{"id":2027,"date":"2024-03-09T21:05:00","date_gmt":"2024-03-09T12:05:00","guid":{"rendered":"https:\/\/h4ck.kr\/?p=2027"},"modified":"2024-05-20T13:25:04","modified_gmt":"2024-05-20T04:25:04","slug":"direct3d-fps","status":"publish","type":"post","link":"https:\/\/h4ck.kr\/?p=2027","title":{"rendered":"Direct3D FPS"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

\ud504\ub85c\uadf8\ub7a8\uc744 \uc2e4\ud589\uc2dc\ud0a4\uba74 \uac8c\uc784 \ud654\uba74\uc774 \ub098\ud0c0\ub09c\ub2e4.
\ud504\ub808\uc784\uc774 \ub108\ubb34 \ub0ae\uac8c \ub098\uc640 XP \/ \uc800\ud574\uc0c1\ub3c4 800×600 \ud658\uacbd\uc5d0\uc11c \ud50c\ub808\uc774\ud558\ub294 \uac83\uc744 \ucd94\ucc9c\ud558\ub294\ub370, \uadf8\ub798\ub3c4 \ub0ae\ub2e4.<\/p>\n\n\n\n

Analysis<\/h2>\n\n\n\n

WinMain<\/h4>\n\n\n\n
\"\"<\/figure>\n\n\n\n

WinMain \ud568\uc218\uc758 \uc77c\ubd80 \ucf54\ub4dc\ub97c \uc0b4\ud3b4\ubcf4\uba74,
HP\uac00 \ub2e4 \ub2f3\uc558\uc744\ub54c, Game Over! \uba54\uc2dc\uc9c0\ucc3d\uc744 \ub744\uc6b4\ub2e4.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

\ubc14\ub85c \uadf8 \ub4a4\uc5d0 \uc788\ub294 sub_4039C0 \ud568\uc218\ub97c \uc0b4\ud3b4\ubcf4\uba74,<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

byte_407028\uc5d0 \uc788\ub294 \ub0b4\uc6a9\uacfc \ud568\uaed8 Game Clear! \ucc3d\uc744 \ub744\uc6b0\ub294 \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\ub2e4.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

byte_407028\ub294 \uc554\ud638\ud654\ub418\uc5c8\uae30\uc5d0 \uc5ed\ucc38\uc870\ud574\uc11c \ubcf5\ud638\ud654\ud558\ub294 \ud568\uc218\ub97c \uc0b4\ud3b4\ubd24\ub354\ub2c8<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

sub_403400\uc5d0\uc11c xor\ud558\ub294 \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\ub2e4.
sub_403400 \ud568\uc218\uc5d0 \ub300\ud574 \uc0b4\ud3b4\ubcf4\uc790.<\/p>\n\n\n\n

\n
\n
int __thiscall sub_403400(void *this)\n{\n  int result; \/\/ eax\n  int v2; \/\/ edx\n\n  result = sub_403440();\n  if ( result != -1 )\n  {\n    v2 = unk_409190[132 * result];\n    if ( v2 > 0 )\n    {\n      unk_409190[132 * result] = v2 - 2;\n    }\n    else\n    {\n      unk_409194[132 * result] = 0;\n      byte_407028[result] ^= unk_409184[528 * result];\n    }\n  }\n  return result;\n}<\/pre>\n<\/div>\n<\/div>\n\n\n\n
byte_407028[0] ^= unk_409184[528*0]
byte_407028[1] ^= unk_409184[528*1]
byte_407028[2] ^= unk_409184[528*2]

\uc774\ub807\uac8c \ubcf5\ud638\ud654\ub41c\ub2e4\ub294 \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\ub2e4.<\/p>\n\n\n\n
\ub514\ubc84\uae45\uc744 \ud574\uc11c \uac12\ub4e4\uc744 \ud655\uc778\ud574\ubcf4\uba74,<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
unk_409184[528*0] = 0,
unk_409184[528*1] = 4,
unk_409184[528*2] = 8,

\uc774\ub807\uac8c 4\uc529 \uc99d\uac00\ud55c\ub2e4\ub294 \uac83\uc744 \uc54c \uc218 \uc788\ub2e4.<\/p>\n\n\n\n
solve.py<\/h2>\n\n\n\n
\n
\n
byte_407028 = \\\n[0x43, 0x6B, 0x66, 0x6B, 0x62, 0x75, 0x6C, 0x69,\\\n 0x4C, 0x45, 0x5C, 0x45, 0x5F, 0x5A, 0x46, 0x1C,\\\n 0x07, 0x25, 0x25, 0x29, 0x70, 0x17, 0x34, 0x39,\\\n 0x01, 0x16, 0x49, 0x4C, 0x20, 0x15, 0x0B, 0x0F,\\\n 0xF7, 0xEB, 0xFA, 0xE8, 0xB0, 0xFD, 0xEB, 0xBC,\\\n 0xF4, 0xCC, 0xDA, 0x9F, 0xF5, 0xF0, 0xE8, 0xCE,\\\n 0xF0, 0xA9]\n\nfor i in range(len(byte_407028)):\n    print(chr(byte_407028[i] ^ (4*(i))), end='')<\/pre>\n<\/div>\n<\/div>\n\n\n\n
Result<\/h2>\n\n\n\n
\n
\n
PS C:\\Users\\Seo Hyun-gyu\\Downloads\\Direct3D_FPS> python3 solve.py\nCongratulation~ Game Clear! Password is Thr3EDPr0m<\/pre>\n<\/div>\n<\/div>\n\n\n\n
FLAG<\/h2>\n\n\n\n
Thr3EDPr0m<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"
\ud504\ub85c\uadf8\ub7a8\uc744 \uc2e4\ud589\uc2dc\ud0a4\uba74 \uac8c\uc784 \ud654\uba74\uc774 \ub098\ud0c0\ub09c\ub2e4.\ud504\ub808\uc784\uc774 \ub108\ubb34 \ub0ae\uac8c \ub098\uc640 XP \/ \uc800\ud574\uc0c1\ub3c4 800×600 \ud658\uacbd\uc5d0\uc11c \ud50c\ub808\uc774\ud558\ub294 \uac83\uc744 \ucd94\ucc9c\ud558\ub294\ub370, \uadf8\ub798\ub3c4 \ub0ae\ub2e4. Analysis WinMain WinMain \ud568\uc218\uc758 \uc77c\ubd80 \ucf54\ub4dc\ub97c \uc0b4\ud3b4\ubcf4\uba74, HP\uac00 \ub2e4 \ub2f3\uc558\uc744\ub54c, Game Over! \uba54\uc2dc\uc9c0\ucc3d\uc744 \ub744\uc6b4\ub2e4. \ubc14\ub85c \uadf8 \ub4a4\uc5d0 \uc788\ub294 sub_4039C0 \ud568\uc218\ub97c \uc0b4\ud3b4\ubcf4\uba74, byte_407028\uc5d0 \uc788\ub294 \ub0b4\uc6a9\uacfc \ud568\uaed8 Game Clear! \ucc3d\uc744 \ub744\uc6b0\ub294 \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\ub2e4. byte_407028\ub294 \uc554\ud638\ud654\ub418\uc5c8\uae30\uc5d0 \uc5ed\ucc38\uc870\ud574\uc11c \ubcf5\ud638\ud654\ud558\ub294… \ub354 \ubcf4\uae30 »Direct3D FPS<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[16],"tags":[24],"class_list":["post-2027","post","type-post","status-publish","format-standard","hentry","category-reversing-kr","tag-reversing"],"_links":{"self":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/2027","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2027"}],"version-history":[{"count":1,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/2027\/revisions"}],"predecessor-version":[{"id":2038,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/2027\/revisions\/2038"}],"wp:attachment":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2027"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2027"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2027"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}