BUUCTF [BJDCTF2020]BJD hamburger competition
第一次接触 Unity的逆向题
这种关键代码一般都在
中
dnspy打开 搜索关键词 buttton
找到 ButtonSpawnFruit类
条件是sha1(str)="..."
我们可以直接枚举所有可能的变化(注意python的sha1是小写而题目的判断是大写!)
from hashlib import *
from random import *
def Get_SHA1(s):
sha_1 = sha1(s.encode('utf-8'))
return sha_1.hexdigest()
secret = 997
while True:
num = secret
process = ""
for count in range(4):
choice = randint(1,7)
if choice == 1:
num = num - 127
if choice == 2:
num = num * 3
if choice == 3:
num = num ^ 18
if choice == 4:
num = num + 29
if choice == 5:
num = num - 47
if choice == 6:
num = num * 5
if choice == 7:
num = num ^ 87
process += str(choice)
num ^= 127
print(num,Get_SHA1(str(num)))
if Get_SHA1(str(num)) == 'dd01903921ea24941c26a48f2cec24e0bb0e8cc7':
print(num)
print(process)
print(md5(str(num).encode('utf-8')).hexdigest())
break
# b8c37e33defde51cf91e1e03e51657da
最后secret=1001
我们将md5转成大写提交发现不对 查看题目的MD5
可以看到这里取了substr(0,20)所以截取前20位即可