ISC2016训练赛-phrackCTF-FindKey

合集 - i春秋-选手训练营(15)
1.ISC2016训练赛-phrackCTF-FindKey
2.第三届上海市大学生网络安全大赛-crackme3.2017年全国大学生信息安全竞赛-填数游戏4.“百度杯”CTF比赛 2017 二月场-爆破-15.“百度杯”CTF比赛 2017 二月场-爆破-26.ISC2016训练赛-phrackCTF-Smali7.“百度杯”CTF比赛 九月场-Upload8.“百度杯”CTF比赛 九月场-SQL9.《从0到1:CTFer成长之路》题目-SQL注入-210.“百度杯”CTF比赛 九月场-SQLi11.“百度杯”CTF比赛 2017 二月场-爆破-312.2017第二届广东省强网杯线上赛- who are you13.i春秋 第二届春秋欢乐赛-Hello-World14.“百度杯”CTF比赛 十月场-Login15.“百度杯”CTF比赛 九月场-123
收起

ISC2016训练赛——phrackCTF

Reverse-FindKey:

题目描述:FLAG就是你输入的key

解题方法:将题目附件下载下来是一个无后缀名的文件,把他放进exeinfope.exe里查看一下它的信息

这里我们看到它不是一个EXE文件,但是下面有提示说是用python,然后我们将他的后缀名改成.py文件,用python打开是乱码,所以根据经验猜测可能是.pyc文件,我们将后缀名改成.pyc然后去在线反编译pyc文件就可以得到它的源码:

# uncompyle6 version 3.9.0
# Python bytecode version base 2.7 (62211)
# Decompiled from: Python 3.6.12 (default, Feb  9 2021, 09:19:15) 
# [GCC 8.3.0]
# Embedded file name: findkey
# Compiled at: 2016-04-30 09:54:18
import sys
lookup = [
 196, 153, 149, 206, 17, 221, 10, 217, 167, 18, 36, 135, 103, 61, 
 111, 31, 92, 152, 21, 228, 105, 191, 173, 41, 2, 245, 23, 144, 1, 
 246, 89, 178, 182, 119, 38, 85, 48, 226, 165, 241, 166, 214, 71, 
 90, 151, 3, 109, 169, 150, 224, 69, 156, 158, 57, 181, 29, 200, 
 37, 51, 252, 227, 93, 65, 82, 66, 80, 170, 77, 49, 177, 81, 94, 
 202, 107, 25, 73, 148, 98, 129, 231, 212, 14, 84, 121, 174, 171, 
 64, 180, 233, 74, 140, 242, 75, 104, 253, 44, 39, 87, 86, 27, 68, 
 22, 55, 76, 35, 248, 96, 5, 56, 20, 161, 213, 238, 220, 72, 100, 
 247, 8, 63, 249, 145, 243, 155, 222, 122, 32, 43, 186, 0, 102, 216, 
 126, 15, 42, 115, 138, 240, 147, 229, 204, 117, 223, 141, 159, 131, 
 232, 124, 254, 60, 116, 46, 113, 79, 16, 128, 6, 251, 40, 205, 137, 
 199, 83, 54, 188, 19, 184, 201, 110, 255, 26, 91, 211, 132, 160, 
 168, 154, 185, 183, 244, 78, 33, 123, 28, 59, 12, 210, 218, 47, 
 163, 215, 209, 108, 235, 237, 118, 101, 24, 234, 106, 143, 88, 9, 
 136, 95, 30, 193, 176, 225, 198, 197, 194, 239, 134, 162, 192, 11, 
 70, 58, 187, 50, 67, 236, 230, 13, 99, 190, 208, 207, 7, 53, 219, 
 203, 62, 114, 127, 125, 164, 179, 175, 112, 172, 250, 133, 130, 52, 
 189, 97, 146, 34, 157, 120, 195, 45, 4, 142, 139]
pwda = [
 188, 155, 11, 58, 251, 208, 204, 202, 150, 120, 206, 237, 114, 92, 
 126, 6, 42]
pwdb = [53, 222, 230, 35, 67, 248, 226, 216, 17, 209, 32, 2, 181, 200, 171, 
 60, 108]
flag = raw_input('Input your Key:').strip()
if len(flag) != 17:
    print 'Wrong Key!!'
    sys.exit(1)
flag = flag[::-1]
for i in range(0, len(flag)):
    if ord(flag[i]) + pwda[i] & 255 != lookup[i + pwdb[i]]:
        print 'Wrong Key!!'
        sys.exit(1)

print 'Congratulations!!'

这里我们得到源码之后就可以来分析它的源码,第一步将我们的输入进行长度判断是否为17,所以我们可以知道我们的flag的长度为17,然后将flag进行reverse逆序,最后进行关键的一步转换操作:

ord(flag[i]) + pwda[i] & 255 != lookup[i + pwdb[i]]

分析下来发现是一个很简单清晰的加密过程,只需要将它逆向回去就可以得到flag:

下面是解密的python代码:

lookup = [
 196, 153, 149, 206, 17, 221, 10, 217, 167, 18, 36, 135, 103, 61,
 111, 31, 92, 152, 21, 228, 105, 191, 173, 41, 2, 245, 23, 144, 1,
 246, 89, 178, 182, 119, 38, 85, 48, 226, 165, 241, 166, 214, 71,
 90, 151, 3, 109, 169, 150, 224, 69, 156, 158, 57, 181, 29, 200,
 37, 51, 252, 227, 93, 65, 82, 66, 80, 170, 77, 49, 177, 81, 94,
 202, 107, 25, 73, 148, 98, 129, 231, 212, 14, 84, 121, 174, 171,
 64, 180, 233, 74, 140, 242, 75, 104, 253, 44, 39, 87, 86, 27, 68,
 22, 55, 76, 35, 248, 96, 5, 56, 20, 161, 213, 238, 220, 72, 100,
 247, 8, 63, 249, 145, 243, 155, 222, 122, 32, 43, 186, 0, 102, 216,
 126, 15, 42, 115, 138, 240, 147, 229, 204, 117, 223, 141, 159, 131,
 232, 124, 254, 60, 116, 46, 113, 79, 16, 128, 6, 251, 40, 205, 137,
 199, 83, 54, 188, 19, 184, 201, 110, 255, 26, 91, 211, 132, 160,
 168, 154, 185, 183, 244, 78, 33, 123, 28, 59, 12, 210, 218, 47,
 163, 215, 209, 108, 235, 237, 118, 101, 24, 234, 106, 143, 88, 9,
 136, 95, 30, 193, 176, 225, 198, 197, 194, 239, 134, 162, 192, 11,
 70, 58, 187, 50, 67, 236, 230, 13, 99, 190, 208, 207, 7, 53, 219,
 203, 62, 114, 127, 125, 164, 179, 175, 112, 172, 250, 133, 130, 52,
 189, 97, 146, 34, 157, 120, 195, 45, 4, 142, 139]
pwda = [
 188, 155, 11, 58, 251, 208, 204, 202, 150, 120, 206, 237, 114, 92,
 126, 6, 42]
pwdb = [53, 222, 230, 35, 67, 248, 226, 216, 17, 209, 32, 2, 181, 200, 171,
 60, 108]
flag = ''
for i in range(0,17):
    flag += chr((lookup[i + pwdb[i]]-pwda[i])&255)
flag = flag[::-1]
print(flag)

运行就可以得到flag:

PCTF{PyC_Cr4ck3r}

posted @   张伟文  阅读(59)  评论(0编辑  收藏  举报
相关博文:
· ISCTF2023部分WP
· MoeCTF2023西电新生赛部分WP
· CTFSHOW-Reverse-刷题记录
· 【CTF入门】BUUCTF Misc刷题(持续更新)
· CTF中常见的四种python逆向
阅读排行:
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· Manus爆火,是硬核还是营销?
· 终于写完轮子一部分:tcp代理 了,记录一下
· 别再用vector<bool>了!Google高级工程师:这可能是STL最大的设计失误
· 单元测试从入门到精通
点击右上角即可分享
微信分享提示