + 1] & 255) << 8) | (input_part3[i40] & 255) | ((input_part3[i40 + 2] & 255) << 16);
i40 += 4;
i21 = i97 | ((input_part3[i96] & 255) << 24);
j4 = 2889001075928355608L;
}
if (j4 == 7677570233584385171L) {
int rev = i84;
i84 = (i84 >>> 1) | (i84 << 31);
System.out.printf("0x%x = (0x%x >>> 1) | (0x%x << 31);\n",i84,rev,rev);
j4 = 1923774560246569152L;
}
if (j4 == 7215264321897972490L) {
j4 = 7299484503295174969L;
i10 = 0;
}
if (j4 == 7269244363048797189L) {
j4 = 8344335594272363090L;
}
if (j4 == 5153625468444186480L) {
int rev = i84;
i84 = (i84 >>> 1) | (i84 << 31);
System.out.printf("0x%x = (0x%x >>> 1) | (0x%x << 31);\n",i84,rev,rev);
j4 = 1160266727076026994L;
}
if (j4 == 8405907736709769083L) {
j4 = bArr3[i6] != final_cip[i6] ? 4727667340962820071L : 8074621974338335444L;
}
if (j4 == 7720877091476958305L) {
j4 = 2712255506212294232L;
i56 = ((bArr5[i62] & 255) + (bArr11[i6] & 255) + i56) & 255;
}
if (j4 == 5859366234801575937L) {
bArr3[i6] = (byte) (bArr4[i6] ^ bArr11[i53]);
j4 = 4375059743535676664L;
}
if (j4 == 8642648116757711055L) {
i62 = (i62 + 1) % 16;
j4 = 3176206153682062025L;
}
if (j4 == 7927706331794218369L) {
final_cip[10] = -4;
j4 = 4044116278763382115L;
}
if (j4 == 7620824939062689078L) {
i19 ^= iArr23[3];
System.out.printf("i19 ^= iArr23[3];2\n");
j4 = 9203235650833687810L;
}
if (j4 == 3176206153682062025L) {
i6++;
j4 = 5158554594830700929L;
}
if (j4 == 3785530020709649507L) {
bArr11[i6] = (byte) i6;
j4 = 7615576072437806969L;
}
if (j4 == 6830438277265895922L) {
final_cip[15] = 115;
j4 = 5737565298662478736L;
}
if (j4 == 4730643406790254771L) {
j4 = 4975363132170806438L;
i62 = 0;
}
if (j4 == 4687532178299999822L) {
int rev = i84;
i84 ^= (i47 + i48) + iArr23[i49];
System.out.printf("0x%x ^= (0x%x + 0x%x) + iArr23[0x%x]; ==> 0x%x//0x%x ===2\n",rev,i47,i48,i49,i84,iArr23[i49]);
j4 = 7677570233584385171L;
i49++;
}
if (j4 == 3511893548020497197L) {
int rev = i84;
i84 ^= iArr23[6];
System.out.printf("0x%x ^= iArr23[6]; ==> 0x%x // 0x%x\n",rev,i84,iArr23[6]);
j4 = 7197100520713411792L;
}
if (j4 == 3490326607433591043L) {
j4 = 3785530020709649507L;
}
if (j4 == 8964480036317405863L) {
i60 += i41;
j4 = 6411465233834267853L;
}
if (j4 == 7053198258759358084L) {
j4 = 9072050633124824651L;
i6 = 0;
}
if (j4 == 4919743909045453378L) {
final_cip[3] = -45;
j4 = 7612433227526352592L;
}
if (j4 == 3918700728063325793L) {
int rev1 = i21;
i21 ^= (i47 + i48) + iArr23[i49];
// System.out.printf("i21: 0x%x\n",i21);
System.out.printf("0x%x ^= (0x%x + 0x%x) + iArr23[0x%x]; ==> 0x%x // 0x%x ===3 \n",rev1,i47,i48,i49,i21,iArr23[i49]);
j4 = 3799650815120663631L;
i49++;
}
if (j4 == 3244817401922083652L) {
j4 = 3508095575112387696L;
i40 = 0;
}
if (j4 == 1791103446893765993L) {
int[] iArr26 = iArr24[3];
byte[] bArr15 = bArr12[1];
iArr20[(i6 * 2) + 513] = iArr26[(bArr15[(bArr15[i61] & 255) ^ i(i51)] & 255) ^ i(i52)];
j4 = 5028010433435687981L;
}
if (j4 == 2754848930084988709L) {
final_cip[0] = -97;
j4 = 4098100907245666696L;
}
if (j4 == 5634423947985751522L) {
j4 = 6069099502938214271L;
iArr23 = new int[i9];
}
if (j4 == 7907227585526812034L) {
j4 = 8327337783489553350L;
i56 = ((bArr5[i62] & 255) + (bArr11[i6] & 255) + i56) & 255;
}
if (j4 == 3150114737913458226L) {
i10 += 2;
j4 = 2100408234106893388L;
}
int i98 = i10;
if (j4 == 8057179424399068224L) {
bArr11[i54] = bArr11[i55];
j4 = 8706528655033256702L;
}
if (j4 == 4013039085825403792L) {
final_cip[7] = -33;
j4 = 6385765029630073007L;
}
if (j4 == 4268434749325211515L) {
i22 = 33686018 + i17;
j4 = 7738313729691083676L;
} else {
i22 = i17;
}
if (j4 == 9090300621190835968L) {
j4 = 9002596763800113747L;
i50 = i6;
i58 = i50;
i61 = i58;
i63 = i61;
}
if (j4 == 6742327015997388752L) {
i16 ^= ((i48 * 2) + i47) + iArr23[i49];
System.out.printf("i16 ^= ((i48 * 2) + i47) + iArr23[i49];\n");
j4 = 7233187872281632736L;
i49++;
}
if (j4 == 4335696836688972368L) {
i23 = bArr5.length;
j4 = 4477685489247392220L;
} else {
i23 = i15;
}
if (j4 == 5982238460718101231L) {
bArr11[i6] = bArr11[i56];
j4 = 7734105193329641264L;
}
if (j4 == 7079524315661024246L) {
i24 = i98;
j4 = i6 < 16 ? 4839378301785589868L : 4531779885876544223L;
} else {
i24 = i98;
}
if (j4 == 3798078227232544657L) {
int rev = i19;
i19 ^= ((i48 * 2) + i47) + iArr23[i49];
System.out.printf("0x%x ^= ((0x%x * 2) + 0x%x) + iArr23[0x%x](0x%x); ==> 0x%x ===4 \n",rev,i48,i47,i49,iArr23[i49],i19);
i49++;
j4 = 4170216661130793823L;
}
if (j4 == 1875129475667370410L) {
int[] iArr27 = iArr24[3];
byte[] bArr16 = bArr12[1];
bArr6 = bArr12;
iArr20[(i6 * 2) + 513] = iArr27[(bArr16[(bArr16[i61] & 255) ^ i(i51)] & 255) ^ i(i52)];
j4 = 9181295485946627806L;
} else {
bArr6 = bArr12;
}
if (j4 == 7780188459499837486L) {
i57 = i38 - 1;
j4 = 3286379070729456885L;
}
if (j4 == 5426809489659825220L) {
int i99 = i4 + 3;
i25 = i16;
System.out.printf("i25 = i16;\n");
int i100 = ((bArr5[i4 + 1] & 255) << 8) | (bArr5[i4] & 255) | ((bArr5[i4 + 2] & 255) << 16);
i4 += 4;
iArr12[i6] = i100 | ((bArr5[i99] & 255) << 24);
j4 = 7830774370852576407L;
} else {
i25 = i16;
}
if (j4 == 8738922874029281563L) {
i6++;
j4 = 1909122035249646259L;
}
if (j4 == 6665095630221528608L) {
bArr5 = new byte[16];
j4 = 7621196338214628961L;
}
if (j4 == 6179510455852880218L) {
final_cip[12] = 101;
j4 = 8310787871818619634L;
}
if (j4 == 3569809687587833405L) {
i52 = iArr8[0];
j4 = 8603388170022135396L;
}
if (j4 == 1167911205115368985L) {
int i101 = i4 + 3;
int i102 = ((bArr5[i4 + 1] & 255) << 8) | (bArr5[i4] & 255) | ((bArr5[i4 + 2] & 255) << 16);
i4 += 4;
iArr11[i6] = i102 | ((bArr5[i101] & 255) << 24);
j4 = 6994571557561233697L;
}
int i103 = i4;
if (j4 == 8623714993202893823L) {
final_cip[11] = -88;
j4 = 2189736568610615783L;
}
if (j4 == 4577416787505181944L) {
final_cip[2] = 118;
j4 = 5378952491855986803L;
}
if (j4 == 8789625248543143702L) {
final_cip[2] = 118;
j4 = 7991109021174387007L;
}
if (j4 == 1485094653842035027L) {
j4 = (i6 >= 4 || i103 >= i23) ? 8504695950589395449L : 8461713412992271361L;
}
if (j4 == 4170216661130793823L) {
i47 = b(i21, 0, iArr20);
System.out.printf("0x%x = b(0x%x, 0, iArr20);4\n",i47,i21);
// System.out.printf("i47: 0x%x\n",i47);
j4 = 2381872149833716276L;
}
if (j4 == 8666010438815626922L) {
b2 = bArr11[i54];
j4 = 8057179424399068224L;
}
if (j4 == 7041655693530341265L) {
i19 ^= ((i48 * 2) + i47) + iArr23[i49];
System.out.printf("i19 ^= ((i48 * 2) + i47) + iArr23[i49]; ===5\n");
j4 = 3169561277751192603L;
i49++;
}
if (j4 == 4609849330570144880L) {
final_cip[9] = -77;
j4 = 2289044719646071181L;
}
if (j4 == 5449112193696891016L) {
j4 = 3124355357281158283L;
}
if (j4 == 8662712234784089029L) {
i23 = bArr5.length;
j4 = 8878582214211818374L;
}
if (j4 == 6115233329846619454L) {
j4 = 5395204442363878272L;
}
if (j4 == 4483906068230756548L) {
j4 = 6676485492170781350L;
}
if (j4 == 1956686733200189415L) {
final_cip = new byte[16];
j4 = 7006355891692714059L;
}
if (j4 == 8053000807881165967L) {
int rev =i84;
i84 ^= (i47 + i48) + iArr23[i49];
System.out.printf("0x%x ^= (0x%x + 0x%x) + iArr23[0x%x]; ==> 0x%x//0x%x ===6 \n",rev,i47,i48,i49,i84,iArr23[i49]);
j4 = 5495851403009851521L;
i49++;
}
if (j4 == 7143194817459945248L) {
j4 = 3373811553476160062L;
}
if (j4 == 1749537745733462777L) {
j4 = (i6 >= 4 || i103 >= i23) ? 6551390027023926275L : 4570635662716578048L;
}
if (j4 == 2188405883759779224L) {
j4 = 3918062052349580671L;
i62 = 0;
}
if (j4 == 7235937894701642304L) {
int rev = i21;
i21 = (i21 << 31) | (i21 >>> 1);
System.out.printf("0x%x = (0x%x << 31) | (0x%x >>> 1);\n",i21,rev,rev);
j4 = 7301888031531657853L;
}
if (j4 == 2995796423546491127L) {
j4 = 9170084184750692299L;
}
if (j4 == 8002130431631985630L) {
iArr20 = new int[1024];
j4 = 7166648683214755429L;
}
if (j4 == 2860092959791447983L) {
j4 = 7348308086934515854L;
i56 = ((bArr5[i62] & 255) + (bArr11[i6] & 255) + i56) & 255;
}
if (j4 == 7591776709387561072L) {
iArr13 = new int[4];
j4 = 4062230737866491849L;
} else {
iArr13 = iArr11;
}
if (j4 == 3688747761534332265L) {
int rev = i84;
i84 ^= iArr23[0];
System.out.printf("0x%x ^= iArr23[0]; ==> 0x%x // 0x%x\n",rev,i84,iArr23[0]);
j4 = 2443751596759295723L;
}
if (j4 == 6453676624431139898L) {
i6++;
j4 = 1913249944150004525L;
}
if (j4 == 5235021199741258527L) {
iArr13 = new int[4];
j4 = 8117727425067800668L;
}
if (j4 == 7708592395920482331L) {
i6++;
j4 = 1210447254521047538L;
}
if (j4 == 4538286560804077206L) {
i47 = b(i84, 0, iArr20);
System.out.printf("0x%x = b(0x%x, 0, iArr20);5\n",i47,i84);
j4 = 5165812183614621889L;
}
if (j4 == 7068862727388703850L) {
j4 = 3933803068447152709L;
}
if (j4 == 7957723699443428076L) {
i26 = i84;
int i104 = i103 + 3;
i27 = i21;
int i105 = (bArr5[i103] & 255) | ((bArr5[i103 + 1] & 255) << 8) | ((bArr5[i103 + 2] & 255) << 16);
i103 += 4;
iArr12[i6] = i105 | ((bArr5[i104] & 255) << 24);
j4 = 6933247193213399925L;
} else {
i26 = i84;
i27 = i21;
}
if (j4 == 5595710579549419349L) {
i6++;
j4 = 1620820052340096368L;
}
if (j4 == 8097574055691912384L) {
int i106 = i40 + 3;
int i107 = ((input_part3[i40 + 1] & 255) << 8) | (input_part3[i40] & 255) | ((input_part3[i40 + 2] & 255) << 16);
i40 += 4;
i28 = i107 | ((input_part3[i106] & 255) << 24);
System.out.printf("i28 = i107 | ((input_part3[i106] & 255) << 24);\n");
j4 = 4298963903025309444L;
} else {
i28 = i26;
}
if (j4 == 2617081080307970335L) {
j4 = 4473724296154421454L;
i54 = (i54 + 1) & 255;
}
if (j4 == 8528493068304898123L) {
final_cip[8] = 49;
j4 = 3725381910638361431L;
}
if (j4 == 5710521428222058283L) {
j4 = 6282419177198653002L;
i6 = 0;
}
if (j4 == 5509705484215944470L) {
i41 = a(i38, 0x1010101 + i22, iArr13);
j4 = 9155937893447827252L;
}
if (j4 == 8141640372958328067L) {
b2 = bArr11[i6];
j4 = 3883979507512821622L;
}
if (j4 == 5014224365646153772L) {
final_cip[14] = -120;
j4 = 6781964674139290256L;
}
if (j4 == 2741486890114654248L) {
final_cip[9] = -106;
j4 = 7927706331794218369L;
}
if (j4 == 5351528138698026150L) {
iArr23[i6 * 2] = i60;
j4 = 8223258137555177735L;
}
if (j4 == 1307281791046846137L) {
int i108 = i40 + 3;
int i109 = ((input_part3[i40 + 1] & 255) << 8) | (input_part3[i40] & 255) | ((input_part3[i40 + 2] & 255) << 16);
i40 += 4;
i28 = i109 | ((input_part3[i108] & 255) << 24);
System.out.printf("i28 = 0x%x\n",i28);
j4 = 8545670441877195089L;
}
if (j4 == 3315634246002652401L) {
j4 = 7391422008886710088L;
i6 = 0;
}
if (j4 == 8726141804031885222L) {
j4 = 6206967618882655077L;
iArr23 = new int[i9];
}
if (j4 == 6265501985217721867L) {
j4 = 7228169035332109883L;
i55 = 0;
}
if (j4 == 6042232201362629815L) {
return false;
}
if (j4 == 4915474783797972804L) {
j4 = 4721983077526601781L;
i6 = 0;
}
if (j4 == 1644016907092934503L) {
final_cip[11] = -113;
j4 = 2009277883651077966L;
}
if (j4 == 3242248119027284566L) {
final_cip[2] = Byte.MIN_VALUE;
j4 = 4919743909045453378L;
}
if (j4 == 8401000026215651795L) {
j4 = 6042232201362629815L;
}
int i110 = i25;
if (j4 == 1757468250215542428L) {
i48 = b(i110, 3, iArr20);
// System.out.printf("i48 = b(i110, 3, iArr20);\n");
System.out.printf("0x%x = b(0x%x, 3, iArr20);6\n",i48,i110);
j4 = 3918700728063325793L;
}
if (j4 == 3805431862040669091L) {
int i111 = iArr8[2];
j4 = 7573029167043807009L;
}
if (j4 == 1562483755754170452L) {
b2 = bArr11[i54];
j4 = 1281267670811563792L;
}
if (j4 == 4775749037024366417L) {
bArr11 = new byte[256];
j4 = 6667018595382172981L;
}
if (j4 == 7215458347621232043L) {
final_cip[6] = 22;
j4 = 4013039085825403792L;
}
if (j4 == 8851840692175027013L) {
j4 = 3971401812264761653L;
}
if (j4 == 6496457465553891320L) {
final_cip[3] = -45;
j4 = 9067166631630121596L;
}
if (j4 == 4899867139846737305L) {
j4 = 3291362829469222813L;
i6 = 0;
}
if (j4 == 4949400257663735525L) {
return true;
}
if (j4 == 6624026845403021411L) {
i9 = 40;
j4 = 1384619611072712114L;
}
if (j4 == 3717774128157910605L) {
final_cip[14] = -120;
j4 = 5632710845036330174L;
}
if (j4 == 4703006722331764068L) {
final_cip[1] = 46;
j4 = 5925562685676025045L;
}
if (j4 == 8906950120270949104L) {
i110 = (i110 >>> 31) | (i110 << 1);
System.out.printf("i110 = (i110 >>> 31) | (i110 << 1);1\n");
j4 = 4054239504286538232L;
}
if (j4 == 2968358151039079624L) {
j4 = 8694332280188348797L;
i62 = 0;
}
if (j4 == 4731072527315935075L) {
i29 = i103;
j4 = input.length() < 64 ? 7152594270267019474L : 7207634175374518959L;
} else {
i29 = i103;
}
if (j4 == 5837388147636045013L) {
final_cip[13] = 34;
j4 = 4209003260697362161L;
}
if (j4 == 3348113858426447674L) {
i6++;
j4 = 3239610692754448539L;
}
if (j4 == 8499802369700230427L) {
i62 = (i62 + 1) % 16;
j4 = 6852692350973101702L;
}
if (j4 == 1355827378937596861L) {
int i112 = iArr8[2];
j4 = 3159131613398236155L;
}
if (j4 == 3765463719702917373L) {
final_cip[3] = -67;
j4 = 6246276100940706152L;
}
if (j4 == 7439466117788503430L) {
final_cip[10] = -4;
j4 = 4184352008924436096L;
}
if (j4 == 7328217541416181185L) {
i62 = (i62 + 1) % 16;
j4 = 7494950256479009720L;
}
if (j4 == 4931416120428297318L) {
j4 = 3272108066239338657L;
i41 = a(i38, 0x1010101 + i22, iArr13);
}
if (j4 == 1853586948992287921L) {
i110 ^= iArr23[7];
System.out.printf("i110 ^= iArr23[7];1\n");
j4 = 3369304386314801955L;
}
int i113 = i24;
if (j4 == 2100408234106893388L) {
j4 = i113 < 16 ? 6044249269185916930L : 4967406293272637771L;
}
if (j4 == 6202119020092438945L) {
bArr11 = new byte[256];
j4 = 6207585730399429197L;
}
if (j4 == 1239202435642479562L) {
j4 = 6282588756826602766L;
i6 = 0;
}
if (j4 == 2921277261483052884L) {
j4 = 3805451690314712856L;
i9 = 40;
}
if (j4 == 4571385285247507939L) {
iArr23[(i6 * 2) + 1] = (i60 << 9) | (i60 >>> 23);
j4 = 1234569916309842559L;
}
if (j4 == 3460300782170937607L) {
i38 = i23 / 8;
j4 = 2921277261483052884L;
}
if (j4 == 3124726175048856375L) {
i110 ^= iArr23[1];
System.out.printf("i110 ^= iArr23[1];2\n");
j4 = 8088807405999475448L;
}
if (j4 == 7309113347123373839L) {
j4 = 2272798444665954523L;
i6 = 0;
}
if (j4 == 3997704319387063135L) {
j4 = 8997468243049584150L;
}
if (j4 == 8861860503648848567L) {
i30 = i9;
iArr14 = iArr8;
input_partt4 = Arrays.copyOfRange(input.getBytes(), 48, 64);
j4 = 2330796828706545701L;
} else {
i30 = i9;
iArr14 = iArr8;
input_partt4 = bArr4;
}
if (j4 == 4410622224915986892L) {
final_cip[1] = 46;
j4 = 6711257227006116877L;
}
if (j4 == 7194106817561645911L) {
final_cip[13] = -114;
j4 = 5512350061105350170L;
}
if (j4 == 6612240120868137916L) {
bArr11[i56] = b2;
j4 = 5693093104358912780L;
}
if (j4 == 2982641033187796690L) {
iArr20[(i6 * 2) + 1] = iArr24[1][(bArr6[0][(bArr6[1][i50] & 255) ^ g(i51)] & 255) ^ g(i52)];
j4 = 3486271154687386954L;
}
if (j4 == 3031198949573775541L) {
i6++;
j4 = 9203595848917361081L;
}
if (j4 == 5055689685515914335L) {
j4 = i6 < 256 ? 1247075058077372606L : 6091441190737178001L;
}
if (j4 == 8682936313381034341L) {
i31 = i6;
input_part3 = Arrays.copyOfRange(input.getBytes(), 32, 48);
j4 = 5026574997973149922L;
} else {
i31 = i6;
}
if (j4 == 4765566201281400311L) {
j4 = 4878474884038157657L;
}
if (j4 == 3434639405684086363L) {
final_cip[7] = -33;
j4 = 2197600650028069726L;
}
if (j4 == 8117727425067800668L) {
iArr15 = new int[4];
j4 = 7442085785176969176L;
} else {
iArr15 = iArr14;
}
if (j4 == 7857940782209243597L) {
j4 = 3759219415620181525L;
i31 = 0;
}
if (j4 == 2003868226519400571L) {
j4 = 4691140216346611221L;
}
if (j4 == 2466964143165741837L) {
j4 = 3169104890646436008L;
i31 = 0;
}
if (j4 == 8308487276324327784L) {
bArr11[i31] = bArr11[i56];
j4 = 2555970059350819025L;
}
if (j4 == 4202436593687076484L) {
j4 = 2776803616288623434L;
}
if (j4 == 6996128371779785436L) {
j4 = 8730538436400569799L;
i29 = 0;
}
if (j4 == 8935933772175304137L) {
int rev = i28;
i28 ^= iArr23[0];
System.out.printf("0x%x ^= iArr23[0](0x%x); ==> 0x%x \n",rev, iArr23[0],i28);
j4 = 7219960127837973449L;
}
if (j4 == 1715651793431489116L) {
bArr3[i31] = (byte) (input_partt4[i31] ^ bArr11[i53]);
System.out.printf("==> 0x%x = (input_partt4[0x%x] ^ bArr11[0x%x](0x%x));\n",bArr3[i31],i31,i53,bArr11[i53]);
j4 = 1688352577061095122L;
}
if (j4 == 4192332344726786256L) {
final_cip[1] = 46;
j4 = 3242248119027284566L;
}
if (j4 == 6097367080807002346L) {
j4 = input.length() < 64 ? 4134022033126525745L : 9084636122582124317L;
}
if (j4 == 1645136258490241993L) {
j4 = 4956183964370101238L;
i31 = 0;
}
if (j4 == 8865616538709174935L) {
i32 = (((i48 * 2) + i47) + iArr23[i49]) ^ i110;
System.out.printf("0x%x = (((0x%x * 2) + 0x%x) + iArr23[0x%x]) ^ 0x%x; // 0x%x |3\n",i32,i48,i47,i49,i110,iArr23[i49]);
j4 = 3150114737913458226L;
i49++;
} else {
i32 = i110;
}
if (j4 == 5163304606225864297L) {
final_cip[4] = 119;
j4 = 5175101841935525119L;
}
if (j4 == 9026190483180684217L) {
int i114 = i40 + 3;
bArr7 = input_partt4;
int i115 = ((input_part3[i40 + 2] & 255) << 16) | ((input_part3[i40 + 1] & 255) << 8) | (input_part3[i40] & 255);
i40 += 4;
i33 = i115 | ((input_part3[i114] & 255) << 24);
j4 = 7022880009955170057L;
} else {
bArr7 = input_partt4;
i33 = i27;
}
if (j4 == 2300035979815882265L) {
i60 += i41;
j4 = 5407125151982145331L;
}
if (j4 == 7076999511290385819L) {
final_cip[10] = -4;
j4 = 5005580943279474124L;
}
if (j4 == 7957423564036594724L) {
int rev = i28;
i28 ^= iArr23[6];
// System.out.printf("i28 ^= iArr23[6];\n");
System.out.printf("0x%x ^= iArr23[6](0x%x); ==> 0x%x \n",rev,iArr23[6],i28);
j4 = 3166750012504996540L;
}
if (j4 == 2082226578850038631L) {
j4 = 8587595791621758818L;
i34 = 0;
} else {
i34 = i31;
}
if (j4 == 7377732012589796128L) {
final_cip[2] = 118;
j4 = 3765463719702917373L;
}
if (j4 == 8706528655033256702L) {
bArr11[i55] = b2;
j4 = 3944034548958798065L;
}
if (j4 == 7207634175374518959L) {
bArr5 = new byte[16];
j4 = 8619643661940722843L;
}
if (j4 == 5958651804061655044L) {
iArr16 = iArr12;
i60 = a(i38, i22, iArr16);
j4 = 4120500615914686322L;
} else {
iArr16 = iArr12;
}
if (j4 == 5373825686582120237L) {
int[] iArr28 = iArr24[0];
byte[] bArr17 = bArr6[0];
iArr17 = iArr16;
iArr20[i34 * 2] = iArr28[(bArr17[(bArr17[i63] & 255) ^ f(i51)] & 255) ^ f(i52)];
j4 = 5188016447122403309L;
} else {
iArr17 = iArr16;
}
if (j4 == 8657852808421337216L) {
final_cip[0] = -97;
j4 = 7303977094428283562L;
}
if (j4 == 2559141778370937007L) {
j4 = i34 < bArr5.length ? 8226334980212259602L : 1807466501694616499L;
}
if (j4 == 7612433227526352592L) {
final_cip[4] = 56;
j4 = 8113126029116536782L;
}
if (j4 == 6641130065549689505L) {
i60 += i41;
j4 = 4904370970975869766L;
}
if (j4 == 6249148651518141632L) {
c4 = 6;
final_cip[6] = 22;
j4 = 8443672320267095196L;
} else {
c4 = 6;
}
if (j4 == 7100981003187767618L) {
final_cip[c4] = 86;
j4 = 6684206521967284343L;
}
int i116 = i38;
if (j4 == 5985635937414591521L) {
j4 = 7309113347123373839L;
bArr3 = new byte[16];
}
if (j4 == 4904370970975869766L) {
iArr23[i34 * 2] = i60;
j4 = 2300035979815882265L;
}
if (j4 == 8095882760764902094L) {
int[] iArr29 = iArr24[0];
byte[] bArr18 = bArr6[0];
iArr20[i34 * 2] = iArr29[(bArr18[(bArr18[i63] & 255) ^ f(i51)] & 255) ^ f(i52)];
j4 = 1614246019380523334L;
}
if (j4 == 8485630121070762057L) {
j4 = i34 < 256 ? 1578923656121161355L : 2196269207190278500L;
}
if (j4 == 1807466501694616499L) {
iArr18 = iArr13;
j4 = 7113837318717080147L;
input_part3 = Arrays.copyOfRange(input.getBytes(), 32, 48);
} else {
iArr18 = iArr13;
}
if (j4 == 4136628260743276174L) {
j4 = 7015557725723415691L;
i50 = i34;
i58 = i50;
i61 = i58;
i63 = i61;
}
if (j4 == 7628593932436149125L) {
j4 = 5388008578103207358L;
i52 = iArr15[0];
}
if (j4 == 1688352577061095122L) {
i34++;
j4 = 2272798444665954523L;
}
if (j4 == 9156114371027586341L) {
return false;
}
if (j4 == 8003113504676674850L) {
final_cip[7] = -33;
j4 = 4020479843606037028L;
}
if (j4 == 5538777342439939651L) {
bArr11[i54] = bArr11[i55];
j4 = 5136352466433219964L;
}
if (j4 == 6062303455322103900L) {
j4 = 3727400916568393083L;
i56 = 0;
}
if (j4 == 2112374256663903657L) {
final_cip[5] = -69;
j4 = 6479748932467918819L;
}
if (j4 == 7105550752828252141L) {
j4 = 5426809489659825220L;
}
if (j4 == 3779293355388292368L) {
j4 = 8666010438815626922L;
i55 = ((bArr11[i54] & 255) + i55) & 255;
}
if (j4 == 4044116278763382115L) {
final_cip[11] = -113;
j4 = 1931444552567951803L;
}
if (j4 == 2228853410470432732L) {
j4 = 5808169080060243476L;
bArr3 = new byte[]{(byte) i33, (byte) (i33 >>> 8), (byte) (i33 >>> 16), (byte) (i33 >>> 24), (byte) i19, (byte) (i19 >>> 8), (byte) (i19 >>> 16), (byte) (i19 >>> 24), (byte) i28, (byte) (i28 >>> 8), (byte) (i28 >>> 16), (byte) (i28 >>> 24), (byte) i32, (byte) (i32 >>> 8), (byte) (i32 >>> 16), (byte) (i32 >>> 24)};
System.out.printf("bArr3 = new byte[]{(byte) i33, (byte) (i33 >>> 8), (byte) (i33 >>> 16), (byte) (i33 >>> 24), (byte)\n");
}
if (j4 == 9179206018690720602L) {
int rev = i19;
i19 ^= iArr23[5];
System.out.printf("0x%x ^= iArr23[5](0x%x); ==> 0x%x\n",rev,iArr23[5],i19);
j4 = 3612472421307200740L;
}
if (j4 == 6016756214847724921L) {
int rev = i19;
i19 = (i19 >>> 31) | (i19 << 1);
System.out.printf("0x%x = (0x%x >>> 31) | (0x%x << 1);1 \n",i19,rev,rev);
j4 = 5461752164917072913L;
}
if (j4 == 4803956414827796846L) {
int[] iArr30 = iArr24[0];
byte[] bArr19 = bArr6[0];
iArr20[i34 * 2] = iArr30[(bArr19[(bArr19[i63] & 255) ^ f(i51)] & 255) ^ f(i52)];
j4 = 4369458919546020466L;
}
if (j4 == 6962662929294394300L) {
return false;
}
if (j4 == 8016446346432534725L) {
i34++;
j4 = 3232348833396235159L;
}
if (j4 == 6087563668281968390L) {
j4 = 7310006369231674608L;
i49 = 8;
}
if (j4 == 1787685171167549243L) {
i22 += 33686018;
j4 = 7412843220635102870L;
}
i39 = i22;
if (j4 == 2699912527891922057L) {
j4 = 1392904840951541524L;
i34 = 0;
}
if (j4 == 4755329529059895386L) {
j4 = 7781468632794343149L;
iArr21 = new int[4];
} else {
iArr21 = iArr17;
}
if (j4 == 8062189661182021718L) {
bArr11[i55] = b2;
j4 = 4392895671140748120L;
}
if (j4 == 8209964894033195569L) {
i113 += 2;
j4 = 2325655040068091391L;
}
if (j4 == 2329622646202800515L) {
j4 = 6933244932276356793L;
bArr3 = new byte[]{(byte) i33, (byte) (i33 >>> 8), (byte) (i33 >>> 16), (byte) (i33 >>> 24), (byte) i19, (byte) (i19 >>> 8), (byte) (i19 >>> 16), (byte) (i19 >>> 24), (byte) i28, (byte) (i28 >>> 8), (byte) (i28 >>> 16), (byte) (i28 >>> 24), (byte) i32, (byte) (i32 >>> 8), (byte) (i32 >>> 16), (byte) (i32 >>> 24)};
System.out.printf("bArr3 = new byte[]{(byte) i33, (byte) (i33 >>> 8), (by\n");
}
if (j4 == 4896714650032568544L) {
int rev = i19;
i19 ^= ((i48 * 2) + i47) + iArr23[i49];
System.out.printf("0x%x ^= ((0x%x * 2) + 0x%x) + iArr23[0x%x](0x%x); ==> 0x%x ===7\n",rev,i48,i47,i49,iArr23[i49],i19);
j4 = 8940878725577409718L;
i49++;
}
if (j4 == 6833218581303746055L) {
return false;
}
if (j4 == 2637559127033415801L) {
bArr11[i34] = bArr11[i56];
j4 = 7627928995385457046L;
}
if (j4 == 4261074493174756469L) {
j4 = i34 < 256 ? 3408743489810642039L : 8375352851180859940L;
}
if (j4 == 8969184396941120013L) {
j4 = 7541922949363534567L;
i38 = i23 / 8;
} else {
i38 = i116;
}
if (j4 == 1917218271936056345L) {
j4 = 4803956414827796846L;
i50 = i34;
i58 = i50;
i61 = i58;
i63 = i61;
}
if (j4 == 3958656691010217951L) {
i57--;
j4 = 8093763168178308163L;
}
if (j4 == 8966069347392902833L) {
j4 = 1697106464609179154L;
b2 = bArr11[i54];
}
if (j4 == 5288938734069839879L) {
j4 = 3194583820407555776L;
i54 = 0;
}
if (j4 == 6044249269185916930L) {
j4 = 5249992174669506009L;
}
if (j4 == 1206168581136677569L) {
final_cip[15] = 50;
j4 = 4915474783797972804L;
}
if (j4 == 1225816651125339139L) {
final_cip[15] = 115;
j4 = 6949424180928127742L;
}
if (j4 == 7228169035332109883L) {
bArr11 = new byte[256];
j4 = 2188405883759779224L;
}
if (j4 == 9201993842457705897L) {
i34++;
j4 = 7273042193299891196L;
}
if (j4 == 7492257630851803835L) {
j4 = 8650561979795023195L;
}
if (j4 == 7107095938156443067L) {
final_cip = new byte[16];
j4 = 3906426331893585755L;
}
if (j4 == 2619183670644040407L) {
int rev = i28;
i28 ^= iArr23[0];
System.out.printf("0x%x ^= iArr23[0](0x%x); ==> 0x%x \n",rev, iArr23[0],i28);
j4 = 8450049976084005921L;
}
i59 = i28;
if (j4 == 2510646431895229276L) {
final_cip[7] = -102;
j4 = 5437327595751534596L;
}
if (j4 == 2999075064852109317L) {
j4 = 1210447254521047538L;
i34 = 0;
}
if (j4 == 8619643661940722843L) {
j4 = 2559141778370937007L;
i34 = 0;
}
if (j4 == 8401256578222293697L) {
final_cip[2] = Byte.MIN_VALUE;
j4 = 1899084405611363136L;
}
if (j4 == 3480570335270326812L) {
i34++;
j4 = 8373337668999560823L;
}
if (j4 == 7341970985672155477L) {
final_cip[9] = -77;
j4 = 7101323025934545574L;
}
if (j4 == 6604647837791727209L) {
final_cip[4] = 119;
j2 = 5029569272935880611L;
} else {
j2 = j4;
}
if (j2 == 5613764015967390693L) {
bArr5[i34] = (byte) i34;
j2 = 8689932493166301704L;
}
i45 = i32;
iArr22 = iArr15;
i35 = i34;
i36 = i30;
i44 = i29;
bArr9 = bArr3;
i46 = i33;
iArr19 = iArr18;
int i117 = i113;
i37 = i23;
bArr8 = bArr5;
j3 = j2;
i43 = i117;
i42 = i19;
bArr10 = bArr7;
}
return false;
}
}
- 发表于 2024-11-12 10:00:02
- 阅读 ( 2190 )
- 分类:二进制
1 篇文章
