# Reverse

### 0x00 str_leak

_fun1是相当于开根号，fun4是求10000以内的素数个数 ，具体代码分析，参看文章：https://blog.csdn.net/liuhuiyan_2014/article/details/46276689
https://www.cnblogs.com/devymex/archive/2013/09/17/3326793.html

``````#-*- coding:utf-8 -*-
n=10000
a=[i for i in range(10001)]
k=2
start = time.clock()
while(k*k<=n):
for j in range(k,n):
while(0==a[j] and j<n):
j+=1
if 0==a[j]%k and k!=a[j]:
a[j]=0
if 0==(k-1)%6:
k+=4
elif 0==(k-5)%6:
k+=2
else:
k+=1
q=0
for i in range(2,n):
if 0!=a[i]:
q =q+1
print("flag{",end='')
print("{0}-{1}-{2}-{3}-{4}-{5}".format(pow(963,2),pow(4396,2),pow(6666,2),pow(1999,2),pow(3141,2),q),end='')
print('}')

#flag{927369-19324816-44435556-3996001-9865881-1229}
``````

### 0x01 flat

IDA打开，耐心分析代码，首先分析程序逻辑：输入字符串，经过五个check函数验证字符满足条件。

image.png

image.png

image.png

image.png

image.png

``````                                 while ( v11 == -1771681815 )
{
v6 = 1740029224;
if ( v15[v12] >= 'a' )
v6 = -1207418117;
v11 = v6;
}
if ( v11 != -1490231676 )
break;
++v12;
v11 = -768723158;
}
if ( v11 != -1407902233 )
break;
v4 = -1188300396;
if ( v15[v12] <= '9' )
v4 = -478229440;
v11 = v4;
}
if ( v11 != -1207418117 )
break;
v7 = 1740029224;
if ( v15[v12] <= 'z' )
v7 = 2096910144;
v11 = v7;
}
if ( v11 != -1188300396 )
break;
v5 = -1771681815;
if ( v15[v12] == '-' )
v5 = -1167333891;
v11 = v5;
}
if ( v11 != -1167333891 )
break;
v13[v12] = v15[v12];
v11 = -118846692;
}
if ( v11 != -995934932 )
break;
v3 = -1188300396;
if ( v15[v12] >= '0' )
v3 = -1407902233;
v11 = v3;
}
if ( v11 != -991718889 )
break;
v11 = -1490231676;
}
if ( v11 != -768723158 )
break;
v8 = 1681851953;
if ( v12 < 36 )
v8 = 434013166;
v11 = v8;
}
if ( v11 != -624695604 )
break;
v2 = 659899916;
if ( v12 < 36 )
v2 = -995934932;
v11 = v2;
}
if ( v11 != -478229440 )
break;
v13[v12] = v15[v12] + 17;//这里将0-9的加上17
v11 = 1926387427;
}
if ( v11 != -451717645 )
break;
++v12;
v11 = -624695604;
}
if ( v11 != -118846692 )
break;
v11 = 1926387427;
}
if ( v11 != 329160926 )
break;
v16 = 0;
v11 = 1269730414;
}
if ( v11 != 434013166 )
break;
v9 = -991718889;
if ( v13[v12] != v14[v12] )
v9 = 329160926;
v11 = v9;
}
if ( v11 != 659899916 )
break;
v12 = 0;
v11 = -768723158;
}
if ( v11 == 1269730414 )
break;
switch ( v11 )
{
case 1681851953:
v16 = 1;
v11 = 1269730414;
break;
case 1740029224:
v11 = -118846692;
break;
case 1926387427:
v11 = -451717645;
break;
case 2096910144:
v13[v12] = v15[v12] - 1347911315 + 1347911267;//这里将a-z的加上48
v11 = 1740029224;
break;
``````

``````a='J2261C63-3I2I-EGE4-IBCC-IE41A5I5F4HB'
flag = "flag{"
for i in a:
if i>='0' and i<='9':
flag += chr(ord(i)+48)
elif i>='A' and i<='J':
flag += chr(ord(i)-17)
else:
flag +=i
print (flag,end='')
print("}")
#flag{9bbfa2fc-c8b8-464d-8122-84da0e8e5d71}
``````