PolarCTF
Reverse
app_login
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| import hashlib
flag = 'zhishixuebao'
x = hashlib.md5(flag.encode("utf8"))
y = x.hexdigest()
print(y)
flag=''
for i in range(0,len(y),2):
flag+=y[i]
print(flag)
flagg=''
for i in range(15):
t=((255-i)+2)-98-48
flagg+=chr(t)
print(flagg)
|
kr
???winhex动态调试
但是没找到kr,我用的x32dbg
,,?因为upx脱不了壳儿,会显示999(3e7),和偏移量
然后从偏移量和999找指令,然后e703变成e713(?
继续运行可以得到?
这是在干什么
猜猜我在哪儿
基本也就是自加密逆向
原字符flag经过
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| for ( i = 0; input[i]; ++i )
{
ch_0 = input[i];
if ( ch_0 <= 96 || ch_0 > 122 )
{
if ( ch_0 > 64 && ch_0 <= 90 )
ch_0 = (ch_0 - 65 + key) % 26 + 65;
}
else
{
ch_0 = (ch_0 - 97 + key) % 26 + 97;
}
result[i] = ch_0;
}
|
如果key==111,变成48
变成khb i0dj lv qrw khuh
逆向:
khb i0dj lv qrw khuh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| #include<bits/stdc++.h>
char *encrypto(char *input,int key);
int main(){
char s[]="khb i0dj lv qrw khuh";
int i=0,j=0;
for(i=0;i<strlen(s);++i){
if(s[i]==48)s[i]=111;
}
for(int k=0;k<5;++k){
printf("%s\n",encrypto(s,k));
}
return
}
char *encrypt(char *input,int key)
{
char *result;
char ch_0;
int i;
result = (char *)malloc(100);
for(i = 0;input[i];++i){
if ( ch_0 <= 96 || ch_0 > 122 )
{
if ( ch_0 > 64 && ch_0 <= 90 )
ch_0 = (ch_0 - 65 + key+26) % 26 + 65;
}
else
{
ch_0 = (ch_0 - 97 - key+26) % 26 + 97;
}
}
result[i]=0;
return result
}
|
易位
太抽象了,,用这边的解密那边的字符,用那边的解密这边的字符
C^
好像也是异或1,简单的
一个flag截三段
字面意思,打开IDA
(我看wp似乎是pe文件损坏修复?
export CODE_BASE=/home/dblab/opengauss-compile/openGauss-server-v3.0.0 # Path of the openGauss-server file
export BINARYLIBS=$CODE_BASE/../binarylibs-v3.0.0
export GAUSSHOME=$CODE_BASE/dest
export GCC_PATH=$BINARYLIBS/buildtools/openeuler_aarch64/gcc7.3
export CC=$GCC_PATH/gcc/bin/gcc
export CXX=$GCC_PATH/gcc/bin/g++
export D_LIBRARY_PATH=$GAUSSHOME/lib:$GCC_PATH/gcc/lib64:$GCC_PATH/isl/lib:$GCC_PATH/mpc/lib/:$GCC_PATH/mpfr/lib/:$GCC_PATH/gmp/lib/:$LD_LIBRARY_PATH
export PATH=$GAUSSHOME/bin:$GCC_PATH/gcc/bin:$PATH
