-
-
[原创]2022KCTF春季赛 第二题 末日邀请
-
发表于: 2022-5-13 01:04 12087
-
首先对输入进行CRC32计算,有魔改,到最后一步会去验证CRC是不是为0xF52E0765,这个需要爆破
对输入加密,加密算法简单,对于每一个字符,a>=0x3A?a-=0x37:a-=0x30
第1处验证:输入的前3个做xor运算,最后结果可能有以下情况
0,7,-1,-17,-4,-41,-5,-37,-2,-49,-17,-3
此处先跳过,最后再爆破
第2处验证:判断加密后是不是一个固定值,求出来KCTF
第3处验证:结合之前的运算结果数值+2,读取指定长度的输入,转换为数字运算,输入进行排序,排序结果和指定长度的字符串加密后结果相同,爆破代码
得到结果381654729,当然1,12,空串 也符合
第4处验证:判断剩下的字符串长度是否为8的倍数,进行加密,最后xor判断结果
这个加密求解不出来,留空,或者 00 可以通过验证
最后爆破CRC ???KCTF38165472900 or ???KCTF1200 or ???KCTF100 or ???KCTF00
最后得到421KCTF381654729
#include<stdio.h>
int
main(){
int
mat[
200
]
=
{
0
};
for
(
int
num
=
0
;num<
=
255
;num
+
+
){
int
temp
=
(char)num;
for
(
int
i
=
1
;i<
200
;i
+
+
){
if
((temp &
1
)!
=
0
){
temp
=
3
*
temp
+
1
;
}
else
{
temp
=
temp >>
1
;
}
mat[i]
=
temp;
}
printf(
"%d %d\n"
,num,mat[
198
] | mat[
197
] | mat[
196
]);
}
}
#include<stdio.h>
int
main(){
int
mat[
200
]
=
{
0
};
for
(
int
num
=
0
;num<
=
255
;num
+
+
){
int
temp
=
(char)num;
for
(
int
i
=
1
;i<
200
;i
+
+
){
if
((temp &
1
)!
=
0
){
temp
=
3
*
temp
+
1
;
}
else
{
temp
=
temp >>
1
;
}
mat[i]
=
temp;
}
printf(
"%d %d\n"
,num,mat[
198
] | mat[
197
] | mat[
196
]);
}
}
#include<stdio.h>
int
N[]
=
{
1e9
,
1e8
,
1e7
,
1e6
,
1e5
,
1e4
,
1e3
,
1e2
,
1e1
,
1e0
};
int
check2(
int
num){
int
n[
10
]
=
{
0
};
for
(
int
k
=
1
;k<
=
9
;k
+
+
){
int
p
=
(num
/
N[k])
%
10
;
if
(p
=
=
0
|| n[p]
=
=
1
){
return
0
;
}
n[p]
=
1
;
}
return
1
;
}
int
main(){
for
(
int
i
=
123456789
;i<
=
987654321
;i
+
+
){
int
num
=
i;
int
result
=
1
;
int
n
=
0
;
for
(
int
k
=
1
;k<
=
9
;k
+
+
){
int
t
=
(num
/
N[k])
%
10
;
n
=
n
*
10
+
t;
if
(n>
0x4B435445
){
n
-
=
0x37373737
;
}
if
(n
%
k){
result
=
0
;
break
;
}
}
if
(result){
if
(check2(num)){
printf(
"%d\n"
,num);
}
}
}
return
0
;
}
#include<stdio.h>
int
N[]
=
{
1e9
,
1e8
,
1e7
,
1e6
,
1e5
,
1e4
,
1e3
,
1e2
,
1e1
,
1e0
};
int
check2(
int
num){
int
n[
10
]
=
{
0
};
for
(
int
k
=
1
;k<
=
9
;k
+
+
){
int
p
=
(num
/
N[k])
%
10
;
if
(p
=
=
0
|| n[p]
=
=
1
){
return
0
;
}
n[p]
=
1
;
}
return
1
;
}
int
main(){
for
(
int
i
=
123456789
;i<
=
987654321
;i
+
+
){
int
num
=
i;
int
result
=
1
;
int
n
=
0
;
for
(
int
k
=
1
;k<
=
9
;k
+
+
){
int
t
=
(num
/
N[k])
%
10
;
n
=
n
*
10
+
t;
if
(n>
0x4B435445
){
n
-
=
0x37373737
;
}
if
(n
%
k){
result
=
0
;
break
;
}
}
if
(result){
if
(check2(num)){
printf(
"%d\n"
,num);
}
}
}
return
0
;
}
# include <stdio.h>
# include <stdlib.h>
static unsigned
long
Crc32_ComputeBuf(unsigned
long
inCrc32, const void
*
buf, size_t bufLen) {
static const
int
crcTable[
256
]
=
{
0x00000000
,
0x09073096
,
0x120E612C
,
0x1B0951BA
,
0xFF6DC419
,
0xF66AF48F
,
0xED63A535
,
0xE46495A3
,
0xFEDB8832
,
0xF7DCB8A4
,
0xECD5E91E
,
0xE5D2D988
,
0x01B64C2B
,
0x08B17CBD
,
0x13B82D07
,
0x1ABF1D91
,
0xFDB71064
,
0xF4B020F2
,
0xEFB97148
,
0xE6BE41DE
,
0x02DAD47D
,
0x0BDDE4EB
,
0x10D4B551
,
0x19D385C7
,
0x036C9856
,
0x0A6BA8C0
,
0x1162F97A
,
0x1865C9EC
,
0xFC015C4F
,
0xF5066CD9
,
0xEE0F3D63
,
0xE7080DF5
,
0xFB6E20C8
,
0xF269105E
,
0xE96041E4
,
0xE0677172
,
0x0403E4D1
,
0x0D04D447
,
0x160D85FD
,
0x1F0AB56B
,
0x05B5A8FA
,
0x0CB2986C
,
0x17BBC9D6
,
0x1EBCF940
,
0xFAD86CE3
,
0xF3DF5C75
,
0xE8D60DCF
,
0xE1D13D59
,
0x06D930AC
,
0x0FDE003A
,
0x14D75180
,
0x1DD06116
,
0xF9B4F4B5
,
0xF0B3C423
,
0xEBBA9599
,
0xE2BDA50F
,
0xF802B89E
,
0xF1058808
,
0xEA0CD9B2
,
0xE30BE924
,
0x076F7C87
,
0x0E684C11
,
0x15611DAB
,
0x1C662D3D
,
0xF6DC4190
,
0xFFDB7106
,
0xE4D220BC
,
0xEDD5102A
,
0x09B18589
,
0x00B6B51F
,
0x1BBFE4A5
,
0x12B8D433
,
0x0807C9A2
,
0x0100F934
,
0x1A09A88E
,
0x130E9818
,
0xF76A0DBB
,
0xFE6D3D2D
,
0xE5646C97
,
0xEC635C01
,
0x0B6B51F4
,
0x026C6162
,
0x196530D8
,
0x1062004E
,
0xF40695ED
,
0xFD01A57B
,
0xE608F4C1
,
0xEF0FC457
,
0xF5B0D9C6
,
0xFCB7E950
,
0xE7BEB8EA
,
0xEEB9887C
,
0x0ADD1DDF
,
0x03DA2D49
,
0x18D37CF3
,
0x11D44C65
,
0x0DB26158
,
0x04B551CE
,
0x1FBC0074
,
0x16BB30E2
,
0xF2DFA541
,
0xFBD895D7
,
0xE0D1C46D
,
0xE9D6F4FB
,
0xF369E96A
,
0xFA6ED9FC
,
0xE1678846
,
0xE860B8D0
,
0x0C042D73
,
0x05031DE5
,
0x1E0A4C5F
,
0x170D7CC9
,
0xF005713C
,
0xF90241AA
,
0xE20B1010
,
0xEB0C2086
,
0x0F68B525
,
0x066F85B3
,
0x1D66D409
,
0x1461E49F
,
0x0EDEF90E
,
0x07D9C998
,
0x1CD09822
,
0x15D7A8B4
,
0xF1B33D17
,
0xF8B40D81
,
0xE3BD5C3B
,
0xEABA6CAD
,
0xEDB88320
,
0xE4BFB3B6
,
0xFFB6E20C
,
0xF6B1D29A
,
0x12D54739
,
0x1BD277AF
,
0x00DB2615
,
0x09DC1683
,
0x13630B12
,
0x1A643B84
,
0x016D6A3E
,
0x086A5AA8
,
0xEC0ECF0B
,
0xE509FF9D
,
0xFE00AE27
,
0xF7079EB1
,
0x100F9344
,
0x1908A3D2
,
0x0201F268
,
0x0B06C2FE
,
0xEF62575D
,
0xE66567CB
,
0xFD6C3671
,
0xF46B06E7
,
0xEED41B76
,
0xE7D32BE0
,
0xFCDA7A5A
,
0xF5DD4ACC
,
0x11B9DF6F
,
0x18BEEFF9
,
0x03B7BE43
,
0x0AB08ED5
,
0x16D6A3E8
,
0x1FD1937E
,
0x04D8C2C4
,
0x0DDFF252
,
0xE9BB67F1
,
0xE0BC5767
,
0xFBB506DD
,
0xF2B2364B
,
0xE80D2BDA
,
0xE10A1B4C
,
0xFA034AF6
,
0xF3047A60
,
0x1760EFC3
,
0x1E67DF55
,
0x056E8EEF
,
0x0C69BE79
,
0xEB61B38C
,
0xE266831A
,
0xF96FD2A0
,
0xF068E236
,
0x140C7795
,
0x1D0B4703
,
0x060216B9
,
0x0F05262F
,
0x15BA3BBE
,
0x1CBD0B28
,
0x07B45A92
,
0x0EB36A04
,
0xEAD7FFA7
,
0xE3D0CF31
,
0xF8D99E8B
,
0xF1DEAE1D
,
0x1B64C2B0
,
0x1263F226
,
0x096AA39C
,
0x006D930A
,
0xE40906A9
,
0xED0E363F
,
0xF6076785
,
0xFF005713
,
0xE5BF4A82
,
0xECB87A14
,
0xF7B12BAE
,
0xFEB61B38
,
0x1AD28E9B
,
0x13D5BE0D
,
0x08DCEFB7
,
0x01DBDF21
,
0xE6D3D2D4
,
0xEFD4E242
,
0xF4DDB3F8
,
0xFDDA836E
,
0x19BE16CD
,
0x10B9265B
,
0x0BB077E1
,
0x02B74777
,
0x18085AE6
,
0x110F6A70
,
0x0A063BCA
,
0x03010B5C
,
0xE7659EFF
,
0xEE62AE69
,
0xF56BFFD3
,
0xFC6CCF45
,
0xE00AE278
,
0xE90DD2EE
,
0xF2048354
,
0xFB03B3C2
,
0x1F672661
,
0x166016F7
,
0x0D69474D
,
0x046E77DB
,
0x1ED16A4A
,
0x17D65ADC
,
0x0CDF0B66
,
0x05D83BF0
,
0xE1BCAE53
,
0xE8BB9EC5
,
0xF3B2CF7F
,
0xFAB5FFE9
,
0x1DBDF21C
,
0x14BAC28A
,
0x0FB39330
,
0x06B4A3A6
,
0xE2D03605
,
0xEBD70693
,
0xF0DE5729
,
0xF9D967BF
,
0xE3667A2E
,
0xEA614AB8
,
0xF1681B02
,
0xF86F2B94
,
0x1C0BBE37
,
0x150C8EA1
,
0x0E05DF1B
,
0x0702EF8D
};
signed
int
crc32;
unsigned char
*
byteBuf;
size_t i;
/
*
*
accumulate crc32
for
buffer
*
*
/
crc32
=
inCrc32 ^
0xFFFFFFFF
;
byteBuf
=
(unsigned char
*
) buf;
for
(i
=
0
; i < bufLen; i
+
+
) {
crc32
=
(crc32 >>
8
) ^ crcTable[(crc32 ^ byteBuf[i]) &
0xFF
];
/
/
printf(
"%.8x\n"
,crc32);
}
return
crc32 ^
0xFFFFFFFF
;
}
/
/
[
3
-
9
]
int
main(){
unsigned char buf[
100
]
=
{
0x50
,
0x50
,
0x30
,
0x4b
,
0x43
,
0x54
,
0x46
,
0x33
,
0x38
,
0x31
,
0x36
,
0x35
,
0x34
,
0x37
,
0x32
,
0x39
,
0x30
,
0x30
};
for
(
int
l
=
16
;l<
=
18
;l
+
+
){
for
(
int
a
=
0
;a<
0xff
;a
+
+
){
for
(
int
b
=
0
;b<
0xff
;b
+
+
){
for
(
int
c
=
0
;c<
0xff
;c
+
+
){
buf[
0
]
=
a;
buf[
1
]
=
b;
buf[
2
]
=
c;
unsigned
long
result
=
Crc32_ComputeBuf(
0
,buf,l);
/
/
printf(
"%.8x\n"
,result);
if
((result ^
0xF52E0765
)
=
=
0
){
buf[l]
=
0
;
printf(
"%s\n"
,buf);
}
}
}
}
}
return
0
;
}
# include <stdio.h>
# include <stdlib.h>
static unsigned
long
Crc32_ComputeBuf(unsigned
long
inCrc32, const void
*
buf, size_t bufLen) {
static const
int
crcTable[
256
]
=
{
赞赏
他的文章
看原图
赞赏
雪币:
留言: