首页
论坛
专栏
课程

[原创]【2019看雪CTF】Q2赛季 第六题 消失的岛屿 WP

2019-7-2 00:14 2493

[原创]【2019看雪CTF】Q2赛季 第六题 消失的岛屿 WP

2019-7-2 00:14
2493

【2019看雪CTF】Q2赛季 第六题 消失的岛屿 WP

简单的一题,console程序,代码量很小。主流程伪代码如下:

int __cdecl main(int argc, const char **argv, const char **envp)
{
  int v3; // eax
  uint8_t bindata; // [esp+11h] [ebp-3Fh]
  const char *v6; // [esp+48h] [ebp-8h]
  char *v7; // [esp+4Ch] [ebp-4h]

  __main();
  printf("please enter Serial:");
  scanf(" %s", &bindata);
  if ( strlen((const char *)&bindata) > 0x31 )
    puts("error");
  v7 = (char *)calloc(1u, 0x400u);
  v3 = strlen((const char *)&bindata);
  base64_encode(&bindata, v7, v3);
  v6 = "!NGV%,$h1f4S3%2P(hkQ94==";
  if ( !strcmp("!NGV%,$h1f4S3%2P(hkQ94==", v7) )
    puts("Success");
  else
    puts("Please Try Again");
  free(v7);
  system("pause");
  return 0;
}

主要算法就是替换加密和更了表的base64编码。反解代码如下:

# -*- coding:utf-8 -*-

import string

def main():
  t1 = 'tuvwxTUlmnopqrs7YZabcdefghij8yz0123456VWXkABCDEFGHIJKLMNOPQRS9+/'
  t2 = string.uppercase+string.lowercase+string.digits+'+/'
  a = '!NGV%,$h1f4S3%2P(hkQ94=='
  s = ''
  for i in a:
    asc = ord(i)
    if asc == 0x77:
      s += chr(0x2b)
    elif asc == 0x79:
      s += chr(0x2f)
    elif asc > 0x61 and asc <= 0x6b:
      s += chr(asc-0x32)
    elif asc > 0x20 and asc <= 0x3a:
      s += chr(asc+0x40)
    elif asc >= 0x41 and asc< 0x5b:
      s += chr(0x9b-asc)
    else:
      s += i
  tr = string.maketrans(t1,t2)
  print s
  s1 = s.translate(tr)
  print s1
  print s1.decode('base64')
  '''KanXue2019ctf_st'''
  print 'end.'

if __name__ == '__main__':
  main()


[公告]安全服务和外包项目请将项目需求发到看雪企服平台:https://qifu.kanxue.com

最新回复 (0)
游客
登录 | 注册 方可回帖
返回