{"id":835,"date":"2023-09-23T11:36:09","date_gmt":"2023-09-23T02:36:09","guid":{"rendered":"https:\/\/h4ck.kr\/?p=835"},"modified":"2024-05-22T16:49:11","modified_gmt":"2024-05-22T07:49:11","slug":"hateintel","status":"publish","type":"post","link":"https:\/\/h4ck.kr\/?p=835","title":{"rendered":"HateIntel"},"content":{"rendered":"\n

File<\/h2>\n\n\n\n
\n
\n
seohyun-gyu@MacBook-Pro-2 Downloads % file .\/HateIntel\/HateIntel\n.\/HateIntel\/HateIntel: Mach-O executable arm<\/pre>\n<\/div>\n<\/div>\n\n\n\n
arm \uc544\ud0a4\ud14d\ucc98 iOS\uc5d0\uc11c \ub3cc\uc544\uac00\ub294 \uc2e4\ud589 \ud30c\uc77c\uc774\ub2e4.<\/p>\n\n\n\n
<\/p>\n\n\n\n
sub_2224<\/h2>\n\n\n\n
\n
\n
int sub_2224()\n{\n  char __s[80]; \/\/ [sp+4h] [bp-5Ch] BYREF\n  int v2; \/\/ [sp+54h] [bp-Ch]\n  int v3; \/\/ [sp+58h] [bp-8h]\n  int i; \/\/ [sp+5Ch] [bp-4h]\n\n  v2 = 4;\n  printf(\"Input key : \");\n  scanf(\"%s\", __s);\n  v3 = strlen(__s);\n  sub_232C((signed __int32)__s, v2);\n  for ( i = 0; i < v3; ++i )\n  {\n    if ( __s[i] != byte_3004[i] )\n    {\n      puts(\"Wrong Key! \");\n      return 0;\n    }\n  }\n  puts(\"Correct Key! \");\n  return 0;\n}<\/pre>\n<\/div>\n<\/div>\n\n\n\n
\uc0ac\uc6a9\uc790\ub85c\ubd80\ud130 \uc785\ub825\ubc1b\uc740 key\ub97c sub_232C<\/strong>\uc5d0\uc11c \ubcc0\ud658 \uacfc\uc815\uc744 \uac70\uccd0 
__s[i] != byte_3004[I]\uc5d0\uc11c \uac01\uac01 \ud55c \ubb38\uc790\uc529 \ud655\uc778\ud55c\ub2e4.<\/p>\n\n\n\n
sub_232C<\/h2>\n\n\n\n
\n
\n
signed __int32 __fastcall sub_232C(signed __int32 result, int a2)\n{\n  char *__s; \/\/ [sp+4h] [bp-10h]\n  int i; \/\/ [sp+8h] [bp-Ch]\n  signed __int32 j; \/\/ [sp+Ch] [bp-8h]\n\n  __s = (char *)result;\n  for ( i = 0; i < a2; ++i )  \/\/ a2=4\n  {\n    for ( j = 0; ; ++j )\n    {\n      result = strlen(__s);\n      if ( result <= j )\n        break;\n      __s[j] = sub_2494((unsigned __int8)__s[j], 1);\n    }\n  }\n  return result;\n}<\/pre>\n<\/div>\n<\/div>\n\n\n\n
\uac01 \ubb38\uc790\uc758 \ubcc0\ud658\uc744 sub_2494<\/strong> \ud568\uc218\ub97c \ud1b5\ud574 \ucd1d 4\ubc88 \ubc18\ubcf5\uc2dc\ud0a8\ub2e4.<\/p>\n\n\n\n
sub_2494<\/h2>\n\n\n\n
\n
\n
int __fastcall sub_2494(unsigned __int8 a1, int a2)\n{\n  int v3; \/\/ [sp+8h] [bp-8h]\n  int i; \/\/ [sp+Ch] [bp-4h]\n\n  v3 = a1;  \/\/ a1 = __s[j]\n  for ( i = 0; i < a2; ++i )  \/\/ a2 = 1\n  {\n    v3 *= 2;\n    if ( (v3 & 0x100) != 0 )\n      v3 |= 1u;\n  }\n  return (unsigned __int8)v3;\n}<\/pre>\n<\/div>\n<\/div>\n\n\n\n
\uc5ec\uae30 \ud568\uc218\uc5d0\uc11c\ub294 2\ubc88\uc9f8 \ub9e4\uac1c\ubcc0\uc218\uc778 a2\uac00 1\uc774 \ub4e4\uc5b4\uac00\ubbc0\ub85c \ub531 1\ubc88\ub9cc \uc791\ub3d9\ud55c\ub2e4. <\/p>\n\n\n\n
\uac01 \ud558\ub098\uc758 \ubb38\uc790\uc778 v3\uc5d0 2\ub97c \uacf1\ud558\uace0 <\/p>\n\n\n\n
\uadf8 \uacf1\ud55c \uac12\uc744 0x100\uc73c\ub85c AND \uc5f0\uc0b0\ud588\uc744\ub54c 0\uc774 \uc544\ub2c8\uba74 v3\uc5d0 OR \uc5f0\uc0b0\ud55c\ub2e4.<\/p>\n\n\n\n
\uadf8\ub9ac\uace0 \ucd5c\uc885\uc801\uc73c\ub85c v3\ub97c \ubc18\ud658\ud55c\ub2e4.<\/p>\n\n\n\n
<\/p>\n\n\n\n
Example<\/h2>\n\n\n\n
\uc774\ub97c \ud14c\uba74,  32\ubc14\uc774\ud2b8\uc778 key\uac00 \ub2e4\uc74c\uacfc \uac19\ub2e4\uba74<\/p>\n\n\n\n
\n
\n
ABCDEFGHIJKLMNOPQRSTUVWXYZ123456<\/pre>\n<\/div>\n<\/div>\n\n\n\n
A = 0x41
v3 = 0x41 
v3 = v3 * 2 = 0x41 * 2 = 0x82 
v3 & 0x100 = 0x82 & 0x100 = 0 \uc774\ubbc0\ub85c,
-> v3 = 0x82<\/p>\n\n\n\n
v3 = 0x82
v3 = v3 * 2 = 0x82 * 2 = 0x104
v3 & 0x100 = 0x104 & 0x100 = 0x100 \uc774\ubbc0\ub85c
-> v3 = v3 | 1 = 0x104 | 1 = 0x105
v3 = 0x105 & 255 = 5 (unsigned __int8 \ubc94\uc704)<\/p>\n\n\n\n
v3 = 5
v3 = v3 * 2 = 5 * 2 = 0xa
v3 & 0x100 = 0x104 & 0x100 = 0 \uc774\ubbc0\ub85c
-> v3 = 0xa<\/p>\n\n\n\n
v3 = 0xa
v3 = v3 * 2 = 0xa * 2 = 0x14
v3 & 0x100 = 0\uc774\ubbc0\ub85c,
-> v3 = 0x14<\/p>\n\n\n\n
\ub530\ub77c\uc11c A\uc778 0x41\uc744 \ub098\ud0c0\ub0b4\ub294 \ud55c \ubb38\uc790\ub294 0x14\uac00 \ub41c\ub2e4.<\/p>\n\n\n\n
\ub530\ub77c\uc11c \ubcc0\ud658\ud558\ub294 \ucf54\ub4dc\ub97c \uc791\uc131\ud558\uba74 \ub2e4\uc74c\uacfc \uac19\ub2e4.<\/p>\n\n\n\n
\n
\n
str = \"ABCDEFGHIJKLMNOPQRSTUVWXYZ123456\"\nstr = [ord(char) for char in str]\n# str = list(str)\n# print(str)\n# print(len(str))\n\n\nfor i in range(len(str)):\n    for j in range(4):\n        k = str[i]\n        k = k * 2\n        if((k & 0x100) != 0):\n            k = k | 1\n        if(k > 255):\n            k = k & 255\n        str[i] = k\n\n# print(str)\n\nstr = [hex(char) for char in str]\nprint(str)<\/pre>\n<\/div>\n<\/div>\n\n\n\n
\n
\n
seohyun-gyu@MacBook-Pro-2 HateIntel % python3 enc.py\n['0x14', '0x24', '0x34', '0x44', '0x54', '0x64', '0x74', '0x84', '0x94', '0xa4', '0xb4', '0xc4', '0xd4', '0xe4', '0xf4', '0x5', '0x15', '0x25', '0x35', '0x45', '0x55', '0x65', '0x75', '0x85', '0x95', '0xa5', '0x13', '0x23', '0x33', '0x43', '0x53', '0x63']<\/pre>\n<\/div>\n<\/div>\n\n\n\n
Solution<\/h2>\n\n\n\n
\n
\n
byte_3004 = [0x44, 0xF6, 0xF5, 0x57, 0xF5, 0xC6, 0x96, 0xB6,\\\n             0x56, 0xF5, 0x14, 0x25, 0xD4, 0xF5, 0x96, 0xE6,\\\n             0x37, 0x47, 0x27, 0x57, 0x36, 0x47, 0x96, 0x03,\\\n             0xE6, 0xF3, 0xA3, 0x92, 0x00, 0x00, 0x00, 0x00]\n\nk = 0\nstr = [0] * 32\n# str = \"ABCDEFGHIJKLMNOPQRSTUVWXYZ123456\"\n# str = [ord(char) for char in str]\n# str = list(str)\n# print(str)\n# print(len(str))\n\nfor i in range(len(str)):\n    for guess in range(255):\n        for j in range(4):\n            k = str[i]\n            k = k * 2\n            if((k & 0x100) != 0):\n                k = k | 1\n            if(k > 255):\n                k = k & 255\n            str[i] = k\n\n        if k == byte_3004[i]:\n            # guess = 0\n            str[i] = guess\n            break\n        else:\n            str[i] = guess + 1\n    \n\n\n# print(str)\n\nstr = [chr(char) for char in str]\n# print(str)\nfor i in range(len(str)):\n    print(str[i], end='')<\/pre>\n<\/div>\n<\/div>\n\n\n\n
0~254 \ubc94\uc704 \uc0ac\uc774\uc758 \ubb38\uc790\ub97c \ud558\ub098\uc529 \ub54c\ub824\ub9de\ucd94\ub294 \ubc29\ubc95\uc73c\ub85c \ud480\uc5c8\ub2e4.<\/p>\n\n\n\n
\n
\n
seohyun-gyu@MacBook-Pro-2 HateIntel % python3 solve.py\nDo_u_like_ARM_instructi0n?:)%<\/pre>\n<\/div>\n<\/div>\n\n\n\n
KEY<\/h2>\n\n\n\n
Do_u_like_ARM_instructi0n?:)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"
File arm \uc544\ud0a4\ud14d\ucc98 iOS\uc5d0\uc11c \ub3cc\uc544\uac00\ub294 \uc2e4\ud589 \ud30c\uc77c\uc774\ub2e4. sub_2224 \uc0ac\uc6a9\uc790\ub85c\ubd80\ud130 \uc785\ub825\ubc1b\uc740 key\ub97c sub_232C\uc5d0\uc11c \ubcc0\ud658 \uacfc\uc815\uc744 \uac70\uccd0 __s[i] != byte_3004[I]\uc5d0\uc11c \uac01\uac01 \ud55c \ubb38\uc790\uc529 \ud655\uc778\ud55c\ub2e4. sub_232C \uac01 \ubb38\uc790\uc758 \ubcc0\ud658\uc744 sub_2494 \ud568\uc218\ub97c \ud1b5\ud574 \ucd1d… \ub354 \ubcf4\uae30 »HateIntel<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[16],"tags":[11,24],"class_list":["post-835","post","type-post","status-publish","format-standard","hentry","category-reversing-kr","tag-ios","tag-reversing"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/835","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=835"}],"version-history":[{"count":10,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/835\/revisions"}],"predecessor-version":[{"id":845,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/835\/revisions\/845"}],"wp:attachment":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=835"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=835"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=835"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}