NCTF2022 wp
re
ez_rev
一个加密函数。对比字符。不是很想看怎么算的。直接4位爆破。
#include <string.h>
#include <malloc.h>
#include "stdio.h"
#include "defs.h"
__int64 __fastcall enc(unsigned __int8 *in4, char *key, _BYTE *out4) {
int k3;
unsigned __int8 c4;
char k0;
int c0;
unsigned __int8 v7;
int k1;
unsigned __int8 v9;
char v10;
char v11;
char v12;
char v13;
char v14;
char v15;
__int64 result;
k3 = (unsigned __int8) key[3];
c4 = in4[3];
k0 = *key;
c0 = *in4;
v7 = in4[1];
k1 = (unsigned __int8) key[1];
v9 = in4[2];
v10 = (c0 + c4) * (*key + k3);
v11 = key[2];
v12 = k3 * (c0 + v7);
v13 = (k3 + v11) * (v7 - c4);
v14 = c4 * (v11 - k0);
v15 = k0 * (v9 + c4);
*out4 = v14 + v10 + v13 - v12;
out4[2] = v15 + v14;
result = (unsigned int) (c0 * (k1 - k3));
out4[1] = c0 * (k1 - k3) + v12;
out4[3] = c0 * (k1 - k3) + (k1 + k0) * (v9 - c0) + v10 - v15;
return result;
}
unsigned char keys[] = {
126, 31, 25, 117
};
unsigned char res[] = {
0x7A, 0x08, 0x2E, 0xBA, 0xAD, 0xAF, 0x82, 0x8C, 0xEF, 0xD8,
0x0D, 0xF8, 0x99, 0xEB, 0x2A, 0x16, 0x05, 0x43, 0x9F, 0xC8,
0x6D, 0x0A, 0x7F, 0xBE, 0x76, 0x64, 0x2F, 0xA9, 0xAC, 0xF2,
0xC9, 0x47, 0x75, 0x75, 0xB5, 0x33
};
void bfChar(char i, char *key, _BYTE *out);
int main(int argc, char *argv[], char **env) {
setbuf(stdout, NULL);
char *oo = malloc(64);
for (int i = 0; i < sizeof(res); i += 4) {
bfChar(i, keys, oo + i);
}
return 0;
}
void bfChar(char i, char *keys, _BYTE *out) {
for (int c0 = 41; c0 < 123; ++c0) {
for (int c1 = 41; c1 < 123; ++c1) {
for (int c2 = 41; c2 < 123; ++c2) {
for (int c3 = 41; c3 < 123; ++c3) {
char in4[4] = {c0, c1, c2, c3};
enc(in4, keys, out + i);
int r = memcmp(out + i, res + i, 4);
if (r == 0) {
printf("%c%c%c%c\n", c0, c1, c2, c3);
return;
}
}
}
}
}
printf("error , not found\n");
}
