用die 打开看到是一个UPX壳的ELF文件

image-20230905093518476

先把它放在kali里面运行看看

image-20230905093902055

upx 壳,直接下载一个脱壳的工具【github】然后

1
upx -d re

脱壳

放到IDA中看

image-20230905100826317

这里重要的是:sub4009AE 这个函数_

进去一看全是if,这里就不能返回0 所以得全部都=

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
{
  if ( 1629056 * *a1 != 166163712 )
    return 0LL;
  if ( 6771600 * a1[1] != 731332800 )
    return 0LL;
  if ( 3682944 * a1[2] != 357245568 )
    return 0LL;
  if ( 10431000 * a1[3] != 1074393000 )
    return 0LL;
  if ( 3977328 * a1[4] != 489211344 )
    return 0LL;
  if ( 5138336 * a1[5] != 518971936 )
    return 0LL;
  if ( 7532250 * a1[7] != 406741500 )
    return 0LL;
  if ( 5551632 * a1[8] != 294236496 )
    return 0LL;
  if ( 3409728 * a1[9] != 177305856 )
    return 0LL;
  if ( 13013670 * a1[10] != 650683500 )
    return 0LL;
  if ( 6088797 * a1[11] != 298351053 )
    return 0LL;
  if ( 7884663 * a1[12] != 386348487 )
    return 0LL;
  if ( 8944053 * a1[13] != 438258597 )
    return 0LL;
  if ( 5198490 * a1[14] != 249527520 )
    return 0LL;
  if ( 4544518 * a1[15] != 445362764 )
    return 0LL;
  if ( 3645600 * a1[17] != 174988800 )
    return 0LL;
  if ( 10115280 * a1[16] != 981182160 )
    return 0LL;
  if ( 9667504 * a1[18] != 493042704 )
    return 0LL;
  if ( 5364450 * a1[19] != 257493600 )
    return 0LL;
  if ( 13464540 * a1[20] != 767478780 )
    return 0LL;
  if ( 5488432 * a1[21] != 312840624 )
    return 0LL;
  if ( 14479500 * a1[22] != 1404511500 )
    return 0LL;
  if ( 6451830 * a1[23] != 316139670 )
    return 0LL;
  if ( 6252576 * a1[24] != 619005024 )
    return 0LL;
  if ( 7763364 * a1[25] != 372641472 )
    return 0LL;
  if ( 7327320 * a1[26] != 373693320 )
    return 0LL;
  if ( 8741520 * a1[27] != 498266640 )
    return 0LL;
  if ( 8871876 * a1[28] != 452465676 )
    return 0LL;
  if ( 4086720 * a1[29] != 208422720 )
    return 0LL;
  if ( 9374400 * a1[30] == 515592000 )
    return 5759124 * a1[31] == 719890500;
  return 0LL;
}

image-20230905104217438

C语言代码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#include <stdio.h>
#include <string>
// (5364450 * a1[19] != 257493600)
////return 0LL;
//return 0LL;
// if (13464540 * a1[20] != 767478780)
//     return 0LL;
// if (5488432 * a1[21] != 312840624)
//     return 0LL;
// if (14479500 * a1[22] != 1404511500)
//     return 0LL;
// if (6451830 * a1[23] != 316139670)
//     return 0LL;
// if (6252576 * a1[24] != 619005024)
//     return 0LL;
// if (7763364 * a1[25] != 372641472)
//     return 0LL;
// if (7327320 * a1[26] != 373693320)
//     return 0LL;
// if (8741520 * a1[27] != 498266640)
//     return 0LL;
// if (8871876 * a1[28] != 452465676)
//     return 0LL;
// if (4086720 * a1[29] != 208422720)
//     return 0LL;
// if (9374400 * a1[30] == 515592000)
//     return 5759124 * a1[31] == 719890500;
// return 0LL;

int main()
{
	int a[] = { 166163712 ,731332800 ,357245568 ,1074393000 ,489211344 ,518971936,406741500,294236496 ,177305856,650683500,298351053,386348487, 438258597 ,249527520 ,445362764 ,174988800,981182160 ,
	493042704,257493600,767478780,312840624,1404511500,316139670,619005024,372641472,373693320,498266640,452465676,208422720,515592000,719890500};


	int b[] = { 1629056 ,6771600 ,3682944 ,10431000 ,3977328 ,5138336 ,7532250 ,5551632 ,
	3409728 ,13013670 ,6088797 ,7884663 ,8944053 ,5198490 ,4544518 ,3645600 ,10115280
	,9667504 ,5364450 ,13464540 ,5488432 ,14479500 ,6451830 ,6252576 ,7763364 ,7327320 ,
	8741520 ,8871876 ,4086720 ,9374400 ,5759124 };

	//printf("%d", sizeof(a)/sizeof(int));
	//printf("%d", sizeof(b) / sizeof(int));

	int* c = (int*)malloc(31 * sizeof(int));


	for (int i = 0; i < 32; i++)
	{
		c[i] = a[i] / b[i];
		printf("%c", c[i]);
	}
	return 0;
}