HGAME第一二周re
RE
easyasm
有手就行
高低位互换再异或0x17
a = [0x91, 0x61, 0x01, 0xC1, 0x41, 0xA0, 0x60, 0x41, 0xD1, 0x21,
0x14, 0xC1, 0x41, 0xE2, 0x50, 0xE1, 0xE2, 0x54, 0x20, 0xC1,
0xE2, 0x60, 0x14, 0x30, 0xD1, 0x51, 0xC0, 0x17]
for x in a:
print(x ^ 0x17, end=",")
b = [134, 118, 22, 214, 86, 183, 119, 86, 198, 54, 3, 214, 86, 245, 71, 246, 245, 67, 55, 214, 245, 119, 3, 39, 198, 70,
215, 0]
for x in b:
print(chr(int(bin(x)[2:].zfill(8)[4:] + bin(x)[2:].zfill(8)[:4], 2)), end="")
creakme
emmm tea像
脚本改改就行
#include <iostream>
#include <stdio.h>
#include <string.h>
#include <string>
using namespace std;
void XTEA_decipher(unsigned int num_rounds, uint32_t v[2], uint32_t const key[4])
{
unsigned int i;
uint32_t v0 = v[0], v1 = v[1], delta = 0x12345678, sum = delta * num_rounds;
for (i = 0; i < num_rounds; i++) {
v1 -= sum ^ (sum + v0) ^ (key[0] + 16 * v0) ^ (key[1] + (v0 >> 5));
v0 -= sum ^ (sum + v1) ^ (key[2] + 16 * v1) ^ (key[3] + (v1 >> 5));
sum -= 0x12345678;
}
v[0] = v0;
v[1] = v1;
}
int main()
{
char* trrr = { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A,
0x4B, 0x4C, 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,
0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, 0x63, 0x64,
0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E,
0x6F, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
0x79, 0x7A, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x2B, 0x2F, 0x3D };
uint32_t* key = (uint32_t*)trrr;
__uint128_t flag[] = { 0x0ED9CE5ED52EB78C2030C144C48D93488, 0x65E0F2E3CF9284AABA5A126DAE1FEDE6 };
uint32_t* Arglist = (uint32_t*)flag;
for (int q = 0; q < 8; q += 2) {
uint32_t t[2] = { Arglist[q], Arglist[q + 1] };
XTEA_decipher(32, t, key);
printf("%u%u%u%u%u%u%u%u", t[0], t[1], t[2], t[3], t[4], t[5], t[6], t[7]);
}
// int v14 = 0x20;
// int v8 = 0x20;
// int v3 = 0;
// for (int i = 0x20; i >= 0; v14 = i) {
// i = v8 - 8;
// uint32_t v5 = Arglist[v14 * 4];
// uint32_t v6 = Arglist[(v8 + 4) * 4];
// v3 = 0x648acf00;
// }
printf("");
return 0;
}
然后再大小端序转换
flagchecker
rc4 密码密文都在了 就这样了
猫头鹰不是鹰
挺好玩的(
)
只有这个函数对输入值做了变换
跟进 发现调用两个相同函数 把前面两幅字符画传进去了
显而易见 是个矩阵乘法 pic1和pic2长度均为4094 应为64*64矩阵
但在17行 对pic1 pic2矩阵中的所有值/10
所以逻辑是input * pic1 * pic2 =enc
根据线性代数小知识 先求逆 再乘enc 即得正确input
import numpy as np
enc = [0x025D15D4, 0x024C73B4, 0x0243CF71, 0x0230134C, 0x02132CFE, 0x01BE2FCA, 0x0142CA26, 0x00D61955, 0x009427A8,
0x009B8674, 0x0090C832, 0x008812C7, 0x0080BA58, 0x007981E1, 0x0072AB68, 0x0074CB4B, 0x00723F3F, 0x007CC258,
0x0089CD5C, 0x0088E2A2, 0x008E8906, 0x008B88A0, 0x008EEC8D, 0x008F3573, 0x008B746F, 0x00912C82, 0x008D7CF2,
0x00832099, 0x007F45A5, 0x00685AFF, 0x0050A4D2, 0x00526FE2, 0x0058923B, 0x00529EC1, 0x00516D1A, 0x005B7453,
0x007028E6, 0x0089C6FA, 0x00A5D6AE, 0x00D37A14, 0x00B8CFAA, 0x00B0BB4B, 0x00AE69A4, 0x00A1154B, 0x009DCBE7,
0x00A1DC20, 0x00AA07E3, 0x00B25CB1, 0x00B2FD98, 0x00B12F29, 0x00E428A0, 0x011B2184, 0x01615722, 0x01A502F3,
0x01C0AA9D, 0x01D4169F, 0x01EF8B76, 0x0233E5BB, 0x0275A6F0, 0x02A9CA35, 0x02A8904C, 0x02A194EF, 0x02926F39,
0x028E92C3, ]
t1 = [
[16, 16, 16, 16, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 16, 18, 19, 17, 17, 17, 17, 16, 15, 18, 20, 20, 18,
16, 19, 19, 18, 20, 20, 19, 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 18, 17,
17, 17, 17, 17, 17, 18],
[16, 16, 16, 16, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 16, 15, 15, 16, 15, 14, 13, 11, 11, 13, 13, 15, 17, 18,
12, 12, 14, 12, 16, 17, 14, 14, 18, 17, 16, 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17,
17, 17, 17, 17, 17, 18],
[16, 16, 16, 16, 15, 15, 15, 15, 15, 15, 15, 15, 15, 16, 16, 16, 14, 14, 13, 9, 10, 11, 10, 11, 17, 9, 11, 13, 15,
10, 9, 9, 10, 13, 15, 13, 17, 17, 19, 16, 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17,
17, 17, 17, 17, 17, 18],
[16, 16, 16, 15, 15, 15, 15, 15, 15, 15, 15, 15, 16, 16, 14, 14, 13, 14, 13, 15, 20, 16, 14, 14, 18, 16, 9, 14, 14,
11, 11, 7, 7, 10, 12, 15, 18, 20, 19, 18, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17,
17, 17, 17, 17, 17, 18],
[16, 16, 15, 15, 15, 15, 15, 15, 15, 15, 15, 16, 17, 15, 13, 13, 13, 16, 14, 17, 18, 16, 14, 17, 14, 17, 12, 10, 14,
14, 10, 11, 7, 8, 12, 17, 21, 20, 21, 21, 17, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17,
17, 17, 17, 17, 17, 17],
[16, 16, 15, 15, 15, 15, 15, 15, 15, 15, 15, 18, 17, 13, 12, 9, 9, 8, 7, 13, 17, 18, 15, 14, 15, 17, 15, 10, 13, 12,
9, 10, 9, 12, 14, 17, 20, 20, 21, 20, 17, 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17,
17, 17, 17, 17, 17],
[16, 15, 15, 15, 15, 15, 15, 15, 15, 16, 19, 19, 17, 12, 11, 10, 11, 7, 7, 7, 9, 14, 15, 11, 9, 14, 17, 13, 10, 13,
12, 12, 15, 17, 15, 16, 17, 18, 18, 18, 18, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 17, 17, 17, 17,
17, 17, 17, 17, 17],
[16, 15, 15, 15, 15, 15, 15, 15, 15, 16, 19, 16, 16, 11, 7, 15, 13, 11, 9, 7, 7, 8, 8, 8, 9, 10, 13, 17, 15, 15, 13,
16, 19, 17, 14, 15, 15, 16, 14, 16, 17, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 17, 17, 17, 17, 17,
17, 17, 17, 17],
[16, 15, 15, 15, 15, 15, 15, 15, 15, 17, 19, 16, 14, 9, 8, 7, 6, 11, 11, 10, 6, 4, 1, 2, 2, 2, 7, 14, 17, 16, 15,
16, 19, 17, 9, 5, 9, 13, 13, 18, 20, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 17, 17, 17,
17, 17, 17, 17],
[15, 15, 15, 15, 15, 15, 15, 15, 16, 16, 14, 11, 11, 9, 7, 8, 8, 7, 9, 11, 6, 2, 5, 8, 9, 6, 1, 8, 14, 17, 15, 14,
18, 8, 8, 10, 5, 11, 14, 17, 20, 17, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 17, 17, 17, 17,
17, 17, 17],
[15, 15, 15, 15, 15, 15, 15, 15, 15, 14, 16, 12, 13, 8, 10, 9, 8, 9, 11, 9, 6, 6, 0, 3, 8, 5, 6, 4, 12, 17, 18, 17,
15, 7, 8, 7, 15, 14, 16, 18, 18, 18, 17, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 16, 16,
17, 17, 17],
[15, 15, 15, 15, 15, 15, 15, 16, 16, 12, 14, 14, 13, 10, 9, 10, 10, 11, 11, 10, 4, 6, 0, 0, 0, 0, 9, 4, 10, 16, 19,
18, 12, 4, 0, 0, 9, 15, 17, 17, 18, 18, 17, 16, 16, 16, 16, 16, 16, 16, 18, 21, 21, 23, 19, 17, 17, 17, 17, 17, 16,
17, 17, 17],
[15, 15, 15, 15, 15, 15, 15, 16, 14, 15, 16, 11, 9, 10, 10, 10, 10, 10, 12, 12, 6, 7, 0, 0, 0, 2, 10, 4, 12, 16, 16,
18, 17, 7, 0, 0, 10, 16, 18, 18, 21, 20, 18, 16, 16, 16, 16, 16, 16, 21, 20, 17, 16, 18, 19, 21, 17, 16, 16, 16,
16, 17, 16, 17],
[15, 15, 15, 15, 15, 15, 15, 14, 16, 17, 15, 13, 11, 11, 11, 8, 9, 12, 14, 14, 12, 6, 7, 2, 4, 11, 6, 5, 13, 15, 17,
18, 18, 14, 6, 7, 13, 18, 17, 14, 16, 20, 16, 16, 16, 15, 16, 16, 18, 20, 16, 16, 16, 16, 16, 21, 16, 16, 16, 16,
16, 16, 16, 17],
[15, 15, 15, 15, 15, 15, 15, 13, 15, 14, 13, 11, 10, 10, 10, 11, 9, 11, 13, 13, 15, 12, 6, 10, 10, 5, 9, 10, 13, 14,
12, 19, 17, 14, 12, 11, 14, 21, 18, 17, 18, 19, 18, 16, 15, 15, 16, 16, 20, 17, 16, 16, 16, 16, 16, 21, 16, 16, 16,
16, 16, 16, 16, 17],
[15, 15, 15, 15, 15, 15, 16, 13, 12, 11, 10, 9, 10, 9, 10, 8, 7, 8, 11, 13, 15, 16, 14, 11, 11, 12, 10, 10, 12, 12,
10, 18, 16, 19, 16, 16, 17, 20, 17, 16, 14, 18, 18, 16, 15, 15, 15, 16, 22, 16, 16, 16, 16, 16, 16, 21, 16, 16, 16,
16, 16, 16, 16, 17],
[15, 15, 15, 15, 15, 15, 16, 14, 10, 8, 8, 8, 8, 7, 10, 8, 5, 6, 7, 12, 16, 15, 15, 13, 11, 10, 5, 6, 10, 11, 7, 15,
15, 14, 11, 17, 17, 17, 17, 16, 16, 15, 16, 15, 15, 15, 15, 16, 21, 16, 16, 16, 16, 16, 16, 21, 16, 16, 16, 16, 16,
16, 16, 17],
[15, 15, 15, 15, 15, 15, 15, 14, 9, 7, 7, 10, 9, 6, 10, 12, 6, 3, 7, 10, 13, 16, 10, 6, 6, 8, 6, 3, 2, 5, 3, 9, 15,
11, 7, 8, 13, 18, 14, 15, 16, 16, 16, 15, 15, 15, 15, 16, 21, 16, 16, 16, 16, 16, 17, 21, 16, 16, 16, 16, 16, 16,
16, 17],
[15, 15, 15, 15, 15, 15, 16, 13, 9, 10, 11, 10, 8, 4, 8, 12, 9, 7, 6, 6, 12, 13, 7, 7, 7, 9, 9, 6, 4, 1, 1, 4, 13,
12, 9, 5, 5, 10, 13, 13, 16, 18, 16, 15, 15, 15, 15, 15, 17, 22, 20, 19, 19, 20, 22, 17, 16, 16, 16, 16, 16, 16,
16, 17],
[15, 15, 15, 15, 15, 15, 16, 12, 10, 15, 13, 10, 10, 6, 3, 7, 12, 9, 5, 5, 11, 11, 9, 11, 13, 13, 10, 7, 5, 1, 1, 2,
14, 18, 17, 9, 6, 8, 10, 14, 15, 18, 16, 15, 15, 15, 15, 15, 15, 16, 17, 18, 18, 18, 16, 16, 16, 16, 16, 16, 16,
16, 16, 16],
[15, 15, 15, 15, 15, 15, 15, 12, 13, 13, 15, 10, 11, 9, 4, 7, 11, 10, 9, 5, 10, 11, 14, 13, 14, 13, 10, 9, 8, 7, 5,
3, 9, 15, 19, 20, 13, 9, 9, 10, 13, 19, 15, 15, 15, 15, 15, 15, 15, 15, 15, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
16, 16, 16],
[15, 15, 15, 15, 15, 15, 15, 17, 17, 11, 14, 10, 10, 7, 6, 3, 6, 10, 12, 6, 7, 14, 13, 14, 12, 16, 14, 12, 8, 6, 5,
4, 6, 9, 17, 20, 20, 11, 6, 9, 12, 21, 16, 15, 15, 15, 15, 15, 15, 15, 15, 15, 16, 16, 16, 16, 16, 16, 16, 16, 16,
16, 16, 16],
[15, 15, 15, 15, 15, 15, 15, 19, 17, 9, 11, 8, 6, 8, 9, 5, 5, 6, 8, 9, 11, 10, 13, 11, 12, 13, 17, 15, 9, 6, 3, 4,
6, 16, 18, 19, 20, 15, 7, 8, 13, 19, 17, 16, 16, 15, 15, 15, 15, 15, 15, 15, 15, 16, 16, 16, 16, 16, 16, 16, 16,
16, 16, 16],
[15, 15, 15, 15, 15, 15, 15, 18, 13, 11, 9, 7, 6, 9, 10, 10, 11, 14, 9, 9, 14, 10, 12, 8, 8, 13, 12, 15, 11, 6, 9,
7, 8, 17, 21, 21, 21, 16, 12, 15, 15, 18, 19, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 16, 16, 16, 16, 16, 16,
16, 16, 16, 16],
[15, 15, 15, 15, 15, 15, 15, 14, 14, 14, 9, 6, 7, 10, 14, 12, 9, 11, 11, 13, 12, 8, 6, 7, 8, 12, 10, 9, 11, 14, 12,
8, 6, 10, 11, 11, 17, 19, 14, 14, 16, 18, 18, 18, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 16, 16, 16,
16, 16, 16, 16],
[15, 15, 15, 15, 15, 15, 14, 17, 14, 15, 11, 7, 6, 11, 10, 7, 4, 7, 10, 14, 14, 12, 8, 6, 3, 4, 3, 2, 6, 8, 5, 5, 2,
6, 6, 7, 13, 17, 14, 10, 13, 15, 15, 17, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 16, 16, 16, 16, 16,
16, 16],
[15, 14, 14, 14, 15, 15, 15, 16, 11, 14, 13, 10, 8, 5, 7, 5, 3, 4, 8, 14, 16, 9, 5, 7, 8, 8, 5, 2, 6, 8, 6, 5, 7,
10, 5, 5, 12, 12, 8, 8, 8, 13, 16, 17, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 16, 16, 16, 16, 16, 16,
16],
[15, 14, 14, 14, 14, 14, 15, 10, 8, 12, 11, 16, 7, 5, 3, 4, 2, 2, 5, 9, 13, 10, 3, 4, 10, 13, 10, 5, 6, 9, 6, 5, 12,
8, 5, 6, 12, 9, 6, 6, 5, 10, 15, 16, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 16, 16, 16, 16, 16,
16],
[15, 14, 14, 14, 14, 14, 12, 8, 6, 8, 13, 15, 4, 4, 3, 2, 0, 1, 2, 4, 8, 8, 2, 3, 7, 13, 11, 10, 7, 9, 5, 9, 11, 6,
4, 10, 10, 8, 4, 7, 4, 9, 13, 16, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 16, 16, 16, 16],
[14, 14, 14, 14, 15, 12, 9, 6, 5, 7, 13, 12, 2, 2, 4, 1, 0, 0, 1, 4, 8, 7, 2, 3, 5, 7, 12, 15, 10, 9, 6, 10, 8, 3,
3, 12, 8, 4, 5, 8, 4, 7, 13, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 16, 16, 16],
[14, 14, 14, 14, 13, 10, 6, 5, 6, 7, 15, 8, 1, 2, 4, 2, 2, 1, 1, 4, 5, 5, 5, 8, 5, 5, 12, 16, 11, 12, 11, 10, 7, 5,
5, 11, 5, 5, 5, 9, 8, 11, 11, 15, 15, 14, 15, 16, 21, 16, 15, 15, 15, 15, 15, 15, 15, 20, 15, 15, 15, 15, 15, 16],
[14, 14, 14, 15, 11, 8, 5, 6, 6, 9, 15, 4, 2, 5, 4, 1, 5, 3, 1, 5, 4, 4, 7, 8, 6, 7, 11, 16, 13, 15, 12, 9, 7, 8,
11, 8, 7, 7, 5, 9, 12, 12, 10, 18, 15, 14, 15, 21, 15, 15, 15, 15, 15, 15, 15, 15, 15, 21, 15, 15, 15, 15, 15, 16],
[14, 14, 14, 13, 8, 7, 5, 5, 8, 14, 11, 5, 11, 9, 2, 4, 7, 3, 2, 4, 2, 3, 6, 8, 7, 8, 11, 12, 16, 16, 13, 11, 8, 9,
12, 10, 7, 12, 4, 9, 16, 10, 8, 18, 15, 14, 18, 18, 15, 15, 15, 15, 15, 15, 15, 15, 15, 21, 16, 15, 15, 15, 15,
16],
[14, 14, 14, 9, 7, 5, 4, 7, 15, 15, 8, 12, 13, 3, 2, 5, 7, 2, 4, 6, 2, 2, 5, 9, 11, 11, 12, 13, 14, 17, 16, 12, 11,
12, 13, 10, 9, 15, 3, 7, 16, 13, 8, 17, 16, 15, 22, 14, 15, 15, 15, 15, 15, 15, 15, 15, 15, 21, 16, 15, 15, 15, 15,
16],
[14, 14, 11, 9, 4, 3, 9, 14, 11, 8, 6, 14, 8, 2, 2, 6, 4, 2, 6, 7, 3, 4, 4, 9, 13, 13, 13, 12, 12, 16, 17, 11, 13,
14, 12, 11, 9, 15, 3, 4, 12, 17, 9, 15, 17, 17, 19, 14, 15, 15, 15, 19, 15, 15, 15, 15, 15, 21, 16, 15, 15, 15, 15,
16],
[14, 14, 10, 11, 4, 2, 12, 7, 14, 4, 6, 14, 12, 4, 1, 4, 3, 4, 5, 7, 5, 6, 3, 6, 12, 12, 11, 10, 12, 12, 17, 11, 14,
16, 8, 9, 10, 17, 7, 5, 7, 17, 10, 16, 18, 18, 18, 14, 14, 15, 15, 24, 17, 15, 15, 15, 15, 21, 15, 15, 15, 15, 15,
16],
[14, 13, 12, 7, 5, 5, 7, 10, 14, 5, 5, 10, 14, 3, 1, 4, 6, 4, 2, 8, 8, 7, 2, 5, 8, 10, 10, 9, 12, 10, 16, 11, 13,
13, 6, 7, 10, 17, 14, 7, 5, 13, 9, 16, 18, 15, 22, 18, 16, 17, 19, 21, 20, 15, 15, 15, 15, 22, 15, 15, 15, 15, 15,
16],
[14, 13, 15, 5, 1, 7, 5, 10, 7, 6, 6, 13, 10, 1, 1, 6, 8, 3, 2, 8, 9, 8, 3, 3, 7, 9, 8, 8, 10, 9, 12, 12, 10, 10, 5,
5, 8, 15, 18, 5, 8, 11, 11, 17, 16, 14, 15, 18, 19, 19, 18, 15, 20, 21, 19, 20, 22, 18, 15, 15, 15, 15, 15, 16],
[14, 13, 12, 4, 9, 2, 5, 9, 9, 6, 8, 10, 8, 2, 5, 7, 6, 1, 2, 6, 7, 9, 5, 1, 5, 9, 5, 4, 8, 9, 15, 10, 7, 5, 3, 4,
6, 13, 16, 9, 11, 15, 15, 19, 16, 14, 14, 14, 14, 14, 15, 15, 15, 16, 17, 17, 15, 15, 15, 15, 15, 15, 15, 15],
[14, 13, 10, 5, 9, 3, 5, 8, 13, 9, 11, 11, 10, 6, 5, 6, 4, 2, 3, 4, 4, 10, 8, 1, 3, 10, 7, 3, 8, 10, 10, 10, 3, 3,
4, 3, 7, 11, 13, 10, 14, 15, 19, 18, 16, 14, 14, 14, 14, 14, 14, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
16],
[13, 13, 14, 12, 12, 5, 6, 13, 14, 11, 11, 10, 8, 4, 5, 4, 3, 2, 6, 3, 1, 8, 11, 3, 2, 7, 9, 6, 8, 12, 8, 9, 2, 5,
5, 3, 9, 9, 11, 12, 16, 15, 18, 16, 14, 14, 14, 14, 14, 14, 14, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
15],
[13, 13, 16, 17, 11, 7, 10, 15, 13, 11, 8, 7, 9, 6, 4, 6, 3, 2, 7, 7, 1, 4, 11, 6, 1, 3, 8, 8, 8, 10, 8, 3, 2, 4, 7,
6, 10, 5, 10, 16, 21, 20, 17, 14, 14, 14, 14, 14, 14, 14, 14, 14, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15],
[13, 13, 17, 18, 16, 11, 18, 18, 16, 13, 9, 7, 7, 2, 5, 7, 4, 2, 5, 10, 7, 1, 10, 9, 2, 1, 5, 8, 8, 10, 7, 2, 2, 4,
9, 6, 9, 6, 9, 18, 23, 21, 14, 13, 13, 14, 14, 14, 14, 14, 14, 14, 14, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15],
[13, 13, 17, 18, 16, 14, 22, 19, 16, 10, 8, 8, 4, 2, 5, 7, 7, 4, 3, 9, 13, 10, 6, 11, 5, 0, 3, 8, 10, 10, 4, 1, 1,
6, 5, 6, 9, 11, 10, 17, 22, 17, 13, 13, 13, 13, 14, 14, 14, 14, 20, 14, 14, 14, 15, 15, 15, 15, 15, 15, 15, 15, 15,
15],
[13, 13, 18, 19, 17, 14, 19, 12, 12, 10, 10, 6, 4, 4, 7, 8, 8, 5, 2, 8, 11, 11, 9, 12, 9, 3, 3, 8, 10, 6, 3, 1, 3,
5, 2, 8, 11, 10, 13, 14, 18, 15, 13, 13, 13, 13, 13, 14, 14, 14, 20, 14, 14, 14, 14, 15, 15, 15, 15, 15, 15, 15,
15, 15],
[13, 13, 16, 19, 18, 16, 17, 9, 11, 11, 9, 6, 7, 7, 8, 8, 6, 5, 1, 5, 10, 10, 8, 6, 7, 5, 4, 8, 7, 2, 3, 3, 3, 3, 4,
7, 10, 10, 13, 13, 14, 13, 13, 13, 13, 13, 13, 13, 14, 17, 18, 14, 14, 14, 14, 15, 15, 15, 15, 15, 15, 15, 15, 15],
[13, 13, 15, 20, 19, 15, 18, 11, 12, 10, 9, 4, 7, 6, 7, 7, 6, 4, 2, 3, 7, 10, 10, 7, 7, 4, 7, 7, 3, 3, 3, 3, 3, 5,
6, 9, 9, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 14, 14, 19, 15, 14, 14, 14, 14, 15, 14, 15, 15, 15, 15, 15, 15,
15],
[13, 13, 13, 19, 20, 14, 17, 14, 13, 11, 10, 4, 7, 4, 6, 6, 7, 5, 3, 4, 5, 8, 10, 10, 5, 1, 5, 2, 1, 3, 4, 2, 4, 7,
9, 8, 13, 14, 13, 13, 13, 13, 13, 13, 13, 13, 13, 14, 13, 21, 14, 14, 14, 14, 14, 14, 14, 14, 15, 15, 15, 15, 15,
15],
[13, 13, 13, 14, 15, 13, 17, 17, 13, 13, 10, 3, 6, 5, 7, 6, 5, 4, 4, 3, 5, 5, 7, 10, 9, 5, 4, 3, 4, 3, 1, 3, 8, 13,
9, 8, 15, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 15, 21, 14, 14, 14, 14, 14, 14, 14, 15, 15, 15, 14, 14, 14,
15],
[13, 13, 13, 13, 13, 13, 14, 18, 12, 8, 9, 3, 6, 6, 8, 8, 5, 2, 3, 2, 2, 6, 8, 7, 6, 6, 5, 3, 1, 2, 3, 8, 13, 11, 7,
16, 14, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 17, 18, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14,
15],
[13, 13, 13, 13, 13, 13, 13, 16, 11, 5, 7, 5, 6, 6, 7, 7, 8, 3, 1, 4, 4, 4, 6, 9, 8, 6, 6, 4, 1, 3, 8, 10, 7, 8, 14,
14, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 19, 16, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 15,
18],
[13, 13, 12, 13, 13, 13, 13, 13, 12, 8, 7, 9, 6, 3, 4, 6, 8, 7, 2, 2, 7, 7, 7, 7, 7, 6, 5, 3, 0, 4, 6, 3, 6, 14, 14,
13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 21, 14, 14, 14, 16, 14, 14, 14, 14, 14, 14, 14, 14, 15, 19,
20],
[13, 12, 13, 13, 13, 13, 13, 13, 12, 11, 10, 9, 10, 5, 1, 2, 3, 7, 5, 2, 3, 6, 6, 6, 6, 5, 3, 1, 2, 3, 3, 5, 9, 14,
13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 21, 14, 14, 14, 21, 14, 14, 14, 16, 18, 20, 18, 15, 18, 21,
21],
[13, 13, 13, 13, 13, 13, 13, 13, 13, 12, 14, 14, 12, 10, 2, 3, 2, 2, 3, 4, 4, 4, 5, 5, 4, 3, 2, 2, 1, 1, 2, 6, 10,
13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 14, 21, 14, 14, 16, 20, 16, 22, 23, 22, 23, 23, 24, 23, 20,
24, 22],
[13, 12, 13, 12, 13, 13, 13, 13, 13, 13, 14, 14, 14, 11, 9, 8, 5, 4, 2, 4, 5, 7, 8, 9, 8, 8, 5, 3, 2, 2, 6, 4, 11,
13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 20, 15, 13, 21, 15, 14, 19, 22, 23, 23, 24, 24, 24, 24,
24, 21],
[13, 12, 12, 13, 13, 12, 13, 13, 13, 13, 13, 15, 15, 14, 9, 7, 6, 2, 3, 7, 9, 10, 11, 11, 10, 10, 8, 4, 3, 2, 4, 5,
12, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 15, 20, 17, 19, 13, 15, 20, 21, 22, 22, 22, 19, 23,
24, 24, 24],
[13, 13, 12, 13, 13, 12, 13, 13, 13, 13, 13, 13, 13, 13, 10, 6, 3, 2, 7, 8, 10, 11, 12, 12, 12, 13, 13, 5, 3, 2, 3,
8, 12, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 17, 20, 14, 13, 14, 18, 19, 20, 20, 21, 20,
20, 21, 22, 20],
[13, 13, 12, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 10, 6, 6, 6, 10, 11, 11, 12, 13, 14, 15, 16, 16, 8, 6, 4,
5, 9, 11, 14, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 15, 14, 13, 14, 15, 14, 15, 15, 17, 18, 19, 19, 19,
19, 19, 20, 20, 19],
[13, 12, 13, 13, 13, 12, 12, 13, 13, 13, 13, 13, 13, 14, 12, 9, 8, 10, 10, 12, 14, 14, 16, 18, 19, 19, 18, 13, 10,
10, 7, 9, 15, 19, 17, 14, 14, 13, 13, 13, 13, 13, 13, 13, 13, 14, 14, 18, 17, 19, 19, 19, 19, 15, 16, 14, 13, 19,
18, 18, 18, 13, 16, 17],
[13, 12, 13, 13, 13, 12, 13, 13, 13, 13, 13, 13, 13, 13, 18, 16, 12, 11, 16, 16, 17, 18, 20, 20, 22, 20, 18, 16, 13,
13, 12, 8, 9, 14, 19, 18, 17, 19, 18, 14, 13, 14, 15, 14, 14, 18, 17, 17, 17, 17, 17, 17, 16, 16, 13, 13, 13, 12,
14, 15, 16, 17, 17, 18],
[12, 12, 12, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 21, 18, 13, 11, 17, 19, 20, 21, 20, 18, 19, 18, 14, 14, 13,
13, 13, 9, 7, 12, 18, 18, 16, 16, 19, 20, 17, 16, 16, 18, 17, 15, 14, 13, 12, 13, 14, 13, 12, 10, 10, 9, 12, 16,
16, 18, 19, 18, 18, 19],
[12, 12, 12, 12, 13, 12, 12, 13, 13, 13, 13, 13, 13, 17, 21, 20, 16, 13, 14, 14, 16, 16, 16, 16, 14, 15, 13, 13, 13,
13, 13, 12, 7, 10, 14, 20, 13, 14, 16, 20, 20, 17, 16, 12, 14, 11, 14, 15, 10, 11, 13, 10, 8, 9, 9, 8, 14, 19, 19,
18, 18, 18, 18, 19],
[12, 12, 12, 13, 12, 13, 13, 13, 13, 13, 13, 13, 15, 22, 22, 20, 15, 13, 13, 10, 9, 9, 10, 11, 11, 9, 10, 13, 12,
11, 10, 10, 9, 10, 9, 19, 17, 8, 8, 15, 21, 16, 11, 10, 10, 12, 10, 9, 8, 11, 8, 8, 6, 9, 13, 9, 9, 12, 16, 18, 17,
16, 18, 20],
[13, 13, 13, 13, 13, 13, 13, 13, 13, 14, 15, 20, 22, 22, 22, 22, 16, 12, 8, 8, 6, 6, 8, 7, 7, 6, 7, 10, 8, 9, 8, 11,
9, 8, 6, 12, 16, 10, 6, 11, 15, 14, 10, 12, 11, 11, 11, 9, 7, 9, 8, 11, 10, 8, 7, 8, 9, 18, 20, 20, 19, 19, 17,
19]]
t2 = [
[15, 14, 14, 13, 13, 14, 14, 13, 12, 10, 13, 21, 17, 14, 11, 10, 11, 16, 17, 8, 8, 7, 10, 12, 13, 12, 16, 18, 9, 6,
7, 8, 7, 8, 9, 8, 9, 10, 12, 12, 14, 16, 16, 14, 9, 4, 3, 5, 6, 6, 6, 3, 4, 6, 6, 5, 5, 5, 5, 4, 5, 7, 5, 4],
[15, 15, 14, 13, 13, 14, 14, 13, 12, 11, 21, 15, 15, 14, 11, 10, 8, 8, 10, 8, 8, 7, 9, 11, 11, 11, 19, 13, 12, 5, 6,
7, 7, 8, 9, 9, 10, 12, 15, 17, 17, 17, 16, 10, 4, 4, 5, 6, 7, 7, 6, 4, 5, 7, 6, 6, 5, 5, 4, 3, 5, 6, 4, 3],
[15, 15, 14, 13, 13, 14, 14, 13, 12, 19, 15, 13, 15, 14, 12, 10, 8, 8, 9, 8, 8, 7, 9, 10, 9, 16, 14, 8, 17, 5, 6, 9,
16, 17, 17, 18, 18, 19, 21, 22, 22, 21, 19, 10, 4, 5, 6, 7, 9, 9, 6, 5, 8, 8, 6, 6, 5, 4, 4, 3, 3, 4, 3, 3],
[15, 15, 14, 14, 13, 14, 14, 14, 14, 19, 12, 13, 14, 14, 13, 12, 10, 9, 9, 9, 8, 7, 9, 10, 12, 18, 10, 8, 18, 6, 6,
7, 7, 6, 7, 8, 9, 12, 15, 20, 14, 10, 5, 4, 5, 6, 7, 9, 10, 10, 7, 7, 9, 9, 7, 6, 6, 5, 6, 6, 6, 6, 5, 5],
[15, 14, 14, 13, 13, 14, 14, 14, 15, 18, 11, 12, 13, 14, 14, 14, 12, 11, 11, 11, 10, 10, 11, 14, 23, 18, 18, 18, 20,
12, 7, 7, 7, 6, 6, 8, 10, 13, 14, 20, 11, 6, 4, 5, 6, 7, 9, 10, 11, 10, 7, 9, 11, 9, 7, 6, 6, 6, 7, 7, 7, 7, 7, 6],
[15, 15, 14, 14, 13, 14, 15, 14, 12, 20, 8, 8, 11, 14, 14, 14, 13, 17, 22, 15, 12, 12, 14, 22, 14, 13, 12, 9, 8, 19,
7, 7, 7, 6, 6, 7, 9, 12, 13, 20, 10, 7, 6, 6, 8, 9, 10, 12, 12, 10, 9, 11, 11, 10, 8, 7, 7, 7, 7, 8, 7, 7, 7, 6],
[15, 14, 14, 14, 13, 14, 15, 13, 7, 10, 16, 4, 5, 12, 15, 19, 22, 19, 13, 12, 12, 13, 22, 15, 13, 13, 12, 9, 7, 17,
11, 8, 7, 6, 5, 6, 9, 12, 13, 20, 11, 10, 8, 8, 9, 11, 11, 13, 12, 10, 11, 12, 11, 11, 9, 8, 7, 7, 8, 8, 8, 7, 7,
6],
[14, 14, 14, 14, 13, 13, 14, 11, 3, 2, 9, 17, 18, 19, 19, 18, 13, 12, 12, 12, 12, 16, 18, 13, 13, 13, 11, 9, 8, 14,
13, 7, 8, 6, 5, 6, 9, 11, 12, 20, 12, 11, 10, 10, 11, 12, 12, 13, 12, 11, 12, 13, 12, 11, 10, 8, 8, 8, 8, 8, 8, 7,
7, 6],
[14, 14, 14, 14, 13, 13, 14, 7, 2, 4, 4, 4, 4, 3, 3, 9, 10, 10, 11, 11, 12, 12, 12, 12, 12, 12, 11, 8, 7, 5, 4, 6,
7, 6, 5, 5, 8, 10, 11, 20, 13, 12, 11, 11, 12, 13, 13, 13, 13, 12, 13, 13, 13, 12, 10, 9, 8, 8, 8, 8, 8, 7, 7, 6],
[15, 14, 14, 14, 13, 13, 13, 3, 4, 5, 5, 5, 4, 3, 3, 3, 7, 9, 11, 12, 13, 12, 13, 12, 12, 11, 9, 7, 5, 5, 5, 5, 4,
3, 3, 3, 3, 4, 7, 11, 11, 12, 12, 12, 13, 13, 14, 13, 13, 13, 13, 14, 13, 12, 11, 9, 8, 8, 8, 8, 8, 7, 6, 5],
[15, 15, 14, 14, 13, 13, 11, 3, 5, 6, 6, 4, 4, 3, 3, 3, 3, 9, 13, 13, 13, 12, 10, 11, 9, 8, 7, 5, 4, 3, 3, 2, 2, 1,
1, 1, 1, 2, 2, 4, 7, 10, 11, 13, 14, 13, 14, 14, 13, 14, 14, 13, 13, 12, 11, 10, 9, 8, 8, 8, 8, 7, 6, 5],
[15, 15, 14, 14, 13, 13, 9, 3, 5, 6, 5, 5, 4, 4, 3, 2, 2, 4, 11, 12, 10, 8, 7, 5, 4, 4, 4, 3, 3, 2, 2, 2, 1, 1, 1,
1, 1, 2, 2, 3, 4, 4, 5, 9, 13, 13, 14, 13, 14, 13, 13, 13, 13, 12, 11, 9, 9, 8, 8, 8, 8, 7, 5, 6],
[15, 14, 14, 14, 13, 13, 7, 4, 6, 6, 5, 4, 4, 3, 3, 2, 2, 2, 4, 9, 9, 5, 3, 2, 2, 2, 2, 3, 3, 3, 2, 2, 1, 1, 1, 1,
1, 2, 2, 5, 5, 3, 2, 2, 6, 12, 13, 13, 13, 14, 14, 13, 12, 11, 9, 8, 7, 7, 7, 7, 8, 7, 5, 6],
[15, 14, 14, 14, 13, 12, 4, 5, 7, 6, 5, 4, 4, 3, 3, 2, 2, 2, 3, 4, 4, 2, 2, 2, 2, 2, 1, 2, 3, 3, 3, 3, 2, 1, 1, 1,
2, 2, 4, 6, 6, 3, 2, 2, 2, 5, 9, 12, 14, 14, 12, 8, 6, 5, 5, 6, 7, 6, 6, 6, 7, 6, 5, 6],
[15, 14, 14, 14, 13, 11, 4, 5, 7, 6, 5, 5, 4, 4, 3, 3, 3, 2, 2, 2, 2, 4, 7, 9, 10, 9, 7, 4, 2, 4, 4, 4, 4, 3, 2, 2,
2, 2, 4, 4, 4, 4, 4, 3, 3, 4, 5, 9, 12, 10, 4, 3, 4, 3, 3, 4, 6, 6, 7, 8, 7, 5, 4, 6],
[15, 14, 14, 14, 13, 10, 3, 5, 7, 6, 5, 4, 4, 3, 3, 3, 3, 3, 2, 2, 7, 13, 13, 12, 13, 18, 14, 10, 5, 1, 4, 4, 4, 5,
5, 4, 3, 2, 4, 4, 3, 4, 5, 6, 5, 6, 6, 5, 6, 5, 4, 4, 5, 4, 4, 3, 5, 7, 8, 9, 6, 3, 2, 3],
[14, 14, 14, 14, 13, 9, 4, 6, 7, 7, 5, 5, 4, 3, 3, 3, 3, 3, 2, 8, 16, 17, 15, 10, 7, 9, 15, 13, 11, 5, 2, 3, 6, 6,
7, 4, 2, 2, 3, 1, 0, 1, 4, 3, 5, 4, 5, 6, 4, 3, 4, 4, 4, 5, 4, 3, 5, 9, 10, 10, 6, 3, 2, 2],
[14, 14, 14, 13, 13, 7, 4, 5, 7, 7, 6, 5, 4, 4, 4, 4, 3, 3, 6, 16, 18, 17, 6, 4, 2, 3, 3, 13, 14, 9, 3, 3, 3, 5, 4,
2, 2, 1, 1, 0, 0, 0, 3, 2, 4, 1, 1, 3, 2, 2, 4, 5, 6, 5, 5, 4, 4, 9, 10, 8, 5, 2, 2, 3],
[14, 14, 14, 13, 13, 6, 6, 5, 7, 7, 7, 6, 5, 4, 4, 4, 4, 5, 9, 17, 19, 16, 5, 3, 2, 2, 2, 10, 13, 11, 4, 3, 3, 1, 2,
2, 1, 0, 0, 0, 0, 1, 3, 1, 3, 0, 1, 3, 6, 7, 5, 4, 4, 5, 5, 5, 4, 11, 10, 7, 4, 3, 3, 5],
[14, 14, 13, 13, 13, 6, 6, 6, 6, 6, 6, 6, 5, 4, 3, 3, 3, 4, 6, 8, 12, 11, 6, 2, 2, 2, 2, 2, 4, 3, 1, 1, 2, 3, 2, 3,
2, 1, 1, 1, 2, 2, 2, 1, 2, 1, 0, 3, 12, 16, 15, 10, 6, 4, 5, 5, 4, 12, 12, 10, 8, 6, 6, 8],
[14, 13, 13, 13, 12, 6, 6, 7, 6, 6, 6, 5, 4, 3, 3, 3, 3, 3, 4, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 2, 2, 3, 3, 3, 2, 3, 2,
2, 2, 2, 3, 2, 2, 2, 2, 4, 1, 2, 6, 11, 17, 17, 11, 8, 5, 5, 4, 11, 13, 11, 11, 9, 8, 9],
[14, 13, 13, 13, 12, 5, 4, 7, 6, 6, 5, 4, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 2, 2, 3, 3, 2, 3, 3, 3, 3,
2, 1, 1, 2, 3, 3, 2, 3, 3, 3, 4, 4, 4, 4, 11, 16, 14, 8, 5, 4, 10, 11, 11, 12, 11, 9, 8],
[13, 13, 13, 13, 10, 2, 3, 5, 6, 6, 4, 3, 2, 2, 2, 1, 1, 1, 2, 1, 1, 1, 1, 2, 1, 1, 1, 2, 2, 3, 2, 3, 3, 3, 3, 2, 1,
1, 1, 1, 1, 3, 3, 2, 3, 2, 3, 4, 5, 5, 4, 2, 14, 17, 14, 5, 4, 9, 10, 10, 11, 11, 9, 9],
[12, 12, 12, 12, 10, 4, 3, 3, 5, 5, 3, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 2, 2, 3, 5, 3, 2, 3, 2, 2,
2, 2, 2, 2, 3, 2, 2, 2, 1, 1, 2, 3, 5, 5, 5, 11, 19, 17, 6, 5, 11, 12, 11, 11, 11, 10, 10],
[12, 12, 12, 12, 9, 5, 4, 2, 4, 4, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 2, 2, 2, 4, 3, 2, 2, 3, 2, 2, 2,
2, 3, 2, 2, 3, 1, 1, 2, 3, 3, 2, 3, 4, 5, 6, 8, 17, 19, 7, 5, 12, 12, 12, 11, 11, 11, 11],
[11, 11, 11, 11, 9, 3, 3, 4, 3, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 3,
3, 2, 2, 2, 1, 0, 1, 2, 3, 4, 3, 3, 3, 4, 5, 5, 7, 12, 6, 5, 11, 11, 11, 11, 11, 11, 11],
[12, 12, 13, 12, 9, 2, 2, 3, 3, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 3, 2, 2, 2, 1, 1, 1, 1, 2, 2, 2, 3, 3,
2, 2, 1, 2, 2, 1, 1, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 3, 3, 5, 10, 11, 11, 11, 12, 12],
[13, 13, 13, 14, 12, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 0, 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 1, 1, 1, 1, 2, 2, 2, 2, 2,
4, 5, 8, 10, 11, 12, 8, 5, 3, 2, 2, 3, 2, 2, 3, 4, 4, 3, 2, 2, 2, 4, 11, 12, 12, 12, 13],
[14, 14, 14, 14, 14, 13, 3, 2, 2, 1, 1, 1, 1, 2, 2, 2, 2, 1, 1, 0, 1, 1, 1, 2, 2, 2, 2, 1, 1, 1, 1, 1, 2, 2, 1, 3,
10, 13, 14, 14, 15, 15, 17, 16, 14, 12, 11, 8, 3, 2, 2, 2, 3, 3, 3, 2, 2, 2, 3, 10, 12, 12, 13, 13],
[14, 14, 15, 15, 14, 13, 4, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 2, 2, 1, 1, 1, 1, 2, 2, 1, 1, 1, 1, 0, 1, 1, 1, 1, 2, 9,
12, 17, 18, 17, 16, 15, 17, 17, 16, 16, 15, 16, 15, 4, 2, 2, 2, 3, 3, 3, 2, 2, 3, 10, 13, 13, 13, 14],
[15, 15, 15, 15, 15, 13, 4, 2, 1, 1, 1, 1, 1, 1, 1, 2, 1, 1, 1, 1, 2, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 2,
8, 12, 18, 19, 17, 15, 17, 18, 18, 18, 18, 17, 15, 4, 2, 2, 2, 2, 3, 2, 2, 2, 3, 10, 14, 14, 14, 14],
[16, 15, 15, 15, 14, 11, 2, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1,
2, 9, 12, 14, 16, 14, 17, 16, 16, 17, 15, 13, 10, 1, 2, 1, 2, 2, 2, 3, 2, 1, 3, 11, 13, 13, 14, 15],
[16, 15, 15, 15, 14, 7, 2, 2, 1, 1, 1, 1, 1, 0, 0, 0, 1, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1,
3, 9, 11, 12, 13, 13, 12, 12, 12, 12, 10, 3, 2, 1, 1, 1, 1, 1, 2, 2, 2, 4, 13, 15, 14, 14, 15],
[16, 15, 15, 15, 12, 4, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1,
2, 2, 6, 9, 11, 10, 11, 11, 10, 9, 4, 1, 2, 1, 1, 1, 1, 1, 2, 1, 2, 4, 12, 14, 15, 15, 16],
[17, 16, 15, 16, 16, 3, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 0, 2, 1, 0, 0, 0, 0, 0, 0, 1, 2,
1, 2, 1, 2, 4, 6, 6, 5, 3, 1, 0, 1, 2, 1, 1, 1, 1, 1, 2, 2, 1, 4, 13, 14, 13, 15, 16],
[16, 18, 19, 19, 18, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 2, 0, 0, 0, 0, 0, 0, 1, 2, 1,
2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 5, 14, 15, 15, 15, 15],
[19, 19, 19, 19, 19, 12, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 2, 1, 0, 0, 0, 0, 1, 1, 2, 2,
1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 6, 12, 16, 16, 16, 16],
[19, 19, 19, 19, 19, 16, 2, 1, 1, 1, 1, 1, 1, 1, 2, 1, 1, 1, 1, 1, 2, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 2, 1,
1, 1, 1, 1, 2, 1, 2, 2, 1, 1, 2, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 8, 17, 15, 16, 18, 18],
[19, 20, 20, 20, 20, 16, 3, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1,
0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 2, 12, 18, 20, 18, 17, 20],
[19, 20, 20, 20, 19, 17, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0,
0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 2, 12, 20, 20, 20, 20, 18],
[19, 19, 20, 19, 19, 18, 10, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 2, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 2, 5, 16, 17, 20, 20, 21, 21],
[18, 18, 18, 19, 19, 18, 12, 2, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0,
1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 9, 18, 19, 18, 21, 20, 21],
[13, 14, 15, 15, 17, 18, 15, 4, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0,
1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 2, 14, 20, 19, 20, 19, 21, 20],
[9, 12, 12, 9, 11, 16, 14, 6, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1,
1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 3, 16, 21, 21, 19, 20, 18, 21],
[10, 10, 10, 10, 12, 13, 13, 7, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0,
0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 10, 17, 20, 21, 20, 19, 20, 19],
[11, 12, 14, 14, 16, 17, 13, 8, 2, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0,
1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 15, 20, 19, 20, 21, 20, 20, 20],
[17, 18, 17, 19, 20, 19, 18, 12, 2, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 6, 19, 20, 19, 20, 20, 21, 20, 21],
[19, 18, 20, 20, 20, 20, 19, 13, 3, 1, 2, 1, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1,
0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 15, 20, 21, 20, 19, 21, 21, 22, 20],
[19, 19, 20, 20, 20, 19, 18, 14, 3, 2, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1,
0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 5, 20, 21, 21, 21, 19, 21, 22, 22, 21],
[20, 20, 20, 20, 19, 19, 18, 13, 3, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 9, 21, 21, 21, 21, 21, 19, 22, 22, 22],
[20, 20, 20, 20, 19, 19, 17, 9, 2, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 14, 22, 22, 22, 22, 21, 20, 22, 22, 22],
[19, 20, 20, 20, 20, 18, 13, 4, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 5, 18, 22, 22, 22, 21, 21, 21, 20, 22, 22],
[15, 16, 17, 17, 17, 14, 7, 2, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 12, 22, 24, 23, 22, 23, 23, 21, 20, 22, 22],
[13, 12, 12, 11, 11, 8, 3, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 2, 21, 25, 25, 25, 25, 25, 25, 21, 20, 20, 21],
[13, 12, 12, 10, 7, 3, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 5, 25, 25, 25, 25, 25, 25, 25, 21, 20, 17, 18],
[12, 12, 11, 8, 5, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 11, 25, 25, 25, 25, 25, 25, 24, 19, 20, 13, 12],
[12, 11, 9, 5, 2, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 19, 25, 25, 25, 25, 25, 25, 23, 25, 25, 24, 15],
[11, 9, 6, 2, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 7, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25],
[10, 6, 3, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 12, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25],
[7, 3, 2, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 22, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25],
[5, 2, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 10, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25],
[3, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 21, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25],
[2, 2, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25],
[2, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 13, 25, 25, 24, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25]]
pic1 = np.array(t1)
pic2 = np.array(t2)
re1 = np.linalg.inv(pic1)
re2 = np.linalg.inv(pic2)
e = np.array(enc)
ccc = np.dot(np.dot(e, re2), re1)
for x in ccc:
print(chr(int(x + 0.5)), end="")
xd maze
有手就行 0123表示不同得步长 v14表示已走的步数 要求必须byte_404020[v14]==32 所以把值是32的index找出来
r = [0, 1, 65, 73, 585, 649, 713, 714, 1226, 1227, 1291, 1299, 1811, 1812, 1820, 2332, 2333, 2341, 2349, 2357, 2365,
2366, 2430, 2942, 3454, 3455, 3967, 4031, 4095]
两项差就是步长 然后对应0123
d=[1,64,8,512,64,64,1,512,1,64,8,512,1,8,512,1,8,8,8,8,1,64,512,512,1,512,64,64]
rrr=""
for x in d:
if x==1:
rrr+="3"
elif x==64:
rrr+="1"
elif x==8:
rrr+="2"
else:
rrr+="0"
print(rrr)
UPX magic0
假upx 直接逆
逻辑很简单 对输入值做一系列处理后与v14比较
注意都是int类型 可能会溢出 所有只比较低位
#int位丢失 爆破
d = ['8d68', '9d49', '2a12', 'ab1a', 'cbdc', 'b92b', '2e32', '9f59', 'ddcd', '9d49', 'a90a', '0e70', 'f5cf', '0a50',
'5af5', 'ff9f', '9f59', 'bd0b', '58e5', '3823', 'bf1b', '78a7', 'ab1a', '48c4', 'a90a', '2c22', '9f59', '5cc5',
'5ed5', '78a7', '2672', '5695']
print()
for x in d:
for i in range(1, 256):
v12 = i << 8
for j in range(0, 8):
if ((v12 & 0x8000) != 0):
v12 = (2 * v12) ^ 0x1021
else:
v12 *= 2
if hex(v12)[-4:]==x:
print(chr(i),end="")
爆破即可
fake shell
简单分析 随便翘翘
应该输入sudo cat flag.txt
提示要有sudo密码
根据提示信息跟进sub_176c V7就是enc V6就是变换后的密码
sub_1358对v9做了一点变换 该变换和我们输入的密码无关 先不管
sub_1635 emmm
a1就是传进来的v9 交换其中的某些项 找值 最后再把a2[i]异或 显然a1变换都是固定的
即a2的每项异或的都是固定值
动态调试 传入'a'*32 拿到变换后的v6
#异或的都是定值
d = [0xBF, 0x92, 0xFA, 0x83, 0x39, 0x45, 0xA0, 0xB1, 0xE6, 0x0B, 0xC7, 0x6F, 0xC8, 0x63, 0x9B, 0xD9, 0x08, 0x1C, 0x4F,
0x4F, 0xC6, 0xBA, 0x68, 0x3C, 0x6F, 0x45, 0x05, 0xD8, 0xA0, 0xB2, 0xAD, 0xEA]
for x in d:
print(x ^ 0x61, end=",")
print()
xork = [222, 243, 155, 226, 88, 36, 193, 208, 135, 106, 166, 14, 169, 2, 250, 184, 105, 125, 46, 46, 167, 219, 9, 93,
14, 36, 100, 185, 193, 211, 204, 139]
enc = [0xB6, 0x94, 0xFA, 0x8F, 0x3D, 0x5F, 0xB2, 0xE0, 0xEA, 0x0F, 0xD2, 0x66, 0x98, 0x6C, 0x9D, 0xE7, 0x1B, 0x08, 0x40,
0x71, 0xC5, 0xBE, 0x6F, 0x6D, 0x7C, 0x7B, 0x09, 0x8D, 0xA8, 0xBD, 0xF3, 0xF6]
for index in range(len(xork)):
print(chr(enc[index] ^ xork[index]), end="")
creakme2
经过四个xtea变换后与enc比较 与标准xtea相比更换了delta
但单纯套用XTEA脚本得不到正确答案
void XTEA_decipher(unsigned int num_rounds, uint32_t v[2], uint32_t const key[4]) {
unsigned int i;
uint32_t v0 = v[0], v1 = v[1], delta = 0x9E3779B1, sum = delta * num_rounds;
for (i = 0; i < num_rounds; i++) {
v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum >> 11) & 3]);
sum -= delta;
v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);
}
v[0] = v0; v[1] = v1;
}
int main()
{
uint32_t key[10]; // [rsp+68h] [rbp+2Fh] BYREF
key[9] = 0;
key[0] = 1;
key[1] = 2;
key[2] = 3;
key[3] = 4;
key[4] = 5;
key[5] = 6;
key[6] = 7;
key[7] = 8;
key[8] = 9;
uint32_t enc[8] = { 0x457E62CF, 0x9537896C, 0x1F7E7F72, 0xF7A073D8, 0x8E996868, 0x40AFAF99, 0x0F990E34, 0x196F4086 };
uint32_t t[8] = { 0x457E62CF, 0x9537896C, 0x1F7E7F72, 0xF7A073D8, 0x8E996868, 0x40AFAF99, 0x0F990E34, 0x196F4086 };
printf("原文文:%X,%X,%X,%X,%X,%X,%X,%X\n", t[0], t[1], t[2], t[3], t[4], t[5], t[6], t[7]);
XTEA_decipher(32, &t[0], key);
XTEA_decipher(32, &t[2], key);
XTEA_decipher(32, &t[4], key);
XTEA_decipher(32, &t[6], key);
printf("解密后:%X,%X,%X,%X,%X,%X,%X,%X\n", t[0], t[1], t[2], t[3], t[4], t[5], t[6], t[7]);
return 0;
}
原文文:457E62CF,9537896C,1F7E7F72,F7A073D8,8E996868,40AFAF99,F990E34,196F4086
解密后:5E84A817,D3C7FB08,FA921838,9A97A1E3,1F72A7C4,EE1F2957,BA0A4F85,6903A53
动态调试发现问题 反复抛出除数不能为0的报错 猜测是否拿异常处理更改了程序逻辑
汇编可以看到明显的try except块 开始分析什么情况下ecx为0
可以看到将sum 算术右移了0x1f 再赋值到ecx 如果sum>>0x1f为0 则进入except块
except块: 将sum异或0x1234567
想调试的可以
Edit exceptions
将该异常给被调试者处理
现在逻辑很清楚了 改一改XTEA脚本
#include <iostream>
#include <stdio.h>
#include <string>
using namespace std;
void XTEA_decipher(unsigned int num_rounds, uint32_t v[2], uint32_t const key[10])
{
unsigned int i;
uint32_t v0 = v[0], v1 = v[1], delta = 0x9E3779B1;
int sum = 0;
int tttt[32] = { 0 };
//先跑出每项正确的sum
for (int i = 0; i < 32; i++) {
sum += delta;
if (sum >> 0X1F == 0) {
sum = sum ^ 0x1234567;
}
tttt[i] = sum;
}
for (i = 0; i < num_rounds; i++) {
v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum >> 11) & 3]);
sum =tttt[i];
v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);
}
v[0] = v0;
v[1] = v1;
}
// void XTEA_decipher(unsigned int num_rounds, uint32_t v[2], uint32_t const key[4]) {
// unsigned int i;
// uint32_t v0 = v[0], v1 = v[1], delta = 0x9E3779B1, sum = delta * num_rounds;
// for (i = 0; i < num_rounds; i++) {
// v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum >> 11) & 3]);
// sum -= delta;
// v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);
// }
// v[0] = v0; v[1] = v1;
// }
int main()
{
uint32_t key[10]; // [rsp+68h] [rbp+2Fh] BYREF
key[9] = 0;
key[0] = 1;
key[1] = 2;
key[2] = 3;
key[3] = 4;
key[4] = 5;
key[5] = 6;
key[6] = 7;
key[7] = 8;
key[8] = 9;
uint32_t enc[8] = { 0x457E62CF, 0x9537896C, 0x1F7E7F72, 0xF7A073D8, 0x8E996868, 0x40AFAF99, 0x0F990E34, 0x196F4086 };
uint32_t t[8] = { 0x457E62CF, 0x9537896C, 0x1F7E7F72, 0xF7A073D8, 0x8E996868, 0x40AFAF99, 0x0F990E34, 0x196F4086 };
printf("原文文:%X,%X,%X,%X,%X,%X,%X,%X\n", t[0], t[1], t[2], t[3], t[4], t[5], t[6], t[7]);
XTEA_decipher(32, &t[0], key);
XTEA_decipher(32, &t[2], key);
XTEA_decipher(32, &t[4], key);
XTEA_decipher(32, &t[6], key);
printf("解密后:%X,%X,%X,%X,%X,%X,%X,%X\n", t[0], t[1], t[2], t[3], t[4], t[5], t[6], t[7]);
return 0;
}
原文文:457E62CF,9537896C,1F7E7F72,F7A073D8,8E996868,40AFAF99,F990E34,196F4086
解密后:4449607D,CDEF2732,DBC80D11,AA40E158,A88B9962,D976AEE7,BA884CA3,92B7CA8
hex转字符再改改大小端即可
upx magic1
好 UPX!
直接脱壳显示不是upx
根据题目去查相关资料
https://jishuin.proginn.com/p/763bfbd5f8a7
其中指出部分程序会改变UPX的magic数 即将UPX!改为其他值
我们010打开 尝试搜索UPX 发现被改为了UPX? 将他们都改回UPX!
保存 重新脱壳即可
IDA打开后发现逻辑和UPX magic0一样 只改了enc
脚本改改即可
欸 发现跑出来只有35位 程序要求37位
猜测是有两位出不来 再改改脚本看看哪两位
d = ['8d68', '9d49', '2a12', 'ab1a', 'cbdc', 'b92b', '2e32', '9f59', 'ddcd', '9d49', 'a90a', 'e70', 'f5cf', '5ed5',
'3c03', '7c87', '2672', 'ab1a', 'a50', '5af5', 'ff9f', '9f59', 'bd0b', '58e5', '3823', 'bf1b', '78a7', 'ab1a',
'48c4', 'a90a', '2c22', '9f59', '5cc5', '5ed5', '78a7', '2672', '5695', ]
print()
for x in d:
for i in range(1, 256):
v12 = i << 8
for j in range(0, 8):
if ((v12 & 0x8000) != 0):
v12 = (2 * v12) ^ 0x1021
else:
v12 *= 2
if hex(v12)[-4:] == x:
print(chr(i), end="")
break
else:
print("艹",end="")
noW_YOukoN艹-rea1_艹PxmAG|C_@Nd~crC16
事实上这俩字符是啥都不影响程序判定 但是影响交flag(
)
hgame{noW_YOu~koNw-rea1_UPx~mAG|C_@Nd~crC16}
