CTFshow Reverse 来一个派森 wp

.py文件打包成的exe，用"pyinstxtractor.py"解包

uncompyle6反编译checkme.pyc文件转为py文件(可反编译的前提是checkme.pyc文件与struct.pyc文件前12个字节相同)

b58encode的逻辑是先对输入进行base58变换，变换后再与下标异或，最后和check比较

查看代码

def b58encode(tmp: str) -> str:
    tmp = list(map(ord, tmp))
    temp = tmp[0]
    base58 = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
    for i in range(len(tmp) - 1):
        temp = temp * 256 + tmp[(i + 1)]
    tmp = []
    while 1:
        tmp.insert(0, temp % 58)
        temp = temp // 58
        if temp == 0:
            break
    temp = ''
    for i in tmp:
        temp += base58[i]
    tmp = []
    for i in range(len(temp)):
        tmp.append(chr(ord(temp[i]) ^ i))
    check = [
     'A', '5', 'q', 'O', 'g', 'q', 'd', '\x7f', '[', '\x7f', 's', '{', 'G', 'A', 'x', '`', 'D', '@', 'K', 'c', '-', 'c', ' ', 'G', '+', '+', '|', 'x', '}', 'J', 'h', '\\', 'l']
    if tmp == check:
        return 1
    else:
        return 0
flag = input('输入flag：')
if b58encode(flag):
    print('you win')
else:
    print('try again')

编写逆向脚本

逆向逻辑为：将check各元素与下标异或，再解base58

def b58decode(tmp:str) -> str:
	import binascii
	base58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
	temp = []
	for i in tmp:
		temp.append(base58.index(i))
	tmp = temp[0]
	for i in range(len(temp)-1):
		tmp = tmp * 58 + temp[i+1]
	return binascii.unhexlify(hex(tmp)[2:].encode("utf-8")).decode("UTF-8")
check = ['A', '5', 'q', 'O', 'g', 'q', 'd', '\x7f', '[', '\x7f', 's', '{', 'G', 'A', 'x', '`', 'D', '@', 'K', 'c', '-', 'c', ' ', 'G', '+', '+', '|', 'x', '}', 'J', 'h', '\\', 'l']
for i in range(len(check)):
    check[i]=chr(ord(check[i])^i)
print(b58decode("".join(c for c in check)))
# ctfshow{zhe_bu_shi_flag}