Start We already known that program need us input correct passphrase, this time we get some other info: 1 2 3 4 ❯ ll valkyrie rhinegold basics -rwxr-xr-x 1 ada ada 16704 May 24 09:19 basics -rwxr-xr-x 1 ada ada 16768 May 24 09:19 rhinegold -rwxr-xr-x 1 ada ada 42584 May 24 09:19 valkyrie Here, the file size of this level is far greater than first two, maybe we guess there are more complex code(.

Start Like the first one, the program also need us to input the correct passphrase to get the flag. 1 2 3 4 ❯ ./rhinegold What is the passphrase of the vault? > hello world Wrong passphrase! Code Content Load it into IDA, we could quickly get of this, which almost as the first one in main function: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 printf("What is the passphrase of the vault?

Basic Getting Started I had just solved the first three challenges in these series. These all have the similar pattern, which requires you enter a correct passphrase, then the flag will print to stdout, Otherwise, print error info and exit. 1 2 3 4 ❯ ./basics What is the passphrase of the vault? > give me the flag Wrong passphrase! Basic Analysis the program will check our passphrase, so there must be some operations with the input passphrase.

这次我们来看看在 Rust 中如何表示 Compound Type (内存中)，新建示例项目，并打开 src/main.rs 写入如下代码： 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

最近遇到很多 Rust 的二进制程序，在分析中遇到了比较多的问题，所以本系列打算从基础开始，总结一些分析 Rust 二进制的基本步骤以及相关的技巧。 Scalar Type 首先我们

文件信息 解压之后使用 DIE 查看文件信息： 可以看到有明显的 UPX 特征码，首先尝试使用其自带的脱壳功能： 程序分析 脱壳之后即是正常的 PE 程序，在虚拟机中运行

文件信息 解压密码 flare, 解压之后得到 elfie.exe, 同样，使用 DIE 查看文件信息： 且文件有一个“特殊”图标（pyinstaller) strings 命令可以看到 pyinstaller 相关的特征字符串

文件信息 使用 flare 密码解压之后得到 very_success.exe 文件，DIE 查看 PE 信息： 代码分析 安全环境中（虚拟机）执行此程序，可以看到提示输入 key: 且初步判断与命令行参数、程

文件信息 下载 flare_on_start_2015 后，首先使用DIE 查看文件信息： 检测到该文件是cabinet_format 格式（一种压缩格式，运行时自解压）。运行之后会提示同