re | [QCTF2018]babyre

[QCTF2018]babyre

rust逆向,特征点就是字符串中含有.rs

丢exp:

#from libnum import n2s, s2n
import string
cm = [0xDA, 0xD8, 0x3D, 0x4C, 0xE3, 0x63, 0x97, 0x3D,
      0xC1, 0x91, 0x97, 0x0E, 0xE3, 0x5C, 0x8D, 0x7E,
      0x5B, 0x91, 0x6F, 0xFE, 0xDB, 0xD0, 0x17, 0xFE,
      0xD3, 0x21, 0x99, 0x4B, 0x73, 0xD0, 0xAB, 0xFE]


def test():
    print ((0x73 >> 2 | 0x73 << 6) % 256)
    print ((0xbc >> 7 | 0xbc << 1) % 256)
    print ((0xe3 >> 4 | 0xe3 << 4) % 256)
    print ((0x6e >> 5 | 0x6e << 3) % 256)


def change3():
    re = []
    for i in range(32):
        for j in range(256):
            if i % 4 == 1 and ((j >> 2 | j << 6) % 256 == cm[i]):
                re.append(j)
            elif i % 4 == 2 and ((j >> 7 | j << 1) % 256 == cm[i]):
                re.append(j)
            elif i % 4 == 3 and ((j >> 4 | j << 4) % 256 == cm[i]):
                re.append(j)
            elif i % 4 == 0 and ((j >> 5 | j << 3) % 256 == cm[i]):
                re.append(j)
    print(re)
    return re


def change2(in3):
    re = []
    for i in range(32):
        if i % 4 == 1:
            re.append(in3[i] - 18)
        elif i % 4 == 2:
            re.append(in3[i] - 88)
        elif i % 4 == 3:
            re.append(in3[i] - 129)
        elif i % 4 == 0:
            re.append(in3[i] - 7)
    print (re)
    return re


def change1(in2):
    re = []
    for i in range(32):
        if i % 4 == 1:
            re.append(chr(in2[i + 2]))
        elif i % 4 == 2:
            re.append(chr(in2[i - 2]))
        elif i % 4 == 3:
            re.append(chr(in2[i - 1]))
        elif i % 4 == 0:
            re.append(chr(in2[i + 1]))
    print(re)
    return re


def main():
    # test()
    c3 = change3()
    c2 = change2(c3)
    c1 = change1(c2)
    print ("".join(c1))


if __name__ == '__main__':
    main()

QCTF

有一篇文章写得比较清楚哩:https://blog.csdn.net/qq_33438733/article/details/81138573

over.

posted @ 2021-10-08 21:35  Mz1  阅读(150)  评论(0编辑  收藏  举报