0x00 Crypto之boom
下载下来是个exe文件,拖到cmd运行(切记一定不要双击,用cmd打开)
找个md5网站解密,得到明文
输入后得到一个方程组,解方程组(找个就不用说了,初中知识)
输入有又出现一个方程:
解出来输入x可得flag:
0x01 Reverse之signal
用IDA逆向后,可得关键算法:
他是将一串数字做了不同操作符运算,得到一个ascii码,即为flag,于是写出爆破payload如下:
# -*- coding: UTF-8 -*-
code = [10,4,16,8,3,5,1,4,32,8,5,3,1,3,2,8,11,1,12,8,4,4,1,5,3,8,3,33,1,11,8,11,1,4,9,8,3,32,1,2,81,8,4,36,1,12,8,11,1,5,2,8,2,37,1,2,54,8,4,65,1,2,32,8,5,1,1,5,3,8,2,37,1,4,9,8,3,32,1,2,65,8,12,1,7,34,7,63,7,52,7,50,7,114,7,51,7,24,7,167,7,49,7,241,7,40,7,132,7,193,7,30,7,122]
result = [34,63,52,50,114,51,24,167,49,241,40,132,193,30,122]
flag = []
def encode(x,code):
i=0
achar=0
while(i<len(code)):
if code[i]==2:
achar=x+code[i+1]
i+=2
elif code[i]==3:
achar=x-code[i+1]
i=i+2
elif code[i]==4:
achar=x^code[i+1]
i=i+2
elif code[i]==5:
achar=x*code[i+1]
i=i+2
elif code[i]==8:
x=achar
i=i+1
elif code[i]==11:
achar=x-1
i=i+1
elif code[i]==12:
achar=x+1
i=i+1
return achar
def run(result,code):
for x in range(1,127):
if(encode(x,code)==result):
flag.append(chr(x))
if __name__ == '__main__':
cur_code = []
result_i = 0
for i in range(len(code)):
if code[i] == 10:
continue
if i < len(code) - 1 and code[i+1] != 1 and code[i] == 1:
run(result[result_i],cur_code)
cur_code = []
result_i = result_i + 1
else:
cur_code.append(code[i])
print("flag is = flag{" + ''.join(flag) + '}')
博客专家
原创文章 108
获赞 219
访问量 42万+