-
-
[原创]签到
-
2021-11-15 18:06
-
看雪ctf签到题
对name做一次crc32,然后使用strspn函数判断输入的格式里是不是只有数字,接着校验了code的长度,然后将code转成整数,和name的crc32校验值异或之后对结果进行crc32校验,要求校验值为0x13B88C77
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | import zlibif __name__ == '__main__': tmp = "" for a in '0123456789abcedf': for b in '0123456789abcedf': for c in '0123456789abcedf': for d in '0123456789abcedf': for e in '0123456789abcedf': for f in '0123456789abcedf': for g in '0123456789abcedf': for h in '0123456789abcedf': tmp += a tmp += b tmp += c tmp += d tmp += e tmp += f tmp += g tmp += h #print(tmp) tmpResult = zlib.crc32(tmp.encode('utf8')) if tmpResult == 0x13B88C77: print(tmp) exit(0) tmp = '' |
最后再和0x5EE54F4C异或就是结果。
太慢了,换go写了个多线程的。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | package mainimport ( "fmt" "hash/crc32")var strTable = "12345abcdef67890"func Crack(table *crc32.Table,ch chan int) { for _, v1 := range strTable { for _, v2 := range strTable { for _, v3 := range strTable { for _, v4 := range strTable { for _, v5 := range strTable { for _, v6 := range strTable { for _, v7 := range strTable { for _, v8 := range strTable { tmp := string(v1) + string(v2) + string(v3) + string(v4) + string(v5) + string(v6) + string(v7) + string(v8) ret := crc32.Checksum([]byte(tmp), table) //fmt.Println(tmp) if ret == 0x13B88C77 { fmt.Println(tmp) ch <- 6 return } } } } } } } } }}func main() { table := crc32.MakeTable(crc32.IEEE) ret := crc32.Checksum([]byte("KCTF"), table) fmt.Println(ret) ch := make(chan int) go Crack(table,ch) fmt.Println( <-ch)} |
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
|
|
|---|---|
