-
-
[分享]第二题 南冥神功 暴力求解
-
2021-5-12 20:09 4081
-
直接拖到IDA,从结果分析,最后V14的表肯定都不能为0。
找到以上对表进行的赋值,原本不为0的是不能踩的,为0的需要赋值1。
以及找到码表:'0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ'。
直接暴力求解吧
class Program { static string chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; static void Main(string[] args) { int[] flag = { 1,0,1,0,0,1,0,0,1,1,1,1,0,0,1,0,0,1,0,0,0,0,1,0,1,1,1,1,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,1,1,1,0,1,0,1,0,0,1,1,1,1,0 ,1,0,1,0,1,1,0,0,1,0,1,0,1,0,0,0,1,0,0,1,1,0,0}; for (int i = 0; i < chars.Length; i++) { if (Test(0, i, 0, 0, flag,"")) { break; } } } static bool TestFlag(int[] flag) { foreach (var item in flag) { if (item ==0) { return false; } } return true; } static bool Test(int index,int charindex,uint v21,uint v9,int[] flag,string outline) { if (index >= 30) { return false; } int v7 = (index + charindex / 6) % 6; int v8 = index + charindex; int v20 = v7; int v10 = 5 - v8 % 6; int[] flag2 = (int[])flag.Clone(); for (int i = 0; ; i=1) { switch (v10) { case 1: ++v9; break; case 2: if ((v21++ & 1) ==0) { v9++; } break; case 3: if ((v21++ & 1) != 0) { v9--; } break; case 4: --v9; break; case 5: if ((v21-- & 1) != 0) { v9--; } break; default: if ((v21-- & 1) == 0) { v9++; } break; } if (v9>9) { return false; } if (v21 >8) { return false; } uint xxx = 10 * v21 + v9; if (flag2[xxx] == 1) { return false; } flag2[xxx] = 1; if (i== 1) { outline += chars[charindex]; if (TestFlag(flag2)) { Console.Write(outline); Console.Write("...OK"); return true; } else { index++; for (int k =0; k < chars.Length; k++) { if (!Test(index, k, v21, v9, flag2,outline)) { continue; } else { return true; } } } } v10 = v20; } } }
最后可得GJ0V4LA4VKEVQZSVCNGJ00N,即解。
[CTF入门培训]顶尖高校博士及硕士团队亲授《30小时教你玩转CTF》,视频+靶场+题目!助力进入CTF世界
赞赏
他的文章
看原图