第八題 WTF
給出的字符忘了截圖了缸榛,是一長串base64溪食,解碼得到
通過觀察發(fā)現(xiàn)是二維碼的數(shù)字串苞轿,一共65536個(gè)字符卦睹,正好256*256.
用processing工具轉(zhuǎn)換成二維碼瘦锹,掃碼得到flag籍嘹。
15 證明自己吧
定位到關(guān)鍵代碼,a1是程序要求輸入的flag弯院,也就是v5每個(gè)字節(jié)-5 等于 a1與上0x20的值辱士。注意IDA里的大端和小端的問題就好了
image.png
buffer = [0x68,0x57,0x19,0x48,0x50,0x6e,0x58,0x78,0x54,0x6a,0x19,0x58,0x5e,0x6]
res = []
ls = ''
for i in buffer:
te = (i-5)^0x20
res.append(te)
ls += chr(te)
print(res)
print(ls)
百度看這是道原題,大佬們用動(dòng)態(tài)調(diào)試直接就出來了
py逆向
給了個(gè)pyc文件
直接百度pyc 反編譯 在線反編譯一下得到源碼
寫個(gè)腳本就跑出來了听绳,注意加減和位于的優(yōu)先級(jí)問題就行
def encrypt(key, seed, string):
rst = []
for v in string:
rst.append((ord(v) + seed ^ ord(key[seed])) % 255)
seed = (seed + 1) % len(key)
return rst
if __name__ == '__main__':
print 'Welcome to python crackme'
flag = ''
KEY1 = 'Maybe you are good at decryptint Byte Code, have a try!'
KEY2 = [111,52,24,28,120,50,37,62,67,52,48,6,1,122,3,22,72,1,1,14,46,27,22]
en_out = encrypt(KEY1, 5, KEY2)
if KEY2 == en_out:
print 'You Win,FLAG IS flag{%s}' % flag
else:
print 'Try Again !'
------------------
seed = 5
key1 = "Maybe you are good at decryptint Byte Code, have a try!"
key2 = [111,52,24,28,120,50,37,62,67,52,48,6,1,122,3,22,72,1,1,14,46,27,22]
res = ''
n = len(key1)
l = len(key2)
print(n)
res = []
for i in range(l):
tem = ((key2[i] ^ ord(key1[seed]))-seed) % 255
res.append(tem)
seed = (seed + 1) % n
print(res)
ls = ""
for i in res :
ls += chr(i)
print(ls)
REIF
源程序找不到了颂碘,先放腳本了
v3 = [3765,3301,7803,10323,5712,3845,5218,1968,4237,1696,704,7713,4746,6517,2339,4192,354,6454,6137,5015,6396,942,2825,8129,448,1760,9863,778,6617,432]
v33 = [297,169,431,229,423,257,465,288,437,86,364,123,390,485,232,352,244,469,54,359,16,110,355,244,256,94,187,19,242,432]
v63 = [34,29,76,98,43,52,97,24,40,23,4,69,44,52,43,80,1,63,79,48,55,8,26,95,4,34,82,11,51,81]
res = []
print(len(v3),len(v33),len(v63))
for i in range(len(v3)):
tem = (v3[i] - v33[i]) / v63[i]
res.append(tem)
ls = ''
for i in res:
ls += chr(int(i))
print(res)
print(ls)
19 打個(gè)氣
先通過找字符串定位到關(guān)鍵代碼位置
然后發(fā)現(xiàn)超乎想象的復(fù)雜,改用od試一試
根據(jù)匯編代碼的走向椅挣,確定下斷點(diǎn)的位置
image.png
在相應(yīng)的地方下斷點(diǎn)头岔,通過修改z標(biāo)志位來改變跳轉(zhuǎn)位置。程序就會(huì)自動(dòng)跑出來flag鼠证。
