-
-
[原创] 第四题 神秘信号 简短writeup
-
发表于: 2024-8-22 12:30 5055
-
随便写一些吧 这两天看了一眼第四题感觉很有意思 并且没有那种大规模的混淆和逆向适合我这种逆向菜鸟
从下载下来后本题是一个pyinstaller打包的程序,并且通过在线解包或者工具解包后反编译后可以得到其main.py的大部分代码
所以我们不知道CrackMe模块是什么.这里在做题的时候就掉到了一个rabbit hole中.想的是出题人是否魔改了一些pyinstaller的东西导致了一些问题.后来发现并没有.同时由于他的合法输入输出有些规律可循所以我就猜出来了他的一些变换然后经过一些小爆破分割位置和Hello Wolrd!的信息.最后做出来了
当然这个比较非预期,于是下文主要探究下这个题的有趣预期解
经过diff后我把目光转到了_internal\base_library.zip
他的主逻辑入口藏到了_internal\base_library.zip中,由于我们在前文知道了我们没有模块CrackMe而且不是pyinstaller的问题.同时在base_library中其实有些数据的代码和原始文件不太一样,另外可以参考下作者发过的一篇文章关于import过程https://bbs.kanxue.com/thread-276520.htm .从我们的角度上来看_internal\base_library\codecs.pyc确实里面还有一些其他的逻辑比如这里(代码经过pycdump并且手撸)
经过还原后差不多是这样他劫持了import的过程比如name是crackme他会指向base64
并且他还会删除掉已有的base64相关的main函数以防止其他的调用出现冲突
然后sys.modules['_frozen_importlib']._find_and_load.code = fun.__code__就是主要劫持的部分
这个详细可以在https://bbs.kanxue.com/thread-276520.htm 这篇文章中有比较详细的过程说明
然后我们可以翻一下解包后pyinstaller的base64.pyc 并且对其进行反编译发现其还存在这样的一段逻辑
其替换了base64.main的函数并且填充自己的内容,这里我们为了方便可以在该反编译后的目录进行
之后我们就可以得到patch后的base64.main的function的bytecode代码
经过一些手撸(gpt)的帮助我们可以得到一个大概的代码
不过到这里我们并没有将该题目完成因为如果按照之前的操作可以发现他传入是错误的
所以我们可以采取'sss'.encode()的操作猜出来其格式但是按照合法的输入输出进行验证发现不能正常通过
之后我们继续在base_libaray.zip中进行寻找后我们发现了另外一个可疑的的文件os.pyc对其进行bytecode dump后我们发现了这段可疑的代码
通过一些手撸(gpt)后我们可以得到一个大概的代码:
我们可以看到其往input的部分注入了其自己的shellcode
也就代表当运行input的时候可以加载自己的shellcode函数
原理可以参考作者的另一篇文章 https://bbs.kanxue.com/thread-276493.htm
提取后shellcode之后我们看到了其真正的逻辑
将所有逻辑穿起来后可以正常解密
import
CrackMe
print
(
'(账号密码由字母大小写、数字、!、空格组成)'
)
print
(
'请输入账号:'
)
h
=
input
()
z
=
CrackMe.main(h)
if
len
(z) <
20
:
key
=
'dZpKdrsiB6cndrGY'
+
z
else
:
key
=
z[
0
:
4
]
+
'dZpK'
+
z[
4
:
8
]
+
'drsi'
+
z[
8
:
12
]
+
'B6cn'
+
z[
12
:
16
]
+
'drGY'
+
z[
16
:]
print
(
'请输入验证码:'
)
h
=
input
()
m
=
CrackMe.main(h)
if
key
=
=
m:
print
(
'Success'
)
print
(
'Fail'
)
import
CrackMe
print
(
'(账号密码由字母大小写、数字、!、空格组成)'
)
print
(
'请输入账号:'
)
h
=
input
()
z
=
CrackMe.main(h)
if
len
(z) <
20
:
key
=
'dZpKdrsiB6cndrGY'
+
z
else
:
key
=
z[
0
:
4
]
+
'dZpK'
+
z[
4
:
8
]
+
'drsi'
+
z[
8
:
12
]
+
'B6cn'
+
z[
12
:
16
]
+
'drGY'
+
z[
16
:]
print
(
'请输入验证码:'
)
h
=
input
()
m
=
CrackMe.main(h)
if
key
=
=
m:
print
(
'Success'
)
print
(
'Fail'
)
def
fun(name):
a
=
0
if
len
(name)
=
=
7
and
name[
0
]
=
=
'C'
and
name[
1
]
=
=
'r'
and
name[
2
]
=
=
'a'
and
\
name[
3
]
=
=
'c'
and
name[
4
]
=
=
'k'
and
name[
5
]
=
=
'M'
and
name[
6
]
=
=
'e'
:
name
=
'base64'
a
=
1
module
=
sys.modules.get(name, _NEEDS_LOADING)
if
module
is
_NEEDS_LOADING:
with _ModuleLockManager(name):
module
=
sys.modules.get(name, _NEEDS_LOADING)
if
module
is
_NEEDS_LOADING
and
a
=
=
1
:
m
=
_find_and_load_unlocked(name, import_)
for
i
in
dir
(m):
if
i
not
in
[
'__builtins__'
,
'__cached__'
,
'__loader__'
,
'__package__'
,
'__spec__'
]:
if
len
(i)
=
=
4
and
i
=
=
'main'
:
delattr
(m, i)
# More checks for attributes 'a', 'i', 'n'
# Cleanup and return
_lock_unlock_module(name)
return
None
sys.modules[
'_frozen_importlib'
]._find_and_load.__code__
=
fun.__code__
def
fun(name):
a
=
0
if
len
(name)
=
=
7
and
name[
0
]
=
=
'C'
and
name[
1
]
=
=
'r'
and
name[
2
]
=
=
'a'
and
\
name[
3
]
=
=
'c'
and
name[
4
]
=
=
'k'
and
name[
5
]
=
=
'M'
and
name[
6
]
=
=
'e'
:
name
=
'base64'
a
=
1
module
=
sys.modules.get(name, _NEEDS_LOADING)
if
module
is
_NEEDS_LOADING:
with _ModuleLockManager(name):
module
=
sys.modules.get(name, _NEEDS_LOADING)
if
module
is
_NEEDS_LOADING
and
a
=
=
1
:
m
=
_find_and_load_unlocked(name, import_)
for
i
in
dir
(m):
if
i
not
in
[
'__builtins__'
,
'__cached__'
,
'__loader__'
,
'__package__'
,
'__spec__'
]:
if
len
(i)
=
=
4
and
i
=
=
'main'
:
delattr
(m, i)
# More checks for attributes 'a', 'i', 'n'
# Cleanup and return
_lock_unlock_module(name)
return
None
sys.modules[
'_frozen_importlib'
]._find_and_load.__code__
=
fun.__code__
a
=
main.__code__.replace(
1
, (), b
'd%01}%01d%02}%02d%03}%03d%04}%04|%00D%00]%1c}%05|%05d%05A%00}%05|%04|%05%a0%00d%06d%07%a1%02%17%00}%04q%14|%04}%00t%01d%02t%02|%00%83%01d%08%83%03D%00]%90}%05|%00|%05|%05d%08%17%00%85%02%19%00}%06d%01%a0%03d\td\n%84%00|%06D%00%83%01%a1%01}%07t%01d%02t%02|%07%83%01d%0b%83%03D%00]V}%08|%07|%08|%08d%0b%17%00%85%02%19%00}\tt%02|\t%83%01d%0bk%00r%c2|%02d%0bt%02|\t%83%01%18%007%00}%02|\td%0cd%0bt%02|\t%83%01%18%00%14%007%00}\t|%01|%03t%04|\td\r%83%02%19%007%00}%01q~qF|%01d%0e|%02d\r%1a%00%14%007%00}%01t%01t%02|%01%83%01d\r%1a%00%83%01D%00]L}%05|%01|%05d\r%14%00%19%00}\n|%01|%05d\r%14%00d%06%17%00%19%00}%0b|%01d%00|%05d\r%14%00%85%02%19%00|%0b%17%00|\n%17%00|%01|%05d\r%14%00d\r%17%00d%00%85%02%19%00%17%00}%01q%f8|%01S%00'
, (
None
, '
', 0, '
ZQ
+
U7tSBEKVzyf5coCwb94Dd6raT0eLNin12Hp8mOxFuvMgIPlhRY3WjksqJAXG
/
', b'
', 85, 1, '
little
', 3, compile('
', '
', '
exec
').replace(1, (), b'
|
%
00
]
%
10
}
%
01t
%
00
|
%
01d
%
00
%
83
%
02V
%
00
%
01
%
00q
%
02d
%
01S
%
00
', ('
08b
', None), '
', 19, 115, (), 0, b'
', '
', ('
format
',), 2, 0, 4, ('
.
0
', '
byte
'), **('
co_argcount
', '
co_cellvars
', '
co_code
', '
co_consts
', '
co_filename
', '
co_firstlineno
', '
co_flags
', '
co_freevars
', '
co_kwonlyargcount
', '
co_lnotab
', '
co_name
', '
co_names
', '
co_nlocals
', '
co_posonlyargcount
', '
co_stacksize
', '
co_varnames
')), '
', 6, '
0
', 2, '
!
'), '
', 4, 67, (), 0, b'
', '
', ('
to_bytes
', '
range
', '
len
', '
join
', '
int
'), 12, 0, 7, ('
data
', '
encoded_str
', '
padding
', '
base64_chars
', '
ww
', '
i
', '
chunk
', '
binary_str
', '
j
', '
six_bits
', '
a
', '
b
'), **('
co_argcount
', '
co_cellvars
', '
co_code
', '
co_consts
', '
co_filename
', '
co_firstlineno
', '
co_flags
', '
co_freevars
', '
co_kwonlyargcount
', '
co_lnotab
', '
co_name
', '
co_names
', '
co_nlocals
', '
co_posonlyargcount
', '
co_stacksize
', '
co_varnames'))
main.__code__
=
a
a
=
main.__code__.replace(
1
, (), b
'd%01}%01d%02}%02d%03}%03d%04}%04|%00D%00]%1c}%05|%05d%05A%00}%05|%04|%05%a0%00d%06d%07%a1%02%17%00}%04q%14|%04}%00t%01d%02t%02|%00%83%01d%08%83%03D%00]%90}%05|%00|%05|%05d%08%17%00%85%02%19%00}%06d%01%a0%03d\td\n%84%00|%06D%00%83%01%a1%01}%07t%01d%02t%02|%07%83%01d%0b%83%03D%00]V}%08|%07|%08|%08d%0b%17%00%85%02%19%00}\tt%02|\t%83%01d%0bk%00r%c2|%02d%0bt%02|\t%83%01%18%007%00}%02|\td%0cd%0bt%02|\t%83%01%18%00%14%007%00}\t|%01|%03t%04|\td\r%83%02%19%007%00}%01q~qF|%01d%0e|%02d\r%1a%00%14%007%00}%01t%01t%02|%01%83%01d\r%1a%00%83%01D%00]L}%05|%01|%05d\r%14%00%19%00}\n|%01|%05d\r%14%00d%06%17%00%19%00}%0b|%01d%00|%05d\r%14%00%85%02%19%00|%0b%17%00|\n%17%00|%01|%05d\r%14%00d\r%17%00d%00%85%02%19%00%17%00}%01q%f8|%01S%00'
, (
None
, '
', 0, '
ZQ
+
U7tSBEKVzyf5coCwb94Dd6raT0eLNin12Hp8mOxFuvMgIPlhRY3WjksqJAXG
/
', b'
', 85, 1, '
little
', 3, compile('
', '
', '
exec
').replace(1, (), b'
|
%
00
]
%
10
}
%
01t
%
00
|
%
01d
%
00
%
83
%
02V
%
00
%
01
%
00q
%
02d
%
01S
%
00
', ('
08b
', None), '
', 19, 115, (), 0, b'
', '
', ('
format
',), 2, 0, 4, ('
.
0
', '
byte
'), **('
co_argcount
', '
co_cellvars
', '
co_code
', '
co_consts
', '
co_filename
', '
co_firstlineno
', '
co_flags
', '
co_freevars
', '
co_kwonlyargcount
', '
co_lnotab
', '
co_name
', '
co_names
', '
co_nlocals
', '
co_posonlyargcount
', '
co_stacksize
', '
co_varnames
')), '
', 6, '
0
', 2, '
!
'), '
', 4, 67, (), 0, b'
', '
', ('
to_bytes
', '
range
', '
len
', '
join
', '
int
'), 12, 0, 7, ('
data
', '
encoded_str
', '
padding
', '
base64_chars
', '
ww
', '
i
', '
chunk
', '
binary_str
', '
j
', '
six_bits
', '
a
', '
b
'), **('
co_argcount
', '
co_cellvars
', '
co_code
', '
co_consts
', '
co_filename
', '
co_firstlineno
', '
co_flags
', '
co_freevars
', '
co_kwonlyargcount
', '
co_lnotab
', '
co_name
', '
co_names
', '
co_nlocals
', '
co_posonlyargcount
', '
co_stacksize
', '
co_varnames'))
main.__code__
=
a
import
base64
import
dis
dis.dis(base64.main)
import
base64
import
dis
dis.dis(base64.main)
4
0
LOAD_CONST
1
('')
2
STORE_FAST
1
(encoded_str)
4
LOAD_CONST
2
(
0
)
6
STORE_FAST
2
(padding)
8
LOAD_CONST
3
(
'ZQ+U7tSBEKVzyf5coCwb94Dd6raT0eLNin12Hp8mOxFuvMgIPlhRY3WjksqJAXG/'
)
10
STORE_FAST
3
(base64_chars)
12
LOAD_CONST
4
(b'')
14
STORE_FAST
4
(ww)
16
LOAD_FAST
0
(data)
18
GET_ITER
>>
20
FOR_ITER
28
(to
50
)
22
STORE_FAST
5
(i)
24
LOAD_FAST
5
(i)
26
LOAD_CONST
5
(
85
)
28
BINARY_XOR
30
STORE_FAST
5
(i)
32
LOAD_FAST
4
(ww)
34
LOAD_FAST
5
(i)
36
LOAD_METHOD
0
(to_bytes)
38
LOAD_CONST
6
(
1
)
40
LOAD_CONST
7
(
'little'
)
42
CALL_METHOD
2
44
BINARY_ADD
46
STORE_FAST
4
(ww)
48
JUMP_ABSOLUTE
20
>>
50
LOAD_FAST
4
(ww)
52
STORE_FAST
0
(data)
54
LOAD_GLOBAL
1
(
range
)
56
LOAD_CONST
2
(
0
)
58
LOAD_GLOBAL
2
(
len
)
60
LOAD_FAST
0
(data)
62
CALL_FUNCTION
1
64
LOAD_CONST
8
(
3
)
66
CALL_FUNCTION
3
68
GET_ITER
>>
70
FOR_ITER
144
(to
216
)
72
STORE_FAST
5
(i)
74
LOAD_FAST
0
(data)
76
LOAD_FAST
5
(i)
78
LOAD_FAST
5
(i)
80
LOAD_CONST
8
(
3
)
82
BINARY_ADD
84
BUILD_SLICE
2
86
BINARY_SUBSCR
88
STORE_FAST
6
(chunk)
90
LOAD_CONST
1
('')
92
LOAD_METHOD
3
(join)
94
LOAD_CONST
9
(<code
object
at
0x0000029CAAC75920
,
file
"", line
19
>)
96
LOAD_CONST
10
('')
98
MAKE_FUNCTION
0
100
LOAD_FAST
6
(chunk)
102
GET_ITER
104
CALL_FUNCTION
1
106
CALL_METHOD
1
108
STORE_FAST
7
(binary_str)
110
LOAD_GLOBAL
1
(
range
)
112
LOAD_CONST
2
(
0
)
114
LOAD_GLOBAL
2
(
len
)
116
LOAD_FAST
7
(binary_str)
118
CALL_FUNCTION
1
120
LOAD_CONST
11
(
6
)
122
CALL_FUNCTION
3
124
GET_ITER
>>
126
FOR_ITER
86
(to
214
)
128
STORE_FAST
8
(j)
130
LOAD_FAST
7
(binary_str)
132
LOAD_FAST
8
(j)
134
LOAD_FAST
8
(j)
136
LOAD_CONST
11
(
6
)
138
BINARY_ADD
140
BUILD_SLICE
2
142
BINARY_SUBSCR
144
STORE_FAST
9
(six_bits)
146
LOAD_GLOBAL
2
(
len
)
148
LOAD_FAST
9
(six_bits)
150
CALL_FUNCTION
1
152
LOAD_CONST
11
(
6
)
154
COMPARE_OP
0
(<)
156
POP_JUMP_IF_FALSE
194
158
LOAD_FAST
2
(padding)
160
LOAD_CONST
11
(
6
)
162
LOAD_GLOBAL
2
(
len
)
164
LOAD_FAST
9
(six_bits)
166
CALL_FUNCTION
1
168
BINARY_SUBTRACT
170
INPLACE_ADD
172
STORE_FAST
2
(padding)
174
LOAD_FAST
9
(six_bits)
176
LOAD_CONST
12
(
'0'
)
178
LOAD_CONST
11
(
6
)
180
LOAD_GLOBAL
2
(
len
)
182
LOAD_FAST
9
(six_bits)
184
CALL_FUNCTION
1
186
BINARY_SUBTRACT
188
BINARY_MULTIPLY
190
INPLACE_ADD
192
STORE_FAST
9
(six_bits)
>>
194
LOAD_FAST
1
(encoded_str)
196
LOAD_FAST
3
(base64_chars)
198
LOAD_GLOBAL
4
(
int
)
200
LOAD_FAST
9
(six_bits)
202
LOAD_CONST
13
(
2
)
204
CALL_FUNCTION
2
206
BINARY_SUBSCR
208
INPLACE_ADD
210
STORE_FAST
1
(encoded_str)
212
JUMP_ABSOLUTE
126
>>
214
JUMP_ABSOLUTE
70
>>
216
LOAD_FAST
1
(encoded_str)
218
LOAD_CONST
14
(
'!'
)
220
LOAD_FAST
2
(padding)
222
LOAD_CONST
13
(
2
)
224
BINARY_FLOOR_DIVIDE
226
BINARY_MULTIPLY
228
INPLACE_ADD
230
STORE_FAST
1
(encoded_str)
232
LOAD_GLOBAL
1
(
range
)
234
LOAD_GLOBAL
2
(
len
)
236
LOAD_FAST
1
(encoded_str)
238
CALL_FUNCTION
1
240
LOAD_CONST
13
(
2
)
242
BINARY_FLOOR_DIVIDE
244
CALL_FUNCTION
1
246
GET_ITER
>>
248
FOR_ITER
76
(to
326
)
250
STORE_FAST
5
(i)
252
LOAD_FAST
1
(encoded_str)
254
LOAD_FAST
5
(i)
256
LOAD_CONST
13
(
2
)
258
BINARY_MULTIPLY
260
BINARY_SUBSCR
262
STORE_FAST
10
(a)
264
LOAD_FAST
1
(encoded_str)
266
LOAD_FAST
5
(i)
268
LOAD_CONST
13
(
2
)
270
BINARY_MULTIPLY
272
LOAD_CONST
6
(
1
)
274
BINARY_ADD
276
BINARY_SUBSCR
278
STORE_FAST
11
(b)
280
LOAD_FAST
1
(encoded_str)
282
LOAD_CONST
0
(
None
)
284
LOAD_FAST
5
(i)
286
LOAD_CONST
13
(
2
)
288
BINARY_MULTIPLY
290
BUILD_SLICE
2
292
BINARY_SUBSCR
294
LOAD_FAST
11
(b)
296
BINARY_ADD
298
LOAD_FAST
10
(a)
300
BINARY_ADD
302
LOAD_FAST
1
(encoded_str)
304
LOAD_FAST
5
(i)
306
LOAD_CONST
13
(
2
)
308
BINARY_MULTIPLY
310
LOAD_CONST
13
(
2
)
312
BINARY_ADD
314
LOAD_CONST
0
(
None
)
316
BUILD_SLICE
2
318
BINARY_SUBSCR
320
BINARY_ADD
322
STORE_FAST
1
(encoded_str)
324
JUMP_ABSOLUTE
248
>>
326
LOAD_FAST
1
(encoded_str)
328
RETURN_VALUE
Disassembly of <code
object
at
0x0000029CAAC75920
,
file
"", line
19
>:
19
0
LOAD_FAST
0
(.
0
)
>>
2
FOR_ITER
16
(to
20
)
4
STORE_FAST
1
(byte)
6
LOAD_GLOBAL
0
(
format
)
8
LOAD_FAST
1
(byte)
10
LOAD_CONST
0
(
'08b'
)
12
CALL_FUNCTION
2
14
YIELD_VALUE
16
POP_TOP
18
JUMP_ABSOLUTE
2
>>
20
LOAD_CONST
1
(
None
)
22
RETURN_VALUE
4
0
LOAD_CONST
1
('')
2
STORE_FAST
1
(encoded_str)
4
LOAD_CONST
2
(
0
)
6
STORE_FAST
2
(padding)
8
LOAD_CONST
3
(
'ZQ+U7tSBEKVzyf5coCwb94Dd6raT0eLNin12Hp8mOxFuvMgIPlhRY3WjksqJAXG/'
)
10
STORE_FAST
3
(base64_chars)
12
LOAD_CONST
4
(b'')
14
STORE_FAST
4
(ww)
16
LOAD_FAST
0
(data)
18
GET_ITER
>>
20
FOR_ITER
28
(to
50
)
22
STORE_FAST
5
(i)
24
LOAD_FAST
5
(i)
26
LOAD_CONST
5
(
85
)
28
BINARY_XOR
30
STORE_FAST
5
(i)
32
LOAD_FAST
4
(ww)
34
LOAD_FAST
5
(i)
36
LOAD_METHOD
0
(to_bytes)
38
LOAD_CONST
6
(
1
)
40
LOAD_CONST
7
(
'little'
)
42
CALL_METHOD
2
44
BINARY_ADD
46
STORE_FAST
4
(ww)
48
JUMP_ABSOLUTE
20
>>
50
LOAD_FAST
4
(ww)
52
STORE_FAST
0
(data)
54
LOAD_GLOBAL
1
(
range
)
56
LOAD_CONST
2
(
0
)
58
LOAD_GLOBAL
2
(
len
)
60
LOAD_FAST
0
(data)
62
CALL_FUNCTION
1
64
LOAD_CONST
8
(
3
)
66
CALL_FUNCTION
3
68
GET_ITER
>>
70
FOR_ITER
144
(to
216
)
72
STORE_FAST
5
(i)
74
LOAD_FAST
0
(data)
76
LOAD_FAST
5
(i)
78
LOAD_FAST
5
(i)
80
LOAD_CONST
8
(
3
)
82
BINARY_ADD
84
BUILD_SLICE
2
86
BINARY_SUBSCR
88
STORE_FAST
6
(chunk)
90
LOAD_CONST
1
('')
92
LOAD_METHOD
3
(join)
94
LOAD_CONST
9
(<code
object
at
0x0000029CAAC75920
,
file
"", line
19
>)
96
LOAD_CONST
10
('')
98
MAKE_FUNCTION
0
100
LOAD_FAST
6
(chunk)
102
GET_ITER
104
CALL_FUNCTION
1
106
CALL_METHOD
1
108
STORE_FAST
7
(binary_str)
110
LOAD_GLOBAL
1
(
range
)
112
LOAD_CONST
2
(
0
)
114
LOAD_GLOBAL
2
(
len
)
116
LOAD_FAST
7
(binary_str)
118
CALL_FUNCTION
1
120
LOAD_CONST
11
(
6
)
122
CALL_FUNCTION
3
124
GET_ITER
>>
126
FOR_ITER
86
(to
214
)
128
STORE_FAST
8
(j)
130
LOAD_FAST
7
(binary_str)
132
LOAD_FAST
8
(j)
134
LOAD_FAST
8
(j)
136
LOAD_CONST
11
(
6
)
138
BINARY_ADD
140
BUILD_SLICE
2
142
BINARY_SUBSCR
144
STORE_FAST
9
(six_bits)
146
LOAD_GLOBAL
2
(
len
)
148
LOAD_FAST
9
(six_bits)
150
CALL_FUNCTION
1
152
LOAD_CONST
11
(
6
)
154
COMPARE_OP
0
(<)
156
POP_JUMP_IF_FALSE
194
158
LOAD_FAST
2
(padding)
160
LOAD_CONST
11
(
6
)
162
LOAD_GLOBAL
2
(
len
)
164
LOAD_FAST
9
(six_bits)
166
CALL_FUNCTION
1
168
BINARY_SUBTRACT
170
INPLACE_ADD
172
STORE_FAST
2
(padding)
174
LOAD_FAST
9
(six_bits)
176
LOAD_CONST
12
(
'0'
)
178
LOAD_CONST
11
(
6
)
180
LOAD_GLOBAL
2
(
len
)
182
LOAD_FAST
9
(six_bits)
184
CALL_FUNCTION
1
186
BINARY_SUBTRACT
188
BINARY_MULTIPLY
190
INPLACE_ADD
192
STORE_FAST
9
(six_bits)
>>
194
LOAD_FAST
1
(encoded_str)
196
LOAD_FAST
3
(base64_chars)
198
LOAD_GLOBAL
4
(
int
)
200
LOAD_FAST
9
(six_bits)
202
LOAD_CONST
13
(
2
)
204
CALL_FUNCTION
2
206
BINARY_SUBSCR
208
INPLACE_ADD
210
STORE_FAST
1
(encoded_str)
212
JUMP_ABSOLUTE
126
>>
214
JUMP_ABSOLUTE
70
>>
216
LOAD_FAST
1
(encoded_str)
218
LOAD_CONST
14
(
'!'
)
220
LOAD_FAST
2
(padding)
222
LOAD_CONST
13
(
2
)
224
BINARY_FLOOR_DIVIDE
226
BINARY_MULTIPLY
228
INPLACE_ADD
230
STORE_FAST
1
(encoded_str)
232
LOAD_GLOBAL
1
(
range
)
234
LOAD_GLOBAL
2
(
len
)
236
LOAD_FAST
1
(encoded_str)
238
CALL_FUNCTION
1
240
LOAD_CONST
13
(
2
)
242
BINARY_FLOOR_DIVIDE
244
CALL_FUNCTION
1
246
GET_ITER
>>
248
FOR_ITER
76
(to
326
)
250
STORE_FAST
5
(i)
252
LOAD_FAST
1
(encoded_str)
254
LOAD_FAST
5
(i)
256
LOAD_CONST
13
(
2
)
258
BINARY_MULTIPLY
260
BINARY_SUBSCR
262
STORE_FAST
10
(a)
264
LOAD_FAST
1
(encoded_str)
266
LOAD_FAST
5
(i)
268
LOAD_CONST
13
(
2
)
270
BINARY_MULTIPLY
272
LOAD_CONST
6
(
1
)
274
BINARY_ADD
276
BINARY_SUBSCR
278
STORE_FAST
11
(b)
280
LOAD_FAST
1
(encoded_str)
282
LOAD_CONST
0
(
None
)
284
LOAD_FAST
5
(i)
286
LOAD_CONST
13
(
2
)
288
BINARY_MULTIPLY
290
BUILD_SLICE
2
292
BINARY_SUBSCR
294
LOAD_FAST
11
(b)
296
BINARY_ADD
298
LOAD_FAST
10
(a)
300
BINARY_ADD
302
LOAD_FAST
1
(encoded_str)
304
LOAD_FAST
5
(i)
306
LOAD_CONST
13
(
2
)
308
BINARY_MULTIPLY
310
LOAD_CONST
13
(
2
)
312
BINARY_ADD
314
LOAD_CONST
0
(
None
)
316
BUILD_SLICE
2
318
BINARY_SUBSCR
320
BINARY_ADD
322
STORE_FAST
1
(encoded_str)
324
JUMP_ABSOLUTE
248
>>
326
LOAD_FAST
1
(encoded_str)
328
RETURN_VALUE
Disassembly of <code
object
at
0x0000029CAAC75920
,
file
"", line
19
>:
19
0
LOAD_FAST
0
(.
0
)
>>
2
FOR_ITER
16
(to
20
)
4
STORE_FAST
1
(byte)
6
LOAD_GLOBAL
0
(
format
)
8
LOAD_FAST
1
(byte)
10
LOAD_CONST
0
(
'08b'
)
12
CALL_FUNCTION
2
14
YIELD_VALUE
16
POP_TOP
18
JUMP_ABSOLUTE
2
>>
20
LOAD_CONST
1
(
None
)
22
RETURN_VALUE
import
base64
def
encode(data):
encoded_str
=
''
padding
=
0
base64_chars
=
'ZQ+U7tSBEKVzyf5coCwb94Dd6raT0eLNin12Hp8mOxFuvMgIPlhRY3WjksqJAXG/'
# Perform XOR with 85 and reassemble bytes
ww
=
b''
for
i
in
data:
i ^
=
85
ww
+
=
i.to_bytes(
1
,
'little'
)
data
=
ww
# Process the data
for
i
in
range
(
0
,
len
(data),
3
):
chunk
=
data[i:i
+
3
]
binary_str
=
'
'.join(format(byte, '
08b
')
for
byte
in
chunk)
for
j
in
range
(
0
,
len
(binary_str),
6
):
six_bits
=
binary_str[j:j
+
6
]
if
len
(six_bits) <
6
:
padding
+
=
(
6
-
len
(six_bits))
six_bits
+
=
'0'
*
(
6
-
len
(six_bits))
encoded_str
+
=
base64_chars[
int
(six_bits,
2
)]
# Add padding characters
encoded_str
+
=
'!'
*
(padding
/
/
2
)
# Process the encoded string in chunks of 2
for
i
in
range
(
len
(encoded_str)
/
/
2
):
a
=
encoded_str[i
*
2
]
b
=
encoded_str[i
*
2
+
1
]
encoded_str
=
encoded_str[:i
*
2
]
+
b
+
a
+
encoded_str[i
*
2
+
2
:]
return
encoded_str
# Example usage:
data
=
b
'This is an example data to encode'
encoded
=
encode(data)
print
(encoded)
import
base64
def
encode(data):
encoded_str
=
''
padding
=
0
base64_chars
=
'ZQ+U7tSBEKVzyf5coCwb94Dd6raT0eLNin12Hp8mOxFuvMgIPlhRY3WjksqJAXG/'
# Perform XOR with 85 and reassemble bytes
ww
=
b''
for
i
in
data:
i ^
=
85
ww
+
=
i.to_bytes(
1
,
'little'
)
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!