春秋杯 2022 逆向
春秋杯 2022
第一题 godeep
GO 语言逆向,大体流程为将输入转换为二进制,根据 0 1 进入不同函数,根据提示找到 right 分支所在的函数,写个脚本 利用IDA Python 交叉引用、控制流程图分析能力可以简单的实现自动化:
from idautils import *
from idaapi import *
import ida_xref
# right addr
right_addr = 0x83AF00
target_addr = 0x7CB820
path = []
def find_path(addr: int):
global target_addr, path
if addr == target_addr:
path = path[::-1]
flag = ''
for i in range(0, len(path), 8):
t = ''.join(c for c in path[i: i + 8])
flag += chr(int(t, 2))
print(flag)
return
for xref in XrefsTo(addr, ida_xref.XREF_ALL):
if xref.type == 17:
f = get_func(xref.frm)
f_blocks = FlowChart(f, flags=FC_PREDS)
for block in f_blocks:
if block.start_ea <= xref.frm and block.end_ea >= xref.frm:
for pred in block.preds():
dis = idc.GetDisasm(idc.prev_head(pred.end_ea)).lower()
if not dis.startswith('jz'):
continue
t = hex(block.start_ea).replace("0x", "")
print(f"target addr = {t}, cmd = {dis}")
if dis.endswith(t):
path.append('0')
else:
path.append('1')
find_path(f.start_ea)
find_path(right_addr)
第二题 easy_python
主要考察 Python 的汇编,就一个循环左移 3
if __name__ == '__main__':
flag = [204, 141, 44, 236, 111, 140, 140, 76, 44, 172, 7, 7, 39, 165, 70, 7, 39, 166, 165, 134, 134,
140, 204, 165, 7, 39, 230, 140, 165, 70, 44, 172, 102, 6, 140, 204, 230, 230, 76, 198, 38, 175]
for i in range(42):
flag[i] = (flag[i] >> 5 | flag[i] << 3) & 0xff
print(''.join(chr(c) for c in flag))
第三题 baby_transform
变换操作如下:学过傅里叶变换的话,就好办了,没什么可解释的这是傅里叶变换。
傅里叶变换公式:
\[X[k] = \sum_{n = 0}^{N - 1}{x[n]}(\cos \frac{2\text{πkn}}{N} ) -j \sum_{n = 0}^{N - 1}{x[n]}{sin}( \frac{2{πkn}}{N})
\]
from math import *
import struct
import numpy as np
f = open('./flag.enc', 'rb')
data = f.read()
r = len(data) // 16
p = []
for i in range(r):
s, = struct.unpack("d", data[i * 16: i * 16 + 8])
c, = struct.unpack("d", data[i * 16 + 8: (i + 1) * 16])
p.append(complex(real=c, imag=s))
o = abs(np.fft.ifft(np.array(p, dtype=np.complex128)))
print(''.join(chr(round(c)) for c in o))
