re | [QCTF2018]babyre
[QCTF2018]babyre
rust逆向,特征点就是字符串中含有.rs
丢exp:
#from libnum import n2s, s2n
import string
cm = [0xDA, 0xD8, 0x3D, 0x4C, 0xE3, 0x63, 0x97, 0x3D,
0xC1, 0x91, 0x97, 0x0E, 0xE3, 0x5C, 0x8D, 0x7E,
0x5B, 0x91, 0x6F, 0xFE, 0xDB, 0xD0, 0x17, 0xFE,
0xD3, 0x21, 0x99, 0x4B, 0x73, 0xD0, 0xAB, 0xFE]
def test():
print ((0x73 >> 2 | 0x73 << 6) % 256)
print ((0xbc >> 7 | 0xbc << 1) % 256)
print ((0xe3 >> 4 | 0xe3 << 4) % 256)
print ((0x6e >> 5 | 0x6e << 3) % 256)
def change3():
re = []
for i in range(32):
for j in range(256):
if i % 4 == 1 and ((j >> 2 | j << 6) % 256 == cm[i]):
re.append(j)
elif i % 4 == 2 and ((j >> 7 | j << 1) % 256 == cm[i]):
re.append(j)
elif i % 4 == 3 and ((j >> 4 | j << 4) % 256 == cm[i]):
re.append(j)
elif i % 4 == 0 and ((j >> 5 | j << 3) % 256 == cm[i]):
re.append(j)
print(re)
return re
def change2(in3):
re = []
for i in range(32):
if i % 4 == 1:
re.append(in3[i] - 18)
elif i % 4 == 2:
re.append(in3[i] - 88)
elif i % 4 == 3:
re.append(in3[i] - 129)
elif i % 4 == 0:
re.append(in3[i] - 7)
print (re)
return re
def change1(in2):
re = []
for i in range(32):
if i % 4 == 1:
re.append(chr(in2[i + 2]))
elif i % 4 == 2:
re.append(chr(in2[i - 2]))
elif i % 4 == 3:
re.append(chr(in2[i - 1]))
elif i % 4 == 0:
re.append(chr(in2[i + 1]))
print(re)
return re
def main():
# test()
c3 = change3()
c2 = change2(c3)
c1 = change1(c2)
print ("".join(c1))
if __name__ == '__main__':
main()
QCTF
有一篇文章写得比较清楚哩:https://blog.csdn.net/qq_33438733/article/details/81138573
over.
本文来自博客园,作者:Mz1,转载请注明原文链接:https://www.cnblogs.com/Mz1-rc/p/15383013.html
如果有问题可以在下方评论或者email:mzi_mzi@163.com