2021 东软杯 Reverse WP

本文首发自博客:https://cnblogs.com/cx1ng

Signin

签到题目，strings一下发现flag。

happyCTF

利用C++ lambada表达式进行的异或。

Remember Crypt 4

一个RC4，一个常量异或.rc4动态调解即可。

enc = [
    0x9E, 0xE7, 0x30, 0x5F, 0xA7, 0x01, 0xA6, 0x53, 0x59, 0x1B,
    0x0A, 0x20, 0xF1, 0x73, 0xD1, 0x0E, 0xAB, 0x09, 0x84, 0x0E,
    0x8D, 0x2B, 0x00, 0x00
]
table = [0xDA,0xA9,0x73,0x1A,0xFE,0x4D,0xED,0x12,0x1E,0x66,0x5C,0x6D,0x8C,0x3C,0x96,0x49,0xFD,0x74,0xDF,0x43,0xDA,0x74,0x4C]
for i in range(22):
    enc[i] ^= 0x22
    enc[i] ^= table[i]
print(''.join(map(chr, enc))) # flag{nice_to_meet_you}

EasyRe

基于Linux信号量实现的进程间异步通信,实现的vm。父进程接收信号执行信号函数，子进程发送信号，通过nmap共享内存。这种夸进程的调试十分麻烦，尤其是要分析各个信号量函数。
进过对算法的分析，可获得一个输入与输出映射表。

enc = [
    0xA3, 0xD8, 0xAC, 0xA9, 0xA8, 0xD6, 0xA6, 0xCD, 0xD0, 0xD5,
    0xF7, 0xB7, 0x9C, 0xB3, 0x31, 0x2D, 0x40, 0x5B, 0x4B, 0x3A,
    0xFD, 0x57, 0x42, 0x5F, 0x58, 0x52, 0x54, 0x1B, 0x0C, 0x78,
    0x39, 0x2D, 0xD9, 0x3D, 0x35, 0x1F, 0x09, 0x41, 0x40, 0x47,
    0x42, 0x11
]
map_table = [
[0xDA,0xA5,0xAC,0xA3,0xA6,0xA1,0xA0,0xA7,0xA2,0xAD,0xA4,0x9B,0xDE,0xD9,0x28,0x2F,0x2A,0x35,0x3C,0x33,0x36,0x31,0x50,0x57,0x52,0x5D,0x54,0x4B,0x0E,0x09,0x38,0x3F,0x3A,0x05,0x0C,0x03,0x06,0x01,0x00,0x07,0x02,0x0D],
[0xA7,0xA6,0xA1,0xAC,0xA3,0xA2,0xA5,0xA0,0xAF,0xAE,0x99,0xA4,0xDB,0xDA,0x2D,0x28,0x37,0x36,0x31,0x3C,0x33,0x32,0x55,0x50,0x5F,0x5E,0x49,0x54,0x0B,0x0A,0x3D,0x38,0x07,0x06,0x01,0x0C,0x03,0x02,0x05,0x00,0x0F,0x0E],
[0xA4,0xA7,0xAE,0xAD,0xA0,0xA3,0xA2,0xA1,0xAC,0xAF,0xA6,0xA5,0xD8,0xDB,0x2A,0x29,0x34,0x37,0x3E,0x3D,0x30,0x33,0x52,0x51,0x5C,0x5F,0x56,0x55,0x08,0x0B,0x3A,0x39,0x04,0x07,0x0E,0x0D,0x00,0x03,0x02,0x01,0x0C,0x0F],
[0xA1,0xA0,0xAB,0xAE,0xBD,0xBC,0xBF,0xA2,0xA9,0xA8,0xA3,0xA6,0xD5,0xD4,0x27,0x2A,0x31,0x30,0x3B,0x3E,0x4D,0x4C,0x2F,0x52,0x59,0x58,0x53,0x56,0x05,0x04,0x37,0x3A,0x01,0x00,0x0B,0x0E,0x1D,0x1C,0x1F,0x02,0x09,0x08],
[0xA6,0xA1,0xA8,0xAF,0xA2,0xBD,0xBC,0xA3,0xAE,0xA9,0xA0,0xA7,0xDA,0xD5,0x24,0x2B,0x36,0x31,0x38,0x3F,0x32,0x4D,0x2C,0x53,0x5E,0x59,0x50,0x57,0x0A,0x05,0x34,0x3B,0x06,0x01,0x08,0x0F,0x02,0x1D,0x1C,0x03,0x0E,0x09],
[0xA3,0xA2,0xAD,0xA8,0xBF,0xBE,0xA1,0xBC,0xAB,0xAA,0xA5,0xA0,0xD7,0xD6,0x29,0x24,0x33,0x32,0x3D,0x38,0x4F,0x4E,0x51,0x2C,0x5B,0x5A,0x55,0x50,0x07,0x06,0x39,0x34,0x03,0x02,0x0D,0x08,0x1F,0x1E,0x01,0x1C,0x0B,0x0A],
[0xA0,0xA3,0xAA,0xA9,0xBC,0xBF,0xBE,0xBD,0xA8,0xAB,0xA2,0xA1,0xD4,0xD7,0x26,0x25,0x30,0x33,0x3A,0x39,0x4C,0x4F,0x2E,0x2D,0x58,0x5B,0x52,0x51,0x04,0x07,0x36,0x35,0x00,0x03,0x0A,0x09,0x1C,0x1F,0x1E,0x1D,0x08,0x0B],
[0xDD,0xDC,0xD7,0xAA,0xB9,0xB8,0xAB,0xAE,0xA5,0xA4,0xAF,0xA2,0xD1,0xD0,0x33,0x36,0x2D,0x2C,0x27,0x3A,0x49,0x48,0x5B,0x5E,0x55,0x54,0x5F,0x52,0x01,0x00,0x03,0x06,0x3D,0x3C,0x37,0x0A,0x19,0x18,0x0B,0x0E,0x05,0x04],
[0xD2,0xDD,0xD4,0xAB,0xBE,0xB9,0xA8,0xAF,0xBA,0xA5,0xAC,0xA3,0xD6,0xD1,0x30,0x37,0x22,0x2D,0x24,0x3B,0x4E,0x49,0x58,0x5F,0x2A,0x55,0x5C,0x53,0x06,0x01,0x00,0x07,0x32,0x3D,0x34,0x0B,0x1E,0x19,0x08,0x0F,0x1A,0x05],
[0xDF,0xDE,0xA9,0xD4,0xBB,0xBA,0xAD,0xA8,0xA7,0xA6,0xA1,0xAC,0xD3,0xD2,0x35,0x30,0x2F,0x2E,0x39,0x24,0x4B,0x4A,0x5D,0x58,0x57,0x56,0x51,0x5C,0x03,0x02,0x05,0x00,0x3F,0x3E,0x09,0x34,0x1B,0x1A,0x0D,0x08,0x07,0x06],
[0xDC,0xDF,0xD6,0xD5,0xB8,0xBB,0xAA,0xA9,0xA4,0xA7,0xAE,0xAD,0xD0,0xD3,0x32,0x31,0x2C,0x2F,0x26,0x25,0x48,0x4B,0x5A,0x59,0x54,0x57,0x5E,0x5D,0x00,0x03,0x02,0x01,0x3C,0x3F,0x36,0x35,0x18,0x1B,0x0A,0x09,0x04,0x07],
[0xD9,0xD8,0xD3,0xD6,0xB5,0xB4,0xA7,0xAA,0xA1,0xA0,0xAB,0xAE,0xCD,0xCC,0x2F,0x32,0x29,0x28,0x23,0x26,0x45,0x44,0x57,0x5A,0x51,0x50,0x5B,0x5E,0x3D,0x3C,0x3F,0x02,0x39,0x38,0x33,0x36,0x15,0x14,0x07,0x0A,0x01,0x00],
[0xDE,0xD9,0xD0,0xD7,0xBA,0xB5,0xA4,0xAB,0xA6,0xA1,0xA8,0xAF,0xD2,0xCD,0x2C,0x33,0x2E,0x29,0x20,0x27,0x4A,0x45,0x54,0x5B,0x56,0x51,0x58,0x5F,0x02,0x3D,0x3C,0x03,0x3E,0x39,0x30,0x37,0x1A,0x15,0x04,0x0B,0x06,0x01],
[0xDB,0xDA,0xD5,0xD0,0xB7,0xB6,0xA9,0xA4,0xA3,0xA2,0xAD,0xA8,0xCF,0xCE,0x31,0x2C,0x2B,0x2A,0x25,0x20,0x47,0x46,0x59,0x54,0x53,0x52,0x5D,0x58,0x3F,0x3E,0x01,0x3C,0x3B,0x3A,0x35,0x30,0x17,0x16,0x09,0x04,0x03,0x02],
[0xD8,0xDB,0xD2,0xD1,0xB4,0xB7,0xA6,0xA5,0xA0,0xA3,0xAA,0xA9,0xCC,0xCF,0x2E,0x2D,0x28,0x2B,0x22,0x21,0x44,0x47,0x56,0x55,0x50,0x53,0x5A,0x59,0x3C,0x3F,0x3E,0x3D,0x38,0x3B,0x32,0x31,0x14,0x17,0x06,0x05,0x00,0x03],
[0xB5,0xB4,0xBF,0xB2,0xD1,0xD0,0xB3,0xB6,0xBD,0xBC,0xB7,0xAA,0xC9,0xC8,0x3B,0x3E,0x45,0x44,0x4F,0x42,0x21,0x20,0x23,0x26,0x2D,0x2C,0x27,0x5A,0x39,0x38,0x0B,0x0E,0x15,0x14,0x1F,0x12,0x31,0x30,0x13,0x16,0x1D,0x1C],
[0xAA,0xB5,0xBC,0xB3,0xD6,0xD1,0xB0,0xB7,0xB2,0xBD,0xB4,0xAB,0xCE,0xC9,0x38,0x3F,0x3A,0x45,0x4C,0x43,0x26,0x21,0x20,0x27,0x22,0x2D,0x24,0x5B,0x3E,0x39,0x08,0x0F,0x0A,0x15,0x1C,0x13,0x36,0x31,0x10,0x17,0x12,0x1D],
[0xB7,0xB6,0xB1,0xBC,0xD3,0xD2,0xB5,0xB0,0xBF,0xBE,0xA9,0xB4,0xCB,0xCA,0x3D,0x38,0x47,0x46,0x41,0x4C,0x23,0x22,0x25,0x20,0x2F,0x2E,0x59,0x24,0x3B,0x3A,0x0D,0x08,0x17,0x16,0x11,0x1C,0x33,0x32,0x15,0x10,0x1F,0x1E],
[0xB4,0xB7,0xBE,0xBD,0xD0,0xD3,0xB2,0xB1,0xBC,0xBF,0xB6,0xB5,0xC8,0xCB,0x3A,0x39,0x44,0x47,0x4E,0x4D,0x20,0x23,0x22,0x21,0x2C,0x2F,0x26,0x25,0x38,0x3B,0x0A,0x09,0x14,0x17,0x1E,0x1D,0x30,0x33,0x12,0x11,0x1C,0x1F],
[0xB1,0xB0,0xBB,0xBE,0xAD,0xAC,0xCF,0xB2,0xB9,0xB8,0xB3,0xB6,0xC5,0xC4,0x37,0x3A,0x41,0x40,0x4B,0x4E,0x3D,0x3C,0x3F,0x22,0x29,0x28,0x23,0x26,0x35,0x34,0x07,0x0A,0x11,0x10,0x1B,0x1E,0x0D,0x0C,0x2F,0x12,0x19,0x18],
[0xB6,0xB1,0xB8,0xBF,0xD2,0xAD,0xCC,0xB3,0xBE,0xB9,0xB0,0xB7,0xCA,0xC5,0x34,0x3B,0x46,0x41,0x48,0x4F,0x22,0x3D,0x3C,0x23,0x2E,0x29,0x20,0x27,0x3A,0x35,0x04,0x0B,0x16,0x11,0x18,0x1F,0x32,0x0D,0x2C,0x13,0x1E,0x19],
[0xB3,0xB2,0xBD,0xB8,0xAF,0xAE,0xB1,0xCC,0xBB,0xBA,0xB5,0xB0,0xC7,0xC6,0x39,0x34,0x43,0x42,0x4D,0x48,0x3F,0x3E,0x21,0x3C,0x2B,0x2A,0x25,0x20,0x37,0x36,0x09,0x04,0x13,0x12,0x1D,0x18,0x0F,0x0E,0x11,0x2C,0x1B,0x1A],
[0xB0,0xB3,0xBA,0xB9,0xAC,0xAF,0xCE,0xCD,0xB8,0xBB,0xB2,0xB1,0xC4,0xC7,0x36,0x35,0x40,0x43,0x4A,0x49,0x3C,0x3F,0x3E,0x3D,0x28,0x2B,0x22,0x21,0x34,0x37,0x06,0x05,0x10,0x13,0x1A,0x19,0x0C,0x0F,0x2E,0x2D,0x18,0x1B],
[0xAD,0xAC,0xA7,0xBA,0xA9,0xA8,0xBB,0xBE,0xB5,0xB4,0xBF,0xB2,0xC1,0xC0,0x43,0x46,0x3D,0x3C,0x37,0x4A,0x39,0x38,0x2B,0x2E,0x25,0x24,0x2F,0x22,0x31,0x30,0x13,0x16,0x0D,0x0C,0x07,0x1A,0x09,0x08,0x1B,0x1E,0x15,0x14],
[0xA2,0xAD,0xA4,0xBB,0xAE,0xA9,0xB8,0xBF,0xCA,0xB5,0xBC,0xB3,0xC6,0xC1,0x40,0x47,0x32,0x3D,0x34,0x4B,0x3E,0x39,0x28,0x2F,0x3A,0x25,0x2C,0x23,0x36,0x31,0x10,0x17,0x02,0x0D,0x04,0x1B,0x0E,0x09,0x18,0x1F,0x2A,0x15],
[0xAF,0xAE,0xB9,0xA4,0xAB,0xAA,0xBD,0xB8,0xB7,0xB6,0xB1,0xBC,0xC3,0xC2,0x45,0x40,0x3F,0x3E,0x49,0x34,0x3B,0x3A,0x2D,0x28,0x27,0x26,0x21,0x2C,0x33,0x32,0x15,0x10,0x0F,0x0E,0x19,0x04,0x0B,0x0A,0x1D,0x18,0x17,0x16],
[0xF5,0xF4,0xFF,0xF2,0x11,0x10,0xF3,0xF6,0xFD,0xFC,0xF7,0xEA,0x09,0x08,0xFB,0xFE,0x05,0x04,0x0F,0x02,0xE1,0xE0,0xE3,0xE6,0xED,0xEC,0xE7,0x1A,0x79,0x78,0x4B,0x4E,0x55,0x54,0x5F,0x52,0x71,0x70,0x53,0x56,0x5D,0x5C],
[0xEA,0xF5,0xFC,0xF3,0x16,0x11,0xF0,0xF7,0xF2,0xFD,0xF4,0xEB,0x0E,0x09,0xF8,0xFF,0xFA,0x05,0x0C,0x03,0xE6,0xE1,0xE0,0xE7,0xE2,0xED,0xE4,0x1B,0x7E,0x79,0x48,0x4F,0x4A,0x55,0x5C,0x53,0x76,0x71,0x50,0x57,0x52,0x5D],
[0xF7,0xF6,0xF1,0xFC,0x13,0x12,0xF5,0xF0,0xFF,0xFE,0xE9,0xF4,0x0B,0x0A,0xFD,0xF8,0x07,0x06,0x01,0x0C,0xE3,0xE2,0xE5,0xE0,0xEF,0xEE,0x19,0xE4,0x7B,0x7A,0x4D,0x48,0x57,0x56,0x51,0x5C,0x73,0x72,0x55,0x50,0x5F,0x5E],
[0xF4,0xF7,0xFE,0xFD,0x10,0x13,0xF2,0xF1,0xFC,0xFF,0xF6,0xF5,0x08,0x0B,0xFA,0xF9,0x04,0x07,0x0E,0x0D,0xE0,0xE3,0xE2,0xE1,0xEC,0xEF,0xE6,0xE5,0x78,0x7B,0x4A,0x49,0x54,0x57,0x5E,0x5D,0x70,0x73,0x52,0x51,0x5C,0x5F],
[0xF1,0xF0,0xFB,0xFE,0xED,0xEC,0x0F,0xF2,0xF9,0xF8,0xF3,0xF6,0x05,0x04,0xF7,0xFA,0x01,0x00,0x0B,0x0E,0xFD,0xFC,0xFF,0xE2,0xE9,0xE8,0xE3,0xE6,0x75,0x74,0x47,0x4A,0x51,0x50,0x5B,0x5E,0x4D,0x4C,0x6F,0x52,0x59,0x58],
[0xF6,0xF1,0xF8,0xFF,0x12,0xED,0x0C,0xF3,0xFE,0xF9,0xF0,0xF7,0x0A,0x05,0xF4,0xFB,0x06,0x01,0x08,0x0F,0xE2,0xFD,0xFC,0xE3,0xEE,0xE9,0xE0,0xE7,0x7A,0x75,0x44,0x4B,0x56,0x51,0x58,0x5F,0x72,0x4D,0x6C,0x53,0x5E,0x59],
[0xF3,0xF2,0xFD,0xF8,0xEF,0xEE,0xF1,0x0C,0xFB,0xFA,0xF5,0xF0,0x07,0x06,0xF9,0xF4,0x03,0x02,0x0D,0x08,0xFF,0xFE,0xE1,0xFC,0xEB,0xEA,0xE5,0xE0,0x77,0x76,0x49,0x44,0x53,0x52,0x5D,0x58,0x4F,0x4E,0x51,0x6C,0x5B,0x5A],
[0xF0,0xF3,0xFA,0xF9,0xEC,0xEF,0x0E,0x0D,0xF8,0xFB,0xF2,0xF1,0x04,0x07,0xF6,0xF5,0x00,0x03,0x0A,0x09,0xFC,0xFF,0xFE,0xFD,0xE8,0xEB,0xE2,0xE1,0x74,0x77,0x46,0x45,0x50,0x53,0x5A,0x59,0x4C,0x4F,0x6E,0x6D,0x58,0x5B],
[0xED,0xEC,0xE7,0xFA,0xE9,0xE8,0xFB,0xFE,0xF5,0xF4,0xFF,0xF2,0x01,0x00,0x03,0x06,0xFD,0xFC,0xF7,0x0A,0xF9,0xF8,0xEB,0xEE,0xE5,0xE4,0xEF,0xE2,0x71,0x70,0x53,0x56,0x4D,0x4C,0x47,0x5A,0x49,0x48,0x5B,0x5E,0x55,0x54],
[0xE2,0xED,0xE4,0xFB,0xEE,0xE9,0xF8,0xFF,0x0A,0xF5,0xFC,0xF3,0x06,0x01,0x00,0x07,0xF2,0xFD,0xF4,0x0B,0xFE,0xF9,0xE8,0xEF,0xFA,0xE5,0xEC,0xE3,0x76,0x71,0x50,0x57,0x42,0x4D,0x44,0x5B,0x4E,0x49,0x58,0x5F,0x6A,0x55],
[0xAC,0xAF,0xA6,0xA5,0xA8,0xAB,0xBA,0xB9,0xB4,0xB7,0xBE,0xBD,0xC0,0xC3,0x42,0x41,0x3C,0x3F,0x36,0x35,0x38,0x3B,0x2A,0x29,0x24,0x27,0x2E,0x2D,0x30,0x33,0x12,0x11,0x0C,0x0F,0x06,0x05,0x08,0x0B,0x1A,0x19,0x14,0x17],
[0xAE,0xA9,0xA0,0xA7,0xAA,0xA5,0xB4,0xBB,0xB6,0xB1,0xB8,0xBF,0xC2,0xBD,0x3C,0x43,0x3E,0x39,0x30,0x37,0x3A,0x35,0x24,0x2B,0x26,0x21,0x28,0x2F,0x32,0x2D,0x0C,0x13,0x0E,0x09,0x00,0x07,0x0A,0x05,0x14,0x1B,0x16,0x11],
[0x1E,0x19,0x10,0x17,0xFA,0xF5,0xE4,0xEB,0xE6,0xE1,0xE8,0xEF,0x12,0x0D,0xEC,0xF3,0xEE,0xE9,0xE0,0xE7,0x0A,0x05,0x14,0x1B,0x16,0x11,0x18,0x1F,0x42,0x7D,0x7C,0x43,0x7E,0x79,0x70,0x77,0x5A,0x55,0x44,0x4B,0x46,0x41],
[0xC8,0xCB,0xC2,0xC1,0xC4,0xC7,0xD6,0xD5,0xD0,0xD3,0xDA,0xD9,0x9C,0x9F,0x5E,0x5D,0x58,0x5B,0x52,0x51,0x54,0x57,0x46,0x45,0x40,0x43,0x4A,0x49,0x0C,0x0F,0x2E,0x2D,0x28,0x2B,0x22,0x21,0x24,0x27,0x36,0x35,0x30,0x33],
[0x1A,0xE5,0xEC,0xE3,0xE6,0xE1,0xE0,0xE7,0xE2,0xED,0xE4,0xDB,0x1E,0x19,0xE8,0xEF,0xEA,0xF5,0xFC,0xF3,0xF6,0xF1,0x10,0x17,0x12,0x1D,0x14,0x0B,0x4E,0x49,0x78,0x7F,0x7A,0x45,0x4C,0x43,0x46,0x41,0x40,0x47,0x42,0x4D],
]
flag_table = "abcdefghijklmnopqrstuvwxyz0123456789{}-_!"
flag = ""
for i in range(len(enc)):
    for n in range(len(map_table)):
        if enc[i] == map_table[n][i]:
            flag += flag_table[n]
            break
    flag += "+"
print(flag.replace('++', "&").replace('+', '')) # flag{How_Y0u_Know_th4_Signa1_0f_Linux}
# flag{&ow_&0u_&now_th4_&igna1_0f_&inux!!!!}
# flag{Now_Y0u_Know_th4_Signa1_0f_Linux!!!!}

这里只获取了abcdefghijklmnopqrstuvwxyz0123456789{}-_!的输入输出映射，但以及可以工具flag的英文语义补全flag，边不提取大写字母的映射表了。
flag{Now_Y0u_Know_th4_Signa1_0f_Linux!!!!}