生活随笔
收集整理的這篇文章主要介紹了
REVERSE-PRACTICE-BUUCTF-9
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
REVERSE-PRACTICE-BUUCTF-9
- [ACTF新生賽2020]usualCrypt
- [MRCTF2020]Transform
- [V&N2020 公開賽]CSRe
- [WUSTCTF2020]level1
[ACTF新生賽2020]usualCrypt
exe程序,運行后提示輸入flag,無殼,ida分析
main函數邏輯清晰,獲取輸入,sub_401080函數對輸入進行變表base64變換,結果存儲到v5,然后check,驗證輸入
sub_401080函數是很明顯的base64,在函數開始部分,sub_401000函數對表進行了變換,在函數結束返回部分,sub_401030函數對變表后的base64字符串進行了英文字母的大小寫轉換
sub_401000函數,將byte_40E0AA[6]到byte_40E0AA[14]和base64_table[6]到base64_table[14]兩段交換
sub_401030函數,對變表后的base64字符串英文字母的大小寫轉換,其他字符不變
寫腳本即可得到flag
base
=[0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A,0x4B, 0x4C, 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, 0x63, 0x64,0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E,0x6F, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,0x79, 0x7A, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,0x38, 0x39, 0x2B, 0x2F]
for i
in range(6,15):base
[i
],base
[10+i
]=base
[10+i
],base
[i
]
base_changed
=''.join
(chr(i
) for i
in base
)
print("Current Base:\n%s " %base_changed
)
def base64_decode(inputs
): bin_str
= []for i
in inputs
:if i
!= '=':x
= str(bin(base_changed
.index
(i
))).replace
('0b', '')bin_str
.append
('{:0>6}'.format(x
))outputs
= ""nums
= inputs
.count
('=')while bin_str
:temp_list
= bin_str
[:4]temp_str
= "".join
(temp_list
)if (len(temp_str
) % 8 != 0):temp_str
= temp_str
[0:-1 * nums
* 2]for i
in range(0, int(len(temp_str
) / 8)):outputs
+= chr(int(temp_str
[i
* 8:(i
+ 1) * 8], 2))bin_str
= bin_str
[4:]print("Decoded String:\n%s " % outputs
)
enc
="zMXHz3TIgnxLxJhFAdtZn2fFk3lYCrtPC2l9"
c
=""
for i
in enc
:if i
.isupper
():c
+=i
.lower
()elif i
.islower
():c
+=i
.upper
()else:c
+=i
base64_decode
(c
)
運行結果
[MRCTF2020]Transform
exe程序,運行后提示輸入code,輸入錯誤打印Wrong,無殼,ida分析
main函數邏輯清晰,獲取輸入,檢驗輸入的長度,對輸入的內容變換位置后存儲到byte_414040,byte_414040再異或一下,最后check
寫腳本即可得到flag
[V&N2020 公開賽]CSRe
exe程序,運行出錯
查殼,發現是.NET,而且加了de4dot殼
脫殼后用dnSpy打開,找到主邏輯函數
method_0函數是將兩個傳入的參數順序異或的結果返回
smethod_0函數是對傳入的參數進行sha1散列的結果返回
main函數,先獲取輸入的str,頭部加個“3”,尾部加個“9”,拼接后的字符串進行sha1散列,與已知的值比較,驗證輸入的str是否正確
再獲取輸入的text,頭部加“re”,拼接后的字符串進行sha1散列,散列的結果與已知的值進行異或,結果為全0,說明兩個傳入的參數完全相同,驗證輸入的text是否正確
flag即為flag{str+text}
using System
;
using System
.Security
.Cryptography
;
using System
.Text
;
internal sealed class Class3
{public string method_0(string string_0
, string string_1
){string text
= string.Empty
;char[] array
= string_0
.ToCharArray();char[] array2
= string_1
.ToCharArray();int num
= (array
.Length
< array2
.Length
) ? array
.Length
: array2
.Length
;for (int i
= 0; i
< num
; i
++){text
+= (int)(array
[i
] ^ array2
[i
]);}return text
;}public static string smethod_0(string string_0
){byte[] bytes
= Encoding
.UTF8
.GetBytes(string_0
);byte[] array
= SHA1
.Create().ComputeHash(bytes
);StringBuilder stringBuilder
= new StringBuilder();foreach (byte b
in array
){stringBuilder
.Append(b
.ToString("X2"));}return stringBuilder
.ToString();}private static void Main(string[] args
){if (!Class1
.smethod_1()){return;}bool flag
= true;Class3 @
class = new Class3();string str
= Console
.ReadLine();if (Class3
.smethod_0("3" + str
+ "9") != "B498BFA2498E21325D1178417BEA459EB2CD28F8"){flag
= false;}string text
= Console
.ReadLine();string string_
= Class3
.smethod_0("re" + text
);string text2
= @
class.method_0(string_
, "63143B6F8007B98C53CA2149822777B3566F9241");for (int i
= 0; i
< text2
.Length
; i
++){if (text2
[i
] != '0'){flag
= false;}}if (flag
){Console
.WriteLine("flag{" + str
+ text
+ "}");}}
}
用在線網站解第一段sha1,可知str為“1415”
用在線網站解第二段sha1,可知text為“turn”
[WUSTCTF2020]level1
elf文件,無殼,ida分析
main函數邏輯清晰,從文件讀取flag,下標從1開始,下標為奇數,flag的內容移位,下標為偶數,flag的內容乘以下標
寫腳本即可得到flag
總結
以上是生活随笔為你收集整理的REVERSE-PRACTICE-BUUCTF-9的全部內容,希望文章能夠幫你解決所遇到的問題。
如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。
