-
-
[原创]imaginaryCTF2021和rarCTF2021的两道非常相似的逆向题
-
2021-8-10 10:51
-
最近周末空闲的时候一直在玩CTF巩固基础,遇到两道很相似的逆向题,第一道解出来了,第二道没解出来,说明还是有些东西没搞懂
imaginaryCTF2021-string
此题简单明了,需要将输入的内容进行ASCII码的加减操作,编写个简单的程序就能得出flag
#include <stdio.h>
#include <string.h>
int main()
{
char *v1,*v2;
v1="jdug|tus2oht`5s4ou`i2ee4o`28c32b7:~";
for(int i=0; i<=34; ++i)
{
v2=(v1[i]-1);
printf("%s", &v2);
}
return 0;
}rarCTF-verybabyrev
此题和第一题一样是对数据进行操作,只不过这次是异或
import string
local_108 = 0x45481d1217111313
local_100 = 0x095f422c260b4145
local_f8 = 0x541b56563d6c5f0b
local_f0 = 0x585c0b3c2945415f
local_e8 = 0x402a6c54095d5f00
local_e0 = 0x4b5f4248276a0606
local_d8 = 0x6c5e5d432c2d4256
local_d0 = 0x6b315e434707412d
local_c8 = 0x5e54491c6e3b0a5a
local_c0 = 0x2828475e05342b1a
local_b8 = 0x060450073b26111f
local_b0 = 0x0a774803050b0d04
blocks = [local_108, local_100, local_f8, local_f0, local_e8, local_e0, local_d8, local_d0, local_c8, local_c0, local_b8, local_b0]
rawdata = b''
for b in blocks:
rawdata += b.to_bytes(8, 'little')
def encode(plaintext):
out = b''
local_c = 0
while True:
if local_c + 1 == len(plaintext):
break
out += (plaintext[local_c] ^ plaintext[local_c+1]).to_bytes(1, 'little')
local_c += 1
return out
knownpt = b'rarctf{'
start = len(knownpt)
for i in range(start, 0x61, 1):
for j in string.printable:
res = encode(knownpt + j.encode('utf-8'))
if res == rawdata[:i]:
knownpt += j.encode('utf-8')
print('flag: %s' % knownpt.decode('utf-8'))总结
两题虽然是逆向题但是第二题已经很接近密码学了(从解法也能看得出来),不过这两题都是ctf的逆向入门题,在此记录一下以便学习
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
|
|
|---|---|
