[长安“战疫”网络安全卫士守护赛] Reverse赛题复现
好久没做题了,来复现一下,免得手生了
combat_slogan
.jar文件直接扔进jd-gui,发现是个很简单的加密,写出exp即可
char s[] = "Jr_j11y_s1tug_g0_raq_g0_raq_pnml";
int main()
{
int len = strlen(s);
for (int i = 0; i < len; ++i)
{
char c = s[i];
if (c >= 'a' + 13 && c <= 'm' + 13) putchar(c - 13);
else if (c >= 'n' - 13 && c <= 'z' - 13) putchar(c + 13);
else if (c >= 'N' - 13 && c <= 'Z' - 13) putchar(c + 13);
else putchar(c);
}
return 0;
}
得到flag:
flag{We_w11l_f1ght_t0_end_t0_end_cazy}
cute_doge
打开看是这个样子的
或许可以考虑从对话框入手?
扔进IDA看看,逐个函数查看,看到sub_401A30函数有MainWindow这些疑似初始化对话框的操作
发现了这一串东西ZmxhZ3tDaDFuYV95eWRzX2Nhenl9
看着像Base64,解出来得到flag:
flag{Ch1na_yyds_cazy}
hello_py
uncompyle6反编译一下
import threading, time
def encode_1(n):
global num
while True:
if num >= 0:
flag[num] = flag[num] ^ num
num -= 1
time.sleep(1)
if num <= 0:
break
def encode_2(n):
global num
while True:
if num >= 0:
flag[num] = flag[num] ^ flag[(num + 1)]
num -= 1
time.sleep(1)
if num < 0:
break
while True:
Happy = [
44, 100, 3, 50, 106, 90, 5, 102, 10, 112]
num = 9
f = input('Please input your flag:')
if len(f) != 10:
print('Your input is illegal')
else:
flag = list(f)
j = 0
for i in flag:
flag[j] = ord(i)
j += 1
else:
print("flag to 'ord':", flag)
t1 = threading.Thread(target=encode_1, args=(1, ))
t2 = threading.Thread(target=encode_2, args=(2, ))
t1.start()
time.sleep(0.5)
t2.start()
t1.join()
t2.join()
if flag == Happy:
print('Good job!')
else:
print('No no no!')
大眼瞪完后写exp
char enflag[] = {44, 100, 3, 50, 106, 90, 5, 102, 10, 112};
int main()
{
for (rg int i = 0; i < 10; i += 2) enflag[i] ^= enflag[i + 1];
for (rg int i = 1; i < 11; i += 2) enflag[i] ^= i;
for (rg int i = 0; i < 11; ++i) putchar(enflag[i]);
return 0;
}
得到flag:
He110_cazy
lemon
字节码还原程序,语法和c/python好像差不多的样子
(我复现起来真的感觉烦的一批。。不知道有没有什么简单的字节码还原程序的方法)
char a[233] = {83, 69, 65}, a1[233];
char b[233] = {101, 108, 111, 117, 122, 101, 105, 98, 101, 108, 117, 105, 113, 117, 105, 113}, b1[233];
int c[2333];
inline void init()
{
int lena = strlen(a), lenb = strlen(b);
for (int i = 0; i < lena; ++i) a1[i] = a[lena - 1 - i];
for (int i = 0; i < lena; ++i) a[i] = a1[i];
for (int i = 0; i < lenb; ++i) b1[i] = b[lenb - 1 - i];
for (int i = 0; i < lenb; ++i) b[i] = b1[i];
for (int i = 0; i <= 256; ++i) c[i] = i;
}
int main()
{
init();
for (int i = 0; i < 256; ++i) c[i] = (c[i] + a[i % 3] + b[i % 16]) % 256;
for (int i = 0; i < 3; ++i)
{
for (int j = 0; j < 256; ++j) c[j] = c[j] ^ c[(j + 1) % 256];
for (int j = 0; j < 256; ++j) c[j] = (c[j] + 1) % 256;
}
long long ans = 0;
for (int i = 0; i < 256; ++i) ans += c[i];
ans = ans * 20 + 5;
ans = ans * 30 - 5;
ans = ans * 40 - 5;
ans = ans * 50 + 6645;
print(ans);
return 0;
}
得到flag:
23075096395
SafeIM
哈哈,不是我做得出来的题