TSCTF2015 Reverse Alice_and_Easense

char __thiscall sub_401700(void *this, char *a2)

{

void *v2; // ebx@1

int file; // ebp@1

char *sum; // esi@3

char *addroftext; // edi@4

unsigned int v6; // ecx@5

signed int count; // edx@5

int *addrlow2b; // ecx@5

int valow2b; // eax@6

char sumv; // al@11

char result; // al@19

signed int v12; // eax@20

struct AFX_MODULE_STATE *v13; // eax@22

HBITMAP v14; // eax@22

const CHAR *v15; // [sp-Ch] [bp-53Ch]@2

const CHAR *v16; // [sp-8h] [bp-538h]@2

char v17; // [sp+10h] [bp-520h]@1

char v18; // [sp+11h] [bp-51Fh]@1

……

char v33; // [sp+20h] [bp-510h]@1

char v34; // [sp+21h] [bp-50Fh]@22

unsigned int low; // [sp+24h] [bp-50Ch]@5

int v36; // [sp+28h] [bp-508h]@5

……

int v98; // [sp+120h] [bp-410h]@1

char Text[1024]; // [sp+124h] [bp-40Ch]@3

int v100; // [sp+52Ch] [bp-4h]@1

?

v2 = this;

v43 = dword_42D324;

v44 = dword_42D328;

……

v62 = dword_42D2E0;

v63 = dword_42D2C4;

v100 = 0;

v64 = dword_42D2C8;

v65 = dword_42D2CC;

v66 = dword_42D2D0;

v17 = 25;

v18 = ‘;

v19 = ‘;

v20 = ‘\x03‘;

v21 = -108;

v22 = -99;

v23 = 10;

v24 = 12;

v25 = 32;

v26 = 115;

v27 = 117;

v28 = 112;

v29 = -40;

v30 = -91;

v31 = -92;

v32 = -115;

v33 = -106;

v39 = dword_42D314;

v40 = dword_42D318;

……

v97 = dword_42D31C;

v98 = dword_42D320;

file = openfile(a2, (int)aRb);

if ( file )

{

bufinit((int)&v39);

Text[0] = getchar((FILE *)file);

sum = (char *)&v43 + 1;

if ( !(*(_BYTE *)(file + 0xC) & 0x10) )

{

addroftext = Text;

while ( 2 )

{

v6 = (unsigned __int8)*addroftext;

low = v6 >> 6; // 模4？

v36 = (signed int)(v6 >> 4) % 4; // 先模16再模4的余数

v6 = (signed int)v6 % 16; // 模16的余数

v37 = (signed int)v6 / 4; // 除4的整数

v38 = (signed int)v6 % 4; // 模4的余数

count = 0;

addrlow2b = (int *)&low;

do

{

valow2b = *addrlow2b;

*sum = ‘ ‘;

switch ( valow2b ) // 判断a0 a1

{

case 0: // 注意，这里是前进后退，别搞错了！

sum -= 16;

break;

case 1:

++sum;

break;

case 2:

sum += 16;

break;

case 3:

--sum;

break;

default:

break;

}

sumv = *sum;

if ( *sum == ‘W‘ )

{

v16 = aGiveMyAliceBac;

v15 = aEasenseAliceCa;

goto LABEL_19;

}

if ( sumv == ‘ ‘ )

{

v16 = Caption;

v15 = ::Text;

goto LABEL_19;

}

if ( sumv == ‘E‘ ) // v10需要等于69，构造第一个字符

{

v12 = 0;

do

{

*(&v17 + v12) ^= Text[v12];

++v12;

}

while ( v12 <= 16 );

v34 = 0;

v13 = AfxGetModuleState();

v14 = LoadBitmapA(*((HINSTANCE *)v13 + 2), (LPCSTR)0x87);

SendMessageA(*((HWND *)v2 + 45), 0xF7u, 0, (LPARAM)v14);

strcpy(Text, aEasenseIFinall);

strcat(Text, &v17);

strcat(Text, aAliceBnbnbnbnw);

sub_41A2CD(Text, aTryAnotherAlic, 0x41u);// 就是这！为什么还给一个another alicebob，混淆？

goto LABEL_23;

}

++count;

++addrlow2b; // 应该是连一起的，这里应该是下2个bit了

*sum = ‘A‘; // 这个地方用65有用吗，上面不是有改成32了？

}

while ( count <= 3 );

++addroftext;

*addroftext = getchar((FILE *)file);

if ( !(*(_BYTE *)(file + 12) & 16) )

continue;

break;

}

}

LABEL_23:

fclose((FILE *)file);

v100 = -1;

sub_41B968(&a2);

result = 1;

}

else

{

v16 = aCanNotFindAnyA;

v15 = aEasenseWhereIs;

LABEL_19:

sub_41A2CD(v15, v16, 0x11u);

v100 = -1;

sub_41B968(&a2);

result = 0;

}

return result;

}

bool CAliceAndBobDlg::Check_Serial(CString file_name)

{

????//1122 3322 2111 1222 3322 3322 1111 1001 1001 0000 0001 0111 2222 3322 2112 2332 2211

????//5a fa 95 6a fa fa 55 41 41 00 01 15 aa fa 96 be a5

????char flag[] = {0x19, 0x95, 0xF1, 0x03, 0x94, 0x9D, 0x0A, 0x0C, 0x20, 0x73, 0x75, 0x70, 0xD8, 0xA5, 0xA4, 0x8D, 0x96};

????

????char misc[15][16]={"WWWWWWWWWWWWWWW",

???????????????????? "WA WWWWWW W",

???????????????????? "WWW WWWWW WW W",

???????????????????? "W WWWWW WWW W",

???????????????????? "W WWWWWWW WWW W",

???????????????????? "W WWWWWWW W W",

???????????????????? "W WWW W WWW",

???????????????????? "WWWWW WWW W WWW",

???????????????????? "WWWWW WWW W W",

???????????????????? "WWW WW WWW W",

???????????????????? "WWW WWWW WW W",

???????????????????? "W WW WW WWW",

???????????????????? "W WWWW WWWW WWW",

???????????????????? "W WWWW EW",

???????????????????? "WWWWWWWWWWWWWWW"};

?

????FILE *file = fopen(file_name, "rb");

?

????if (file == NULL)

????{

????????MessageBox("Easense: Where is my dear \"Alice\"? o.O", "Can not find any \"Alice\" here...", MB_OKCANCEL | MB_ICONERROR);

????????return false;

????}

?

????change_to_love(misc);

?

????int ii=0;

????unsigned char a[1024];

????a[ii] = getc(file);

?

????char *p_check = &misc[1][1];

?

????int code[4];

????while (!feof(file))

????{

????????code[0] = (a[ii]/16) / 4;

????????code[1] = (a[ii]/16) % 4;

????????code[2] = (a[ii]%16) / 4;

????????code[3] = (a[ii]%16) % 4;

?

????????for (int k=0; k<=3; k++)

????????{

????????????*p_check = ‘ ‘;

????????????switch (code[k])

????????????{

????????????//0 for up

????????????//1 for right

????????????//2 for down

????????????//3 for left

????????????case 0:

????????????????p_check -= 16;

????????????????break;

?

????????????case 1:

????????????????p_check += 1;

????????????????break;

?

????????????case 2:

????????????????p_check += 16;

????????????????break;

?

????????????case 3:

????????????????p_check -= 1;

????????????????break;

?

????????????default:

????????????????break;

????????????}

????????????

????????????if (*p_check == ‘W‘)

????????????{

????????????????MessageBox("Easense: Alice can not pass the wall! O.o", "Give my Alice back...", MB_OKCANCEL | MB_ICONERROR);

????????????????return false;

????????????}

????????????else if (*p_check == ‘ ‘)

????????????{

????????????????MessageBox("Easense: Alice can not go back! O.O", "I want my Alice...", MB_OKCANCEL | MB_ICONERROR);

????????????????return false;

????????????}

????????????else if (*p_check == ‘E‘)

????????????{

????????????????for (int jj=0; jj<=16; jj++)

????????????????{

????????????????????flag[jj] ^= (char)a[jj];

????????????????}

????????????????flag[17] = ‘\0‘;

????????????????HBITMAP bmp;

????????????????bmp = LoadBitmap(AfxGetInstanceHandle(), MAKEINTRESOURCE(SUCCESS));

????????????????this->m_btn_easense.SetBitmap(bmp);

?

????????????????char buf[1024];

????????????????strcpy(buf, "Easense:\r\nI finally meet you! Alice! o(∩_∩)o \r\nI want to tell you that——TSCTF{");

????????????????strcat(buf, flag);

????????????????strcat(buf, "}\r\n\r\nAlice:\r\n…………WTF?\r\nI just want my Bob! QAQ");

?

????????????????MessageBox(buf, "Try another Alice and Bob!", MB_OKCANCEL | MB_ICONINFORMATION);

????????????????fclose(file);

????????????????return true;

????????????}

????????????else//心

????????????{

????????????????*p_check = ‘A‘;

????????????}

????????}

?

????????ii++;

????????a[ii] = getc(file);

????}

?

????fclose(file);

?

????return true;

}

?

bool CAliceAndBobDlg::change_to_love(char misc[15][16])

{

????for (int i=0; i<=14; i++)

????{

????????for (int j=0; j<=15; j++)

????????{

????????????if (misc[i][j] == ‘ ‘)

????????????{

????????????????misc[i][j] = (char)36;

????????????}

????????}

????}

?

????return true;

}