首页
社区
课程
招聘
[原创]第二题 南冥神功 解题
发表于: 2021-5-11 18:27 4881

[原创]第二题 南冥神功 解题

2021-5-11 18:27
4881

是10x9数列,IDA分析看样子要求对所有为0的字节填1就OK了,把数据列出来,分析每次仅能移动1行1列,可以斜着,最后发现路径如图,找路径都找了半天,不过非常有趣啊!

然后上python代码爆破:

发现结果GJ0V4LA4VKEVQZSVCNGJ00N,还有另外一条路径见图,所以至少有两个值。

 
'''
一个char分两次操作
第1次值为5 -  (index_in_string + index) %6
第2次值为(index + index_in_string / 6) % 6
{
0x53, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01,
0x01, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00, 0x01, 0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x00,
0x00, 0x01, 0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01,
0x01, 0x01, 0x00, 0x01, 0x01, 0x01, 0x00, 0x01, 0x00, 0x01,
0x00, 0x00, 0x01, 0x01, 0x01, 0x01, 0x00, 0x01, 0x00, 0x01,
0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01,
0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00
};
'''
 
road = [[0, 1], [1, 2], [2, 1], [2, 0], [3, 0], [4, 0], [4, 1],
        [5, 2], [6, 1], [6, 0], [7, 0], [8, 0],
        [8, 1], [8, 2], [7, 3], [7, 4], [8, 4], [8, 5], [7, 6],
        [6, 6], [5, 6], [4, 6], [3, 6], [3, 5], [4, 4],
        [4, 3], [3, 3], [2, 3], [1, 3], [0, 3], [0, 4], [1, 5],
        [1, 6], [0, 6], [0, 7], [1, 8], [1, 9], [2, 9],
        [3, 9], [3, 8], [4, 7], [5, 8], [6, 8], [7, 8], [8, 8], [8, 9]]
string = b'0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ'
 
 
def target_value(row, column, current_row):
    target = 0
    if row == 0:
        if column < 0:
            target = 4
        elif column > 0:
            target = 1
        else:
            print("error")
    elif row > 0:
        if column > 0:
            target = 2
        elif column < 0:
            target = 3
        else:
            # print("error1")
            if current_row & 1 == 0:
                target = 2
            else:
                target = 3
    elif row < 0:
        if column > 0:
            target = 0
        elif column < 0:
            target = 5
        else:
            # print("error2")
            if current_row & 1 == 0:
                target = 0
            else:
                target = 5
    return target
 
 
def calc(r1, r2):
    row = r2[0] - r1[0]
    column = r2[1] - r1[1]
    return target_value(row, column, r2[0])
 
 
def search_char(index, v1, v2):
    for index_in_string, s in enumerate(string):
        if v1 == (5 - (index_in_string + index) % 6):
            if v2 == ((index + index_in_string // 6) % 6):
                return chr(s)
 
 
output = ""
last = [0, 0]
for i in range(len(road) // 2):
    v1 = calc(last, road[i*2])
    v2 = calc(road[i*2], road[i*2+1])
    last = road[i*2 + 1]
    output += search_char(i, v1, v2)
 
print(output)
'''
一个char分两次操作
第1次值为5 -  (index_in_string + index) %6
第2次值为(index + index_in_string / 6) % 6
{
0x53, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01,
0x01, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00, 0x01, 0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x00,
0x00, 0x01, 0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01,
0x01, 0x01, 0x00, 0x01, 0x01, 0x01, 0x00, 0x01, 0x00, 0x01,
0x00, 0x00, 0x01, 0x01, 0x01, 0x01, 0x00, 0x01, 0x00, 0x01,
0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01,
0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00
};
'''
 
road = [[0, 1], [1, 2], [2, 1], [2, 0], [3, 0], [4, 0], [4, 1],
        [5, 2], [6, 1], [6, 0], [7, 0], [8, 0],
        [8, 1], [8, 2], [7, 3], [7, 4], [8, 4], [8, 5], [7, 6],
        [6, 6], [5, 6], [4, 6], [3, 6], [3, 5], [4, 4],
        [4, 3], [3, 3], [2, 3], [1, 3], [0, 3], [0, 4], [1, 5],
        [1, 6], [0, 6], [0, 7], [1, 8], [1, 9], [2, 9],
        [3, 9], [3, 8], [4, 7], [5, 8], [6, 8], [7, 8], [8, 8], [8, 9]]
string = b'0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ'
 
 
def target_value(row, column, current_row):
    target = 0
    if row == 0:
        if column < 0:
            target = 4
        elif column > 0:
            target = 1
        else:
            print("error")
    elif row > 0:
        if column > 0:
            target = 2
        elif column < 0:

[招生]系统0day安全班,企业级设备固件漏洞挖掘,Linux平台漏洞挖掘!

最后于 2021-6-21 11:26 被lynnux编辑 ,原因:
上传的附件:
收藏
免费 1
支持
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
返回
//