首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 看雪峰会 看雪商城 证书查询
  1. 看雪社区
  2. CTF对抗
    3. 发新帖
[原创]看雪2018国庆题分析(qwertyaa)
2018-9-30 06:13 2722

[原创]看雪2018国庆题分析(qwertyaa)

qwertyaa 活跃值
10
2018-9-30 06:13
2722

分析输入

通过简单的尝试可知,输入除了描述中的要求外,前一个数必须比后一个数小。

分析程序

这道题的大概经过了控制流扁平化、增加花指令等操作使题目变得难以看懂,不过通过 OD 进行动态调试不难得知 sub_409FF0sub_401020 为关键函数。

 

通过调试(反向追踪跳转、搜索常数)可以得知 sub_401020("2xue",x)=="4kan"时输入正确。

 

接下来ida的F5终于把 sub_409FF0 分析好了,在伪 C 代码中继续跟踪上文 x 的来源,找到如下内容:

*(_QWORD *)v10285 += (unsigned int)dword_49F000[dword_49FE40[(_DWORD)*v10287]];

其中 dword_49FE40 是输入的数字数组,dword_49F000 是一个大小为 351 的常量数组,内容如下:

{0xB42B31EEllu, 0x8B9B7068llu, 0x5F45C09Allu, 0x0D077AD0Allu, 0x0B0F9DE76llu, 0x77CC4D6Ellu, 0x0D2854184llu, 0x0E80CBE4Cllu, 0x0DCBAF374llu, 0x0EDB5A3B8llu, 0x301B9E16llu, 0x1D3DF6AEllu, 0x0C37BBCD6llu, 0x0C43466Allu, 0x0B51CAD8llu, 0x6128B7BEllu, 0x0C6175DC4llu, 0x0AA6BDFB4llu, 0x44DC3CA2llu, 0x0B9EA0B50llu, 0x0A14D8A86llu, 0x47B0AF58llu, 0x83F06B20llu, 0x0BE8B8134llu, 0x0F45004B6llu, 0x840F93D8llu, 0x29813D18llu, 0x45CDB834llu, 0x4A373C42llu, 0x7C83B748llu, 0x6D8E7D86llu, 0x0AF73C814llu, 0x48A22AEAllu, 0x83F06B2llu, 0x78BDC90llu, 0x0B7F12036llu, 0x0E6E4BB78llu, 0x0BD9A05A2llu, 0x0A604F46llu, 0x99C1ADF6llu, 0x6B33570Allu, 0x55D6ECE6llu, 0x6C7A8296llu, 0x5C714DE4llu, 0x0DDAC6F06llu, 0x527642F4llu, 0x0A604F460llu, 0x0DAD7FC50llu, 0x78BDC900llu, 0x0DEA5B4C6llu, 0x0CCB1BEC2llu, 0x46BF33C6llu, 0x93274CF8llu, 0x0DF8F662Allu, 0x0CE94B5E6llu, 0x0EF23C22Allu, 0x100934B2llu, 0x9418C88Allu, 0x0C8EBD07Allu, 0x0DB1CFB0Cllu, 0x33205CB6llu, 0x1A6983F8llu, 0x0BCA88A10llu, 0x599CDB2Ellu, 0x74F7DAB8llu, 0x0D8F5052Cllu, 0x0E080E1BCllu, 0x58AB5F9Cllu, 0x9D4FE230llu, 0x6942A0C2llu, 0x2C55AFCEllu, 0x2D472B6llu, 0x8049A590llu, 0x57B9E40Allu, 0x0C15FF3EAllu, 0x0B06543A6llu, 0x0A6F66FF2llu, 0x2484D482llu, 0x87D5822llu, 0x0AD90D0F0llu, 0x3B6D68EEllu, 0x95FBBFAEllu, 0x7F5829FEllu, 0x1F20EDD2llu, 0x621A3350llu, 0x2D1C8E0Allu, 0x8C8CEBFAllu, 0x42F9457Ellu, 0x68B4944Ellu, 0x19780866llu, 0x0BDA999FEllu, 0x0EBD2AC94llu, 0x0B51CAD80llu, 0x3C5EE48llu, 0x0AC9F555Ellu, 0x0E629C728llu, 0x65E02198llu, 0x5CF505A8llu, 0x3898F638llu, 0x86E4068Ellu, 0x0F632FBDAllu, 0x54E57154llu, 0x5B7FD252llu, 0x74065F26llu, 0x8E6FE31Ellu, 0x99611622llu, 0x9235D166llu, 0x0C342EB0Ellu, 0x0E18EC632llu, 0x0A568B37Allu, 0x784C2570llu, 0x13CF22FAllu, 0x6A978B72llu, 0x20126964llu, 0x89A5E5EAllu, 0x0FDBED86Allu, 0x34D307F0llu, 0x72236802llu, 0x0C7FA54E8llu, 0x8C2F71D2llu, 0x9C9620ACllu, 0x173D416Allu, 0x0A2ACC9E6llu, 0x0A8D96716llu, 0x0A51378CEllu, 0x0AE824C82llu, 0x0DBC977E2llu, 0x813B2122llu, 0x3D506012llu, 0x2A72B8AAllu, 0x18868CD4llu, 0x0BBB70E7Ellu, 0x5A8E56Cllu, 0x7FD0E7C7llu, 0x0F17B9200llu, 0x950A441Cllu, 0x75FBE9A4llu, 0x6D6BFE28llu, 0x0F0984AEllu, 0x87D58220llu, 0x6B890704llu, 0x9F6A9362llu, 0x25BB4ED0llu, 0x0FBDBE146llu, 0x14C09E8Cllu, 0x4A85220Ellu, 0x0E8FE39DEllu, 0x3E41DBA4llu, 0x0CF863178llu, 0x0F815F2FEllu, 0x0E71B42BAllu, 0x946E7884llu, 0x62F45058llu, 0x60373C2Cllu, 0x0F9076E90llu, 0x0ABADD9CCllu, 0x0A05C0EF4llu, 0x0D1274CBAllu, 0x4207C9ECllu, 0x2F2A2284llu, 0x85F28AFCllu, 0x92135208llu, 0x0C43466A0llu, 0x0E263D8E0llu, 0x56C86878llu, 0x22E6DC1Allu, 0x0BAC592ECllu, 0x5AB549A6llu, 0x53F3F5C2llu, 0x5D62C976llu, 0x4B769DA0llu, 0x1B5AFF8Allu, 0x0E263D8Ellu, 0x9D879C3Ellu, 0x0BF7CFCC6llu, 0x3AFDF4D2llu, 0x5A8E56C0llu, 0x8755AA1Ellu, 0x0CC8172D8llu, 0x3C2612B8llu, 0x63FD2A74llu, 0x0B156BF38llu, 0x0CBC04330llu, 0x37A77AA6llu, 0x35C48382llu, 0x9E7917D0llu, 0x21F56088llu, 0x3C5EE480llu, 0x0D169289Cllu, 0x1E2F7240llu, 0x17951142llu, 0x0B698268Allu, 0x3F335736llu, 0x0C9DD4C0Cllu, 0x79AF4492llu, 0x39B92EDEllu, 0x13A9FC46llu, 0x9CAD7F36llu, 0x4E4B1056llu, 0x0A23F0618llu, 0x36B5FF14llu, 0x0AD2B8C9Allu, 0x0D34C1FC0llu, 0x0B339B65Cllu, 0x0D25AA42Ellu, 0x1C4C7B1Cllu, 0x97DEB6D2llu, 0x4F3C8BE8llu, 0x2753F88Cllu, 0x0B56A934Cllu, 0x6251ED5Ellu, 0x4909A904llu, 0x704070DEllu, 0x0CE27A762llu, 0x2B64343Cllu, 0x0F26D0D92llu, 0x5E544508llu, 0x0A7E7EB84llu, 0x32F010CCllu, 0x4D5994C4llu, 0x2E7A82D4llu, 0x0F762C8DCllu, 0x98D03264llu, 0x0F5418048llu, 0x7D7532DAllu, 0x0E3555472llu, 0x18BD1416llu, 0x88C6FDB2llu, 0x45B7C43Ellu, 0x9052DA42llu, 0x12DDA768llu, 0x9AB32988llu, 0x0D7120E08llu, 0x41F83590llu, 0x0F0984AE0llu, 0x0EF989ADCllu, 0x96ED3B40llu, 0x0A4EC85E8llu, 0x0D9E680BEllu, 0x69A60FEllu, 0x0E9EFB570llu, 0x822C9CB4llu, 0x8D7E678Cllu, 0x20FC1AC8llu, 0x75E9564Allu, 0x8F615EB0llu, 0x0FAEA65B4llu, 0x0B2483ACAllu, 0x914455D4llu, 0x43EAC110llu, 0x10FAB044llu, 0x0C2516F7Cllu, 0x2D472B60llu, 0x7AA0C024llu, 0x0FCCD5CD8llu, 0x0C4A3DABCllu, 0x0B60E2912llu, 0x1E2F724llu, 0x6640B96Cllu, 0x0D52F16E4llu, 0x31FE953Allu, 0x0F9F8EA22llu, 0x288FC186llu, 0x317A282Cllu, 0x965F2ECCllu, 0x0D84DD702llu, 0x6F4EF54Cllu, 0x53027A30llu, 0x4024D2C8llu, 0x1E13095Cllu, 0x4EA7F118llu, 0x4B2F9766llu, 0x0D43D9B52llu, 0x8AA9F4D6llu, 0x33E18C5Ellu, 0x0B8E29BC8llu, 0x279E45F4llu, 0x398A71CAllu, 0x0EEA71F4Allu, 0x0F17B920llu, 0x23D857ACllu, 0x26ACCA62llu, 0x0E446D004llu, 0x0C708D956llu, 0x0D34C1FCllu, 0x0E8648E24llu, 0x85010F6Allu, 0x0C5E8A0B0llu, 0x89B87944llu, 0x107E0D64llu, 0x69A60FE0llu, 0x67C318BCllu, 0x0B4723828llu, 0x293B217Allu, 0x66D19D2Allu, 0x0F17B92llu, 0x11EC2BD6llu, 0x7BB1646Ellu, 0x0F08A166Ellu, 0x0DE9DEA98llu, 0x310D19A8llu, 0x7B923BB6llu, 0x831E1846llu, 0x0EAE13102llu, 0x630BAEE2llu, 0x0A9CAE2A8llu, 0x7314E394llu, 0x0D666AE14llu, 0x0CACEC79Ellu, 0x0EBF7D348llu, 0x0E5384B96llu, 0x3A7BED5Cllu, 0x24C9D33Ellu, 0x2E38A6F2llu, 0x4B769DAllu, 0x96ED3B4llu, 0x0A33081AAllu, 0x0C525E232llu, 0x0D803899Allu, 0x73725DBCllu, 0x15B21A1Ellu, 0x4C681932llu, 0x64EEA606llu, 0x0FEB053FCllu, 0x5535EFDAllu, 0x0B9D4175Allu, 0x0C06E7858llu, 0x0F35E8924llu, 0x5210FE9Ellu, 0x76DAD1DCllu, 0x0CDA33A54llu, 0x16A395B0llu, 0x0F724776Cllu, 0x7E66AE6Cllu, 0x8B6F887Cllu, 0x511F830Cllu, 0x41164E5Allu, 0x4993A67Cllu, 0x0ECC42826llu, 0x9BA4A51Allu, 0x0D6209276llu, 0x0A421FD3Cllu, 0x0AABC5E3Allu, 0x5A391C14llu, 0x0E1725D4Ellu, 0x74324712llu, 0x0B6FFA4A4llu, 0x2103E4F6llu, 0x7131EC70llu, 0x6E5D79BAllu, 0x502E077Allu}

 

而分析F5下的 sub_401020 可以观察到 64 位乘法(3 次32 位乘法相组合)和取模操作,可猜测并通过修改该函数输入输出验证可得知它是一个“快速幂”(也称反复平方法):

typedef unsigned long long ll;
const ll mod=0xFFA1CF8Fll;
ll modPow(ll a,ll b){
    ll r=1;
    while(b>0){
        if(b&1)r=r*a%mod;
        a=a*a%mod;
        b>>=1;
    }
    return r;
}

求解问题

于是我们就要求以下方程的X:

modPow(0x65757832/*2xue*/,X)==0x6E616B34/*4kan*/

这个方程可由 BSGS 算法快速解得,BSGS 算法的实现可在网上的随便找一个模板,例如:

#include <bits/stdc++.h>
#define ll unsigned long long
using namespace std;
ll p;
ll pow(ll a, ll b, ll p) {
    ll ans = 1;
    while(b) {
        if(b & 1) ans = ans * a % p;
        b >>= 1;
        a = a * a % p;
    }
    return ans;
}
map<ll, ll> mp;
ll BSGS(ll A, ll B, ll C) {
    mp.clear();
    if(A % C == 0) return -2;
    ll m = ceil(sqrt(C));
    ll ans;
    for(int i = 0; i <= m; i++) {
        if(i == 0) {
            ans = B % C;
            mp[ans] = i;
            continue;
        }
        ans = (ans * A) % C;
        mp[ans] = i;
    }
    ll t = pow(A, m, C); 
    ans = t;
    for(int i = 1; i <= m; i++) {
        if(i != 1)ans = ans * t % C;
        if(mp.count(ans)) {
            int ret = i * m % C - mp[ans] % C;
            return (ret % C + C)%C;
        }
    }
    return -2;
} 
int main() {
        ll A,B;
        A=0x65757832;B=0x6E616B34;p=0xFFA1CF8Fll;
        ll ans = BSGS(A, B, p);
        printf("%llx\n", ans);
    return 0;
}

于是我们得到了 X = 0x55121C15ll + (0xFFA1CF8F-1)k (k为整数)

 

其中 0xFFA1CF8F-1 = phi(0xFFA1CF8F)

 

接下来我们要在 351 个数字中选取 9 个数字使它们的和满足上式。

 

这个背包问题直接做的话相当困难,尤其是加了要求选取 9 个数字这个条件后。

 

我们将这 351 个数字转换成 10 进值可发现几乎所有的数字都被 10 整除。

 

同时我们发现 10|0xFFA1CF8F-1

 

于是我们可以猜测 0xFFA1CF8F-1 中有很多因子都广泛存在与这 351 个数字当中。

 

于是我们分解这个数字,得到: 4288794510<10> = 2 · 3 · 5 · 7 · 11 · 13 · 17 · 31 · 271

 

这里恰好 9 个不同因子,而且 351 = 各因子和 - 9。

 

观察可知,不被 y 整除的数字恰好 y-1 个,且除 y 后余数各不相同。

 

至此,我们可以得出一种显然的组合方法,即对于 0xFFA1CF8F-1 的每一个因子 y 我们将 351 个数字中 对 y 取模的结果 与 0x55121C15 对 y 取模的结果相同的数字加入选择。由于我们选取的其他数字对 y 取模的结果为 0,这样可以保证这些数字和对 y 取模的结果与 0x55121C15 对 y 取模的结果相同。由中国剩余定理(CRT)可知,这些数字和在 模 0xFFA1CF8F-1 意义下 与 我们需要的 0x55121C15 相等。

 

这可以编写简单程序:

#include <cstdio>
#include <bitset>
#include <ctime>
#include <algorithm>
#include <vector>
#include <tuple>
using namespace std;
typedef unsigned long long ll;
ll pows[]={0xB42B31EEllu, 0x8B9B7068llu, 0x5F45C09Allu, 0x0D077AD0Allu, 0x0B0F9DE76llu, 0x77CC4D6Ellu, 0x0D2854184llu, 0x0E80CBE4Cllu, 0x0DCBAF374llu, 0x0EDB5A3B8llu, 0x301B9E16llu, 0x1D3DF6AEllu, 0x0C37BBCD6llu, 0x0C43466Allu, 0x0B51CAD8llu, 0x6128B7BEllu, 0x0C6175DC4llu, 0x0AA6BDFB4llu, 0x44DC3CA2llu, 0x0B9EA0B50llu, 0x0A14D8A86llu, 0x47B0AF58llu, 0x83F06B20llu, 0x0BE8B8134llu, 0x0F45004B6llu, 0x840F93D8llu, 0x29813D18llu, 0x45CDB834llu, 0x4A373C42llu, 0x7C83B748llu, 0x6D8E7D86llu, 0x0AF73C814llu, 0x48A22AEAllu, 0x83F06B2llu, 0x78BDC90llu, 0x0B7F12036llu, 0x0E6E4BB78llu, 0x0BD9A05A2llu, 0x0A604F46llu, 0x99C1ADF6llu, 0x6B33570Allu, 0x55D6ECE6llu, 0x6C7A8296llu, 0x5C714DE4llu, 0x0DDAC6F06llu, 0x527642F4llu, 0x0A604F460llu, 0x0DAD7FC50llu, 0x78BDC900llu, 0x0DEA5B4C6llu, 0x0CCB1BEC2llu, 0x46BF33C6llu, 0x93274CF8llu, 0x0DF8F662Allu, 0x0CE94B5E6llu, 0x0EF23C22Allu, 0x100934B2llu, 0x9418C88Allu, 0x0C8EBD07Allu, 0x0DB1CFB0Cllu, 0x33205CB6llu, 0x1A6983F8llu, 0x0BCA88A10llu, 0x599CDB2Ellu, 0x74F7DAB8llu, 0x0D8F5052Cllu, 0x0E080E1BCllu, 0x58AB5F9Cllu, 0x9D4FE230llu, 0x6942A0C2llu, 0x2C55AFCEllu, 0x2D472B6llu, 0x8049A590llu, 0x57B9E40Allu, 0x0C15FF3EAllu, 0x0B06543A6llu, 0x0A6F66FF2llu, 0x2484D482llu, 0x87D5822llu, 0x0AD90D0F0llu, 0x3B6D68EEllu, 0x95FBBFAEllu, 0x7F5829FEllu, 0x1F20EDD2llu, 0x621A3350llu, 0x2D1C8E0Allu, 0x8C8CEBFAllu, 0x42F9457Ellu, 0x68B4944Ellu, 0x19780866llu, 0x0BDA999FEllu, 0x0EBD2AC94llu, 0x0B51CAD80llu, 0x3C5EE48llu, 0x0AC9F555Ellu, 0x0E629C728llu, 0x65E02198llu, 0x5CF505A8llu, 0x3898F638llu, 0x86E4068Ellu, 0x0F632FBDAllu, 0x54E57154llu, 0x5B7FD252llu, 0x74065F26llu, 0x8E6FE31Ellu, 0x99611622llu, 0x9235D166llu, 0x0C342EB0Ellu, 0x0E18EC632llu, 0x0A568B37Allu, 0x784C2570llu, 0x13CF22FAllu, 0x6A978B72llu, 0x20126964llu, 0x89A5E5EAllu, 0x0FDBED86Allu, 0x34D307F0llu, 0x72236802llu, 0x0C7FA54E8llu, 0x8C2F71D2llu, 0x9C9620ACllu, 0x173D416Allu, 0x0A2ACC9E6llu, 0x0A8D96716llu, 0x0A51378CEllu, 0x0AE824C82llu, 0x0DBC977E2llu, 0x813B2122llu, 0x3D506012llu, 0x2A72B8AAllu, 0x18868CD4llu, 0x0BBB70E7Ellu, 0x5A8E56Cllu, 0x7FD0E7C7llu, 0x0F17B9200llu, 0x950A441Cllu, 0x75FBE9A4llu, 0x6D6BFE28llu, 0x0F0984AEllu, 0x87D58220llu, 0x6B890704llu, 0x9F6A9362llu, 0x25BB4ED0llu, 0x0FBDBE146llu, 0x14C09E8Cllu, 0x4A85220Ellu, 0x0E8FE39DEllu, 0x3E41DBA4llu, 0x0CF863178llu, 0x0F815F2FEllu, 0x0E71B42BAllu, 0x946E7884llu, 0x62F45058llu, 0x60373C2Cllu, 0x0F9076E90llu, 0x0ABADD9CCllu, 0x0A05C0EF4llu, 0x0D1274CBAllu, 0x4207C9ECllu, 0x2F2A2284llu, 0x85F28AFCllu, 0x92135208llu, 0x0C43466A0llu, 0x0E263D8E0llu, 0x56C86878llu, 0x22E6DC1Allu, 0x0BAC592ECllu, 0x5AB549A6llu, 0x53F3F5C2llu, 0x5D62C976llu, 0x4B769DA0llu, 0x1B5AFF8Allu, 0x0E263D8Ellu, 0x9D879C3Ellu, 0x0BF7CFCC6llu, 0x3AFDF4D2llu, 0x5A8E56C0llu, 0x8755AA1Ellu, 0x0CC8172D8llu, 0x3C2612B8llu, 0x63FD2A74llu, 0x0B156BF38llu, 0x0CBC04330llu, 0x37A77AA6llu, 0x35C48382llu, 0x9E7917D0llu, 0x21F56088llu, 0x3C5EE480llu, 0x0D169289Cllu, 0x1E2F7240llu, 0x17951142llu, 0x0B698268Allu, 0x3F335736llu, 0x0C9DD4C0Cllu, 0x79AF4492llu, 0x39B92EDEllu, 0x13A9FC46llu, 0x9CAD7F36llu, 0x4E4B1056llu, 0x0A23F0618llu, 0x36B5FF14llu, 0x0AD2B8C9Allu, 0x0D34C1FC0llu, 0x0B339B65Cllu, 0x0D25AA42Ellu, 0x1C4C7B1Cllu, 0x97DEB6D2llu, 0x4F3C8BE8llu, 0x2753F88Cllu, 0x0B56A934Cllu, 0x6251ED5Ellu, 0x4909A904llu, 0x704070DEllu, 0x0CE27A762llu, 0x2B64343Cllu, 0x0F26D0D92llu, 0x5E544508llu, 0x0A7E7EB84llu, 0x32F010CCllu, 0x4D5994C4llu, 0x2E7A82D4llu, 0x0F762C8DCllu, 0x98D03264llu, 0x0F5418048llu, 0x7D7532DAllu, 0x0E3555472llu, 0x18BD1416llu, 0x88C6FDB2llu, 0x45B7C43Ellu, 0x9052DA42llu, 0x12DDA768llu, 0x9AB32988llu, 0x0D7120E08llu, 0x41F83590llu, 0x0F0984AE0llu, 0x0EF989ADCllu, 0x96ED3B40llu, 0x0A4EC85E8llu, 0x0D9E680BEllu, 0x69A60FEllu, 0x0E9EFB570llu, 0x822C9CB4llu, 0x8D7E678Cllu, 0x20FC1AC8llu, 0x75E9564Allu, 0x8F615EB0llu, 0x0FAEA65B4llu, 0x0B2483ACAllu, 0x914455D4llu, 0x43EAC110llu, 0x10FAB044llu, 0x0C2516F7Cllu, 0x2D472B60llu, 0x7AA0C024llu, 0x0FCCD5CD8llu, 0x0C4A3DABCllu, 0x0B60E2912llu, 0x1E2F724llu, 0x6640B96Cllu, 0x0D52F16E4llu, 0x31FE953Allu, 0x0F9F8EA22llu, 0x288FC186llu, 0x317A282Cllu, 0x965F2ECCllu, 0x0D84DD702llu, 0x6F4EF54Cllu, 0x53027A30llu, 0x4024D2C8llu, 0x1E13095Cllu, 0x4EA7F118llu, 0x4B2F9766llu, 0x0D43D9B52llu, 0x8AA9F4D6llu, 0x33E18C5Ellu, 0x0B8E29BC8llu, 0x279E45F4llu, 0x398A71CAllu, 0x0EEA71F4Allu, 0x0F17B920llu, 0x23D857ACllu, 0x26ACCA62llu, 0x0E446D004llu, 0x0C708D956llu, 0x0D34C1FCllu, 0x0E8648E24llu, 0x85010F6Allu, 0x0C5E8A0B0llu, 0x89B87944llu, 0x107E0D64llu, 0x69A60FE0llu, 0x67C318BCllu, 0x0B4723828llu, 0x293B217Allu, 0x66D19D2Allu, 0x0F17B92llu, 0x11EC2BD6llu, 0x7BB1646Ellu, 0x0F08A166Ellu, 0x0DE9DEA98llu, 0x310D19A8llu, 0x7B923BB6llu, 0x831E1846llu, 0x0EAE13102llu, 0x630BAEE2llu, 0x0A9CAE2A8llu, 0x7314E394llu, 0x0D666AE14llu, 0x0CACEC79Ellu, 0x0EBF7D348llu, 0x0E5384B96llu, 0x3A7BED5Cllu, 0x24C9D33Ellu, 0x2E38A6F2llu, 0x4B769DAllu, 0x96ED3B4llu, 0x0A33081AAllu, 0x0C525E232llu, 0x0D803899Allu, 0x73725DBCllu, 0x15B21A1Ellu, 0x4C681932llu, 0x64EEA606llu, 0x0FEB053FCllu, 0x5535EFDAllu, 0x0B9D4175Allu, 0x0C06E7858llu, 0x0F35E8924llu, 0x5210FE9Ellu, 0x76DAD1DCllu, 0x0CDA33A54llu, 0x16A395B0llu, 0x0F724776Cllu, 0x7E66AE6Cllu, 0x8B6F887Cllu, 0x511F830Cllu, 0x41164E5Allu, 0x4993A67Cllu, 0x0ECC42826llu, 0x9BA4A51Allu, 0x0D6209276llu, 0x0A421FD3Cllu, 0x0AABC5E3Allu, 0x5A391C14llu, 0x0E1725D4Ellu, 0x74324712llu, 0x0B6FFA4A4llu, 0x2103E4F6llu, 0x7131EC70llu, 0x6E5D79BAllu, 0x502E077Allu};
const ll Mod=0xFFA1CF8F-1;
const ll oriVal=0x55121C15ll;
int a[]={2, 3, 5, 7, 11, 13, 17, 31, 271};
int main(){
    int t=0;
    for(int i=0;i<351;i++){
        for(int j=0;j<9;j++)if(pows[i]%a[j]==oriVal%a[j])printf("%d%c",i,++t==9?'X':'x');
    }
    return 0;
}

得到 flag 为 17x27x60x97x133x161x243x292x309X


[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

最后于 2018-10-7 20:18 被qwertyaa编辑 ,原因: 修改表达
收藏
点赞2
打赏
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
 回帖  表情 雪币赚取及消费
高级回复
返回