[CTF]-Reverse:Reverse做题笔记

Tea:

[HNCTF 2022 WEEK2]TTTTTTTTTea:

找出关键数据,运行脚本

#include <stdio.h>
int main(){
    unsigned int l,r;
    unsigned int v4[6]={-1054939302,-1532163725,-165900264,853769165,768352038,876839116};
    int flag[6]={0};
    unsigned int delta;
    unsigned int key[4]={0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f};
    int i,j;
    for(i=0;i<6;i+=2){
        l=v4[i];
        r=v4[i+1];
        delta=-32*1640531527;
        for(j=0;j<32;j++){
            r -= (((l >> 5) ^ (l*16)) + l) ^ (key[(delta>>11)&3]+ delta);//*16==<<4 
            delta += 1640531527;
            l -= (((r >> 5) ^ (r*16)) + r) ^ (key[delta&3]+ delta);
        }
        flag[i]=l;
        flag[i+1]=r;
    }
    char *p = (char*)flag;
    for(i=0;i<24;i++){
        printf("%c",*p);
        p++;
    }
}

[MoeCTF 2022]ezTea:

运行脚本

#include <stdio.h>
#include <stdint.h>

void encrypt (uint32_t* v, uint32_t* k) {                       // 主要加密函数,试着搞定它
    uint32_t v0 = v[0], v1 = v[1], sum = 0;
    uint32_t delta = 0xd33b470;
    for (int i = 0; i < 32; i++) {
        sum += delta;
        v0 += ((v1<<4) + k[0]) ^ (v1 + sum) ^ ((v1>>5) + k[1]);
        v1 += ((v0<<4) + k[2]) ^ (v0 + sum) ^ ((v0>>5) + k[3]);
    }
    v[0] = v0;
    v[1] = v1;
}

void decrypt(uint32_t* v, uint32_t* k) {
	uint32_t v0 = v[0], v1 = v[1], sum = 0xd33b470*32, i;
	uint32_t delta = 0xd33b470;
	uint32_t k0 = k[0], k1 = k[1], k2 = k[2], k3 = k[3];
	for (i = 0; i<32; i++) {
		v1 -= ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3);
		v0 -= ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1);
		sum -= delta;
	}
	v[0] = v0; v[1] = v1;
}

int main() {
    uint32_t k[4] = {1, 2, 3, 4};
    int8_t input[33] = {0x17, 0x65, 0x54, 0x89, 0xed, 0x65, 0x46, 0x32, 0x3d, 0x58, 0xa9, 0xfd, 0xe2, 0x5e,
0x61, 0x97, 0xe4, 0x60, 0xf1, 0x91, 0x73, 0xe9, 0xe9, 0xa2, 0x59, 0xcb, 0x9a, 0x99,
0xec, 0xb1, 0xe1, 0x7d};
    
    //scanf("%32s", input);
    for (int i = 0; i < 32; i+=8) {
        uint32_t v[2] = {*(uint32_t *)&input[i], *(uint32_t *)&input[i+4]};
        decrypt(v, k);
        for (int j = 0; j < 2; j++) {                           // 这一段主要是把 v 按单字节输出,另外可以了解一下 "大小端序" 在这题是如何体现的
            for (int k = 0; k < 4; k++) {
                printf("%c", v[j] & 0xff);
                v[j] >>= 8;
            }
        }
    }
    return 0;
}

[HGAME 2023 week1]a_cup_of_tea:

#include <stdio.h>
#include <string.h>
#include <emmintrin.h>
#include <stdint.h>

void decrypt(unsigned int *v, unsigned int *k) {
	unsigned int v0 = v[0],v1 = v[1];
	int delta = -1412567261;
	int sum =delta*32;
	unsigned int k0 = k[0],k1 = k[1],k2 = k[2],k3 = k[3];
	for (int i = 0; i < 32; i++) {
		v1 -= ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3);
		v0 -= ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1);
		sum -= delta;
	}
	v[0] = v0;
	v[1] = v1;
}

int __cdecl main() {
	int Buf2[8];
	unsigned int key[] = {0x12345678, 0x23456789, 0x34567890, 0x45678901};
	Buf2[0] = 778273437;
	Buf2[1] = -1051836401;
	Buf2[2] = -1690714183;
	Buf2[3] = 1512016660;
	Buf2[4] = 1636330974;
	Buf2[5] = 1701168847;
	Buf2[6] = -1626976412;
	Buf2[7] = 594166774;
	
	char buf[50] = {0};
	memcpy(buf, Buf2, sizeof Buf2);
	
	for(int i=0;i<=6;i+=2)
	{
		decrypt((unsigned int *)&buf+i, key);
	}
	
	printf("%s", buf);
	
	return 0;
}

Python编译:

[LitCTF 2023]snake:

附件是一个pyc文件

magic修复:

python3.7,42 0D 0D 0A

用pycdc编译py,出源码

#!/usr/bin/env python
# visit https://tool.lu/pyc/ for more information
# Version: Python 3.7

'''贪吃蛇'''
import random
import sys
import time
import pygame
from pygame.locals import *
from collections import deque
SCREEN_WIDTH = 600
SCREEN_HEIGHT = 480
SIZE = 20
LINE_WIDTH = 1
SCOPE_X = (0, SCREEN_WIDTH // SIZE - 1)
SCOPE_Y = (2, SCREEN_HEIGHT // SIZE - 1)
FOOD_STYLE_LIST = [
    (10, (255, 100, 100)),
    (20, (100, 255, 100)),
    (30, (100, 100, 255))]
LIGHT = (100, 100, 100)
DARK = (200, 200, 200)
BLACK = (0, 0, 0)
RED = (200, 30, 30)
BGCOLOR = (40, 40, 60)

def print_text(screen, font, x, y, text, fcolor = ((255, 255, 255),)):
    imgText = font.render(text, True, fcolor)
    screen.blit(imgText, (x, y))


def init_snake():
    snake = deque()
    snake.append((2, SCOPE_Y[0]))
    snake.append((1, SCOPE_Y[0]))
    snake.append((0, SCOPE_Y[0]))
    return snake


def create_food(snake):
    food_x = random.randint(SCOPE_X[0], SCOPE_X[1])
    food_y = random.randint(SCOPE_Y[0], SCOPE_Y[1])
    while (food_x, food_y) in snake:
        food_x = random.randint(SCOPE_X[0], SCOPE_X[1])
        food_y = random.randint(SCOPE_Y[0], SCOPE_Y[1])
    return (food_x, food_y)


def get_food_style():
    return FOOD_STYLE_LIST[random.randint(0, 2)]


def main():
    pygame.init()
    screen = pygame.display.set_mode((SCREEN_WIDTH, SCREEN_HEIGHT))
    pygame.display.set_caption('贪吃蛇')
    font1 = pygame.font.SysFont('SimHei', 24)
    font2 = pygame.font.Font(None, 72)
    (fwidth, fheight) = font2.size('GAME OVER')
    b = True
    snake = init_snake()
    food = create_food(snake)
    food_style = get_food_style()
    pos = (1, 0)
    game_over = True
    start = False
    score = 0
    orispeed = 0.5
    speed = orispeed
    last_move_time = None
    pause = False
    while None:
        for event in pygame.event.get():
            if event.type == QUIT:
                sys.exit()
                continue
            if event.type == KEYDOWN or event.key == K_RETURN or game_over:
                start = True
                game_over = False
                b = True
                snake = init_snake()
                food = create_food(snake)
                food_style = get_food_style()
                pos = (1, 0)
                score = 0
                last_move_time = time.time()
                continue
                if not event.key == K_SPACE or game_over:
                    pause = not pause
                    continue
                    if not (event.key in (K_w, K_UP) or b) and pos[1]:
                        pos = (0, -1)
                        b = False
                        continue
                        if not (event.key in (K_s, K_DOWN) or b) and pos[1]:
                            pos = (0, 1)
                            b = False
                            continue
                            if not (event.key in (K_a, K_LEFT) or b) and pos[0]:
                                pos = (-1, 0)
                                b = False
                                continue
                                if not event.key in (K_d, K_RIGHT) and b and pos[0]:
                                    pos = (1, 0)
                                    b = False
                                screen.fill(BGCOLOR)
                                for x in range(SIZE, SCREEN_WIDTH, SIZE):
                                    pygame.draw.line(screen, BLACK, (x, SCOPE_Y[0] * SIZE), (x, SCREEN_HEIGHT), LINE_WIDTH)
                                
        for y in range(SCOPE_Y[0] * SIZE, SCREEN_HEIGHT, SIZE):
            pygame.draw.line(screen, BLACK, (0, y), (SCREEN_WIDTH, y), LINE_WIDTH)
        
        if not game_over:
            curTime = time.time()
            if not curTime - last_move_time > speed and pause:
                b = True
                last_move_time = curTime
                next_s = (snake[0][0] + pos[0], snake[0][1] + pos[1])
                if next_s == food:
                    snake.appendleft(next_s)
                    score += food_style[0]
                    speed = orispeed - 0.03 * (score // 100)
                    food = create_food(snake)
                    food_style = get_food_style()
                elif next_s[0] <= next_s[0] or next_s[0] <= SCOPE_X[1]:
                    pass
                else:
                    SCOPE_X[0]
            elif next_s[1] <= next_s[1] or next_s[1] <= SCOPE_Y[1]:
                pass
            else:
                SCOPE_Y[0]
        elif next_s not in snake:
            snake.appendleft(next_s)
            snake.pop()
        else:
            game_over = True
        if not game_over:
            pygame.draw.rect(screen, food_style[1], (food[0] * SIZE, food[1] * SIZE, SIZE, SIZE), 0)
        for s in snake:
            pygame.draw.rect(screen, DARK, (s[0] * SIZE + LINE_WIDTH, s[1] * SIZE + LINE_WIDTH, SIZE - LINE_WIDTH * 2, SIZE - LINE_WIDTH * 2), 0)
        
        print_text(screen, font1, 450, 7, f'''得分: {score}''')
        if score > 1000:
            flag = [
                30,
                196,
                52,
                252,
                49,
                220,
                7,
                243,
                3,
                241,
                24,
                224,
                40,
                230,
                25,
                251,
                28,
                233,
                40,
                237,
                4,
                225,
                4,
                215,
                40,
                231,
                22,
                237,
                14,
                251,
                10,
                169]
            for i in range(0, len(flag), 2):
                flag[i] = flag[i + 1] ^ 136
                flag[i + 1] = flag[i] ^ 119
            
            print_text(screen, font2, (SCREEN_WIDTH - fwidth) // 2, (SCREEN_HEIGHT - fheight) // 2, bytes(flag).decode(), RED)
            pygame.display.update()
        if game_over and start:
            print_text(screen, font2, (SCREEN_WIDTH - fwidth) // 2, (SCREEN_HEIGHT - fheight) // 2, 'GAME OVER', RED)
        pygame.display.update()

if __name__ == '__main__':
    main()

输出flag

flag = [
                30,
                196,
                52,
                252,
                49,
                220,
                7,
                243,
                3,
                241,
                24,
                224,
                40,
                230,
                25,
                251,
                28,
                233,
                40,
                237,
                4,
                225,
                4,
                215,
                40,
                231,
                22,
                237,
                14,
                251,
                10,
                169]
for i in range(0, len(flag), 2):
    temp=flag[i]
    flag[i] = flag[i + 1] ^ 136
    flag[i + 1] = temp ^ 119
    print(chr(flag[i]),end='')
    print(chr(flag[i+1]),end='')
相关推荐
听忆.10 分钟前
手机屏幕上进行OCR识别方案
笔记
Selina K1 小时前
shell脚本知识点记录
笔记·shell
为什么这亚子1 小时前
九、Go语言快速入门之map
运维·开发语言·后端·算法·云原生·golang·云计算
1 小时前
开源竞争-数据驱动成长-11/05-大专生的思考
人工智能·笔记·学习·算法·机器学习
~yY…s<#>1 小时前
【刷题17】最小栈、栈的压入弹出、逆波兰表达式
c语言·数据结构·c++·算法·leetcode
霍格沃兹测试开发学社测试人社区2 小时前
软件测试学习笔记丨Flask操作数据库-数据库和表的管理
软件测试·笔记·测试开发·学习·flask
幸运超级加倍~2 小时前
软件设计师-上午题-16 算法(4-5分)
笔记·算法
yannan201903132 小时前
【算法】(Python)动态规划
python·算法·动态规划
埃菲尔铁塔_CV算法2 小时前
人工智能图像算法:开启视觉新时代的钥匙
人工智能·算法
EasyCVR2 小时前
EHOME视频平台EasyCVR视频融合平台使用OBS进行RTMP推流,WebRTC播放出现抖动、卡顿如何解决?
人工智能·算法·ffmpeg·音视频·webrtc·监控视频接入