0000: 02 0e 14 atom indexes {
0002: 04 75 6e string: 1"un"
0005: 04 73 6e string: 1"sn"
0008: 02 73 string: 1"s"
000a: 02 69 string: 1"i"
000c: 02 6a string: 1"j"
000e: 02 6b string: 1"k"
0010: 02 6c string: 1"l"
0012: 02 6d string: 1"m"
0014: 02 6e string: 1"n"
0016: 20 4b 43 54 46 32 30 32
30 51 31 6c 65 6c 66 65
69 string: 1"KCTF2020Q1lelfei"
0027: 40 2a 2a 2a 2a 2a 2a 2a
2a 2a 2a 2a 2a 2a 2a 2a
2a 2a 2a 2a 2a 2a 2a 2a
2a 2a 2a 2a 2a 2a 2a 2a
2a string: 1"********************************"
0048: 14 63 68 61 72 43 6f 64
65 41 74 string: 1"charCodeAt"
0053: 18 66 72 6f 6d 43 68 61
72 43 6f 64 65 string: 1"fromCharCode"
0060: 0a 70 72 69 6e 74 string: 1"print"
}
0066: 0e function {
0067: 00 06 00 9e 01 00 01 00
06 00 0a d6 05 01 name: "<eval>"
args=0 vars=1 defargs=0 closures=0 cpool=10
stack=6 bclen=726 locals=1
vars {
0075: a0 01 00 00 00 name: "<ret>"
}
bytecode {
007a: 40 df 00 00 00 00 40 e0
<... 略 ...>
00 00 00 f1 cf 28 at 1, fixup atom: un
<... 略 ...>
at 719, fixup atom: s
}
debug {
<... 略 ...>
}
cpool {
<... 略 ...>
}
}
s:1: function: <eval>
locals:
0: var <ret>
stack_size: 6
opcodes:
check_define_var un,0
check_define_var sn,0
check_define_var s,0
check_define_var i,0
check_define_var j,0
check_define_var k,0
check_define_var l,0
check_define_var m,0
check_define_var n,0
check_define_var i,0
define_var un,0
define_var sn,0
define_var s,0
define_var i,0
define_var j,0
define_var k,0
define_var l,0
define_var m,0
define_var n,0
define_var i,0
push_atom_value KCTF2020Q1lelfei
dup
put_var un
put_loc0 0: "<ret>"
push_atom_value "********************************"
dup
put_var sn
put_loc0 0: "<ret>"
push_const8 0: 0n
dup
put_var m
put_loc0 0: "<ret>"
undefined
put_loc0 0: "<ret>"
push_0 0
dup
put_var i
drop
163: get_var i
get_var un
get_length
lt
if_false8 243
get_var m
push_const8 1: 43n
mul
dup
put_var m
put_loc0 0: "<ret>"
get_var m
get_var BigInt
get_var un
get_field2 charCodeAt
get_var i
call_method 1
call1 1
add
dup
put_var m
put_loc0 0: "<ret>"
get_var i
post_inc
put_var i
drop
goto8 163
243: get_var Number
get_var m
push_const8 2: 127n
mod
call1 1
dup
put_var l
put_loc0 0: "<ret>"
push_const8 3: 0n
dup
put_var n
put_loc0 0: "<ret>"
push_0 0
dup
put_var s
put_loc0 0: "<ret>"
push_0 0
dup
put_var k
put_loc0 0: "<ret>"
undefined
put_loc0 0: "<ret>"
push_0 0
dup
put_var i
drop
299: get_var i
get_var sn
get_length
lt
if_false 601
get_var sn
get_field2 charCodeAt
get_var i
call_method 1
dup
put_var j
put_loc0 0: "<ret>"
undefined
put_loc0 0: "<ret>"
get_var j
push_i8 48
gte
dup
if_false8 363
drop
get_var j
push_i8 57
lte
363: dup
if_true8 388
drop
get_var j
push_i8 97
gte
if_false 601
get_var j
push_i8 102
lte
388: if_false 601
get_var k
post_inc
put_var k
put_loc0 0: "<ret>"
get_var j
push_i8 48
sub
dup
put_var j
put_loc0 0: "<ret>"
undefined
put_loc0 0: "<ret>"
get_var j
push_i8 9
gt
if_false8 447
get_var j
push_i8 39
sub
dup
put_var j
put_loc0 0: "<ret>"
447: get_var s
push_i8 16
mul
dup
put_var s
put_loc0 0: "<ret>"
get_var s
get_var j
add
dup
put_var s
put_loc0 0: "<ret>"
undefined
put_loc0 0: "<ret>"
get_var k
push_2 2
mod
push_0 0
eq
if_false8 586
get_var s
get_var l
xor
dup
put_var s
put_loc0 0: "<ret>"
get_var s
push_4 4
sar
push_i8 10
mul
get_var s
push_i8 16
mod
add
dup
put_var s
put_loc0 0: "<ret>"
get_var n
push_const8 4: 100n
mul
dup
put_var n
put_loc0 0: "<ret>"
get_var n
get_var BigInt
get_var s
call1 1
add
dup
put_var n
put_loc0 0: "<ret>"
push_0 0
dup
put_var s
put_loc0 0: "<ret>"
goto8 586
586: get_var i
post_inc
put_var i
drop
goto16 299
601: undefined
put_loc0 0: "<ret>"
get_var m
get_var n
eq
if_false8 627
push_const8 5: 18071254662143010n
dup
put_var n
put_loc0 0: "<ret>"
goto8 636
627: push_const8 6: 24706849372394394n
dup
put_var n
put_loc0 0: "<ret>"
636: push_empty_string
dup
put_var s
put_loc0 0: "<ret>"
undefined
put_loc0 0: "<ret>"
646: get_var n
push_const8 7: 0n
gt
if_false8 713
get_var s
get_var String
get_field2 fromCharCode
get_var Number
get_var n
push_const8 8: 127n
mod
call1 1
call_method 1
add
dup
put_var s
put_loc0 0: "<ret>"
get_var n
push_const8 9: 127n
div
dup
put_var n
put_loc0 0: "<ret>"
goto8 646
713: get_var print
get_var s
call1 1
set_loc0 0: "<ret>"
return
Error...
可以看到并不长,也很容易理解,对照着将验证逻辑还原回 JavaScript:
let un, sn, s, i, j, k, l, m, n;
un = "KCTF2020Q1lelfei"
sn = "********************************"
m = 0n
for (i = 0; i < un.length; i++) {
m = m * 43n + BigInt(un.charCodeAt(i))
}
l = Number(m % 127n)
n = 0n
s = 0
k = 0
for (i = 0; i < 256; i++) {
z = i;
z = (z >> 4) * 10 + (z % 16);
}
for (i = 0; i < sn.length; i++) {
j = sn.charCodeAt(i)
if ((j >= 48 && j <= 57) || (j >= 97 && j <= 102)) {
k++
j -= 48
if (j > 9) {
j -= 39
}
} else break;
s = s * 16 + j
if (k % 2 == 0) {
s = s ^ l;
s = (s >> 4) * 10 + (s % 16);
n = n * 100n
n = n + BigInt(s)
s = 0
}
}
if (m == n) {
n = 18071254662143010n // Success
} else {
n = 24706849372394394n // Error..
}
// 略去输出提示信息的部分
let un, sn, s, i, j, k, l, m, n;
un = "KCTFKCTFKCTFKCTF"
m = 0n
for (i = 0; i < un.length; i++) {
m = m * 43n + BigInt(un.charCodeAt(i))
}
l = Number(m % 127n)
console.log(m, l)
得到 243377798925556026477314360n 66。
再算出序列号:
f = lambda x: (x >> 4) * 10 + (x % 16)
m = 243377798925556026477314360
x = m
p = []
while x:
p.append(x%100)
x //= 100
p = p[::-1]
ans = []
for w in p:
ans.append([x for x in range(256) if f(x) == w])
for z in itertools.product(*ans):
print(xor(z, 66).hex())