首页
论坛
课程
招聘
[原创]第十题初入的好望角writeup
2019-3-12 01:08 1032

[原创]第十题初入的好望角writeup

2019-3-12 01:08
1032
1.dnspy反编译
AES算法
internal class a
{
    // Token: 0x06000004 RID: 4 RVA: 0x0000209B File Offset: 0x0000029B
    private static void a(string[] A_0)
    {
        Console.WriteLine("Please Input Serial:");
        if (global::a.a(Console.ReadLine(), "Kanxue2019") == "4RTlF9Ca2+oqExJwx68FiA==")
        {
            Console.WriteLine("Congratulations!  : )");
            Console.ReadLine();
        }
    }

    // Token: 0x06000005 RID: 5 RVA: 0x000020D4 File Offset: 0x000002D4
    public static string a(string A_0, string A_1)
    {
        byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1");
        byte[] bytes2 = Encoding.UTF8.GetBytes(A_0);
        byte[] bytes3 = new PasswordDeriveBytes(A_1, null).GetBytes(32);
        ICryptoTransform transform = new RijndaelManaged
        {
            Mode = CipherMode.CBC
        }.CreateEncryptor(bytes3, bytes);
        MemoryStream memoryStream = new MemoryStream();
        CryptoStream expr_4F = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write);
        expr_4F.Write(bytes2, 0, bytes2.Length);
        expr_4F.FlushFinalBlock();
        byte[] inArray = memoryStream.ToArray();
        memoryStream.Close();
        expr_4F.Close();
        return Convert.ToBase64String(inArray);
    }

    // Token: 0x04000003 RID: 3
    private const string a = "Kanxue2019CTF-Q1";

    // Token: 0x04000004 RID: 4
    private const int b = 256;
}

2.导出工程

3.修改工程写算法

internal class a
{
// Token: 0x06000004 RID: 4 RVA: 0x0000209B File Offset: 0x0000029B
private static void Main(string[] A_0)
{
  global::a.test("4RTlF9Ca2+oqExJwx68FiA==", "Kanxue2019");
}

// Token: 0x06000005 RID: 5 RVA: 0x000020D4 File Offset: 0x000002D4
public static string test(string A_0, string A_1)
{

        byte[] base64 = Convert.FromBase64CharArray(A_0.ToCharArray(0,A_0.Length), 0, A_0.Length);
byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1");
byte[] bytes2 = Encoding.UTF8.GetBytes(A_0);
byte[] bytes3 = new PasswordDeriveBytes(A_1, null).GetBytes(32);
ICryptoTransform transform = new RijndaelManaged
{
Mode = CipherMode.CBC
}.CreateDecryptor(bytes3, bytes);
MemoryStream memoryStream = new MemoryStream();
CryptoStream expr_4F = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write);
        expr_4F.Write(base64, 0, base64.Length);
expr_4F.FlushFinalBlock();
byte[] inArray = memoryStream.ToArray();
memoryStream.Close();
expr_4F.Close();

        string result = System.Text.Encoding.UTF8.GetString(inArray);
        return result;
}

// Token: 0x04000003 RID: 3
private const string keyiv = "Kanxue2019CTF-Q1";

// Token: 0x04000004 RID: 4
private const int b = 256;
}

调试结果
Kanxue2019Q1CTF


[培训]12月3日2020京麒网络安全大会《物联网安全攻防实战》训练营,正在火热报名中!地点:北京 · 新云南皇冠假日酒店

收藏
点赞0
打赏
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
返回