[原创]2023腾讯游戏安全竞赛决赛题解(安卓) | 宜武汇-ag真人国际厅网站

#include

 

int vm(int inp)

    int input = inp;//这是输入的剩下的那几位

    for(int j = 0; j < 256; j)//这是0x53->0x19之间的256次循环

    {

        int magic[3] = {0x6b, 0xa2, 0x16};

        int t = ((input >> 16) >> 3);

        int temp[3] = {};

        for(int i = 0; i < 3; i)//这是0x28->0x1d之间的3次循环

        {

            long long s = (2 - i) * 8;

 

            long long tt = ((t | (input << 5)) >> s) ^ s;

            //printf("tt = 0x%llx\n", tt);

            long long ttt = (tt & 0xff) << 2;

 

            long long tttt = (((((tt >> 6) | (tt<< 0x1a)) & 0x3fc000003) | ttt) & 3) | ttt;

            //printf("tttt = 0x%llx\n", tttt);

            tttt = magic[i];

            temp[i] = tttt & 0xff;

            //printf("tttt = 0x%llx\n", tttt);

 

        }

 

        int temp2[3] = {};

        for(int i = 2;i >= 0; --i)//这是0x32->0x2a之间的3次循环

        {

            long long t = temp[i];

            long long tt = ((t >> 5) | (t << 3)) ^ magic[i];

            //printf("tt = 0x%llx\n", tt);

            temp2[i] = tt & 0xff;

        }

 

        temp2[0] = 0x75;

        temp2[1] ^= 0xfe;

        temp2[2] = 0xc1;

 

 

        for(int i = 0; i < 3; i)//本来这个循环只是0x500x45的两次循环,修改了一下逻辑把前面一部分加进去了

        {

            if(i == 0)

            {

                long long t = temp2[i] & 0xff;

                //printf("t = 0x%x\n", t);

                long long ttt = 0xff00 | t;

                long long tttt = (((t >> 0x1f) | (t << 1)) & 0xfffffffe);

                long long ttttt = ((((ttt >> 7) | (ttt << 0x19) & 0x1fe000001) | tttt) & 1);

                long long tt = (tttt | ttttt) ^ (2 - i);

                //printf("tt = 0x%x\n", tt);

                ((char*)&input)[2-i] = tt & 0xff;

            }

            else

            {

                long long t = temp2[i] & 0xff;

                //printf("t = 0x%x\n", t);

                long long tt = ((((t << 1) | (t >> 0x1f)) & 0x1fe) | ((t >> 7 | t << 0x19) & 0x1ffffff))^ (2 - i);

                //printf("tt = 0x%x\n", tt);

                ((char*)&input)[2-i] = tt & 0xff;

            }

        }

 

 

    }

    return input;

 

int main()

    int tofind = 0;

    printf("pls input token:");

    scanf("%d", &tofind);

    int i;

    for(i = 0; i < 0xffffff; i)

    {

        if( vm(i) == tofind )

        {

            break;

        }

    }

 

    unsigned long long aa = (unsigned long long)(((unsigned long long)(i & 0xffff00)) << 40) | (unsigned long long)((unsigned long long)(i & 0xff) << 24);

 

    aa |= 0x7be300df8b2c;

 

    printf("%llu", aa);

原文链接:https://bbs.kanxue.com/thread-276956.htm

网络摘文,本文作者:15h,如若转载,请注明出处:https://www.15cov.cn/2023/08/27/原创2023腾讯游戏安全竞赛决赛题解安卓/

发表评论

邮箱地址不会被公开。 必填项已用*标注

网站地图