if ( strlen(Buffer) == correct_len )

📅 2026/7/6 2:38:23
if ( strlen(Buffer) == correct_len )
strlen(Buffer) string length数一下 Buffer 里有多少个字符遇到 \0 停止。correct_len一个事先定义好的全局变量值是 0x1f 31。if (...)如果括号里的条件成立就执行它下面的代码块否则跳到 else。这句话在说如果你输入的密码长度不等于 31就去报错。WCPVPhgaLL#L rjL$#Lu}wn转16进制放随波逐流异或40 57 43 50 40 56 50 68 60 67 61 4c 22 60 4c 26 23 4c 20 72 26 6a 4c 24 23 4c 75 22 7d 77 6edata bWCPVPhgaLL#L rjL$#Lu}wn print(bytes([b ^ 19 for b in data]).decode())go^go?解压后只有三个关键文件GD1.exeGD1.console.exeGD1.pck这里已经基本能判断是Godot 导出的 Windows 游戏。原因很简单exe .pck是 Godot 很典型的发布结构。调用工具反编译E:\retools\gdre\gdre_tools.exe --headless --recoverE:\cod\_ctf_nxgodot\NXgodot\GD1.pck --outputE:\cod\_ctf_nxgodot\gdre_recover或者直接打开E:\retools\gdre\gdre_tools.exe把附件拖进去查看重点在main.gdcextends Node export var mob_scene: PackedScene var score var a 000010000010000001101001000010000001000001100110000010000010000001101000000001100110000010010000000001101001000000011001000000011000000000100000000001100100000001100111000001110001000000100011000000010010000001110001000000100010000000100010000000011000000000010010000000100001000000011000000001100111000001100100000000010010000001100100000000010110000000010110000000010111000000010010000000010110000000011000000001101001000000100101000000100010000001101001000001100100000000011000000001101000000000100011000000010111000000010111000010010010\n var xor_key 33 func _ready(): pass func _process(delta: float) - void : pass func game_over(): $ScoreTimer.stop() $MobTimer.stop() $HUD.show_game_over() func new_game(): score 0 $Player.start($StartPosition.position) $StartTimer.start() $HUD.update_score(score) $HUD.show_message(Get Ready) get_tree().call_group(mobs, queue_free) func _on_mob_timer_timeout(): var mob mob_scene.instantiate() var mob_spawn_location $MobPath / MobSpawnLocation mob_spawn_location.progress_ratio randf() var direction mob_spawn_location.rotation PI / 2 mob.position mob_spawn_location.position direction randf_range( - PI / 4, PI / 4) mob.rotation direction var velocity Vector2(randf_range(150.0, 250.0), 0.0) mob.linear_velocity velocity.rotated(direction) add_child(mob) func _on_score_timer_timeout(): score 1 $HUD.update_score(score) if score 177906: var result for i in range(0, a.length(), 12): var bin_chunk a.substr(i, 12) if bin_chunk.length() 12: break var hundreds bin_chunk.substr(0, 4).bin_to_int() var tens bin_chunk.substr(4, 4).bin_to_int() var units bin_chunk.substr(8, 4).bin_to_int() var mixed_val hundreds * 100 tens * 10 units var decrypted_val mixed_val ^ xor_key result String.chr(decrypted_val) $HUD.show_message(result) func _on_start_timer_timeout(): $MobTimer.start() $ScoreTimer.start()挑重点把a分为12个字符一组一组内分为三块每块4字符转换成10进制分别乘100、10、1再相加之后与33异或拼接得到result继续学习pythona 000010000010000001101001000010000001000001100110000010000010000001101000000001100110000010010000000001101001000000011001000000011000000000100000000001100100000001100111000001110001000000100011000000010010000001110001000000100010000000100010000000011000000000010010000000100001000000011000000001100111000001100100000000010010000001100100000000010110000000010110000000010111000000010010000000010110000000011000000001101001000000100101000000100010000001101001000001100100000000011000000001101000000000100011000000010111000000010111000010010010 result for i in range(0, len(a), 12): b a[i:i4] c a[i4:i8] d a[i8:i12] e int(b, 2) * 100 int(c, 2) * 10 int(d, 2) result chr(e ^ 33) print(result)其实我有个想法可不可以修改他的源码把游戏成功条件降低让他自己吐出flag呢gdre_tools.exe --headless --compileE:\cod\_ctf_nxgodot\gdre_recover\main.gd --bytecode4.5.0 --outputE:\cod\_ctf_nxgodot\repack_buildgdre_tools.exe --headless --pck-patchE:\cod\_ctf_nxgodot\NXgodot\GD1.p