-
-
[原创]第二题 南冥神功 解题
-
发表于: 2021-5-11 18:27
-
是10x9数列,IDA分析看样子要求对所有为0的字节填1就OK了,把数据列出来,分析每次仅能移动1行1列,可以斜着,最后发现路径如图,找路径都找了半天,不过非常有趣啊!
然后上python代码爆破:
发现结果GJ0V4LA4VKEVQZSVCNGJ00N,还有另外一条路径见图,所以至少有两个值。
'''一个char分两次操作第1次值为5 - (index_in_string + index) %6第2次值为(index + index_in_string / 6) % 6{0x53, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01,0x01, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00,0x00, 0x00, 0x01, 0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x00,0x00, 0x01, 0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00,0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01,0x01, 0x01, 0x00, 0x01, 0x01, 0x01, 0x00, 0x01, 0x00, 0x01,0x00, 0x00, 0x01, 0x01, 0x01, 0x01, 0x00, 0x01, 0x00, 0x01,0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01,0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00};'''road = [[0, 1], [1, 2], [2, 1], [2, 0], [3, 0], [4, 0], [4, 1],
[5, 2], [6, 1], [6, 0], [7, 0], [8, 0],
[8, 1], [8, 2], [7, 3], [7, 4], [8, 4], [8, 5], [7, 6],
[6, 6], [5, 6], [4, 6], [3, 6], [3, 5], [4, 4],
[4, 3], [3, 3], [2, 3], [1, 3], [0, 3], [0, 4], [1, 5],
[1, 6], [0, 6], [0, 7], [1, 8], [1, 9], [2, 9],
[3, 9], [3, 8], [4, 7], [5, 8], [6, 8], [7, 8], [8, 8], [8, 9]]
string = b'0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ'
def target_value(row, column, current_row):
target = 0
if row == 0:
if column < 0:
target = 4
elif column > 0:
target = 1
else:
print("error")
elif row > 0:
if column > 0:
target = 2
elif column < 0:
target = 3
else:
# print("error1")
if current_row & 1 == 0:
target = 2
else:
target = 3
elif row < 0:
if column > 0:
target = 0
elif column < 0:
target = 5
else:
# print("error2")
if current_row & 1 == 0:
target = 0
else:
target = 5
return target
def calc(r1, r2):
row = r2[0] - r1[0]
column = r2[1] - r1[1]
return target_value(row, column, r2[0])
def search_char(index, v1, v2):
for index_in_string, s in enumerate(string):
if v1 == (5 - (index_in_string + index) % 6):
if v2 == ((index + index_in_string // 6) % 6):
return chr(s)
output = ""
last = [0, 0]
for i in range(len(road) // 2):
v1 = calc(last, road[i*2])
v2 = calc(road[i*2], road[i*2+1])
last = road[i*2 + 1]
output += search_char(i, v1, v2)
print(output)
'''一个char分两次操作第1次值为5 - (index_in_string + index) %6第2次值为(index + index_in_string / 6) % 6{0x53, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01,0x01, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00,0x00, 0x00, 0x01, 0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x00,0x00, 0x01, 0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00,0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01,0x01, 0x01, 0x00, 0x01, 0x01, 0x01, 0x00, 0x01, 0x00, 0x01,0x00, 0x00, 0x01, 0x01, 0x01, 0x01, 0x00, 0x01, 0x00, 0x01,0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01,0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00};'''road = [[0, 1], [1, 2], [2, 1], [2, 0], [3, 0], [4, 0], [4, 1],
[5, 2], [6, 1], [6, 0], [7, 0], [8, 0],
[8, 1], [8, 2], [7, 3], [7, 4], [8, 4], [8, 5], [7, 6],
[6, 6], [5, 6], [4, 6], [3, 6], [3, 5], [4, 4],
[4, 3], [3, 3], [2, 3], [1, 3], [0, 3], [0, 4], [1, 5],
[1, 6], [0, 6], [0, 7], [1, 8], [1, 9], [2, 9],
[3, 9], [3, 8], [4, 7], [5, 8], [6, 8], [7, 8], [8, 8], [8, 9]]
string = b'0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ'
def target_value(row, column, current_row):
target = 0
if row == 0:
if column < 0:
target = 4
elif column > 0:
target = 1
else:
print("error")
elif row > 0:
if column > 0:
target = 2
elif column < 0:
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
最后于 2021-6-21 11:26
被lynnux编辑
,原因:
|
|
|---|---|
