Re百题计划(
Re百题计划(
1.你是真的大学生吗?
硬读汇编
1 | start proc near |
没有找到其他方法,硬读汇编qwq
输入—-每一位与后面一位异或—–与d数组比对。
#看到说是循环异或
解密:(最后一个没出,但是可能和第一个异或?
1 | cipher = [0x76, 0x0E, 0x77, 0x14, 0x60, 0x06, 0x7D, 0x04, 0x6B, 0x1E, 0x41, |
#放个16位
2.Debugme
动态调试apk
说是动态调试apk
http://t.csdnimg.cn/Xk9op
1、jeb打开apk,分析源码,下好断点;
2、启动模拟器,安装好apk;
3、adb命令连接模拟器,启动apk,adb shell am start -D -n (包名)/(.主窗体)
4、jeb附加对应的进程,开始愉快的调试。
1 | adb shell am start -D -n com.xyctf.ezapk/.MainActivity |
3.*Trustme
#放个jadx支持的文件种类:apk、dex、jar、zip、class、aar
http://t.csdnimg.cn/35N5aadb连接MuMu、逍遥、夜神、雷电模拟器以及腾讯手游助手以及断开连接_雷电adb连接地址-CSDN博客
?放一下
4.ez_cube
模拟+拧魔方?
分别是面颜色–现在状态–操作行为
#拿着魔方拧一下
cmp函数是验证是否复原,以及复原步骤是否<=12
拿魔方手操:RuRURURuruRR
5.今夕是何年
龙芯loongarch
#
6.*baby unity
好难
7.ez_rand
随机数种子
1 | int __fastcall main(int argc, const char **argv, const char **envp) |
v4是种子,srand函数和rand函数根据种子来生成随机数,input加密逻辑使用v7
那么首先想到的是爆破种子,来推flag
再看v4,unsigned __int16 v4无符号16位整数型,v4范围为0~2**16-1(65535),结合flag固定格式
XYCTF{}
1 |
|
8.何须相思煮余年
转汇编,去花指令
一堆十六进制应该是要转汇编
朝的脚本转二进制:
1 | hex_data = "0x55 0x8b 0xec 0x81 0xec 0xa8 0x0 0x0 0x0 0xa1 0x0 0x40 0x41 0x0 |
1 | from pwn import * |
这里的call和下面的call的地址一眼假,当作花指令nop掉
u、p操作复原函数
EXP:
1 | cipher = [88, 88, 134, 87, 74, 118, 318, 101, 59, 92, 480, 60, 65, 41, 770, 110, |
9.砸核桃
NsPack壳儿
[原创]NsPack 3.7 浅析 (7.3更新脱壳机和源码)-加壳脱壳-看雪-安全社区|安全招聘|kanxue.com
脱壳后简单分析:
1 | true_cipher = [0x00000012, 0x00000004, 0x00000008, 0x00000014, 0x00000024, |
10.ezmath
exe-py-Z3求解器
(?要经常更新pyexe库啊。。)
其实这个题还是很考验分析的,
太长了分开
1 | data="sum([flag[23] for _ in range(flag[23])]) + sum([flag[12] for _ in range(flag[12])]) + sum([flag[1] for _ in range(flag[1])]) - sum([flag[24] for _ in range(222)]) + sum([flag[22] for _ in range(flag[22])]) + sum([flag[31] for _ in range(flag[31])]) + sum([flag[26] for _ in range(flag[26])]) - sum([flag[9] for _ in range(178)]) - sum([flag[29] for _ in range(232)]) + sum([flag[17] for _ in range(flag[17])]) - sum([flag[23] for _ in range(150)]) - sum([flag[6] for _ in range(226)]) - sum([flag[7] for _ in range(110)]) + sum([flag[19] for _ in range(flag[19])]) + sum([flag[2] for _ in range(flag[2])]) - sum([flag[0] for _ in range(176)]) + sum([flag[10] for _ in range(flag[10])]) - sum([flag[12] for _ in range(198)]) + sum([flag[24] for _ in range(flag[24])]) + sum([flag[9] for _ in range(flag[9])]) - sum([flag[3] for _ in range(168)]) + sum([flag[8] for _ in range(flag[8])]) - sum([flag[2] for _ in range(134)]) + sum([flag[14] for _ in range(flag[14])]) - sum([flag[13] for _ in range(170)]) + sum([flag[4] for _ in range(flag[4])]) - sum([flag[10] for _ in range(142)]) + sum([flag[27] for _ in range(flag[27])]) + sum([flag[15] for _ in range(flag[15])]) - sum([flag[15] for _ in range(224)]) + sum([flag[16] for _ in range(flag[16])]) - sum([flag[11] for _ in range(230)]) - sum([flag[1] for _ in range(178)]) + sum([flag[28] for _ in range(flag[28])]) - sum([flag[5] for _ in range(246)]) - sum([flag[17] for _ in range(168)]) + sum([flag[30] for _ in range(flag[30])]) - sum([flag[21] for _ in range(220)]) - sum([flag[22] for _ in range(212)]) - sum([flag[16] for _ in range(232)]) + sum([flag[25] for _ in range(flag[25])]) - sum([flag[4] for _ in range(140)]) - sum([flag[31] for _ in range(250)]) - sum([flag[28] for _ in range(150)]) + sum([flag[11] for _ in range(flag[11])]) + sum([flag[13] for _ in range(flag[13])]) - sum([flag[14] for _ in range(234)]) + sum([flag[7] for _ in range(flag[7])]) - sum([flag[8] for _ in range(174)]) + sum([flag[3] for _ in range(flag[3])]) - sum([flag[25] for _ in range(242)]) + sum([flag[29] for _ in range(flag[29])]) + sum([flag[5] for _ in range(flag[5])]) - sum([flag[30] for _ in range(142)]) - sum([flag[26] for _ in range(170)]) - sum([flag[19] for _ in range(176)]) + sum([flag[0] for _ in range(flag[0])]) - sum([flag[27] for _ in range(168)]) + sum([flag[20] for _ in range(flag[20])]) - sum([flag[20] for _ in range(212)]) + sum([flag[21] for _ in range(flag[21])]) + sum([flag[6] for _ in range(flag[6])]) + sum([flag[18] for _ in range(flag[18])]) - sum([flag[18] for _ in range(178)])" |
1 | for i in range(32): |
11.给阿姨倒一杯卡布奇诺
tea
1 |
|
1 |
|
12.what’s this
Lua加密?
使用XOR函数将字符与数字8进行异或操作,再加上3,base64加密,再进行字符替换
直接逆向逻辑,exp:
1 | import base64 |
13.馒头
哈夫曼编码
1 | data = [0x000008DE, 0x00000395, 0x000001BE, 0x000000D9, 0x0000006A, 0x00000033, |
15.舔狗四部曲—记忆的时光机
linux动态调试 看汇编(qwq
16.舔狗四部曲—简爱
.o编译 ?
17.舔狗四部曲—相逢已是上上签
修复损坏的DOS文件 魔改key的xxtea
18.舔狗四部曲—我的白月光
什么病毒?
19.ez_enc
z3
20.easy lauguage
base64+AES
没换表