[原创]2022DASCTF Apr X FATE 防疫挑战赛-Reverse-奇怪的交易-CTF对抗-看雪-安全社区|安全招聘|kanxue.com

[原创]2022DASCTF Apr X FATE 防疫挑战赛-Reverse-奇怪的交易

2022-7-18 09:35 9227

[原创]2022DASCTF Apr X FATE 防疫挑战赛-Reverse-奇怪的交易

XUNVVAY

2022-7-18 09:35

9227

2022DASCTF Apr X FATE 防疫挑战赛-Reverse-奇怪的交易

那天做了挺久，最后终于搞出来了:)
1.放到ida中判断出该文件使用pyinstaller打包
2.使用pyinstxtractor对exe进行反编译
3.得到奇怪的交易.pyc和PYZ-00.pyz_extracted文件夹中的pyc文件
4.反编译pyimod00_crypto_key.pyc，得到pyc.encrypted加密密钥为0000000000000tea

1 2	`#!/usr/bin/env python` `key` `=` `'0000000000000tea'`

5.使用tinyaes对cup.pyc.encrypted进行解密，得到解密后的pyc

#!/usr/bin/env python3
import tinyaes
import zlib
CRYPT_BLOCK_SIZE = 16
 
# key obtained from pyimod00_crypto_key
key = bytes('0000000000000tea', 'utf-8')
 
inf = open('cup.pyc.encrypted', 'rb') # encrypted file input
outf = open('cup310.pyc', 'wb') # output file 
 
# Initialization vector
iv = inf.read(CRYPT_BLOCK_SIZE)
 
cipher = tinyaes.AES(key, iv)
 
# Decrypt and decompress
plaintext = zlib.decompress(cipher.CTR_xcrypt_buffer(inf.read()))
 
# Write pyc header
# The header below is for Python 3.10
outf.write(b'\x6f\x0d\x0d\x0a\0\0\0\0\0\0\0\0\0\0\0\0')
# Write decrypted data
outf.write(plaintext)
 
inf.close()
outf.close()

6.反编译奇怪的交易.pyc和cup.pyc，得到main函数和encrypt函数。判断出加密函数为xxtea加密算法，得到加密的密文和密钥。
main函数不完整，但是猜测bbb就是xxtea加密后的密文，[54,54,54,54]就是密钥。
cup.py文件源码：

#!/usr/bin/env python
# visit https://tool.lu/pyc/ for more information
import libnum
from ctypes import *
 
def MX(z, y, total, key, p, e):
    temp1 = (z.value >> 5 ^ y.value << 2) + (y.value >> 3 ^ z.value << 4)
    temp2 = (total.value ^ y.value) + (key[p & 3 ^ e.value] ^ z.value)
    return c_uint32(temp1 ^ temp2)
 
 
def encrypt(v, k, z):
    delte = 0x9E3779B9L
    ᘛ = 6 + 52 // v
    total = c_uint32(0)
    ᘔ = c_uint32(k[v - 1])
    ᘕ = c_uint32(0)
    if ᘛ > 0:
        total.value += delte
        ᘕ.value = total.value >> 2 & 3
        ᘚ = c_uint32(k[0])
        k[v - 1] = c_uint32(k[v - 1] + MX(ᘔ, ᘚ, total, z, v - 1, ᘕ).value).value
        ᘔ.value = k[v - 1]
        ᘛ -= 1
        if not ᘛ > 0:
            return k

反编译奇怪的交易.py文件源码：（源码不完整）

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

#!/usr/bin/env python
# visit https://tool.lu/pyc/ for more information
from cup import *
if __name__ == '__main__':
    flag = input('\xe8\xaf\xb7\xe8\xbe\x93\xe5\x85\xa5flag')
    pub_key = [
        0x649EE967E7916A825CC9FD3320BEABF263BEAC68C080F52824A0F521EDB6B78577EC52BF1C9E78F4BB71192F9A23F1A17AA76E5979E4D953329D3CA65FB4A71DA57412B59DFD6AEDF0191C5555D3E5F582B81B5E6B23163E9889204A81AFFDF119FE25C92F4ED59BD3285BCD7AAE14824240D2E33C5A97848F4EB7AAC203DE6330D2B4D8FF61691544FBECD120F99A157B3D2F58FA51B2887A9D06CA383C44D071314A12B17928B96F03A06E959A5AFEFA0183664F52CD32B9FC72A04B45913FCB2D5D2D3A415A14F611CF1EAC2D6C785142A8E9CC41B67A6CD85001B06EDB8CA767D367E56E0AE651491BF8A8C17A38A1835DB9E4A9292B1D86D5776C98CC25,
        0x647327833ACFEF1F9C83E74E171FC300FA347D4A6769476C33DA82C95120ACB38B62B33D429206FE6E9BB0BB7AB748A1036971BEA36EC47130B749C1C9FF6FE03D0F7D9FC5346EB0E575BDFA6C530AA57CD676894FC080D2DD049AB59625F4B9C78BCFD95CDCD2793E440E26E189D251121CB6EB177FEDB596409034E8B0C5BBD9BD9342235DBB226C9170EFE347FF0FD2CFF9A1F7B647CC83E4D8F005FD7125A89251C768AFE70BDD54B88116814D5030F499BCAC4673CCCC342FB4B6AC58EA5A64546DC25912B6C430529F6A7F449FD96536DE269D1A1B015A4AC6B6E46EE19DCE8143726A6503E290E4BAE6BD78319B5878981F6CFFDB3B818209341FD68B]
    m = libnum.s2n(flag)
    c = str(pow(m, pub_key[1], pub_key[0]))
    aaa = []
    bbb = [
        0xD28ED952,
        1472742623,
        0xD91BA938,
        0xF9F3BD2D,
        0x8EF8E43D,
        617653972,
        1474514999,
        1471783658,
        1012864704,
        0xD7821910,
        993855884,
        438456717,
        0xC83555B7,
        0xE8DFF468,
        198959101,
        0xC5B84FEB,
        0xD9F837C6,
        613157871,
        0x8EFA4EDD,
        97286225,
        0x8B4B608C,
        1471645170,
        0xC0B62792,
        583597118,
        0xAAB1C22D,
        0xBDB9C266,
        1384330715,
        0xAE9F9816,
        0xD1F40B3C,
        0x8206DDC3,
        0xC4E0BADC,
        0xE407BD26,
        145643141,
        0x8016C6A5,
        0xAF4AB9D3,
        506798154,
        994590281,
        0x85082A0B,
        0xCA0BC95A,
        0xA7BE567C,
        1105937096,
        1789727804,
        0xDFEFB591,
        0x93346B38,
        1162286478,
        680814033,
        0xAEE1A7A2,
        0x80E574AE,
        0xF154F55F,
        2121620700,
        0xFCBDA653,
        0x8E902444,
        0xCA742E12,
        0xB8424071,
        0xB4B15EC2,
        0x943BFA09,
        0xBC97CD93,
        1285603712,
        798920280,
        0x8B58328F,
        0xF9822360,
        0xD1FD15EE,
        1077514121,
        1436444106,
        0xA2D6C17E,
        1507202797,
        500756149,
        198754565,
        0x8E014807,
        880454148,
        1970517398,
        0xBFC6EE25,
        1161840191,
        560498076,
        1782600856,
        0x9D93FEBE,
        1285196205,
        788797746,
        1195724574,
        0xF2174A07,
        103427523,
        0x952BFE83,
        0xF730AC4C,
        617564657,
        978211984,
        1781482121,
        0x8379D23A,
        0xEAD737EE,
        0xE41555FB,
        659557668,
        0x99F3B244,
        1561884856,
        0x842C31A4,
        1189296962,
        169145316,
        0xA5CE044C,
        1323893433,
        824667876,
        408202876,
        0xE0178482,
        0xF412BBBC,
        1508996065,
        162419237,
        0xDE740B00,
        0xB7CB64FD,
        0xEBCADB1F,
        0x8EAE2326,
        0x933C216C,
        0xD7D1F649,
        481927014,
        0xA448AC16,
        0xBC082807,
        1261069441,
        2063238535,
        0x8474A61D,
        101459755,
        0xBC5654D1,
        1721190841,
        1078395785,
        176506553,
        0xD3C5280F,
        1566142515,
        1938949000,
        1499289517,
        0xC59872F8,
        829714860,
        0xE51502A2,
        952932374,
        1283577465,
        2045007203,
        0xEBE6A798,
        0xE09575CD,
        0xADDF4157,
        0xC4770191,
        482297421,
        1734231412,
        0xDAC71054,
        0x99807E43,
        0xA88D74B1,
        0xCB77E028,
        1533519803,
        0xEEEBC3B6,
        0xE7E680E5,
        272960248,
        317508587,
        0xC4B10CDC,
        0x91776399,
        27470488,
        1666674386,
        1737927609,
        750987808,
        0x8E364D8F,
        0xA0985A77,
        562925334,
        0x837D6DC3]
    i = 0
    if i < len(c):
        ᘞ = 0
        aaa.append(ᘞ)
        i += 4
        if not i < en(c):
            ᘝ = [
                54,
                54,
                54,
                54]
            ccc = len(aaa)
            res = encrypt(ccc, aaa, ᘝ)
            if aaa == bbb:
                print('You are right!')
                input('')
                quit()
 
print('Why not drink a cup of tea and have a rest?')
continue

7.对密文进行解密，得到flag变换后的明文

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

from ctypes import *
def MX(z, y, total, key, p, e):
    temp1 = (z.value>>5 ^ y.value<<2) + (y.value>>3 ^ z.value<<4)
    temp2 = (total.value ^ y.value) + (key[(p&3) ^ e.value] ^ z.value)
    return c_uint32(temp1 ^ temp2)
 
def decrypt(n, v, key):
    delta = 0x9e3779b9
    rounds = 6 + 52//n 
 
    total = c_uint32(rounds * delta)
    y = c_uint32(v[0])
    e = c_uint32(0)
 
    while rounds > 0:
        e.value = (total.value >> 2) & 3
        for p in range(n-1, 0, -1):
            z = c_uint32(v[p-1])
            v[p] = c_uint32((v[p] - MX(z,y,total,key,p,e).value)).value
            y.value = v[p]
        z = c_uint32(v[n-1])  
        v[0] = c_uint32(v[0] - MX(z,y,total,key,0,e).value).value
        y.value = v[0]  
        total.value -= delta
        rounds -= 1
 
    return v 
 
import binascii
if __name__ == "__main__":
    v = [
        0xD28ED952,
        1472742623,
        0xD91BA938,
        0xF9F3BD2D,
        0x8EF8E43D,
        617653972,
        1474514999,
        1471783658,
        1012864704,
        0xD7821910,
        993855884,
        438456717,
        0xC83555B7,
        0xE8DFF468,
        198959101,
        0xC5B84FEB,
        0xD9F837C6,
        613157871,
        0x8EFA4EDD,
        97286225,
        0x8B4B608C,
        1471645170,
        0xC0B62792,
        583597118,
        0xAAB1C22D,
        0xBDB9C266,
        1384330715,
        0xAE9F9816,
        0xD1F40B3C,
        0x8206DDC3,
        0xC4E0BADC,
        0xE407BD26,
        145643141,
        0x8016C6A5,
        0xAF4AB9D3,
        506798154,
        994590281,
        0x85082A0B,
        0xCA0BC95A,
        0xA7BE567C,
        1105937096,
        1789727804,
        0xDFEFB591,
        0x93346B38,
        1162286478,
        680814033,
        0xAEE1A7A2,
        0x80E574AE,
        0xF154F55F,
        2121620700,
        0xFCBDA653,
        0x8E902444,
        0xCA742E12,
        0xB8424071,
        0xB4B15EC2,
        0x943BFA09,
        0xBC97CD93,
        1285603712,
        798920280,
        0x8B58328F,
        0xF9822360,
        0xD1FD15EE,
        1077514121,
        1436444106,
        0xA2D6C17E,
        1507202797,
        500756149,
        198754565,
        0x8E014807,
        880454148,
        1970517398,
        0xBFC6EE25,
        1161840191,
        560498076,
        1782600856,
        0x9D93FEBE,
        1285196205,
        788797746,
        1195724574,
        0xF2174A07,
        103427523,
        0x952BFE83,
        0xF730AC4C,
        617564657,
        978211984,
        1781482121,
        0x8379D23A,
        0xEAD737EE,
        0xE41555FB,
        659557668,
        0x99F3B244,
        1561884856,
        0x842C31A4,
        1189296962,
        169145316,
        0xA5CE044C,
        1323893433,
        824667876,
        408202876,
        0xE0178482,
        0xF412BBBC,
        1508996065,
        162419237,
        0xDE740B00,
        0xB7CB64FD,
        0xEBCADB1F,
        0x8EAE2326,
        0x933C216C,
        0xD7D1F649,
        481927014,
        0xA448AC16,
        0xBC082807,
        1261069441,
        2063238535,
        0x8474A61D,
        101459755,
        0xBC5654D1,
        1721190841,
        1078395785,
        176506553,
        0xD3C5280F,
        1566142515,
        1938949000,
        1499289517,
        0xC59872F8,
        829714860,
        0xE51502A2,
        952932374,
        1283577465,
        2045007203,
        0xEBE6A798,
        0xE09575CD,
        0xADDF4157,
        0xC4770191,
        482297421,
        1734231412,
        0xDAC71054,
        0x99807E43,
        0xA88D74B1,
        0xCB77E028,
        1533519803,
        0xEEEBC3B6,
        0xE7E680E5,
        272960248,
        317508587,
        0xC4B10CDC,
        0x91776399,
        27470488,
        1666674386,
        1737927609,
        750987808,
        0x8E364D8F,
        0xA0985A77,
        562925334,
        0x837D6DC3]
 
    k = [54]*4
    n = len(v)
 
    res = decrypt(n, v, k)
    res1 = ''
    for i in res:
        j = hex(i)[2:]
        #print ( binascii.unhexlify(i))
        print ( binascii.a2b_hex(j))
        res1+=j
    #res1 = bytes(res1)
    print(res1)
    print( binascii.a2b_hex(res1) )

8.根据代码flag = str( pow(m, pub_key[1], pub_key[0]))等价与求RSA解密后明文。通过pub_key的值发现e和n非常大且十分接近，那么可以利用RSA的维纳攻击直接解出flag。

from Crypto.Util.number import *
from gmpy2 import *
from RSAwienerHacker import *
import libnum
n= 0x649EE967E7916A825CC9FD3320BEABF263BEAC68C080F52824A0F521EDB6B78577EC52BF1C9E78F4BB71192F9A23F1A17AA76E5979E4D953329D3CA65FB4A71DA57412B59DFD6AEDF0191C5555D3E5F582B81B5E6B23163E9889204A81AFFDF119FE25C92F4ED59BD3285BCD7AAE14824240D2E33C5A97848F4EB7AAC203DE6330D2B4D8FF61691544FBECD120F99A157B3D2F58FA51B2887A9D06CA383C44D071314A12B17928B96F03A06E959A5AFEFA0183664F52CD32B9FC72A04B45913FCB2D5D2D3A415A14F611CF1EAC2D6C785142A8E9CC41B67A6CD85001B06EDB8CA767D367E56E0AE651491BF8A8C17A38A1835DB9E4A9292B1D86D5776C98CC25
e= 0x647327833ACFEF1F9C83E74E171FC300FA347D4A6769476C33DA82C95120ACB38B62B33D429206FE6E9BB0BB7AB748A1036971BEA36EC47130B749C1C9FF6FE03D0F7D9FC5346EB0E575BDFA6C530AA57CD676894FC080D2DD049AB59625F4B9C78BCFD95CDCD2793E440E26E189D251121CB6EB177FEDB596409034E8B0C5BBD9BD9342235DBB226C9170EFE347FF0FD2CFF9A1F7B647CC83E4D8F005FD7125A89251C768AFE70BDD54B88116814D5030F499BCAC4673CCCC342FB4B6AC58EA5A64546DC25912B6C430529F6A7F449FD96536DE269D1A1B015A4AC6B6E46EE19DCE8143726A6503E290E4BAE6BD78319B5878981F6CFFDB3B818209341FD68B
c= 10610336534759505889607399322387179316771488492347274741918862678692508953185876570981227584004676580623553664818853686933004290078153620168054665086468417541382824708104480882577200529822968531743002301934310349005341104696887943182074473298650903541494918266823037984054778903666406545980557074219162536057146090758158128189406073809226361445046225524917089434897957301396534515964547462425719205819342172669899546965221084098690893672595962129879041507903210851706793788311452973769358455761907303633956322972510500253009083922781934406731633755418753858930476576720874219359466503538931371444470303193503733920039
 
d=hack_RSA(e,n)
flag=long_to_bytes(pow(c,d,n))
print(flag)
 
b'flag{You_Need_Some_Tea}'