[长安“战疫”网络安全卫士守护赛] Reverse赛题复现

好久没做题了，来复现一下，免得手生了

combat_slogan

.jar文件直接扔进jd-gui，发现是个很简单的加密，写出exp即可

char s[] = "Jr_j11y_s1tug_g0_raq_g0_raq_pnml";
int main()
{
	int len = strlen(s);
	for (int i = 0; i < len; ++i)
	{
		char c = s[i];
		if (c >= 'a' + 13 && c <= 'm' + 13) putchar(c - 13);
		else if (c >= 'n' - 13 && c <= 'z' - 13) putchar(c + 13);
		else if (c >= 'N' - 13 && c <= 'Z' - 13) putchar(c + 13);
		else putchar(c);
	}
	return 0;
}

得到flag：
flag{We_w11l_f1ght_t0_end_t0_end_cazy}

cute_doge

打开看是这个样子的

或许可以考虑从对话框入手？

扔进IDA看看，逐个函数查看，看到sub_401A30函数有MainWindow这些疑似初始化对话框的操作

发现了这一串东西ZmxhZ3tDaDFuYV95eWRzX2Nhenl9

看着像Base64，解出来得到flag：
flag{Ch1na_yyds_cazy}

hello_py

uncompyle6反编译一下

import threading, time

def encode_1(n):
    global num
    while True:
        if num >= 0:
            flag[num] = flag[num] ^ num
            num -= 1
            time.sleep(1)
        if num <= 0:
            break


def encode_2(n):
    global num
    while True:
        if num >= 0:
            flag[num] = flag[num] ^ flag[(num + 1)]
            num -= 1
            time.sleep(1)
        if num < 0:
            break


while True:
    Happy = [
     44, 100, 3, 50, 106, 90, 5, 102, 10, 112]
    num = 9
    f = input('Please input your flag:')
    if len(f) != 10:
        print('Your input is illegal')
    else:
        flag = list(f)
        j = 0
        for i in flag:
            flag[j] = ord(i)
            j += 1
        else:
            print("flag to 'ord':", flag)
            t1 = threading.Thread(target=encode_1, args=(1, ))
            t2 = threading.Thread(target=encode_2, args=(2, ))
            t1.start()
            time.sleep(0.5)
            t2.start()
            t1.join()
            t2.join()

        if flag == Happy:
            print('Good job!')
        else:
            print('No no no!')

大眼瞪完后写exp

char enflag[] = {44, 100, 3, 50, 106, 90, 5, 102, 10, 112};
int main()
{
	for (rg int i = 0; i < 10; i += 2) enflag[i] ^= enflag[i + 1];
	for (rg int i = 1; i < 11; i += 2) enflag[i] ^= i;
	for (rg int i = 0; i < 11; ++i) putchar(enflag[i]);
	return 0;
}

得到flag：
He110_cazy

lemon

字节码还原程序，语法和c/python好像差不多的样子
（我复现起来真的感觉烦的一批。。不知道有没有什么简单的字节码还原程序的方法）

char a[233] = {83, 69, 65}, a1[233];
char b[233] = {101, 108, 111, 117, 122, 101, 105, 98, 101, 108, 117, 105, 113, 117, 105, 113}, b1[233];
int c[2333];
inline void init()
{
	int lena = strlen(a), lenb = strlen(b);
	for (int i = 0; i < lena; ++i) a1[i] = a[lena - 1 - i];
	for (int i = 0; i < lena; ++i) a[i] = a1[i];
	for (int i = 0; i < lenb; ++i) b1[i] = b[lenb - 1 - i];
	for (int i = 0; i < lenb; ++i) b[i] = b1[i];
	for (int i = 0; i <= 256; ++i) c[i] = i;
}
int main()
{
	init();
	
	for (int i = 0; i < 256; ++i) c[i] = (c[i] + a[i % 3] + b[i % 16]) % 256;
	for (int i = 0; i < 3; ++i)
	{
		for (int j = 0; j < 256; ++j) c[j] = c[j] ^ c[(j + 1) % 256];
		for (int j = 0; j < 256; ++j) c[j] = (c[j] + 1) % 256;
	}
	long long ans = 0;
	for (int i = 0; i < 256; ++i) ans += c[i];
	ans = ans * 20 + 5;
	ans = ans * 30 - 5;
	ans = ans * 40 - 5;
	ans = ans * 50 + 6645;
	print(ans);
	return 0;
}

得到flag：
23075096395

SafeIM

哈哈，不是我做得出来的题