-
-
[原创]2022DASCTF Apr X FATE 防疫挑战赛-Reverse-奇怪的交易
-
2022-7-18 09:35 9227
-
2022DASCTF Apr X FATE 防疫挑战赛-Reverse-奇怪的交易
那天做了挺久,最后终于搞出来了:)
1.放到ida中判断出该文件使用pyinstaller打包
2.使用pyinstxtractor对exe进行反编译
3.得到奇怪的交易.pyc和PYZ-00.pyz_extracted文件夹中的pyc文件
4.反编译pyimod00_crypto_key.pyc,得到pyc.encrypted加密密钥为0000000000000tea
1 2 | #!/usr/bin/env python key = '0000000000000tea' |
5.使用tinyaes对cup.pyc.encrypted进行解密,得到解密后的pyc
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | #!/usr/bin/env python3 import tinyaes import zlib CRYPT_BLOCK_SIZE = 16 # key obtained from pyimod00_crypto_key key = bytes( '0000000000000tea' , 'utf-8' ) inf = open ( 'cup.pyc.encrypted' , 'rb' ) # encrypted file input outf = open ( 'cup310.pyc' , 'wb' ) # output file # Initialization vector iv = inf.read(CRYPT_BLOCK_SIZE) cipher = tinyaes.AES(key, iv) # Decrypt and decompress plaintext = zlib.decompress(cipher.CTR_xcrypt_buffer(inf.read())) # Write pyc header # The header below is for Python 3.10 outf.write(b '\x6f\x0d\x0d\x0a\0\0\0\0\0\0\0\0\0\0\0\0' ) # Write decrypted data outf.write(plaintext) inf.close() outf.close() |
6.反编译奇怪的交易.pyc和cup.pyc,得到main函数和encrypt函数。判断出加密函数为xxtea加密算法,得到加密的密文和密钥。
main函数不完整,但是猜测bbb就是xxtea加密后的密文,[54,54,54,54]就是密钥。
cup.py文件源码:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | #!/usr/bin/env python # visit https://tool.lu/pyc/ for more information import libnum from ctypes import * def MX(z, y, total, key, p, e): temp1 = (z.value >> 5 ^ y.value << 2 ) + (y.value >> 3 ^ z.value << 4 ) temp2 = (total.value ^ y.value) + (key[p & 3 ^ e.value] ^ z.value) return c_uint32(temp1 ^ temp2) def encrypt(v, k, z): delte = 0x9E3779B9L ᘛ = 6 + 52 / / v total = c_uint32( 0 ) ᘔ = c_uint32(k[v - 1 ]) ᘕ = c_uint32( 0 ) if ᘛ > 0 : total.value + = delte ᘕ.value = total.value >> 2 & 3 ᘚ = c_uint32(k[ 0 ]) k[v - 1 ] = c_uint32(k[v - 1 ] + MX(ᘔ, ᘚ, total, z, v - 1 , ᘕ).value).value ᘔ.value = k[v - 1 ] ᘛ - = 1 if not ᘛ > 0 : return k |
反编译奇怪的交易.py文件源码:(源码不完整)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 | #!/usr/bin/env python # visit https://tool.lu/pyc/ for more information from cup import * if __name__ = = '__main__' : flag = input ( '\xe8\xaf\xb7\xe8\xbe\x93\xe5\x85\xa5flag' ) pub_key = [ 0x649EE967E7916A825CC9FD3320BEABF263BEAC68C080F52824A0F521EDB6B78577EC52BF1C9E78F4BB71192F9A23F1A17AA76E5979E4D953329D3CA65FB4A71DA57412B59DFD6AEDF0191C5555D3E5F582B81B5E6B23163E9889204A81AFFDF119FE25C92F4ED59BD3285BCD7AAE14824240D2E33C5A97848F4EB7AAC203DE6330D2B4D8FF61691544FBECD120F99A157B3D2F58FA51B2887A9D06CA383C44D071314A12B17928B96F03A06E959A5AFEFA0183664F52CD32B9FC72A04B45913FCB2D5D2D3A415A14F611CF1EAC2D6C785142A8E9CC41B67A6CD85001B06EDB8CA767D367E56E0AE651491BF8A8C17A38A1835DB9E4A9292B1D86D5776C98CC25 , 0x647327833ACFEF1F9C83E74E171FC300FA347D4A6769476C33DA82C95120ACB38B62B33D429206FE6E9BB0BB7AB748A1036971BEA36EC47130B749C1C9FF6FE03D0F7D9FC5346EB0E575BDFA6C530AA57CD676894FC080D2DD049AB59625F4B9C78BCFD95CDCD2793E440E26E189D251121CB6EB177FEDB596409034E8B0C5BBD9BD9342235DBB226C9170EFE347FF0FD2CFF9A1F7B647CC83E4D8F005FD7125A89251C768AFE70BDD54B88116814D5030F499BCAC4673CCCC342FB4B6AC58EA5A64546DC25912B6C430529F6A7F449FD96536DE269D1A1B015A4AC6B6E46EE19DCE8143726A6503E290E4BAE6BD78319B5878981F6CFFDB3B818209341FD68B ] m = libnum.s2n(flag) c = str ( pow (m, pub_key[ 1 ], pub_key[ 0 ])) aaa = [] bbb = [ 0xD28ED952 , 1472742623 , 0xD91BA938 , 0xF9F3BD2D , 0x8EF8E43D , 617653972 , 1474514999 , 1471783658 , 1012864704 , 0xD7821910 , 993855884 , 438456717 , 0xC83555B7 , 0xE8DFF468 , 198959101 , 0xC5B84FEB , 0xD9F837C6 , 613157871 , 0x8EFA4EDD , 97286225 , 0x8B4B608C , 1471645170 , 0xC0B62792 , 583597118 , 0xAAB1C22D , 0xBDB9C266 , 1384330715 , 0xAE9F9816 , 0xD1F40B3C , 0x8206DDC3 , 0xC4E0BADC , 0xE407BD26 , 145643141 , 0x8016C6A5 , 0xAF4AB9D3 , 506798154 , 994590281 , 0x85082A0B , 0xCA0BC95A , 0xA7BE567C , 1105937096 , 1789727804 , 0xDFEFB591 , 0x93346B38 , 1162286478 , 680814033 , 0xAEE1A7A2 , 0x80E574AE , 0xF154F55F , 2121620700 , 0xFCBDA653 , 0x8E902444 , 0xCA742E12 , 0xB8424071 , 0xB4B15EC2 , 0x943BFA09 , 0xBC97CD93 , 1285603712 , 798920280 , 0x8B58328F , 0xF9822360 , 0xD1FD15EE , 1077514121 , 1436444106 , 0xA2D6C17E , 1507202797 , 500756149 , 198754565 , 0x8E014807 , 880454148 , 1970517398 , 0xBFC6EE25 , 1161840191 , 560498076 , 1782600856 , 0x9D93FEBE , 1285196205 , 788797746 , 1195724574 , 0xF2174A07 , 103427523 , 0x952BFE83 , 0xF730AC4C , 617564657 , 978211984 , 1781482121 , 0x8379D23A , 0xEAD737EE , 0xE41555FB , 659557668 , 0x99F3B244 , 1561884856 , 0x842C31A4 , 1189296962 , 169145316 , 0xA5CE044C , 1323893433 , 824667876 , 408202876 , 0xE0178482 , 0xF412BBBC , 1508996065 , 162419237 , 0xDE740B00 , 0xB7CB64FD , 0xEBCADB1F , 0x8EAE2326 , 0x933C216C , 0xD7D1F649 , 481927014 , 0xA448AC16 , 0xBC082807 , 1261069441 , 2063238535 , 0x8474A61D , 101459755 , 0xBC5654D1 , 1721190841 , 1078395785 , 176506553 , 0xD3C5280F , 1566142515 , 1938949000 , 1499289517 , 0xC59872F8 , 829714860 , 0xE51502A2 , 952932374 , 1283577465 , 2045007203 , 0xEBE6A798 , 0xE09575CD , 0xADDF4157 , 0xC4770191 , 482297421 , 1734231412 , 0xDAC71054 , 0x99807E43 , 0xA88D74B1 , 0xCB77E028 , 1533519803 , 0xEEEBC3B6 , 0xE7E680E5 , 272960248 , 317508587 , 0xC4B10CDC , 0x91776399 , 27470488 , 1666674386 , 1737927609 , 750987808 , 0x8E364D8F , 0xA0985A77 , 562925334 , 0x837D6DC3 ] i = 0 if i < len (c): ᘞ = 0 aaa.append(ᘞ) i + = 4 if not i < en(c): ᘝ = [ 54 , 54 , 54 , 54 ] ccc = len (aaa) res = encrypt(ccc, aaa, ᘝ) if aaa = = bbb: print ( 'You are right!' ) input ('') quit() print ( 'Why not drink a cup of tea and have a rest?' ) continue |
7.对密文进行解密,得到flag变换后的明文
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 | from ctypes import * def MX(z, y, total, key, p, e): temp1 = (z.value>> 5 ^ y.value<< 2 ) + (y.value>> 3 ^ z.value<< 4 ) temp2 = (total.value ^ y.value) + (key[(p& 3 ) ^ e.value] ^ z.value) return c_uint32(temp1 ^ temp2) def decrypt(n, v, key): delta = 0x9e3779b9 rounds = 6 + 52 / / n total = c_uint32(rounds * delta) y = c_uint32(v[ 0 ]) e = c_uint32( 0 ) while rounds > 0 : e.value = (total.value >> 2 ) & 3 for p in range (n - 1 , 0 , - 1 ): z = c_uint32(v[p - 1 ]) v[p] = c_uint32((v[p] - MX(z,y,total,key,p,e).value)).value y.value = v[p] z = c_uint32(v[n - 1 ]) v[ 0 ] = c_uint32(v[ 0 ] - MX(z,y,total,key, 0 ,e).value).value y.value = v[ 0 ] total.value - = delta rounds - = 1 return v import binascii if __name__ = = "__main__" : v = [ 0xD28ED952 , 1472742623 , 0xD91BA938 , 0xF9F3BD2D , 0x8EF8E43D , 617653972 , 1474514999 , 1471783658 , 1012864704 , 0xD7821910 , 993855884 , 438456717 , 0xC83555B7 , 0xE8DFF468 , 198959101 , 0xC5B84FEB , 0xD9F837C6 , 613157871 , 0x8EFA4EDD , 97286225 , 0x8B4B608C , 1471645170 , 0xC0B62792 , 583597118 , 0xAAB1C22D , 0xBDB9C266 , 1384330715 , 0xAE9F9816 , 0xD1F40B3C , 0x8206DDC3 , 0xC4E0BADC , 0xE407BD26 , 145643141 , 0x8016C6A5 , 0xAF4AB9D3 , 506798154 , 994590281 , 0x85082A0B , 0xCA0BC95A , 0xA7BE567C , 1105937096 , 1789727804 , 0xDFEFB591 , 0x93346B38 , 1162286478 , 680814033 , 0xAEE1A7A2 , 0x80E574AE , 0xF154F55F , 2121620700 , 0xFCBDA653 , 0x8E902444 , 0xCA742E12 , 0xB8424071 , 0xB4B15EC2 , 0x943BFA09 , 0xBC97CD93 , 1285603712 , 798920280 , 0x8B58328F , 0xF9822360 , 0xD1FD15EE , 1077514121 , 1436444106 , 0xA2D6C17E , 1507202797 , 500756149 , 198754565 , 0x8E014807 , 880454148 , 1970517398 , 0xBFC6EE25 , 1161840191 , 560498076 , 1782600856 , 0x9D93FEBE , 1285196205 , 788797746 , 1195724574 , 0xF2174A07 , 103427523 , 0x952BFE83 , 0xF730AC4C , 617564657 , 978211984 , 1781482121 , 0x8379D23A , 0xEAD737EE , 0xE41555FB , 659557668 , 0x99F3B244 , 1561884856 , 0x842C31A4 , 1189296962 , 169145316 , 0xA5CE044C , 1323893433 , 824667876 , 408202876 , 0xE0178482 , 0xF412BBBC , 1508996065 , 162419237 , 0xDE740B00 , 0xB7CB64FD , 0xEBCADB1F , 0x8EAE2326 , 0x933C216C , 0xD7D1F649 , 481927014 , 0xA448AC16 , 0xBC082807 , 1261069441 , 2063238535 , 0x8474A61D , 101459755 , 0xBC5654D1 , 1721190841 , 1078395785 , 176506553 , 0xD3C5280F , 1566142515 , 1938949000 , 1499289517 , 0xC59872F8 , 829714860 , 0xE51502A2 , 952932374 , 1283577465 , 2045007203 , 0xEBE6A798 , 0xE09575CD , 0xADDF4157 , 0xC4770191 , 482297421 , 1734231412 , 0xDAC71054 , 0x99807E43 , 0xA88D74B1 , 0xCB77E028 , 1533519803 , 0xEEEBC3B6 , 0xE7E680E5 , 272960248 , 317508587 , 0xC4B10CDC , 0x91776399 , 27470488 , 1666674386 , 1737927609 , 750987808 , 0x8E364D8F , 0xA0985A77 , 562925334 , 0x837D6DC3 ] k = [ 54 ] * 4 n = len (v) res = decrypt(n, v, k) res1 = '' for i in res: j = hex (i)[ 2 :] #print ( binascii.unhexlify(i)) print ( binascii.a2b_hex(j)) res1 + = j #res1 = bytes(res1) print (res1) print ( binascii.a2b_hex(res1) ) |
8.根据代码flag = str( pow(m, pub_key[1], pub_key[0]))等价与求RSA解密后明文。通过pub_key的值发现e和n非常大且十分接近,那么可以利用RSA的维纳攻击直接解出flag。
1 2 3 4 5 6 7 8 9 10 11 12 13 | from Crypto.Util.number import * from gmpy2 import * from RSAwienerHacker import * import libnum n = 0x649EE967E7916A825CC9FD3320BEABF263BEAC68C080F52824A0F521EDB6B78577EC52BF1C9E78F4BB71192F9A23F1A17AA76E5979E4D953329D3CA65FB4A71DA57412B59DFD6AEDF0191C5555D3E5F582B81B5E6B23163E9889204A81AFFDF119FE25C92F4ED59BD3285BCD7AAE14824240D2E33C5A97848F4EB7AAC203DE6330D2B4D8FF61691544FBECD120F99A157B3D2F58FA51B2887A9D06CA383C44D071314A12B17928B96F03A06E959A5AFEFA0183664F52CD32B9FC72A04B45913FCB2D5D2D3A415A14F611CF1EAC2D6C785142A8E9CC41B67A6CD85001B06EDB8CA767D367E56E0AE651491BF8A8C17A38A1835DB9E4A9292B1D86D5776C98CC25 e = 0x647327833ACFEF1F9C83E74E171FC300FA347D4A6769476C33DA82C95120ACB38B62B33D429206FE6E9BB0BB7AB748A1036971BEA36EC47130B749C1C9FF6FE03D0F7D9FC5346EB0E575BDFA6C530AA57CD676894FC080D2DD049AB59625F4B9C78BCFD95CDCD2793E440E26E189D251121CB6EB177FEDB596409034E8B0C5BBD9BD9342235DBB226C9170EFE347FF0FD2CFF9A1F7B647CC83E4D8F005FD7125A89251C768AFE70BDD54B88116814D5030F499BCAC4673CCCC342FB4B6AC58EA5A64546DC25912B6C430529F6A7F449FD96536DE269D1A1B015A4AC6B6E46EE19DCE8143726A6503E290E4BAE6BD78319B5878981F6CFFDB3B818209341FD68B c = 10610336534759505889607399322387179316771488492347274741918862678692508953185876570981227584004676580623553664818853686933004290078153620168054665086468417541382824708104480882577200529822968531743002301934310349005341104696887943182074473298650903541494918266823037984054778903666406545980557074219162536057146090758158128189406073809226361445046225524917089434897957301396534515964547462425719205819342172669899546965221084098690893672595962129879041507903210851706793788311452973769358455761907303633956322972510500253009083922781934406731633755418753858930476576720874219359466503538931371444470303193503733920039 d = hack_RSA(e,n) flag = long_to_bytes( pow (c,d,n)) print (flag) b 'flag{You_Need_Some_Tea}' |
工具来源:
https://github.com/extremecoders-re/pyinstxtractor
https://tool.lu/pyc/
https://github.com/pablocelayes/rsa-wiener-attack
[CTF入门培训]顶尖高校博士及硕士团队亲授《30小时教你玩转CTF》,视频+靶场+题目!助力进入CTF世界
最后于 2022-7-18 20:42
被XUNVVAY编辑
,原因: 添加标题
赞赏
看原图