看雪CTF2019Q2-第6题消失的岛屿-CTF对抗-看雪-安全社区|安全招聘|kanxue.com

看雪CTF2019Q2-第6题消失的岛屿

发表于: 2019-6-18 23:58 2965

看雪CTF2019Q2-第6题消失的岛屿

风间仁

2019-6-18 23:58

2965

base64

.text:004016A4                 call    _base64_encode
.text:004016A9                 mov     dword ptr [esp+48h], offset aNgvH1f4s32pHkq ; "!NGV%,$h1f4S3%2P(hkQ94=="
.text:004016C0                 call    _strcmp
 
.rdata:00404064 aTuvwxtulmnopqr db 'tuvwxTUlmnopqrs7YZabcdefghij8yz0123456VWXkABCDEFGHIJKLMNOPQRS9+/',0
 
字符映射
.text:004013C0 ; char __cdecl charEncrypt

.text:004016A4                 call    _base64_encode
.text:004016A9                 mov     dword ptr [esp+48h], offset aNgvH1f4s32pHkq ; "!NGV%,$h1f4S3%2P(hkQ94=="
.text:004016C0                 call    _strcmp
 
.rdata:00404064 aTuvwxtulmnopqr db 'tuvwxTUlmnopqrs7YZabcdefghij8yz0123456VWXkABCDEFGHIJKLMNOPQRS9+/',0
 
字符映射
.text:004013C0 ; char __cdecl charEncrypt

脚本

import base64
import binascii
import string
 
 
def test():
    old_chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
    new_chars = 'tuvwxTUlmnopqrs7YZabcdefghij8yz0123456VWXkABCDEFGHIJKLMNOPQRS9+/'
    chars_map = ['']*256
    for i in range(len(new_chars)):
        v = ord(new_chars[i])
        if 0x41 <= v <= 0x5A:
            v = 0x9B - v
        elif 0x61 <= v <= 0x7A:
            v = v - 0x40
        elif 0x30 <= v <= 0x39:
            v = v + 0x32
        elif v == 0x2B:
            v = 0x77
        elif v == 0x2F:
            v = 0x79
        chars_map[v] = new_chars[i]
    s = '!NGV%,$h1f4S3%2P(hkQ94=='
    b64 = ''
    for i in range(len(s)):
        b64 += chars_map[ord(s[i])]
    b64 += '=='
    print binascii.a2b_base64(b64.translate(string.maketrans(new_chars, old_chars)))
    return
 
 
test()