-
-
[原创] 签到题 wp - 98k 战队
-
发表于: 2022-11-15 13:14 1531
-
拖入ida,分析程序:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 | int __cdecl main( int argc, const char * * argv, const char * * envp) { void * v3; / / rax int i; / / [rsp + 20h ] [rbp - F8h] int v6; / / [rsp + 24h ] [rbp - F4h] int v7; / / [rsp + 28h ] [rbp - F0h] std::string * v8; / / [rsp + 38h ] [rbp - E0h] std::string v9; / / [rsp + 40h ] [rbp - D8h] BYREF std::string serial; / / [rsp + 60h ] [rbp - B8h] BYREF std::string username; / / [rsp + 80h ] [rbp - 98h ] BYREF std::string digest; / / [rsp + A0h] [rbp - 78h ] BYREF std::string salt; / / [rsp + C0h] [rbp - 58h ] BYREF std::string tmp; / / [rsp + E0h] [rbp - 38h ] BYREF std::string::ctr_1(&username); std::string::ctr_1(&serial); std::ostream::write(&std::cout, "User-Name:" ); std::istream::read(&std::cin, &username); std::ostream::write(&std::cout, "Serial-Number:" ); std::istream::read(&std::cin, &serial); if ( std::string::size(&serial) ! = 32 ) fail(); std::string::ctr_0(&tmp, "4fc0296a51e6d90c794c91951886dc2b" ); std::string::ctr_0(&salt, "1841352" ); v8 = std::string::operator_add(&v9, &salt, &username); MD5(&digest, v8); for ( i = 0 ; i < 32 ; + + i ) { v6 = (i + * std::string::at(&tmp, i)) % 32 ; v7 = * std::string::at(&serial, i); if ( v7 ! = * std::string::at(&digest, v6) ) fail(); } v3 = std::ostream::write(&std::cout, "Success" ); std::ostream::write_0(v3, std::endl); system( "pause" ); std::string::dtor(&digest); std::string::dtor(&salt); std::string::dtor(&tmp); std::string::dtor(&serial); std::string::dtor(&username); return 0 ; } |
抄写,求解:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | #!/usr/bin/env python3 from hashlib import md5 def check(username, serial): salt = '1841352' tmp = '4fc0296a51e6d90c794c91951886dc2b' digest = md5((salt + username).encode()).hexdigest() for i in range ( 32 ): if digest[(i + ord (tmp[i])) % 32 ] ! = serial[i]: return False return True def solve(username): salt = '1841352' tmp = '4fc0296a51e6d90c794c91951886dc2b' serial = bytearray( 32 ) digest = md5((salt + username).encode()).hexdigest().encode() for i in range ( 32 ): serial[i] = digest[(i + ord (tmp[i])) % 32 ] return serial.decode() test_username = '6EA73E0FBD3DDC10' test_serial = '35a5fb43478e4bbe5abf5b8989e9994e' print (check(test_username, test_serial)) print (solve( 'KCTF' )) # 213d1aada77bf4a51441947c515199fb |
赞赏
他的文章
看原图
赞赏
雪币:
留言: