[原创]KCTF 2025 第六题 WriteUp-CTF对抗-看雪安全社区

[原创]KCTF 2025 第六题 WriteUp

发表于: 2025-8-27 10:59 4996

[原创]KCTF 2025 第六题 WriteUp

0x指纹

2025-8-27 10:59

4996

题目是使用易语言写的，加了混淆，特征是会调用 sub_123540D0 函数，如果尝试反编译这个函数调用的上下文函数，IDA 会报一个内部错误，继而反编译引擎失效，不能再反编译新的函数。

混淆直接让 IDA 反编译引擎宕机还是比较能唬住人的，但是仔细看下几处混淆附近的汇编指令，会发现混淆模板比较单一，而且特征很明显，会调用 sub_123540D0，对其进行交叉引用分析，便可定位所有影响分析的混淆处，同时被混淆的地方也几乎就是关键函数，下断点回溯分析也是能相当快定位到核心算法代码。

可以看到 sub_123540D0 中检验了 ecx 和 edx 是否为 0BADF00Dh 和 0CAFEBABEh 两个魔数，都满足的话会走到 bextr 指令处，应该是这个指令让 IDA 宕机的，正常情况下两个寄存器值不会刚好是魔术要求的值，所以将混淆相关的指令直接 NOP 即可。

对 sub_123540D0 进行交叉引用分析，没用多少，可逐一 NOP 混淆指令，以及随后调试可对这些函数下断点。

进行调试分析可知，sub_12351552 函数是 check 函数，校验处在 .text:12351A0E call sub_123514A6，这是一个 memcmp 的函数，会比较 0x20 个字节，调试 dump 下来固定比较的字节内容是

再往前回溯分析，加密函数是 sub_12352547，参数一是输入字符串，参数二是八字节的 key。去除完混淆进行分析知道，为增加分析难度，加密函数中有一些简单的运算操作，是通过 SIMD（单指令多数据）指令和浮点数运算来实现的，通过调试和 LLM 辅助分析很容易弄清楚在干什么。

分析到这里差不多可以交给 LLM 来了，喂给相关函数，可以总结出总体过程和细节分析，贴一下总结。

关注细节分析中对输入的处理部分，进行调试，主要有两轮处理。

第一轮：

第二轮：

断在 .text:123536A8 附近直接 dump 下来密钥流字节，不去分析前面复杂的生成过程，整个加密函数效果简单实现如下：

随后直接通过 LLM 写出逆向代码求解前面 dump 下来的比较字节即可。

运行便可得到 flag。

.text:123540D0 sub_123540D0    proc near               ; CODE XREF: .text:123539C6↑p
.text:123540D0                                         ; .text:123539F4↑p ...
.text:123540D0                 xor     edx, 0BADF00Dh
.text:123540D6                 xor     ecx, 0CAFEBABEh
.text:123540DC                 xor     eax, eax
.text:123540DE                 or      ecx, edx
.text:123540E0                 setnz   al
.text:123540E3                 retn
.text:123540E3 sub_123540D0    endp

.text:123540D0 sub_123540D0 proc near ; CODE XREF: .text:123539C6↑p

.text:123540D0 ; .text:123539F4↑p ...

.text:123540D0 xor edx, 0BADF00Dh

.text:123540D6 xor ecx, 0CAFEBABEh

.text:123540DC xor eax, eax

.text:123540DE or ecx, edx

.text:123540E0 setnz al

.text:123540E3 retn

.text:123540E3 sub_123540D0 endp

00 1D 3B 29 70 12 69 B7 6C 0F 4D 5C 9F 5B 6C 1B

B5 47 A2 28 C0 F8 DC E0 7A F8 D6 28 F6 F8 93 B3

00 1D 3B 29 70 12 69 B7 6C 0F 4D 5C 9F 5B 6C 1B

B5 47 A2 28 C0 F8 DC E0 7A F8 D6 28 F6 F8 93 B3

输入：
    a1：指向长度为32字节的明文或密文数据。
    a2：指向另一块数据，可能是密钥（Key）或初始化向量（IV）。
 
算法流程：
    初始化 (Key/IV Setup)：利用输入 a2 和内部固定的常量，通过一个极其复杂的、类似RC4 KSA的调度算法，生成一个内部状态（S盒）。
    密钥流生成 (Keystream Generation)：基于初始化后的内部状态，生成用于加密/解密的伪随机密钥流。
    加解密 (Encryption/Decryption)：将输入 a1 的数据与生成的密钥流，通过一系列复杂的位运算（异或、与、移位）进行结合，生成最终的输出。

输入：

a1：指向长度为32字节的明文或密文数据。

a2：指向另一块数据，可能是密钥（Key）或初始化向量（IV）。

算法流程：

初始化 (Key/

IV Setup)：利用输入 a2 和内部固定的常量，通过一个极其复杂的、类似RC4 KSA的调度算法，生成一个内部状态（S盒）。

密钥流生成 (Keystream Generation)：基于初始化后的内部状态，生成用于加密/解密的伪随机密钥流。

加解密 (Encryption/

Decryption)：将输入 a1 的数据与生成的密钥流，通过一系列复杂的位运算（异或、与、移位）进行结合，生成最终的输出。

a1 = bytearray(b'11112222111122221111222211112222')
a2 = [0x4B,0x0C,0x54,0x0F,0x32,0x00,0x02,0x35]
keystream_sbox = [0x29,0x23,0xBE,0x84,0xE1,0x6C,0xD6,0xAE,0x52,0x90,0x49,0xF1,0xF1,0xBB,0xE9,0xEB,0xB3,0xA6,0xDB,0x3C,0x87,0x0C,0x3E,0x99,0x24,0x5E,0x0D,0x1C,0x06,0xB7,0x47,0xDE,0xB3,0x12,0x4D,0xC8,0x43,0xBB,0x8B,0xA6,0x1F,0x03,0x5A,0x7D,0x09,0x38,0x25,0x1F,0x5D,0xD4,0xCB,0xFC,0x96,0xF5,0x45,0x3B,0x13,0x0D,0x89,0x0A,0x1C,0xDB,0xAE,0x32,0x20,0x9A,0x50,0xEE,0x40,0x78,0x36,0xFD,0x12,0x49,0x32,0xF6,0x9E,0x7D,0x49,0xDC,0xAD,0x4F,0x14,0xF2,0x44,0x40,0x66,0xD0,0x6B,0xC4,0x30,0xB7,0x32,0x3B,0xA1,0x22,0xF6,0x22,0x91,0x9D,0xE1,0x8B,0x1F,0xDA,0xB0,0xCA,0x99,0x02,0xB9,0x72,0x9D,0x49,0x2C,0x80,0x7E,0xC5,0x99,0xD5,0xE9,0x80,0xB2,0xEA,0xC9,0xCC,0x53,0xBF,0x67,0xD6,0xBF,0x14,0xD6,0x7E,0x2D,0xDC,0x8E,0x66,0x83,0xEF,0x57,0x49,0x61,0xFF,0x69,0x8F,0x61,0xCD,0xD1,0x1E,0x9D,0x9C,0x16,0x72,0x72,0xE6,0x1D,0xF0,0x84,0x4F,0x4A,0x77,0x02,0xD7,0xE8,0x39,0x2C,0x53,0xCB,0xC9,0x12,0x1E,0x33,0x74,0x9E,0x0C,0xF4,0xD5,0xD4,0x9F,0xD4,0xA4,0x59,0x7E,0x35,0xCF,0x32,0x22,0xF4,0xCC,0xCF,0xD3,0x90,0x2D,0x48,0xD3,0x8F,0x75,0xE6,0xD9,0x1D,0x2A,0xE5,0xC0,0xF7,0x2B,0x78,0x81,0x87,0x44,0x0E,0x5F,0x50,0x00,0xD4,0x61,0x8D,0xBE,0x7B,0x05,0x15,0x07,0x3B,0x33,0x82,0x1F,0x18,0x70,0x92,0xDA,0x64,0x54,0xCE,0xB1,0x85,0x3E,0x69,0x15,0xF8,0x46,0x6A,0x04,0x96,0x73,0x0E,0xD9,0x16,0x2F,0x67,0x68,0xD4,0xF7,0x4A,0x4A,0xD0,0x57,0x68,0x76,0x5E,0x7C,0x6D,0xFF,0xAE,0xE2,0xA7,0x39,0x5F,0x99,0xCE,0x6E,0xF1,0x95,0x19,0x80,0x87,0xB1,0x96,0x58,0xCD,0x54,0xFC,0x4C,0x6C,0x9C,0x1E,0x1A,0x40,0x42,0x0E,0x65,0xBE,0x13,0x8D,0x4D,0x85,0x66,0xC3,0xBC,0x11,0xDE,0xFE,0xA2,0x2C,0xDA,0xC5,0xC8,0xD3,0xB7,0xB4,0x48,0x5A,0x45,0xEA,0x18,0x89,0xE5,0xE0,0xF9,0x52,0x35,0xEC,0x1B,0x47,0xAF,0xDB,0xA0,0x1F,0x12,0xE9,0xB3,0x3F,0xC7,0x24,0x33,0xE6,0xBD,0x46,0x2A,0x88,0x53,0x76,0x7A,0x00,0x6F,0xD8,0x3C,0x0D,0x81,0x59,0xD0,0xAA,0xDD,0x01,0x75,0xD1,0x26,0xAC,0x77,0x4A,0x09,0x05,0x8B,0x0F,0xF3,0x02,0x17,0xED,0x57,0xF2,0x5D,0x70,0x08,0xB2,0x3E,0xEF,0xC1,0xA9,0x2F,0xF5,0xA8,0x06,0x60,0x51,0x9F,0x1C,0xCC,0x72,0x8C,0x31,0x98,0x29,0xEB,0xAD,0x64,0x9E,0xF8,0xB0,0x30,0x78,0xE4,0x9A,0x62,0xE1,0x9B,0x1D,0x63,0x10,0x84,0x74,0xC0,0xDC,0x15,0x49,0x7D,0x4B,0xCB,0xFB,0x16,0x0B,0x56,0x2D,0xA1,0xE7,0x34,0x27,0x86,0xEE,0x0A,0xC2,0xCF,0x50,0xC6,0x55,0x9D,0xD4,0x61,0x8F,0x41,0xC9,0xD5,0x94,0xBB,0x20,0x79,0x8E,0x92,0xBA,0x68,0xE8,0xA3,0x25,0x3A,0x7F,0xD9,0xBF,0xA5,0x5B,0x14,0xDF,0xFD,0x37,0x44,0x23,0xD6,0x83,0x32,0xA6,0xD7,0x7E,0x5C,0x6A,0x3D,0xB8,0xF0,0xE3,0x7B,0x28,0x0C,0xD2,0xCA,0xB6,0xC4,0x43,0x22,0x82,0x03,0xF6,0x07,0xFA,0x97,0x21,0x90,0x6B,0x4E,0xA4,0xAB,0x93,0x67,0xF4,0x71,0x38,0xF7,0x3B,0x69,0x2E,0x4F,0xB5,0xB9,0x2B,0x8A,0x36,0x91,0x73,0x04,0x5E,0x4C,0xEC,0x03,0x4C,0x73,0xE6,0x05,0xB4,0x31,0x0E,0xAA,0xAD,0xCF,0xD5,0xB0,0xCA,0x27,0xFF,0xD8,0x9D,0x14,0x4D,0xF4,0x79,0x27,0x59,0x42,0x7C,0x9C,0xC1,0xF8,0xCD,0x8C,0x87,0x20,0x23,0x64,0xB8,0xA6,0x87,0x95,0x4C,0xB0,0x5A,0x8D,0x4E,0x2D,0x99,0xE7,0x3D,0xB1,0x60,0xDE,0xB1,0x80,0xAD,0x08,0x41,0xE9,0x67,0x41,0xA5,0xD5,0x9F,0xE4,0x18,0x9F,0x15,0x42,0x00,0x26,0xFE,0x4C,0xD1,0x21,0x04,0x93,0x2F,0xB3,0x8F,0x73,0x53,0x40,0x43,0x8A,0xAF,0x7E,0xCA,0x6F,0xD5,0xCF,0xD3,0xA1,0x95,0xCE,0x5A,0xBE,0x65,0x27,0x2A,0xF6,0x07,0xAD,0xA1,0xBE,0x65,0xA6,0xB4,0xC9,0xC0,0x69,0x32,0x34,0x09,0x2C,0x4D,0x01,0x8F,0x17,0x56,0xC6,0xDB,0x9D,0xC8,0xA6,0xD8,0x0B,0x88,0x81,0x38,0x61,0x6B,0x68,0x12,0x62,0xF9,0x54,0xD0,0xE7,0x71,0x17,0x48,0x78,0x0D,0x92,0x29,0x1D,0x86,0x29,0x99,0x72,0xDB,0x74,0x1C,0xFA,0x4F,0x37,0xB8,0xB5,0xB0,0x95,0x57,0xF5,0xDF,0x80,0x6C,0x6D,0x8D,0x74,0xD9,0x8B,0x43,0x65,0x11,0x08,0xA5,0xF6,0x79,0xBD,0xF7,0xEB,0x15,0xB8,0xE0,0xE1,0x60,0x8F,0x6E,0x3C,0x7B,0xF4,0x5B,0x62,0x8A,0x8A,0x8F,0x27,0x5C,0xF7,0xE5,0x87,0x4A,0x3B,0x32,0x9B,0x61,0x40,0x84,0xC6,0xC3,0xB1,0xA7,0x30,0x4A,0x10,0xEE,0x75,0x6F,0x03,0x2F,0x9E,0x6A,0xEF,0x10,0x50,0x9B,0xC8,0x81,0x43,0x29,0x28,0x8A,0xF6,0xE9,0x9E,0x47,0xA1,0x81,0x48,0x31,0x6C,0xCD,0xA4,0x9E,0xDE,0x81,0xA3,0x8C,0x98,0x10,0xFF,0x9A,0x43,0xCD,0xCF,0x57,0xC7,0x50,0x59,0xBF,0xBD,0x1C,0x27,0x03,0x28,0x7F,0x5D,0x89,0x5F,0xB9,0x49,0x34,0x4E,0x60,0x3C,0xE5,0xDE,0x02,0x98,0x42,0xB2,0x0D,0x2B,0xB6,0x14,0xEC,0xBB,0xB8,0x2F,0x73,0xE2,0x51,0x7E,0x7D,0x1D,0xD8,0x84,0xD3,0x1F,0x01,0xBE,0x50,0x6B,0x16,0xD6,0x43,0x21,0x83,0x19,0x15,0x18,0x98,0x2B,0x2C,0x2E,0x8B,0xF9,0x0E,0xDC,0xBC,0xF0,0xCA,0x0E,0x3D,0x6D,0x94,0x31,0x92,0x74,0xAF,0x8D,0xB5,0xA4,0x90,0xD5,0x5E,0x6A,0x40,0xFC,0x80,0x76,0x02,0x4B,0x17,0x6B,0x36,0xB1,0x21,0xDB,0x7D,0x5A,0xEA,0x72,0x1E,0x82,0x8D,0x71,0xA8,0x8C,0xB8,0x5E,0xD9,0x4E,0xAF,0xFA,0xBF,0xB0,0x94,0x74,0x1D,0x75,0xE5,0xDC,0x10,0x58,0x46,0xDA,0xF2,0x5B,0x81,0xA0,0x7F,0x5C,0xCB,0x1D,0x36,0xE9,0x49,0x74,0x02,0x55,0xD2,0xAC,0x1A,0x0B,0xF7,0xA9,0x26,0x23,0x40,0x5B,0xA3,0x33,0xB9,0x35,0x88,0x68,0xAD,0xE1,0x2A,0xD5,0xB2,0x32,0x5D,0x0A,0xE5,0x5A,0xDC,0xE9,0x77,0x5D,0xEB,0xB5,0x69,0xC5,0x3A,0x6C,0x93,0x98,0x0D,0x57,0xEB,0x87,0x9A,0xDF,0x04,0x68,0xB2,0xA2,0xD5,0xE6,0xA4,0xC6,0xBC,0x77,0x5F,0x8D,0xC3,0x8F,0xD6,0x2A,0x21,0x14,0xA9,0xD4,0x04,0x11,0x01,0x18,0x8D,0xAE,0xBB,0x73,0x1C,0x60,0xCA,0x20,0xCF,0x5D,0xD6,0x2F,0x45,0x53,0x29,0xD7,0xA8,0x59,0xCC,0x0D,0xEA,0x26,0xED,0x55,0x4E,0x80,0x84,0xD9,0x2B,0xF8,0x37,0xB8,0xED,0xD5,0x7A,0xA0,0x5C,0x4E,0xFA,0x9F,0x21,0xFC,0x3C,0x36,0x85,0x8E,0x81,0xB0,0x7D,0xBF,0xEE,0xB1,0x3D,0xA1,0x3B,0xDD,0xF8,0x17,0x00,0x0D,0x00,0x00,0x01,0x06,0xF9,0x00,0x01,0x16]
 
for i in range(8):
    a1[i*4] = a1[i*4] ^ a2[i]
 
for _ in range(0x1BF52): 
    for i in range(1,32):
        if i % 2 != 0:
            lookup_index = (256 + a1[i]) % 0x400
            sub_byte = keystream_sbox[lookup_index]
            a1[i] = sub_byte
        else:
            a1[i] = a1[i] ^ a1[i-1]
 
print(a1.hex())

a1 = bytearray(b'11112222111122221111222211112222')

a2 = [0x4B,0x0C,0x54,0x0F,0x32,0x00,0x02,0x35]

keystream_sbox = [0x29,0x23,0xBE,0x84,0xE1,0x6C,0xD6,0xAE,0x52,0x90,0x49,0xF1,0xF1,0xBB,0xE9,0xEB,0xB3,0xA6,0xDB,0x3C,0x87,0x0C,0x3E,0x99,0x24,0x5E,0x0D,0x1C,0x06,0xB7,0x47,0xDE,0xB3,0x12,0x4D,0xC8,0x43,0xBB,0x8B,0xA6,0x1F,0x03,0x5A,0x7D,0x09,0x38,0x25,0x1F,0x5D,0xD4,0xCB,0xFC,0x96,0xF5,0x45,0x3B,0x13,0x0D,0x89,0x0A,0x1C,0xDB,0xAE,0x32,0x20,0x9A,0x50,0xEE,0x40,0x78,0x36,0xFD,0x12,0x49,0x32,0xF6,0x9E,0x7D,0x49,0xDC,0xAD,0x4F,0x14,0xF2,0x44,0x40,0x66,0xD0,0x6B,0xC4,0x30,0xB7,0x32,0x3B,0xA1,0x22,0xF6,0x22,0x91,0x9D,0xE1,0x8B,0x1F,0xDA,0xB0,0xCA,0x99,0x02,0xB9,0x72,0x9D,0x49,0x2C,0x80,0x7E,0xC5,0x99,0xD5,0xE9,0x80,0xB2,0xEA,0xC9,0xCC,0x53,0xBF,0x67,0xD6,0xBF,0x14,0xD6,0x7E,0x2D,0xDC,0x8E,0x66,0x83,0xEF,0x57,0x49,0x61,0xFF,0x69,0x8F,0x61,0xCD,0xD1,0x1E,0x9D,0x9C,0x16,0x72,0x72,0xE6,0x1D,0xF0,0x84,0x4F,0x4A,0x77,0x02,0xD7,0xE8,0x39,0x2C,0x53,0xCB,0xC9,0x12,0x1E,0x33,0x74,0x9E,0x0C,0xF4,0xD5,0xD4,0x9F,0xD4,0xA4,0x59,0x7E,0x35,0xCF,0x32,0x22,0xF4,0xCC,0xCF,0xD3,0x90,0x2D,0x48,0xD3,0x8F,0x75,0xE6,0xD9,0x1D,0x2A,0xE5,0xC0,0xF7,0x2B,0x78,0x81,0x87,0x44,0x0E,0x5F,0x50,0x00,0xD4,0x61,0x8D,0xBE,0x7B,0x05,0x15,0x07,0x3B,0x33,0x82,0x1F,0x18,0x70,0x92,0xDA,0x64,0x54,0xCE,0xB1,0x85,0x3E,0x69,0x15,0xF8,0x46,0x6A,0x04,0x96,0x73,0x0E,0xD9,0x16,0x2F,0x67,0x68,0xD4,0xF7,0x4A,0x4A,0xD0,0x57,0x68,0x76,0x5E,0x7C,0x6D,0xFF,0xAE,0xE2,0xA7,0x39,0x5F,0x99,0xCE,0x6E,0xF1,0x95,0x19,0x80,0x87,0xB1,0x96,0x58,0xCD,0x54,0xFC,0x4C,0x6C,0x9C,0x1E,0x1A,0x40,0x42,0x0E,0x65,0xBE,0x13,0x8D,0x4D,0x85,0x66,0xC3,0xBC,0x11,0xDE,0xFE,0xA2,0x2C,0xDA,0xC5,0xC8,0xD3,0xB7,0xB4,0x48,0x5A,0x45,0xEA,0x18,0x89,0xE5,0xE0,0xF9,0x52,0x35,0xEC,0x1B,0x47,0xAF,0xDB,0xA0,0x1F,0x12,0xE9,0xB3,0x3F,0xC7,0x24,0x33,0xE6,0xBD,0x46,0x2A,0x88,0x53,0x76,0x7A,0x00,0x6F,0xD8,0x3C,0x0D,0x81,0x59,0xD0,0xAA,0xDD,0x01,0x75,0xD1,0x26,0xAC,0x77,0x4A,0x09,0x05,0x8B,0x0F,0xF3,0x02,0x17,0xED,0x57,0xF2,0x5D,0x70,0x08,0xB2,0x3E,0xEF,0xC1,0xA9,0x2F,0xF5,0xA8,0x06,0x60,0x51,0x9F,0x1C,0xCC,0x72,0x8C,0x31,0x98,0x29,0xEB,0xAD,0x64,0x9E,0xF8,0xB0,0x30,0x78,0xE4,0x9A,0x62,0xE1,0x9B,0x1D,0x63,0x10,0x84,0x74,0xC0,0xDC,0x15,0x49,0x7D,0x4B,0xCB,0xFB,0x16,0x0B,0x56,0x2D,0xA1,0xE7,0x34,0x27,0x86,0xEE,0x0A,0xC2,0xCF,0x50,0xC6,0x55,0x9D,0xD4,0x61,0x8F,0x41,0xC9,0xD5,0x94,0xBB,0x20,0x79,0x8E,0x92,0xBA,0x68,0xE8,0xA3,0x25,0x3A,0x7F,0xD9,0xBF,0xA5,0x5B,0x14,0xDF,0xFD,0x37,0x44,0x23,0xD6,0x83,0x32,0xA6,0xD7,0x7E,0x5C,0x6A,0x3D,0xB8,0xF0,0xE3,0x7B,0x28,0x0C,0xD2,0xCA,0xB6,0xC4,0x43,0x22,0x82,0x03,0xF6,0x07,0xFA,0x97,0x21,0x90,0x6B,0x4E,0xA4,0xAB,0x93,0x67,0xF4,0x71,0x38,0xF7,0x3B,0x69,0x2E,0x4F,0xB5,0xB9,0x2B,0x8A,0x36,0x91,0x73,0x04,0x5E,0x4C,0xEC,0x03,0x4C,0x73,0xE6,0x05,0xB4,0x31,0x0E,0xAA,0xAD,0xCF,0xD5,0xB0,0xCA,0x27,0xFF,0xD8,0x9D,0x14,0x4D,0xF4,0x79,0x27,0x59,0x42,0x7C,0x9C,0xC1,0xF8,0xCD,0x8C,0x87,0x20,0x23,0x64,0xB8,0xA6,0x87,0x95,0x4C,0xB0,0x5A,0x8D,0x4E,0x2D,0x99,0xE7,0x3D,0xB1,0x60,0xDE,0xB1,0x80,0xAD,0x08,0x41,0xE9,0x67,0x41,0xA5,0xD5,0x9F,0xE4,0x18,0x9F,0x15,0x42,0x00,0x26,0xFE,0x4C,0xD1,0x21,0x04,0x93,0x2F,0xB3,0x8F,0x73,0x53,0x40,0x43,0x8A,0xAF,0x7E,0xCA,0x6F,0xD5,0xCF,0xD3,0xA1,0x95,0xCE,0x5A,0xBE,0x65,0x27,0x2A,0xF6,0x07,0xAD,0xA1,0xBE,0x65,0xA6,0xB4,0xC9,0xC0,0x69,0x32,0x34,0x09,0x2C,0x4D,0x01,0x8F,0x17,0x56,0xC6,0xDB,0x9D,0xC8,0xA6,0xD8,0x0B,0x88,0x81,0x38,0x61,0x6B,0x68,0x12,0x62,0xF9,0x54,0xD0,0xE7,0x71,0x17,0x48,0x78,0x0D,0x92,0x29,0x1D,0x86,0x29,0x99,0x72,0xDB,0x74,0x1C,0xFA,0x4F,0x37,0xB8,0xB5,0xB0,0x95,0x57,0xF5,0xDF,0x80,0x6C,0x6D,0x8D,0x74,0xD9,0x8B,0x43,0x65,0x11,0x08,0xA5,0xF6,0x79,0xBD,0xF7,0xEB,0x15,0xB8,0xE0,0xE1,0x60,0x8F,0x6E,0x3C,0x7B,0xF4,0x5B,0x62,0x8A,0x8A,0x8F,0x27,0x5C,0xF7,0xE5,0x87,0x4A,0x3B,0x32,0x9B,0x61,0x40,0x84,0xC6,0xC3,0xB1,0xA7,0x30,0x4A,0x10,0xEE,0x75,0x6F,0x03,0x2F,0x9E,0x6A,0xEF,0x10,0x50,0x9B,0xC8,0x81,0x43,0x29,0x28,0x8A,0xF6,0xE9,0x9E,0x47,0xA1,0x81,0x48,0x31,0x6C,0xCD,0xA4,0x9E,0xDE,0x81,0xA3,0x8C,0x98,0x10,0xFF,0x9A,0x43,0xCD,0xCF,0x57,0xC7,0x50,0x59,0xBF,0xBD,0x1C,0x27,0x03,0x28,0x7F,0x5D,0x89,0x5F,0xB9,0x49,0x34,0x4E,0x60,0x3C,0xE5,0xDE,0x02,0x98,0x42,0xB2,0x0D,0x2B,0xB6,0x14,0xEC,0xBB,0xB8,0x2F,0x73,0xE2,0x51,0x7E,0x7D,0x1D,0xD8,0x84,0xD3,0x1F,0x01,0xBE,0x50,0x6B,0x16,0xD6,0x43,0x21,0x83,0x19,0x15,0x18,0x98,0x2B,0x2C,0x2E,0x8B,0xF9,0x0E,0xDC,0xBC,0xF0,0xCA,0x0E,0x3D,0x6D,0x94,0x31,0x92,0x74,0xAF,0x8D,0xB5,0xA4,0x90,0xD5,0x5E,0x6A,0x40,0xFC,0x80,0x76,0x02,0x4B,0x17,0x6B,0x36,0xB1,0x21,0xDB,0x7D,0x5A,0xEA,0x72,0x1E,0x82,0x8D,0x71,0xA8,0x8C,0xB8,0x5E,0xD9,0x4E,0xAF,0xFA,0xBF,0xB0,0x94,0x74,0x1D,0x75,0xE5,0xDC,0x10,0x58,0x46,0xDA,0xF2,0x5B,0x81,0xA0,0x7F,0x5C,0xCB,0x1D,0x36,0xE9,0x49,0x74,0x02,0x55,0xD2,0xAC,0x1A,0x0B,0xF7,0xA9,0x26,0x23,0x40,0x5B,0xA3,0x33,0xB9,0x35,0x88,0x68,0xAD,0xE1,0x2A,0xD5,0xB2,0x32,0x5D,0x0A,0xE5,0x5A,0xDC,0xE9,0x77,0x5D,0xEB,0xB5,0x69,0xC5,0x3A,0x6C,0x93,0x98,0x0D,0x57,0xEB,0x87,0x9A,0xDF,0x04,0x68,0xB2,0xA2,0xD5,0xE6,0xA4,0xC6,0xBC,0x77,0x5F,0x8D,0xC3,0x8F,0xD6,0x2A,0x21,0x14,0xA9,0xD4,0x04,0x11,0x01,0x18,0x8D,0xAE,0xBB,0x73,0x1C,0x60,0xCA,0x20,0xCF,0x5D,0xD6,0x2F,0x45,0x53,0x29,0xD7,0xA8,0x59,0xCC,0x0D,0xEA,0x26,0xED,0x55,0x4E,0x80,0x84,0xD9,0x2B,0xF8,0x37,0xB8,0xED,0xD5,0x7A,0xA0,0x5C,0x4E,0xFA,0x9F,0x21,0xFC,0x3C,0x36,0x85,0x8E,0x81,0xB0,0x7D,0xBF,0xEE,0xB1,0x3D,0xA1,0x3B,0xDD,0xF8,0x17,0x00,0x0D,0x00,0x00,0x01,0x06,0xF9,0x00,0x01,0x16]

for i in range(8):

a1[i*4] = a1[i*4] ^ a2[i]

for _ in range(0x1BF52):

for i in range(1,32):

if i % 2 != 0:

lookup_index = (256 + a1[i]) % 0x400

sub_byte = keystream_sbox[lookup_index]

a1[i] = sub_byte

else:

a1[i] = a1[i] ^ a1[i-1]

print(a1.hex())

# -*- coding: utf-8 -*-
 
def reverse_crypto():
    """
    根据给定的正向加密代码和输出结果，执行逆向操作以找出原始输入。
    """
    # 正向代码中使用的常量数组
    arr = [0x4B,0x0C,0x54,0x0F,0x32,0x00,0x02,0x35]
    keystream_sbox = [...] #和上面一样，略去
 
    # 已知的最终结果
    final_hex = "001d3b29701269b76c0f4d5c9f5b6c1bb547a228c0f8dce07af8d628f6f893b3"
    working_data = bytearray.fromhex(final_hex)
 
    # --- 步骤 1: 构建逆向S-Box查找表 ---
    # 正向查找索引是 256 + 原始字节
    reverse_sbox_map = {}
    for original_byte in range(256):
        sbox_value = keystream_sbox[256 + original_byte]
        if sbox_value not in reverse_sbox_map:
            reverse_sbox_map[sbox_value] = []
        reverse_sbox_map[sbox_value].append(original_byte)
 
    # 定义逆向S-Box查找函数
    # 假设总是选择第一个（索引最小的）可能的原值
    def reverse_sbox_lookup(value):
        possible_preimages = reverse_sbox_map.get(value)
        if not possible_preimages:
            raise ValueError(f"值 {value} 在S-Box输出中未找到，无法逆向。")
        return possible_preimages[0]
 
    # --- 步骤 2: 逆向执行主循环 ---
    num_iterations = 0x1BF52
    for _ in range(num_iterations):
        # 内层循环需要从 31 向 1 逆向迭代
        for i in range(31, 0, -1):
            if i % 2 != 0:
                # 奇数索引：逆向S-Box替换
                working_data[i] = reverse_sbox_lookup(working_data[i])
            else:
                # 偶数索引：逆向XOR操作（与正向操作相同）
                # 正向: new[i] = old[i] ^ new[i-1]
                # 逆向: old[i] = new[i] ^ new[i-1]
                # 此时 working_data[i-1] 已经是上一步逆向计算后的值
                working_data[i] = working_data[i] ^ working_data[i-1]
 
    # --- 步骤 3: 逆向执行初始的XOR操作 ---
    # XOR是其自身的逆运算，所以操作不变
    for i in range(8):
        working_data[i*4] = working_data[i*4] ^ arr[i]
 
    return working_data
 
if __name__ == '__main__':
    original_data = reverse_crypto()
    print("逆向计算得到的原始输入:")
    print(f"  - 作为字节: {original_data}")
    print(f"  - 作为十六进制字符串: {original_data.hex()}")
    # 尝试用GBK解码
    try:
        decoded_string = original_data.decode('gbk')
        print(f"  - 解码为GBK字符串: {decoded_string}")
    except UnicodeDecodeError:
        print("  - 无法解码为GBK字符串。")