NewStarCTF(Reserve) WEEK1

easy_RE

咳

有UPX壳，先脱壳

enc = "gmbh|D1ohsbuv2bu21ot1oQb332ohUifG2stuQ[HBMBYZ2fwf2~"
flag = ''
for i in enc:
    b = (ord(i)-1)
    flag += chr(b)
print(flag)
#flag{C0ngratu1at10ns0nPa221ngTheF1rstPZGALAXY1eve1}

Segments

segments用shift+f7调出

ELF

一个encode加密

一个base64加密

先base64解密，再写encode解密

CyberChef解出来不对，用python脚本去解

import base64
encoded_str = "VlxRV2t0II8kX2WPJ15fZ49nWFEnj3V8do8hYy9t"
decoded_bytes = base64.b64decode(encoded_str)
print(decoded_bytes)
#V\\QWkt \x8f$_e\x8f'^_g\x8fgXQ'\x8fu|v\x8f!c/m

enc = "V\\QWkt \x8f$_e\x8f'^_g\x8fgXQ'\x8fu|v\x8f!c/m"
flag = ''
for i in enc:
    b = (ord(i)-16)^0x20
    flag += chr(b)
print(flag)
# flag{D0_4ou_7now_wha7_ELF_1s?}

Endian

编写脚本

enc = [0x75553A1E, 0x7B583A03, 0x4D58220C, 0x7B50383D, 0x736B3819]
flag = ""
for i in range(0,5):
    flag += (enc[i]^0x12345678).to_bytes(4, 'little').decode('utf-8')
print(flag)
# flag{llittl_Endian_a}

AndroXor

编写脚本

enc = [14,ord('\r'),17,23,2,ord('K'),ord('I'),ord('7'),ord(' '),30,20,ord('I'),ord('\n'),2,ord('\f'),ord('>'),ord('('),ord('@'),11,ord('\''),ord('K'),ord('Y'),25,ord('A'),ord('\r')]
key = 'happyx3'
flag = []
for i in range(len(enc)):
    ans = chr(enc[i] ^ ord(key[i % len(key)]))
    flag += ans
print("".join(flag))
# flag{3z_And0r1d_X0r_x1x1}

EzPE

pe文件损坏了

WZ改成MZ，80改成90，文件偏移要指向PE起始处

编写脚本

enc = [0x0A, 0x0C, 0x04, 0x1F, 0x26, 0x6C, 0x43, 0x2D, 0x3C, 0x0C, 0x54, 0x4C, 0x24, 0x25, 0x11, 0x06, 0x05, 0x3A, 0x7C, 0x51, 0x38, 0x1A, 0x03, 0x0D, 0x01, 0x36, 0x1F, 0x12, 0x26, 0x04, 0x68, 0x5D, 0x3F, 0x2D, 0x37, 0x2A, 0x7D]
flag = []
for i in range(35, -1, -1):
    enc[i] = enc[i + 1] ^ enc[i] ^ i
for i in range(len(enc)):
    flag += chr(enc[i])
print("".join(flag))
# flag{Y0u_kn0w_what_1s_PE_File_F0rmat}

lazy_activtiy

大于10000次

顺着搜下去