首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 看雪峰会 看雪商城 证书查询
  1. 看雪社区
  2. CTF对抗
    3. 发新帖
[原创]KCTF 2023 第八题 AI核心地带
2023-9-18 02:03 2590

[原创]KCTF 2023 第八题 AI核心地带

ThTsOd 活跃值
1
2023-9-18 02:03
2590

输入范围是数字

COUNT & 1 == 1时,计算结果相加为 mod 10

COUNT & 1 != 1时,计算结果相加不为 mod 10,有其他校验

观察到401283,edi != 9 时为正确输入

修改程序爆破

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
def CCC(i):
    if(i & 1):
        num = (52 - (0xFFFEC610 >> (i % 0x1F))) % 10
    else:
        num = (52 - (0xFFFEC610 >> (i % 0x1F))) % 10
    return num
 
import subprocess
import os
F = ""
for L in range(1000):
    tempF = F
    print(tempF)
    num = CCC(L)
    if(L&1):
        F += chr(48+num)
        s = subprocess.Popen("Z.exe",stdout=subprocess.PIPE, stdin=subprocess.PIPE, shell=True)
        s.stdin.write((F).encode()+b"\n")
        s.stdin.close()
        out = s.stdout.read()
        if(b'OK' in out):
            print("ACCEPTED",F)
            exit(0)
        continue
    else:
        T=-1
        for i in range(0,10):
            if(i == num):
                continue
            s = subprocess.Popen("Z.exe",stdout=subprocess.PIPE, stdin=subprocess.PIPE, shell=True)
            s.stdin.write((tempF+chr(48+i)).encode()+b"\n")
            s.stdin.close()
            out = s.stdout.read()
            s.stdout.close()
            if(b'OK' in out):
                F += chr(48+i)
                print("ACCEPTED",F)
                exit(0)
            if(b'FAIL' in out):
                F += chr(48+i)
                T=i
                break
        if(T==-1):
            print("Error")

得到一个非常长的答案

582606981190746395118531851185249089744027265368693769576937697816165851808443150195011501950410798490871663488927792799277958360668112074539521851185318514909974002766535869476937695769681626582180144305010501950115040079949037162348792789277927995826067811907483951185218511853490897410272653986937694769376988161658318084433501950105019504207984904716634829277927892779584606681100745395418511852185149009740027365358697769376947696816365821809443050125019501050400790490371673487927


[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法

收藏
点赞0
打赏
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
 回帖  表情 雪币赚取及消费
高级回复
返回