[原创]KCTF 2021秋季赛第九题万事俱备-CTF对抗-看雪-安全社区|安全招聘|kanxue.com

[原创]KCTF 2021秋季赛第九题万事俱备
发表于: 2021-12-9 12:41 20698
[原创]KCTF 2021秋季赛第九题万事俱备

BlackINT3
2021-12-9 12:41
20698
易语言？
拿到程序，发现是易语言写的，还有点奇怪，直接x64dbg调试先看，跑起来发现易语言只是套了个外壳：
Py脚本
从temp目录找到check.py和对应的CPython2.7解释器，不用想解释器肯定是改过的，先定位到程序版本：

程序版本是2.7.18，从官网下载源码编译，https://www.python.org/ftp/python/2.7.18/Python-2.7.18.tgz
Python执行原理
温顾一遍解释器原理也是有必要的，首先定位到几个关键点：
处理Opcode
目前还没找到很简单的方法，目前用了两种方式：
1、编写测试代码生成，用两个解释器生成pyc，再用dis模块反汇编对比，这里可写个脚本提高下效率，这种方式能找到到绝大部分。
2、对于方式1不好生成的指令，通过IDA对比PyEval_EvalFrameEx函数，手动识别特征代码（字符串、关系调用等）
重新编译python
替换了源码中的Include/opcode.h和Lib/opcode.py，最终生成python可以执行check.py，开始以为作者在解释器上做了大量工作，事实上并没有。
名称混淆：
指令switch平坦 + 花指令：
switch：每一条指令通过XOR跳往switch判断下一条指令
花指令：这里的opcode当NOP处理
字符串加密（这里是后面Trace发现的）,通过base64、zlib、xor等解密
因为指令switch那块比较固定，静态还原代码也不是很难，考虑效率问题，最后还是找到了不错的动态跟踪的工具：
x-python仓库：https://github.com/rocky/x-python
做了如下改动：
最后执行python_d.exe xpy.py -v check.pyc，几分钟后到了raw_input输入，看了下之前代码如下：
执行效果还不错，看到了具体代码，以后有空再改造下把栈的信息拿出来，方便分析。
直接逆推不出来，注意到m、n、j、k的初始值和最后运算方式一致，因此可以把mnjk推导出来，至于k的值（最多是0-15），因此跑个16次计算，再把结果校验，最后得到KCTF的flag：

//恢复的opcode如下
#define NOP        65
#define STOP_CODE 61
#define POP_TOP 30
#define ROT_TWO 52
#define ROT_THREE 56
#define DUP_TOP 13
#define ROT_FOUR 16
#define UNARY_POSITIVE 32
#define UNARY_NEGATIVE 89
#define UNARY_NOT 57
#define UNARY_CONVERT 87
#define UNARY_INVERT 25
#define BINARY_POWER 77
#define BINARY_MULTIPLY 69
#define BINARY_DIVIDE 71
#define BINARY_MODULO 14
#define BINARY_ADD 81
#define BINARY_SUBTRACT 53
#define BINARY_SUBSCR 40
#define BINARY_FLOOR_DIVIDE 76
#define BINARY_TRUE_DIVIDE 48
#define INPLACE_FLOOR_DIVIDE 26
#define INPLACE_TRUE_DIVIDE 63
#define SLICE 0
#define SLICE_1 1
#define SLICE_2 2
#define SLICE_3 3
#define STORE_SLICE 4
#define STORE_SLICE_1 5
#define STORE_SLICE_2 6
#define STORE_SLICE_3 7
#define DELETE_SLICE 8
#define DELETE_SLICE_1 9
#define DELETE_SLICE_2 10
#define DELETE_SLICE_3 11
#define STORE_MAP 64
#define INPLACE_ADD 17
#define INPLACE_SUBTRACT 86
#define INPLACE_MULTIPLY 20
#define INPLACE_DIVIDE 74
#define INPLACE_MODULO 67
#define STORE_SUBSCR 73
#define DELETE_SUBSCR 23
#define BINARY_LSHIFT 66
#define BINARY_RSHIFT 19
#define BINARY_AND 18
#define BINARY_XOR 88
#define BINARY_OR 85
#define INPLACE_POWER 33
#define GET_ITER 70
#define PRINT_EXPR 39
#define PRINT_ITEM 59
#define PRINT_NEWLINE 15
#define PRINT_ITEM_TO 62
#define PRINT_NEWLINE_TO 24
#define INPLACE_LSHIFT 41
#define INPLACE_RSHIFT 72
#define INPLACE_AND 45
#define INPLACE_XOR 37
#define INPLACE_OR 29
#define BREAK_LOOP 50
#define WITH_CLEANUP 42
#define LOAD_LOCALS 83
#define RETURN_VALUE 46
#define IMPORT_STAR 28
#define EXEC_STMT 51
#define YIELD_VALUE 60
#define POP_BLOCK 22
#define END_FINALLY 31
#define BUILD_CLASS 54
#define HAVE_ARGUMENT    90    /* Opcodes from here have an argument: */
#define STORE_NAME 112
#define DELETE_NAME 127
#define UNPACK_SEQUENCE 107
#define FOR_ITER 108
#define LIST_APPEND 141
#define STORE_ATTR 102
#define DELETE_ATTR 137
#define STORE_GLOBAL 98
#define DELETE_GLOBAL 114
#define DUP_TOPX 110
#define LOAD_CONST 131
#define LOAD_NAME 94
#define BUILD_TUPLE 106
#define BUILD_LIST 133
#define BUILD_SET 116
#define BUILD_MAP 139
#define LOAD_ATTR 140
#define COMPARE_OP 95
#define IMPORT_NAME 124
#define IMPORT_FROM 135
#define JUMP_FORWARD 115
#define JUMP_IF_FALSE_OR_POP 123
#define JUMP_IF_TRUE_OR_POP 128
#define JUMP_ABSOLUTE 118
#define POP_JUMP_IF_FALSE 92
#define POP_JUMP_IF_TRUE 120
#define LOAD_GLOBAL 138
#define CONTINUE_LOOP 113
#define SETUP_LOOP 93
#define SETUP_EXCEPT 111
#define SETUP_FINALLY 130
#define LOAD_FAST 109
#define STORE_FAST 119
#define DELETE_FAST 142
#define RAISE_VARARGS 134
#define CALL_FUNCTION 90
#define MAKE_FUNCTION 126
#define BUILD_SLICE 105
#define MAKE_CLOSURE 136
#define LOAD_CLOSURE 132
#define LOAD_DEREF 125
#define STORE_DEREF 122
#define CALL_FUNCTION_VAR 99
#define CALL_FUNCTION_KW 100
#define CALL_FUNCTION_VAR_KW 101
#define SETUP_WITH 143
#define EXTENDED_ARG 145
#define SET_ADD 146
#define MAP_ADD 147

//恢复的opcode如下
#define NOP        65
#define STOP_CODE 61
#define POP_TOP 30
#define ROT_TWO 52
#define ROT_THREE 56
#define DUP_TOP 13
#define ROT_FOUR 16
#define UNARY_POSITIVE 32
#define UNARY_NEGATIVE 89
#define UNARY_NOT 57
#define UNARY_CONVERT 87
#define UNARY_INVERT 25
#define BINARY_POWER 77
#define BINARY_MULTIPLY 69
#define BINARY_DIVIDE 71
#define BINARY_MODULO 14
#define BINARY_ADD 81
#define BINARY_SUBTRACT 53
#define BINARY_SUBSCR 40
#define BINARY_FLOOR_DIVIDE 76
#define BINARY_TRUE_DIVIDE 48
#define INPLACE_FLOOR_DIVIDE 26
#define INPLACE_TRUE_DIVIDE 63
#define SLICE 0
#define SLICE_1 1
#define SLICE_2 2
#define SLICE_3 3
#define STORE_SLICE 4
#define STORE_SLICE_1 5
#define STORE_SLICE_2 6
#define STORE_SLICE_3 7
#define DELETE_SLICE 8
#define DELETE_SLICE_1 9
#define DELETE_SLICE_2 10
#define DELETE_SLICE_3 11
#define STORE_MAP 64
#define INPLACE_ADD 17
#define INPLACE_SUBTRACT 86
#define INPLACE_MULTIPLY 20
#define INPLACE_DIVIDE 74
#define INPLACE_MODULO 67
#define STORE_SUBSCR 73
#define DELETE_SUBSCR 23
#define BINARY_LSHIFT 66
#define BINARY_RSHIFT 19
#define BINARY_AND 18
#define BINARY_XOR 88
#define BINARY_OR 85
#define INPLACE_POWER 33
#define GET_ITER 70
#define PRINT_EXPR 39
#define PRINT_ITEM 59
#define PRINT_NEWLINE 15
#define PRINT_ITEM_TO 62
#define PRINT_NEWLINE_TO 24
#define INPLACE_LSHIFT 41
#define INPLACE_RSHIFT 72
#define INPLACE_AND 45
#define INPLACE_XOR 37
#define INPLACE_OR 29
#define BREAK_LOOP 50
#define WITH_CLEANUP 42
#define LOAD_LOCALS 83
#define RETURN_VALUE 46
#define IMPORT_STAR 28
#define EXEC_STMT 51
#define YIELD_VALUE 60
#define POP_BLOCK 22
#define END_FINALLY 31
#define BUILD_CLASS 54
#define HAVE_ARGUMENT    90    /* Opcodes from here have an argument: */
#define STORE_NAME 112
#define DELETE_NAME 127
#define UNPACK_SEQUENCE 107
#define FOR_ITER 108
#define LIST_APPEND 141
#define STORE_ATTR 102
#define DELETE_ATTR 137
#define STORE_GLOBAL 98
#define DELETE_GLOBAL 114
#define DUP_TOPX 110
#define LOAD_CONST 131
#define LOAD_NAME 94
#define BUILD_TUPLE 106
#define BUILD_LIST 133
#define BUILD_SET 116
#define BUILD_MAP 139
#define LOAD_ATTR 140
#define COMPARE_OP 95
#define IMPORT_NAME 124
#define IMPORT_FROM 135
#define JUMP_FORWARD 115
#define JUMP_IF_FALSE_OR_POP 123
#define JUMP_IF_TRUE_OR_POP 128
#define JUMP_ABSOLUTE 118
#define POP_JUMP_IF_FALSE 92
#define POP_JUMP_IF_TRUE 120
#define LOAD_GLOBAL 138
#define CONTINUE_LOOP 113
#define SETUP_LOOP 93
#define SETUP_EXCEPT 111
#define SETUP_FINALLY 130
#define LOAD_FAST 109
#define STORE_FAST 119
#define DELETE_FAST 142
#define RAISE_VARARGS 134
#define CALL_FUNCTION 90
#define MAKE_FUNCTION 126
#define BUILD_SLICE 105
#define MAKE_CLOSURE 136
#define LOAD_CLOSURE 132
#define LOAD_DEREF 125
#define STORE_DEREF 122
#define CALL_FUNCTION_VAR 99
#define CALL_FUNCTION_KW 100
#define CALL_FUNCTION_VAR_KW 101
#define SETUP_WITH 143
#define EXTENDED_ARG 145
#define SET_ADD 146
#define MAP_ADD 147
 
 

eNpVlq+LImEYx/Xu9g6GxbDBIGLYsCwiGwz+AQO3YRCDwXAHEwwHLmIweN1gEDEYDCIGg0HEYNg/wGAYlglymA+DYVgmHGI+n1nm8/KUL+/M+7zPj+/zfZ+ZnzeJROLx0xUav5PXVVJWt7y7+XxdfZPVq0BPoCLgC6R5V+LE9ys+fpGVG280xgLPmOzF6df43YeDyN9CoClQwPhOjP8m4902GTwIvAh4AlMBSyCMS2h0BXYE2hHIFvghcBLY4OWAyUWgzmMeiFzNKatHoKjefwIjCNvyLvKcEThismJjRn6OTrKPscfjEA76cBDwuKWiJRtDYtzH7H7kXKCOPjHudJJbTCLCcpz1qWihV1mBMv2IWraHtS05/8JkxtkWG+90dUqmAxrfxPMU7s9U3kQHDr2M+pEitXt6OSGrOYqw2XV1e0LOjiBiTi6vqMRChANChtpzl7hF7eqNaGeOFWnABNVddFY2mUa9XLMRciwi9g92BWCCvxPdr+ir0aPyPMdGNL6N5z4hPYpZQ8mFUgdcjYB2b5FADTpPxB2wWsJGR6DKCRu1L7BbINY62jhiZ+E5RPzmuhjGl2yMGX0W9/cJpweq3CABF65KUOLQPI9ALfLbUH4bmjxGhqNvtwNNAYkbjZvrZ0b4kHQXekp1YdLXQtpQWxoh5aBuSZVFcikTsstQCCh6j0kRDdXhdEWgHYS1Ma6itR3EHvHiIgtbT8IenktsbLhlVYKfaWiHcZPHX4r7G+rm1eGqS1ZZiC1rO4vJ9cyqxjUYE2iNF5tdn9aaqdKmHwd9IqWH1pGmmA9Lh5AuSQ4he4zCamykqXyNBExDz5x9oSlmmhlKmoj1nSQrWu1rzYFHkj7+WggkpL97/T2q6q+puY0jGpCjSgsTcw1M0Q/MiCqdDnjMkOkFDZ2p0kyGgv6gTTQRTzA5o/wVArZgKMsJc89LqCmjf6gc7swEwm4JJKn9B4X61ks=', 866: '0', 715: 'marshal', 341: 'zlib', 203: 'base64'}, 866)

eNpVlq+LImEYx/Xu9g6GxbDBIGLYsCwiGwz+AQO3YRCDwXAHEwwHLmIweN1gEDEYDCIGg0HEYNg/wGAYlglymA+DYVgmHGI+n1nm8/KUL+/M+7zPj+/zfZ+ZnzeJROLx0xUav5PXVVJWt7y7+XxdfZPVq0BPoCLgC6R5V+LE9ys+fpGVG280xgLPmOzF6df43YeDyN9CoClQwPhOjP8m4902GTwIvAh4AlMBSyCMS2h0BXYE2hHIFvghcBLY4OWAyUWgzmMeiFzNKatHoKjefwIjCNvyLvKcEThismJjRn6OTrKPscfjEA76cBDwuKWiJRtDYtzH7H7kXKCOPjHudJJbTCLCcpz1qWihV1mBMv2IWraHtS05/8JkxtkWG+90dUqmAxrfxPMU7s9U3kQHDr2M+pEitXt6OSGrOYqw2XV1e0LOjiBiTi6vqMRChANChtpzl7hF7eqNaGeOFWnABNVddFY2mUa9XLMRciwi9g92BWCCvxPdr+ir0aPyPMdGNL6N5z4hPYpZQ8mFUgdcjYB2b5FADTpPxB2wWsJGR6DKCRu1L7BbINY62jhiZ+E5RPzmuhjGl2yMGX0W9/cJpweq3CABF65KUOLQPI9ALfLbUH4bmjxGhqNvtwNNAYkbjZvrZ0b4kHQXekp1YdLXQtpQWxoh5aBuSZVFcikTsstQCCh6j0kRDdXhdEWgHYS1Ma6itR3EHvHiIgtbT8IenktsbLhlVYKfaWiHcZPHX4r7G+rm1eGqS1ZZiC1rO4vJ9cyqxjUYE2iNF5tdn9aaqdKmHwd9IqWH1pGmmA9Lh5AuSQ4he4zCamykqXyNBExDz5x9oSlmmhlKmoj1nSQrWu1rzYFHkj7+WggkpL97/T2q6q+puY0jGpCjSgsTcw1M0Q/MiCqdDnjMkOkFDZ2p0kyGgv6gTTQRTzA5o/wVArZgKMsJc89LqCmjf6gc7swEwm4JJKn9B4X61ks=', 866: '0', 715: 'marshal', 341: 'zlib', 203: 'base64'}, 866)
#eval_frame函数

         if (bytecode_name not in ['COMPARE_OP','POP_JUMP_IF_FALSE','JUMP_ABSOLUTE','NOP','LOAD_FAST','STORE_FAST']):

             if len(arguments) > 0:

                 if isinstance(arguments[0],long):

                     if arguments[0] < 111111183538799472:

                         self.log(bytecode_name, int_arg, arguments, offset, line_number)

                 else:

                     self.log(bytecode_name, int_arg, arguments, offset, line_number)                                            

             else:

                 self.log(bytecode_name, int_arg, arguments, offset, line_number)
#eval_frame函数

         if (bytecode_name not in ['COMPARE_OP','POP_JUMP_IF_FALSE','JUMP_ABSOLUTE','NOP','LOAD_FAST','STORE_FAST']):

             if len(arguments) > 0:

                 if isinstance(arguments[0],long):

                     if arguments[0] < 111111183538799472:

                         self.log(bytecode_name, int_arg, arguments, offset, line_number)

                 else:

                     self.log(bytecode_name, int_arg, arguments, offset, line_number)                                            

             else:

                 self.log(bytecode_name, int_arg, arguments, offset, line_number)
#format_instruction函数

 if vm and bytecode_name in vm.byteop.stack_fmt:

     stack_args = vm.byteop.stack_fmt[bytecode_name](vm, int_arg, repr)

     if (bytecode_name == 'INPLACE_XOR'):

             pos = stack_args.find('L')

             if pos != -1:

                 if long(stack_args[stack_args.find('(')+1:pos])>111111111111111111111:

                     return ""
#format_instruction函数

 if vm and bytecode_name in vm.byteop.stack_fmt:

     stack_args = vm.byteop.stack_fmt[bytecode_name](vm, int_arg, repr)

     if (bytecode_name == 'INPLACE_XOR'):

             pos = stack_args.find('L')

             if pos != -1:

                 if long(stack_args[stack_args.find('(')+1:pos])>111111111111111111111:

                     return ""

INFO:xpython.vm:       @7266: LOAD_NAME dict

INFO:xpython.vm:       @7637: BUILD_LIST 0

INFO:xpython.vm:       @5069: LOAD_NAME __import__

INFO:xpython.vm:       @6232: LOAD_CONST marshal

INFO:xpython.vm:       @4648: CALL_FUNCTION (__import__) 1 positional, 0 named

INFO:xpython.vm:       @8028: LOAD_ATTR loads

INFO:xpython.vm:       @6832: LOAD_CONST eNpdmD2LKkkUhmf37geIGPSCgQwGBjKIdGDgDzAwkMFggg5c6MBAuCIGBv4AAwNxO5igA5EODAwGMTAwWDYyMJCLLCL9Aww6EOlAlonX8uJz9mxyqLKqznnPez6q2t9/fnp6evnxJr7++eU2+sGMkvz2202+/GpGayOGRtSN2BuR5reynDCjX8yoyup989yIjhFFNv9xM/fykxm5Dy1f/cfZ71sKZvT3l4eCnhEpI9qc8Iw4GlEy4h24MyMmRmSN+MeIjBFLI6ZGRKA6se8OPGdEBX0n1E/waGNEDOYTUxdAAyNGRlyN+IaCGgpyHMtwwgJ9jLBAsAZV/KR4GePRDM3CQQ6T4lH0CPd/TE7QF8FazIkBW8psuY8CoA1wP8fmNpvXWDuB5b65jwt99j2D4GDEBxwcWVgxvcB9wghH77svtIxosNDAmguTb4TnirUsNGWBcc/srhELTGZwtY2qsxE2+AJGR07cleY1vgRaPIxXWPgkliWI3ZDKNVC1dWnMyPuALD5iN0VQ2oxeiYK4H6EvQaCukNgEhnhU1Mk/JzcCcm2KC+JbmeqJsZbGmsNvz8AooioJ+tOjjXzX8k7cBugrMi2TUneyd4DcsLBDc1pHJoODM73Fwm4T4xGrWxRIfyni5RloAal3RoGL5yuI9THkwu6BjLUB9MmCw9mWpsnB8x7AA5B2UbDF6QJu+WTYmlpwyM4+WXLlWB19Cc5uQeVgY0AJdTR/0kqXqDqDRQrb1r3JhisLzTIKCe0BNq66yViYzGPojZukoGt1A+YUdsfUucBNU4hjSKwQ6S4Z9s6xOkG2cGtHii7ohM/gC6lpm+mZmjnqYsqTf55u9VmMt5gmQPoBk3v0fdAPQkrcIih1fJPeniL6PnAzjCSRdqCv89sEzDGaM5rdOV6WdH/xod0nlj4mu2he6Us9DTk9/ZutA1+GnDRVewGQh4Ihbs3B1yRafaxVONEmZHk2T3B/ra+xKZSUtDNb/JV3jrybpuirgGWD6OpkyBOUI6rq0D5kX6DTJ4/nPfB1mC5gsgiJCVxNcZuO9DXRxP0IG1tiPsGjV4p4wbEBeVrARgJX5VgMJXvq7QSxHbRIV6nRRsa4ekFplWLvAbKDNUf3XXnizEBfA6ncGkuOOeArozQgCicSJIlbUxrKFgdT+lXqUecbnaLySFjox528uUbAfcfagNUWoypnLfKgioMOkTnhqqcvNBvMPYS8ckP0ORDbJXcbUFLFeAiWEazNWUgR3wmpV2LfSPeIEWRnubHTsDaEziWtr0HtN3X9hmTsHmFjY6O7VAd/k5ytkbF54KaZzvS7xMLBHf6uwNzRfbxGlsw422XkkwIRJ+RefWZ1TicM2bdncwm4ZRiakHotoMn9a8GfvMctPC+SAhd9X9ZJPblYTmSdsNFA+HA/1vdWESLeqIAtdemRFg4V8L/Hp08+N0kam5D1UTpEeKwe9LdazMIUxuXBYoFeviHW+pEw1VFYsCC5O9J9fM7UhaEhSgMi7REU+ZqoQESWtHWxmwXQJ8bLGrOkihDxCdnylSrA67Cx1LF0iUwTrkJUyaegVE+ku0UJuBdaboEge1SUp19LS+wmdYNPQaeDCxHlUiDNYl26SVyV727JXcmcHOQ47AtJ6hAiclTAK6ik3QT6P4ouXkaALACoxtQlrxaETP7BaLMq3TsiyCt9WW/pL5K7Hv7K7dLS0Lb6vRvrv3LkK1W+Eg66GitsyaB5DC93pX/dxL//a4kn

INFO:xpython.vm:       @4908: LOAD_ATTR decode

INFO:xpython.vm:       @4959: LOAD_CONST base64

INFO:xpython.vm:       @6483: CALL_FUNCTION (decode) 1 positional, 0 named

INFO:xpython.vm:       @7383: LOAD_ATTR decode

INFO:xpython.vm:       @8232: LOAD_CONST zlib

INFO:xpython.vm:       @4318: CALL_FUNCTION (decode) 1 positional, 0 named

INFO:xpython.vm:       @5568: CALL_FUNCTION (loads) 1 positional, 0 named

INFO:xpython.vm:       @4207: FOR_ITER 7304

INFO:xpython.vm:       @5658: STORE_NAME ((954, (12,))) ooo00o

INFO:xpython.vm:       @5122: LOAD_NAME ooo00o

INFO:xpython.vm:       @8417: LOAD_CONST 0

INFO:xpython.vm:       @5897: BINARY_SUBSCR ((954, (12,)), 0) 

INFO:xpython.vm:       @8584: LOAD_CONST 216

INFO:xpython.vm:       @8639: BINARY_XOR (954, 216)

INFO:xpython.vm:       @7266: LOAD_NAME dict

INFO:xpython.vm:       @7637: BUILD_LIST 0

INFO:xpython.vm:       @5069: LOAD_NAME __import__

INFO:xpython.vm:       @6232: LOAD_CONST marshal

INFO:xpython.vm:       @4648: CALL_FUNCTION (__import__) 1 positional, 0 named

INFO:xpython.vm:       @8028: LOAD_ATTR loads

INFO:xpython.vm:       @6832: LOAD_CONST eNpdmD2LKkkUhmf37geIGPSCgQwGBjKIdGDgDzAwkMFggg5c6MBAuCIGBv4AAwNxO5igA5EODAwGMTAwWDYyMJCLLCL9Aww6EOlAlonX8uJz9mxyqLKqznnPez6q2t9/fnp6evnxJr7++eU2+sGMkvz2202+/GpGayOGRtSN2BuR5reynDCjX8yoyup989yIjhFFNv9xM/fykxm5Dy1f/cfZ71sKZvT3l4eCnhEpI9qc8Iw4GlEy4h24MyMmRmSN+MeIjBFLI6ZGRKA6se8OPGdEBX0n1E/waGNEDOYTUxdAAyNGRlyN+IaCGgpyHMtwwgJ9jLBAsAZV/KR4GePRDM3CQQ6T4lH0CPd/TE7QF8FazIkBW8psuY8CoA1wP8fmNpvXWDuB5b65jwt99j2D4GDEBxwcWVgxvcB9wghH77svtIxosNDAmguTb4TnirUsNGWBcc/srhELTGZwtY2qsxE2+AJGR07cleY1vgRaPIxXWPgkliWI3ZDKNVC1dWnMyPuALD5iN0VQ2oxeiYK4H6EvQaCukNgEhnhU1Mk/JzcCcm2KC+JbmeqJsZbGmsNvz8AooioJ+tOjjXzX8k7cBugrMi2TUneyd4DcsLBDc1pHJoODM73Fwm4T4xGrWxRIfyni5RloAal3RoGL5yuI9THkwu6BjLUB9MmCw9mWpsnB8x7AA5B2UbDF6QJu+WTYmlpwyM4+WXLlWB19Cc5uQeVgY0AJdTR/0kqXqDqDRQrb1r3JhisLzTIKCe0BNq66yViYzGPojZukoGt1A+YUdsfUucBNU4hjSKwQ6S4Z9s6xOkG2cGtHii7ohM/gC6lpm+mZmjnqYsqTf55u9VmMt5gmQPoBk3v0fdAPQkrcIih1fJPeniL6PnAzjCSRdqCv89sEzDGaM5rdOV6WdH/xod0nlj4mu2he6Us9DTk9/ZutA1+GnDRVewGQh4Ihbs3B1yRafaxVONEmZHk2T3B/ra+xKZSUtDNb/JV3jrybpuirgGWD6OpkyBOUI6rq0D5kX6DTJ4/nPfB1mC5gsgiJCVxNcZuO9DXRxP0IG1tiPsGjV4p4wbEBeVrARgJX5VgMJXvq7QSxHbRIV6nRRsa4ekFplWLvAbKDNUf3XXnizEBfA6ncGkuOOeArozQgCicSJIlbUxrKFgdT+lXqUecbnaLySFjox528uUbAfcfagNUWoypnLfKgioMOkTnhqqcvNBvMPYS8ckP0ORDbJXcbUFLFeAiWEazNWUgR3wmpV2LfSPeIEWRnubHTsDaEziWtr0HtN3X9hmTsHmFjY6O7VAd/k5ytkbF54KaZzvS7xMLBHf6uwNzRfbxGlsw422XkkwIRJ+RefWZ1TicM2bdncwm4ZRiakHotoMn9a8GfvMctPC+SAhd9X9ZJPblYTmSdsNFA+HA/1vdWESLeqIAtdemRFg4V8L/Hp08+N0kam5D1UTpEeKwe9LdazMIUxuXBYoFeviHW+pEw1VFYsCC5O9J9fM7UhaEhSgMi7REU+ZqoQESWtHWxmwXQJ8bLGrOkihDxCdnylSrA67Cx1LF0iUwTrkJUyaegVE+ku0UJuBdaboEge1SUp19LS+wmdYNPQaeDCxHlUiDNYl26SVyV727JXcmcHOQ47AtJ6hAiclTAK6ik3QT6P4ouXkaALACoxtQlrxaETP7BaLMq3TsiyCt9WW/pL5K7Hv7K7dLS0Lb6vRvrv3LkK1W+Eg66GitsyaB5DC93pX/dxL//a4kn

INFO:xpython.vm:       @4908: LOAD_ATTR decode

INFO:xpython.vm:       @4959: LOAD_CONST base64

INFO:xpython.vm:       @6483: CALL_FUNCTION (decode) 1 positional, 0 named

INFO:xpython.vm:       @7383: LOAD_ATTR decode

		
								
				
				登录后可查看完整内容
			
			
				
	

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！

		最后于  2021-12-9 12:45		
				被BlackINT3编辑
				
		，原因： 		
	

	
收藏・1
免费・4
支持
最新回复 (1)
sunfishi 雪币： 8764 活跃值： (5718) 能力值： ( LV13，RANK：296 ) 在线值：发帖 13 回帖 92 粉丝 99 关注私信	sunfishi 4 2 楼 opcode的还原是个体力活…… 2021-12-9 18:01 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复
BlackINT3
发帖
回帖
327
RANK
关注
私信
他的文章
关于我们
联系我们
企业服务
看雪公众号
[原创]KCTF 2021秋季赛 第九题 万事俱备

[原创]KCTF 2021秋季赛第九题万事俱备
