ollvm
安装d810插件
start之后到需要反混淆的函数f5,代码的可读性就大大增强了
payload
# data 段中的内容(按十六进制写出)
crypt = [
0x47, 0xDA, 0x5A, 0x91, 0xDF, 0x5E, 0x6D, 0x2B,
0x38, 0x6F, 0xA0, 0xC5, 0x69, 0xC2, 0x13
]
# v4 数组中的常量
v4 = [48, -69, 51, -27, -74, 48, 10, 5, 22, 65, -114, -21, 71, -56, 19]
# 异或运算(按字节)
v2 = []
for i in range(15):
# & 0xFF 让负数变成 0–255 范围的无符号字节
v2.append((v4[i] & 0xFF) ^ (crypt[i] & 0xFF))
print("异或结果字节:", [hex(x) for x in v2])
print("可打印形式:", bytes(v2))
v4 = [-76, 105, -87, 72, -92, 76, -104, -116, -92, -70, 20, 93, -120, 8, -52, -33]
crypt = [0xC2, 0x69]
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
['0x76', '0x0']
v
v4 = [22, 101]
crypt = [0x7F, 0x65]
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
i
v4 = [-56, 122]
crypt = [0xAC, 0x7A]
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
d
v4 = [-114, 66]
crypt = [0xEF, 0x42]
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
a
v4 = [-14, 77]
crypt = [0x80, 0x4D] #503F
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
r
v4 = [-17, 52]
crypt = [0x94, 0x34] #5041
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
{
v4 = [126, -124]
crypt = [0x4E, 0x84] #5043
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
0
v4 = [-11, 125]
crypt = [0x99, 0x7D] #5045
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
l
v4 = [-72, 107]
crypt = [0x89, 0x6B] #5047
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
1
v4 = [-76, 105]
crypt = [0xC2, 0x69] #5037
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
v
v4 = [-30, -75]
crypt = [0x8F, 0xB5] #5049
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
m
v4 = [43, 79]
crypt = [0x74, 0x4F] #504B
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
_
v4 = [22, 101]
crypt = [0x7F, 0x65] #5039
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
i
v4 = [35, -77]
crypt = [0x50, 0xB3] #504D
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
s
v4 = [43, 79]
crypt = [0x74, 0x4F] #504B
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
_
v4 = [86, 102]
crypt = [0x63, 0x66] #504F
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
5
v4 = [86, 124]
crypt = [0x39, 0x7C] #5051
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
o
v4 = [43, 79]
crypt = [0x74, 0x4F] #504B
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
_
v4 = [29, 48]
crypt = [0x75, 0x30] #5053
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
h
v4 = [-75, -35]
crypt = [0x81, 0xDD] #5055
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
4
v4 = [-14, 77]
crypt = [0x80, 0x4D] #503F
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
r
v4 = [-56, 122]
crypt = [0xAC, 0x7A]
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
d
v4 = [52, -120]
crypt = [0x74, 0x88] #5057
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
@
v4 = [12, 122]
crypt = [0x2D, 0x70] #5059
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
!
v4 = [-88, -74]
crypt = [0xD5, 0xB6] #505B
v2 = [(v4[i] & 0xFF) ^ (crypt[i] & 0xFF) for i in range(2)]
print([hex(x) for x in v2])
print(bytes(v2))
}
vidar{0l1vm_is_5o_h4rd@!}
正文完