东华杯-Reverse-WP

ooo

进去后发现是提取了flag中的几位对flag进行异或，很简单爆破即可

a = [0x00000011, 0x0000011B, 0x00000216, 0x00000310, 0x0000040C, 0x00000546, 0x00000644, 0x00000711, 0x00000844, 0x00000942, 0x00000A41, 0x00000B41, 0x00000C44, 0x00000D5A, 0x00000E42, 0x00000F47, 0x00001016, 0x00001143, 0x0000125A, 0x00001343, 0x00001440, 0x00001540, 0x00001615, 0x0000175A, 0x00001845, 0x00001940, 0x00001A4F, 0x00001B15, 0x00001C5A, 0x00001D15, 0x00001E40, 0x00001F46, 0x00002046, 0x00002147, 0x00002245, 0x00002341, 0x00002411, 0x00002511, 0x00002640, 0x00002716, 0x00002813, 0x0000290A]

k = 0
for i in range(256):
  if (a[0] & 0xff) ^ i == ord('f'):
    k = i
  
for i in a:
  print(chr((i ^ k) & 0xff), end='')

hello

这道题首先获取了原始的签名字节流，进行了一个异或后，对flag的前32位和后10位进行移位操作，同样进行爆破就行

flag = [0xCA, 0xEB, 0x4A, 0x8A, 0x68, 0xE1, 0xA1, 0xEB, 0xE1, 0xEE, 0x6B, 0x84, 0xA2, 0x6D, 0x49, 0xC8, 0x8E, 0x0E, 0xCC, 0xE9, 0x45, 0xCF, 0x23, 0xCC, 0xC5, 0x4C, 0x0C, 0x85, 0xCF, 0xA9, 0x8C, 0xF6, 0xE6, 0xD6, 0x26, 0x6D, 0xAC, 0x0C, 0xAC, 0x77, 0xE0, 0x64]
l = '308202e4308201cc020101300d06092a864886f70d010105050030373116301406035504030c0d416e64726f69642044656275673110300e060355040a0c07416e64726f6964310b30090603550406130255533020170d3231303330363134333034385a180f32303531303232373134333034385a30373116301406035504030c0d416e64726f69642044656275673110300e060355040a0c07416e64726f6964310b300906035504061302555330820122300d06092a864886f70d01010105000382010f003082010a0282010100cbf2b09e4308ebb459e8841e5a7b920497fef2b349e80648f7eb35f48d40a75e7ce7945b8b42d197bec0bf177e6c9899ed707dcc4a726cb14c1a69b0c4a02474806fa73cfb10e10f7b1665021c24762b6edad65ca63cea3c72e0d4e4ca3f98301173eec3254337af1f5a11f779ecbe04d1b74d53f5835e011222155a56f97e00d75374cd93080dfa087cd356a99fe1eebf5d6d5e31846aad5252c3a17a4656e2e210ce1c7aa4d147fb8cf440a50add61bbb2ec299a2e0dab0b4504796ac3a899da553ab1d83576691ab23409d18398014b3b5eaf12e83f4d99aa09e1e4e4cae133530730c1133da2b3dee37b58eb1a5795b221ec5a8830731a41167d295f9e1b0203010001300d06092a864886f70d010105050003820101000e4740235e9cf2be33de3e06d777139cbbc5cf0622285c17da04697b8067318aaf8df0fbb4d3166f293ea15aa2592f06eb6929af063722ac9f30ad85e2c087564931d6ac65fcd5fbc864b3dc9841e039c6e1d5fbc5c2f8adf90a547bc4ebc07d387914db24451c2cc89925359bd3bb0750c7aabf9d743b1893e98bbc8ff74b24fc0b4be2dbaaf1c917bba01496d0617ffc3a4a8b7a6e79a3036298a6ebf57bb00001e43a0b242864eebb0fcec9e323144d4447c878430f18e6e358ad97566fa04d1f07b171c1476c9af5a1eba0bf6616e219c0b9e1299d09fecded24a880397f92e0f99d8951228c7770c184fd77adff943bfc8b6aa524c5f0a6d7686fe35486'
sig = []
for i in range(0, len(l)):
	sig.append(ord(l[i]))
print(len(sig))
print(sig)

#i = 0
#while i < 42:
#	i+=1
#	flag[i] ^= sig[327 + i * 27]

ff = []
#for i in range(32):
#	print(i)
#	for j in range(1, 256):
#		if flag[i] == ((j<<3) & 0xff) ^ ((j >> 5) & 0xff):
#			ff.append(j)
#			break
#for i in range(32, 42):
#	print(i)
#	for j in range(1, 256):
#		if flag[i] == (((j >> 3) & 0xFFFFE01F) | (((32 * j) & 0xff))):
#			ff.append(j)
#			break
	
for i in range(42):
	for j in range(1, 256):
#		j ^= sig[327 + i * 27]
		if i < 32:
			if flag[i] == (((j>>3) & 0x1f) ^ ((j << 5) & 0xff)) & 0xff:
				ff.append(j)
				break
		else:
			if flag[i] == (((j >> 3) & 0x1F) | (32*j)) & 0xff:
				ff.append(j)
				break
print(ff, '|', len(ff))
i = 0
while i < 42:
	ff[i] ^= (sig[327 + i * 27] + i)
	i+=1
print(''.join(list(map(lambda x: chr(x % 128), ff))))

mod

一道加花和魔改base64，加花主要是把call的错误字节去掉，还原代码后就简单了。

from typing import *

key = 'ABCDFEGH1JKLRSTMNP0VWQUXY2a8cdefijklmnopghwxyqrstuvzOIZ34567b9+/'
def encode(s, a):
	a1 = key[((4 * (a[2] & 3)) | a[1] & 0x30 | a[0] & 0xC0) >> 2]
	a2 = key[((4 * (a[0] & 3)) | a[2] & 0x30 | a[1] & 0xC0) >> 2]
	a3 = key[((4 * (a[1] & 3)) | a[0] & 0x30 | a[2] & 0xC0) >> 2]
	a4 = key[(a[2] & 0xC | (4 * a[1]) & 0x30 | (16 * a[0]) & 0xC0) >> 2]
	return ''.join([a1, a2, a3, a4])

res = '2aYcdfL2fS1BTMMF1RSeMTTASS1OJ8RHTJdBYJ2STJfNMSMAYcKUJddp'
re = []
for i in list(res):
	re.append(key.index(i))
flag = []
for i in range((56 // 4)):
	from z3 import *
	s = Solver()
	a = [BitVec('x%d'%i,  16) for i in range(3)]
	s.add(((4 * (a[2] & 3)) | a[1] & 0x30 | a[0] & 0xC0) >> 2 == re[i*4])
	s.add(((4 * (a[0] & 3)) | a[2] & 0x30 | a[1] & 0xC0) >> 2 == re[i*4+1])
	s.add(((4 * (a[1] & 3)) | a[0] & 0x30 | a[2] & 0xC0) >> 2 == re[i*4+2])
	s.add((a[2] & 0xC | (4 * a[1]) & 0x30 | (16 * a[0]) & 0xC0) >> 2 == re[i*4+3])
	s.check()
	m = s.model()
	flag += [m[a[0]], m[a[1]], m[a[2]]]
	

					
print(''.join(list(map(lambda x : chr(int(str(x))), flag))), end='')

#for i in [[102, 108, 97], [113, 123, 124], [49, 111, 103], [51, 55, 50], [48, 28, 36], [50, 127, 57], [2, 60, 54], [45, 52, 49], [225, 31, 96], [51, 58, 20], [5, 105, 49], [97, 45, 100], [38, 61, 61]]:
#	print(''.join(list(map(chr, i))), end='')

hell’s gate

这道题使用了比较恶心的混淆，但是通过对关键函数判断，能够发现是一个16轮的tea加密，改改脚本就可以

from Crypto.Util.number import long_to_bytes
key = [0x12345678, 0x87654321, 0x13243546, 0x64534231]
arr = [0x2C94650B, 0x78494E9E, 0xE7FACF44, 0x48F9DBFB, 0x547BB145, 0x925D2542, 0x69A9F4C4, 0x9A96A1D8]

def decrypt(v, k):
    v0 = v[0]
    v1 = v[1]
    x = 2274589152
    delta = 0xB879379E
    k0 = k[0]
    k1 = k[1]
    k2 = k[2]
    k3 = k[3]
    for i in range(16):
        v1 -= ((v0 << 4) + k2) ^ (v0 + x) ^ ((v0 >> 5) + k3)
        v1 = v1 & 0xFFFFFFFF
        v0 -= ((v1 << 4) + k0) ^ (v1 + x) ^ ((v1 >> 5) + k1)
        v0 = v0 & 0xFFFFFFFF
        x -= delta
        x = x & 0xFFFFFFFF
    v[0] = v0
    v[1] = v1
    return v

flag = []
for i in range(0, len(arr), 2):
    flag.append(decrypt([arr[i], arr[i+1]], key))
print(flag)
f = ''
for i in flag:
    a = long_to_bytes(i[0]).decode()[::-1]
    b = long_to_bytes(i[1]).decode()[::-1]
    f += a+b
    
print(f)