-
-
看雪CTF.TSRC 2018 团队赛-第8题
-
发表于: 2018-12-16 07:12 3022
-
1. 处理逻辑
BYTE sn[16+20]; check1验证前半部分, check2验证后半部分
.text:00402811 lea edx, [ebp+sn] .text:00402814 push edx ; buf .text:00402815 lea eax, [ebp+str_sn] .text:0040281B push eax ; a1 .text:0040281C call hex_to_bin .text:00402821 add esp, 20h .text:00402824 cmp eax, 36 .text:00402827 jnz short loc_402849 .text:00402829 lea ecx, [ebp+sn] .text:0040282C push ecx .text:0040282D call x_check1 .text:00402832 add esp, 4 .text:00402835 test eax, eax .text:00402837 jz short loc_402849 .text:00402839 lea edx, [ebp+sn+10h] .text:0040283C push edx .text:0040283D call x_check2
.text:00402811 lea edx, [ebp+sn] .text:00402814 push edx ; buf .text:00402815 lea eax, [ebp+str_sn] .text:0040281B push eax ; a1 .text:0040281C call hex_to_bin .text:00402821 add esp, 20h .text:00402824 cmp eax, 36 .text:00402827 jnz short loc_402849 .text:00402829 lea ecx, [ebp+sn] .text:0040282C push ecx .text:0040282D call x_check1 .text:00402832 add esp, 4 .text:00402835 test eax, eax .text:00402837 jz short loc_402849 .text:00402839 lea edx, [ebp+sn+10h] .text:0040283C push edx .text:0040283D call x_check2
.text:00402811 lea edx, [ebp+sn] .text:00402814 push edx ; buf .text:00402815 lea eax, [ebp+str_sn] .text:0040281B push eax ; a1 .text:0040281C call hex_to_bin .text:00402821 add esp, 20h .text:00402824 cmp eax, 36 .text:00402827 jnz short loc_402849 .text:00402829 lea ecx, [ebp+sn] .text:0040282C push ecx .text:0040282D call x_check1 .text:00402832 add esp, 4 .text:00402835 test eax, eax .text:00402837 jz short loc_402849 .text:00402839 lea edx, [ebp+sn+10h] .text:0040283C push edx .text:0040283D call x_check2
2. check1(主要是二元一次浮点运算), 得到sn前半部分: 76474B2B1926009C452B006272001902
test.cpp
typedef struct tagPointF{
double x;
double y;
}PointF, *PPointF;
double get_pi()
{
double pi;
*((DWORD64 *)&pi) = 0x400921FB5442771C;
return pi;
}
string g_str_part1_expected = util::hex2bin("EEB9171C0B535640B08F207B1FCB53C03EDEDAB2D8CD5BC0C2E04F8024B8014028D9AE091D454D40BCBFB0BAA4103D40593D04F9440D494079F8577F3FE845402A3EB76F3D4943C09047A102410318C0FE3CD86E3FD2574074E505B84FEE37409355C67FA98D5F40CC052BFED1914BC048D363E2EE4244404009C744AB39354050B7F31ADCAB0F4054CC0B4B2BA02B40309FBBE1D42C504018CF21801F7026C00A5D83EA8655514094B7E265F3E24240B1215C0315E74840C001F6C35AAEF03F34EE29D023421F4084016925DD933D4058E4B88B3C46204038F87B858407274070161F32582318C0B8D55808C32F20C0546B434AF2893940D89E2FD10FA4FA3F");
PPointF g_part1_expected = (PPointF)g_str_part1_expected.c_str();
string g_str_pts_const1 = util::hex2bin("EE1926ACE715E43FC9F8493847E9E8BF36075F9A6DD5EEBFA81D8421FE1ED13F000000000000F03F075C143326A6B1BC000000000000F03F000000000000000036075F9A6DD5EEBFA81D8421FE1ED13F000000000000F03F0000000000000000AB8604B97D69E73F141BA89A86D0E5BF41B13E0865DAEF3F151D92D94880B8BF000000000000F03F075C143326A6B1BCAB8604B97D69E73F141BA89A86D0E5BF2F58C368100FEE3FEAC193588EF3D53F1869F1C5E9FAEF3F508B6EE7560AA23F000000000000F03F000000000000000041B13E0865DAEF3F151D92D94880B8BF1869F1C5E9FAEF3F508B6EE7560AA23F138D486D01E2ED3FC402F17478E4D6BF");
PPointF g_pts_const1 = (PPointF)g_str_pts_const1.c_str();
string g_str_pts_const2 = util::hex2bin("26B18B5A4F64EC3F19D8B235EB85DD3F000000000000F03F075C143326A6B1BC000000000000F03F00000000000000006F5AAE0BC8B7EB3F7A016B8D7DFBDF3F000000000000F03F075C143326A6B1BC6F5AAE0BC8B7EB3F7A016B8D7DFBDF3F96A95B1782F4EF3F258E251B341CAB3FCDE70F56B7D9EF3FC76F400E7CB8B8BF000000000000F03F000000000000000096A95B1782F4EF3F258E251B341CAB3FBC732036F7D2EF3F2C266CAF5ECEBA3FD4702B0AD39CEF3F8605EF9065DBC33F6F5AAE0BC8B7EB3F7A016B8D7DFBDF3FCDE70F56B7D9EF3FC76F400E7CB8B8BFD4702B0AD39CEF3F8605EF9065DBC33FB4ADFBFF5EC3E83FD93C046A9144E43F");
PPointF g_pts_const2 = (PPointF)g_str_pts_const2.c_str();
PointF g_pi_const1[2] = {
{ cos((0) * get_pi() / 2), sin((0) * get_pi() / 2) },
{ cos((-1) * get_pi() / 2), sin((-1) * get_pi() / 2) },
};
PointF g_pi_const2[2] = {
{ cos((0) * get_pi() / 2), sin((0) * get_pi() / 2) },
{ cos((1) * get_pi() / 2), sin((1) * get_pi() / 2) },
};
void x_p0(PPointF pts, PPointF pts_const, int count)
{
for (int i = 0; i < count; i++)
{
double x = pts[i].x;
double y = pts[i].y;
double m = pts_const[i].x;
double n = pts_const[i].y;
pts[i].x = x * m - y * n;
pts[i].y = x * n + y * m;
}
}
void x_p0_r(PPointF pts, PPointF pts_const, int count)
{
for (int i = 0; i < count; i++)
{
double x = pts[i].x;
double y = pts[i].y;
double m = pts_const[i].x;
double n = pts_const[i].y;
pts[i].x = (y * n + x * m) / (m * m + n * n);
pts[i].y = (y * m - x * n) / (m * m + n * n);
}
}
void x_p1_raw(PPointF pts, PPointF pts_const)
{
PointF p0;
PointF p1;
PointF p2;
PointF p3;
PointF c0 = pts_const[0];
PointF c1 = pts_const[1];
p0 = pts[0];
p1 = pts[1];
p2 = pts[2];
p3 = pts[3];
pts[0].x = p0.x + p2.x;
pts[0].y = p0.y + p2.y;
pts[1].x = p1.x + p3.x;
pts[1].y = p1.y + p3.y;
pts[2].x = p0.x - p2.x;
pts[2].y = p0.y - p2.y;
pts[3].x = p1.x - p3.x;
pts[3].y = p1.y - p3.y;
x_p0(pts + 2, &c0, 1);
x_p0(pts + 3, &c1, 1);
p0 = pts[0];
p1 = pts[1];
p2 = pts[2];
p3 = pts[3];
pts[0].x = p0.x + p1.x;
pts[0].y = p0.y + p1.y;
pts[1].x = p0.x - p1.x;
pts[1].y = p0.y - p1.y;
pts[2].x = p2.x + p3.x;
pts[2].y = p2.y + p3.y;
pts[3].x = p2.x - p3.x;
pts[3].y = p2.y - p3.y;
x_p0(pts + 1, &c0, 1);
x_p0(pts + 3, &c0, 1);
PointF tmp = pts[1];
pts[1] = pts[2];
pts[2] = tmp;
}
void x_p1_raw_r(PPointF pts, PPointF pts_const)
{
PointF tmp = pts[1];
pts[1] = pts[2];
pts[2] = tmp;
PointF p0;
PointF p1;
PointF p2;
PointF p3;
PointF c0 = pts_const[0];
PointF c1 = pts_const[1];
x_p0_r(pts + 1, &c0, 1);
x_p0_r(pts + 3, &c0, 1);
p0 = pts[0];
p1 = pts[1];
p2 = pts[2];
p3 = pts[3];
pts[0].x = (p0.x + p1.x) / 2;
pts[1].x = (p0.x - p1.x) / 2;
pts[0].y = (p0.y + p1.y) / 2;
pts[1].y = (p0.y - p1.y) / 2;
pts[2].x = (p2.x + p3.x) / 2;
pts[3].x = (p2.x - p3.x) / 2;
pts[2].y = (p2.y + p3.y) / 2;
pts[3].y = (p2.y - p3.y) / 2;
x_p0_r(pts + 2, &c0, 1);
x_p0_r(pts + 3, &c1, 1);
p0 = pts[0];
p1 = pts[1];
p2 = pts[2];
p3 = pts[3];
pts[0].x = (p0.x + p2.x) / 2;
pts[2].x = (p0.x - p2.x) / 2;
pts[0].y = (p0.y + p2.y) / 2;
pts[2].y = (p0.y - p2.y) / 2;
pts[1].x = (p1.x + p3.x) / 2;
pts[3].x = (p1.x - p3.x) / 2;
pts[1].y = (p1.y + p3.y) / 2;
pts[3].y = (p1.y - p3.y) / 2;
}
void x_p1(PPointF pts)
{
size_t i;
PointF tmp[4][4];
for (i = 0; i < 4; i++)
{
tmp[0][i] = pts[4 * i + 0];
tmp[1][i] = pts[4 * i + 1];
tmp[2][i] = pts[4 * i + 2];
tmp[3][i] = pts[4 * i + 3];
}
for (i = 0; i < 4; i++)
{
x_p1_raw(&tmp[i][0], g_pi_const1);
}
for (i = 0; i < 4; i++)
{
pts[4 * i + 0] = tmp[0][i];
pts[4 * i + 1] = tmp[1][i];
pts[4 * i + 2] = tmp[2][i];
pts[4 * i + 3] = tmp[3][i];
}
for (i = 0; i < 4; i++)
{
x_p1_raw(pts + 4 * i, g_pi_const1);
}
}
void x_p1_r(PPointF pts)
{
size_t i;
PointF tmp[4][4];
for (i = 0; i < 4; i++)
{
x_p1_raw_r(pts + 4 * i, g_pi_const1);
}
for (i = 0; i < 4; i++)
{
tmp[0][i] = pts[4 * i + 0];
tmp[1][i] = pts[4 * i + 1];
tmp[2][i] = pts[4 * i + 2];
tmp[3][i] = pts[4 * i + 3];
}
for (i = 0; i < 4; i++)
{
x_p1_raw_r(&tmp[i][0], g_pi_const1);
}
for (i = 0; i < 4; i++)
{
pts[4 * i + 0] = tmp[0][i];
pts[4 * i + 1] = tmp[1][i];
pts[4 * i + 2] = tmp[2][i];
pts[4 * i + 3] = tmp[3][i];
}
}
void x_p2_raw(PPointF pts, PPointF pts_const)
{
x_p1_raw(pts, pts_const);
for (size_t i = 0; i < 4; i++)
{
pts[i].x /= 4;
pts[i].y /= 4;
}
}
void x_p2_raw_r(PPointF pts, PPointF pts_const)
{
for (size_t i = 0; i < 4; i++)
{
pts[i].x *= 4;
pts[i].y *= 4;
}
x_p1_raw_r(pts, pts_const);
}
void x_p2(PPointF pts)
{
size_t i;
PointF tmp[4][4];
for (i = 0; i < 4; i++)
{
x_p2_raw(pts + 4 * i, g_pi_const2);
}
for (i = 0; i < 4; i++)
{
tmp[0][i] = pts[4 * i + 0];
tmp[1][i] = pts[4 * i + 1];
tmp[2][i] = pts[4 * i + 2];
tmp[3][i] = pts[4 * i + 3];
}
for (i = 0; i < 4; i++)
{
x_p2_raw(&tmp[i][0], g_pi_const2);
}
for (i = 0; i < 4; i++)
{
pts[4 * i + 0] = tmp[0][i];
pts[4 * i + 1] = tmp[1][i];
pts[4 * i + 2] = tmp[2][i];
pts[4 * i + 3] = tmp[3][i];
}
}
void x_p2_r(PPointF pts)
{
size_t i;
PointF tmp[4][4];
for (i = 0; i < 4; i++)
{
tmp[0][i] = pts[4 * i + 0];
tmp[1][i] = pts[4 * i + 1];
tmp[2][i] = pts[4 * i + 2];
tmp[3][i] = pts[4 * i + 3];
}
for (i = 0; i < 4; i++)
{
x_p2_raw_r(&tmp[i][0], g_pi_const2);
}
for (i = 0; i < 4; i++)
{
pts[4 * i + 0] = tmp[0][i];
pts[4 * i + 1] = tmp[1][i];
pts[4 * i + 2] = tmp[2][i];
pts[4 * i + 3] = tmp[3][i];
}
for (i = 0; i < 4; i++)
{
x_p2_raw_r(pts + 4 * i, g_pi_const2);
}
}
void test_part1()
{
BYTE sn[16] = {
0x11, 0x11, 0x11, 0x11, 0x22, 0x22, 0x22, 0x22, 0x33, 0x33, 0x33, 0x33, 0x44, 0x44, 0x44, 0x44,
};
BYTE map[16] = {
0x00, 0x09, 0x02, 0x0B, 0x0F, 0x04, 0x0D, 0x06, 0x0A, 0x03, 0x08, 0x01, 0x05, 0x0E, 0x07, 0x0C,
};
size_t i;
BYTE buf[16] = {0};
for (i = 0; i < 16; i++)
{
buf[map[i]] = sn[i];
}
PointF pts[16] = {0};
for (i = 0; i < 16; i++)
{
pts[i].x = buf[i];
}
x_p0(pts, g_pts_const1, 16);
x_p1(pts);
x_p0(pts, g_pts_const2, 16);
x_p2(pts);
}
BYTE double_to_byte(double v)
{
BYTE ch = 0;
char buf[256] = {0};
sprintf(buf, "%f", v);
char *dot = strchr(buf, '.');
if (dot != NULL)
{
*dot = 0;
ch = (BYTE)atoi(buf);
}
return ch;
}
string x_get_sn_part1()
{
int i;
PPointF pts = g_part1_expected;
x_p2_r(pts);
x_p0_r(pts, g_pts_const2, 16);
x_p1_r(pts);
x_p0_r(pts, g_pts_const1, 16);
BYTE r_map[16] = {0};
for (i = 0; i < 16; i++)
{
BYTE row = (7 * (i / 4) + 2 * (i % 4)) % 4;
BYTE col = (i / 4 + i % 4 + 2 * (i / 4)) % 4;
r_map[4 * row + col] = i;
}
BYTE sn[16] = {0};
for (i = 0; i < 16; i++)
{
//printf("%f\n", pts[i].x);
sn[r_map[i]] = double_to_byte(pts[i].x);
}
return util::bin2hex(sn, 16);
}typedef struct tagPointF{
double x;
double y;
}PointF, *PPointF;
double get_pi()
{
double pi;
*((DWORD64 *)&pi) = 0x400921FB5442771C;
return pi;
}
string g_str_part1_expected = util::hex2bin("EEB9171C0B535640B08F207B1FCB53C03EDEDAB2D8CD5BC0C2E04F8024B8014028D9AE091D454D40BCBFB0BAA4103D40593D04F9440D494079F8577F3FE845402A3EB76F3D4943C09047A102410318C0FE3CD86E3FD2574074E505B84FEE37409355C67FA98D5F40CC052BFED1914BC048D363E2EE4244404009C744AB39354050B7F31ADCAB0F4054CC0B4B2BA02B40309FBBE1D42C504018CF21801F7026C00A5D83EA8655514094B7E265F3E24240B1215C0315E74840C001F6C35AAEF03F34EE29D023421F4084016925DD933D4058E4B88B3C46204038F87B858407274070161F32582318C0B8D55808C32F20C0546B434AF2893940D89E2FD10FA4FA3F");
PPointF g_part1_expected = (PPointF)g_str_part1_expected.c_str();
string g_str_pts_const1 = util::hex2bin("EE1926ACE715E43FC9F8493847E9E8BF36075F9A6DD5EEBFA81D8421FE1ED13F000000000000F03F075C143326A6B1BC000000000000F03F000000000000000036075F9A6DD5EEBFA81D8421FE1ED13F000000000000F03F0000000000000000AB8604B97D69E73F141BA89A86D0E5BF41B13E0865DAEF3F151D92D94880B8BF000000000000F03F075C143326A6B1BCAB8604B97D69E73F141BA89A86D0E5BF2F58C368100FEE3FEAC193588EF3D53F1869F1C5E9FAEF3F508B6EE7560AA23F000000000000F03F000000000000000041B13E0865DAEF3F151D92D94880B8BF1869F1C5E9FAEF3F508B6EE7560AA23F138D486D01E2ED3FC402F17478E4D6BF");
PPointF g_pts_const1 = (PPointF)g_str_pts_const1.c_str();
string g_str_pts_const2 = util::hex2bin("26B18B5A4F64EC3F19D8B235EB85DD3F000000000000F03F075C143326A6B1BC000000000000F03F00000000000000006F5AAE0BC8B7EB3F7A016B8D7DFBDF3F000000000000F03F075C143326A6B1BC6F5AAE0BC8B7EB3F7A016B8D7DFBDF3F96A95B1782F4EF3F258E251B341CAB3FCDE70F56B7D9EF3FC76F400E7CB8B8BF000000000000F03F000000000000000096A95B1782F4EF3F258E251B341CAB3FBC732036F7D2EF3F2C266CAF5ECEBA3FD4702B0AD39CEF3F8605EF9065DBC33F6F5AAE0BC8B7EB3F7A016B8D7DFBDF3FCDE70F56B7D9EF3FC76F400E7CB8B8BFD4702B0AD39CEF3F8605EF9065DBC33FB4ADFBFF5EC3E83FD93C046A9144E43F");
PPointF g_pts_const2 = (PPointF)g_str_pts_const2.c_str();
PointF g_pi_const1[2] = {
{ cos((0) * get_pi() / 2), sin((0) * get_pi() / 2) },
{ cos((-1) * get_pi() / 2), sin((-1) * get_pi() / 2) },
};
PointF g_pi_const2[2] = {
{ cos((0) * get_pi() / 2), sin((0) * get_pi() / 2) },
{ cos((1) * get_pi() / 2), sin((1) * get_pi() / 2) },
};
void x_p0(PPointF pts, PPointF pts_const, int count)
{
for (int i = 0; i < count; i++)
{
double x = pts[i].x;
double y = pts[i].y;
double m = pts_const[i].x;
double n = pts_const[i].y;
pts[i].x = x * m - y * n;
pts[i].y = x * n + y * m;
}
}
void x_p0_r(PPointF pts, PPointF pts_const, int count)
{
for (int i = 0; i < count; i++)
{
double x = pts[i].x;
double y = pts[i].y;
double m = pts_const[i].x;
double n = pts_const[i].y;
pts[i].x = (y * n + x * m) / (m * m + n * n);
pts[i].y = (y * m - x * n) / (m * m + n * n);
}
}
void x_p1_raw(PPointF pts, PPointF pts_const)
{
PointF p0;
PointF p1;
PointF p2;
PointF p3;
PointF c0 = pts_const[0];
PointF c1 = pts_const[1];
p0 = pts[0];
p1 = pts[1];
p2 = pts[2];
p3 = pts[3];
pts[0].x = p0.x + p2.x;
pts[0].y = p0.y + p2.y;
pts[1].x = p1.x + p3.x;
pts[1].y = p1.y + p3.y;
pts[2].x = p0.x - p2.x;
pts[2].y = p0.y - p2.y;
pts[3].x = p1.x - p3.x;
pts[3].y = p1.y - p3.y;
x_p0(pts + 2, &c0, 1);
x_p0(pts + 3, &c1, 1);
p0 = pts[0];
p1 = pts[1];
p2 = pts[2];
p3 = pts[3];
pts[0].x = p0.x + p1.x;
pts[0].y = p0.y + p1.y;
pts[1].x = p0.x - p1.x;
pts[1].y = p0.y - p1.y;
pts[2].x = p2.x + p3.x;
pts[2].y = p2.y + p3.y;
pts[3].x = p2.x - p3.x;
pts[3].y = p2.y - p3.y;
x_p0(pts + 1, &c0, 1);
x_p0(pts + 3, &c0, 1);
PointF tmp = pts[1];
pts[1] = pts[2];
pts[2] = tmp;
}
void x_p1_raw_r(PPointF pts, PPointF pts_const)
{
PointF tmp = pts[1];
pts[1] = pts[2];
pts[2] = tmp;
PointF p0;
PointF p1;
PointF p2;
PointF p3;
PointF c0 = pts_const[0];
PointF c1 = pts_const[1];
x_p0_r(pts + 1, &c0, 1);
x_p0_r(pts + 3, &c0, 1);
p0 = pts[0];
p1 = pts[1];
p2 = pts[2];
p3 = pts[3];
pts[0].x = (p0.x + p1.x) / 2;
pts[1].x = (p0.x - p1.x) / 2;
pts[0].y = (p0.y + p1.y) / 2;
pts[1].y = (p0.y - p1.y) / 2;
pts[2].x = (p2.x + p3.x) / 2;
pts[3].x = (p2.x - p3.x) / 2;
pts[2].y = (p2.y + p3.y) / 2;
pts[3].y = (p2.y - p3.y) / 2;
x_p0_r(pts + 2, &c0, 1);
x_p0_r(pts + 3, &c1, 1);
p0 = pts[0];
p1 = pts[1];
p2 = pts[2];
p3 = pts[3];
pts[0].x = (p0.x + p2.x) / 2;
pts[2].x = (p0.x - p2.x) / 2;
pts[0].y = (p0.y + p2.y) / 2;
pts[2].y = (p0.y - p2.y) / 2;
pts[1].x = (p1.x + p3.x) / 2;
pts[3].x = (p1.x - p3.x) / 2;
pts[1].y = (p1.y + p3.y) / 2;
pts[3].y = (p1.y - p3.y) / 2;
}
void x_p1(PPointF pts)
{
size_t i;
PointF tmp[4][4];
for (i = 0; i < 4; i++)
{
tmp[0][i] = pts[4 * i + 0];
tmp[1][i] = pts[4 * i + 1];
tmp[2][i] = pts[4 * i + 2];
tmp[3][i] = pts[4 * i + 3];
}
for (i = 0; i < 4; i++)
{
x_p1_raw(&tmp[i][0], g_pi_const1);
}
for (i = 0; i < 4; i++)
{
pts[4 * i + 0] = tmp[0][i];
pts[4 * i + 1] = tmp[1][i];
pts[4 * i + 2] = tmp[2][i];
pts[4 * i + 3] = tmp[3][i];
}
for (i = 0; i < 4; i++)
{
x_p1_raw(pts + 4 * i, g_pi_const1);
}
}
void x_p1_r(PPointF pts)
{
size_t i;
PointF tmp[4][4];
for (i = 0; i < 4; i++)
{
x_p1_raw_r(pts + 4 * i, g_pi_const1);
}
for (i = 0; i < 4; i++)
{
tmp[0][i] = pts[4 * i + 0];
tmp[1][i] = pts[4 * i + 1];
tmp[2][i] = pts[4 * i + 2];
tmp[3][i] = pts[4 * i + 3];
}
for (i = 0; i < 4; i++)
{
x_p1_raw_r(&tmp[i][0], g_pi_const1);
}
for (i = 0; i < 4; i++)
{
pts[4 * i + 0] = tmp[0][i];
pts[4 * i + 1] = tmp[1][i];
pts[4 * i + 2] = tmp[2][i];
pts[4 * i + 3] = tmp[3][i];
}
}
void x_p2_raw(PPointF pts, PPointF pts_const)
{
x_p1_raw(pts, pts_const);
for (size_t i = 0; i < 4; i++)
{
pts[i].x /= 4;
pts[i].y /= 4;
}
}
void x_p2_raw_r(PPointF pts, PPointF pts_const)
{
for (size_t i = 0; i < 4; i++)
{
pts[i].x *= 4;
pts[i].y *= 4;
}
x_p1_raw_r(pts, pts_const);
}
void x_p2(PPointF pts)
{
size_t i;
PointF tmp[4][4];
for (i = 0; i < 4; i++)
{
x_p2_raw(pts + 4 * i, g_pi_const2);
}
for (i = 0; i < 4; i++)
{
tmp[0][i] = pts[4 * i + 0];
tmp[1][i] = pts[4 * i + 1];
tmp[2][i] = pts[4 * i + 2];
tmp[3][i] = pts[4 * i + 3];
}
for (i = 0; i < 4; i++)
{
x_p2_raw(&tmp[i][0], g_pi_const2);
}
for (i = 0; i < 4; i++)
{
pts[4 * i + 0] = tmp[0][i];
pts[4 * i + 1] = tmp[1][i];
pts[4 * i + 2] = tmp[2][i];
pts[4 * i + 3] = tmp[3][i];
}
}
void x_p2_r(PPointF pts)
{
size_t i;
PointF tmp[4][4];
for (i = 0; i < 4; i++)
{
tmp[0][i] = pts[4 * i + 0];
tmp[1][i] = pts[4 * i + 1];
tmp[2][i] = pts[4 * i + 2];
tmp[3][i] = pts[4 * i + 3];
}
for (i = 0; i < 4; i++)
{
x_p2_raw_r(&tmp[i][0], g_pi_const2);
}
for (i = 0; i < 4; i++)
{
pts[4 * i + 0] = tmp[0][i];
pts[4 * i + 1] = tmp[1][i];
pts[4 * i + 2] = tmp[2][i];
pts[4 * i + 3] = tmp[3][i];
}
for (i = 0; i < 4; i++)
{
x_p2_raw_r(pts + 4 * i, g_pi_const2);
}
}
void test_part1()
{
BYTE sn[16] = {
0x11, 0x11, 0x11, 0x11, 0x22, 0x22, 0x22, 0x22, 0x33, 0x33, 0x33, 0x33, 0x44, 0x44, 0x44, 0x44,
};
BYTE map[16] = {
0x00, 0x09, 0x02, 0x0B, 0x0F, 0x04, 0x0D, 0x06, 0x0A, 0x03, 0x08, 0x01, 0x05, 0x0E, 0x07, 0x0C,
};
size_t i;
BYTE buf[16] = {0};
for (i = 0; i < 16; i++)
{
buf[map[i]] = sn[i];
}
PointF pts[16] = {0};
for (i = 0; i < 16; i++)
{
pts[i].x = buf[i];
}
x_p0(pts, g_pts_const1, 16);
x_p1(pts);
x_p0(pts, g_pts_const2, 16);
x_p2(pts);
}
BYTE double_to_byte(double v)
{
BYTE ch = 0;
char buf[256] = {0};
sprintf(buf, "%f", v);
char *dot = strchr(buf, '.');
if (dot != NULL)
{
*dot = 0;
ch = (BYTE)atoi(buf);
}
return ch;
}
string x_get_sn_part1()
{
int i;
PPointF pts = g_part1_expected;
x_p2_r(pts);
x_p0_r(pts, g_pts_const2, 16);
x_p1_r(pts);
x_p0_r(pts, g_pts_const1, 16);
BYTE r_map[16] = {0};
for (i = 0; i < 16; i++)
{
BYTE row = (7 * (i / 4) + 2 * (i % 4)) % 4;
BYTE col = (i / 4 + i % 4 + 2 * (i / 4)) % 4;
r_map[4 * row + col] = i;
}
BYTE sn[16] = {0};
for (i = 0; i < 16; i++)
{
//printf("%f\n", pts[i].x);
sn[r_map[i]] = double_to_byte(pts[i].x);
}
return util::bin2hex(sn, 16);
}3. check2
(主要是AES256[修改过]解密和xxtea解密), 得到sn后半部分: 68740438FDCC641665D0EA735F2739B3EE7B315A
AES代码参见: _https://github.com/kokke/tiny-AES-c/blob/master/aes.c
原始xxtea代码参见: _https://github.com/xxtea/xxtea-c (没改动, 就不贴了)
AES改动的部分
(1) sbox及rsbox
[峰会]看雪.第八届安全开发者峰会10月23日上海龙之梦大酒店举办!
赞赏记录
参与人
雪币
留言
时间
一笑人间万事
为你点赞~
2022-7-27 22:35
飘零丶
为你点赞~
2022-7-17 03:23
Editor
为你点赞~
2018-12-24 15:48
赞赏
|
|
|---|---|
|
|
他的文章
- KCTF2022春季赛 第三题 石像病毒 8823
- KCTF2022春季赛 第二题 末日邀请 16155
- KCTF2021秋季赛 第二题 迷失丛林 18764
- KCTF2020秋季赛 第十题 终焉之战 8815
- KCTF2020秋季赛 第九题 命悬一线 6441
赞赏
雪币:
留言:
