[原创]第十题初入的好望角writeup-CTF对抗-看雪-安全社区|安全招聘|kanxue.com

[原创]第十题初入的好望角writeup

2019-3-12 01:08 2465

[原创]第十题初入的好望角writeup

littlewisp 活跃值

2019-3-12 01:08

2465

1.dnspy反编译

AES算法

internal class a
{
    // Token: 0x06000004 RID: 4 RVA: 0x0000209B File Offset: 0x0000029B
    private static void a(string[] A_0)
    {
        Console.WriteLine("Please Input Serial:");
        if (global::a.a(Console.ReadLine(), "Kanxue2019") == "4RTlF9Ca2+oqExJwx68FiA==")
        {
            Console.WriteLine("Congratulations!  : )");
            Console.ReadLine();
        }
    }

    // Token: 0x06000005 RID: 5 RVA: 0x000020D4 File Offset: 0x000002D4
    public static string a(string A_0, string A_1)
    {
        byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1");
        byte[] bytes2 = Encoding.UTF8.GetBytes(A_0);
        byte[] bytes3 = new PasswordDeriveBytes(A_1, null).GetBytes(32);
        ICryptoTransform transform = new RijndaelManaged
        {
            Mode = CipherMode.CBC
        }.CreateEncryptor(bytes3, bytes);
        MemoryStream memoryStream = new MemoryStream();
        CryptoStream expr_4F = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write);
        expr_4F.Write(bytes2, 0, bytes2.Length);
        expr_4F.FlushFinalBlock();
        byte[] inArray = memoryStream.ToArray();
        memoryStream.Close();
        expr_4F.Close();
        return Convert.ToBase64String(inArray);
    }

    // Token: 0x04000003 RID: 3
    private const string a = "Kanxue2019CTF-Q1";

    // Token: 0x04000004 RID: 4
    private const int b = 256;
}

2.导出工程

3.修改工程写算法

internal class a

{

// Token: 0x06000004 RID: 4 RVA: 0x0000209B File Offset: 0x0000029B

private static void Main(string[] A_0)

{

global::a.test("4RTlF9Ca2+oqExJwx68FiA==", "Kanxue2019");

}

// Token: 0x06000005 RID: 5 RVA: 0x000020D4 File Offset: 0x000002D4

public static string test(string A_0, string A_1)

{

byte[] base64 = Convert.FromBase64CharArray(A_0.ToCharArray(0,A_0.Length), 0, A_0.Length);

byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1");

byte[] bytes2 = Encoding.UTF8.GetBytes(A_0);

byte[] bytes3 = new PasswordDeriveBytes(A_1, null).GetBytes(32);

ICryptoTransform transform = new RijndaelManaged

{

Mode = CipherMode.CBC

}.CreateDecryptor(bytes3, bytes);

MemoryStream memoryStream = new MemoryStream();

CryptoStream expr_4F = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write);

expr_4F.Write(base64, 0, base64.Length);

expr_4F.FlushFinalBlock();

byte[] inArray = memoryStream.ToArray();

memoryStream.Close();

expr_4F.Close();

string result = System.Text.Encoding.UTF8.GetString(inArray);

return result;

}

// Token: 0x04000003 RID: 3

private const string keyiv = "Kanxue2019CTF-Q1";

// Token: 0x04000004 RID: 4

private const int b = 256;

}

调试结果

Kanxue2019Q1CTF

[培训]二进制漏洞攻防（第3期）；满10人开班；模糊测试与工具使用二次开发；网络协议漏洞挖掘；Linux内核漏洞挖掘与利用；AOSP漏洞挖掘与利用；代码审计。

收藏・0

点赞・1

打赏