IDAPython Example - MidnightSun CTF 2021 Qual - labyrevnt

github.com/sajjadium/ctf-archives/tree/master/MidnightSun/2021/Quals/rev/Labyrevnt
Can get the binary on this link.
github.com/inforion/idapython-cheatsheet
If you're not familiar to IDAPython, read above cheatsheet.

And this is the solution code for this chall.
It was good for training IDAPython.

import ida_bytes
walk_end = 0x59BE5 
 
eip = walk_end
_input = []
_addr = []
_str = []
_need = dict()
print("START")
cnt = 0 
while 1:
    cnt += 1
    if cnt > 1000: break
    for i in XrefsTo(eip):
        tmp = i.frm
        break
    eip = tmp # call inst
    prev = prev_head(eip)
    
    for i in XrefsTo(prev):
        tmp = i.frm
        break
    _jmp_a = tmp
 
    j_prev = prev_head(_jmp_a) # cmp 
    
    _addr.append(hex(j_prev))
    
    if get_operand_value(j_prev, 1) == 0:
        data_ins_addr = prev_head(prev_head(prev_head(j_prev)))
        print(hex(data_ins_addr))
        data = get_operand_value(data_ins_addr,1)
        print(hex(data))
 
        target_value = j_prev - data + 0x100000000
        idx = 0
        for i in range(40):
            if target_value == ida_bytes.get_dword(data + 4*i):
                idx = i
                break
        _str.append(chr(idx + get_operand_value(prev_head(prev_head(prev_head(prev_head(prev_head(prev_head(prev_head(prev_head(prev_head(prev_head(prev_head(j_prev))))))))))),1)))
    
    else:
        _str.append(chr(get_operand_value(j_prev, 1)))
 
 
 
    _need[hex(j_prev)] = chr(get_operand_value(j_prev, 1))
 
    _ft = get_next_func(get_prev_func(eip))
    if _ft == 0x625B : break
    eip = _ft
 
print(_addr)
print("".join(_str[::-1]))

---

연합하여 했는 데, 다들 잘하시는 분들도 많고 열정 가득한 분들도 많아서 재밌게 한 듯.
근데 문제가 진짜 게싱요소가 너무 많아서 좀;;

오랜만에 24시간 풀타임 뛰어서 재밌긴 했는 데, 문제 퀄이 게싱없이는 못푸는 거도 많고, 여기저기 좀 허술한 부분들이 많아서 아쉽기도 했습니다...