WOW

32位无壳

定位到关键加密位置

第一个函数为str转bin

第二个函数为加密

对dword_924020内容进行检索

得出是des算法的sbox,不过它将数据分割成了字,也拓展了长度

似乎不是寻常的des

看回来,win和error下面有类似布局的函数

动调修内存

1
2
3
4
addr=0x00D3F838
data=[0x29, 0x20, 0x98, 0x62, 0xFC, 0x46, 0x79, 0x56, 0xA5, 0x90, 0x4A, 0xF6, 0xA3, 0x70, 0xD9, 0x1B, 0x34, 0x02, 0x1B, 0x50, 0x65, 0x86, 0x33, 0x35, 0xBB, 0xA5, 0x9F, 0x96, 0xBB, 0x2B, 0xE3, 0x2A]
for i in range(32):
  PatchByte(addr+i,(data[i]))

得出flag

1
2
data=[0x68, 0x67, 0x61, 0x6D, 0x65, 0x7B, 0x57, 0x4F, 0x57, 0x4F, 0x57, 0x5F, 0x68, 0x40, 0x70, 0x70, 0x79, 0x5F, 0x6E, 0x33, 0x77, 0x5F, 0x79, 0x65, 0x34, 0x72, 0x5F, 0x32, 0x30, 0x32, 0x32, 0x7D]
print(''.join(chr(i)for i in data))

hgame{WOWOW_h@ppy_n3w_ye4r_2022}