2026 新春快乐破解活动之番外题

1、查壳

首先惯例查壳，发现lua语言，那么可以直接解压得到lua脚本

2、lua解密

脚本语言如下，还发现asserts下面有flag数据，

seg000:00000000                 db  53h ; S
seg000:00000001                 db 5Eh, 11h, 8
seg000:00000004                 dd 45575C11h, 0F061A5Dh, 55736h, 8223046h, 2F4B4515h, 3A1E0F21h
seg000:0000001C                 dd 1D11576Ch, 425B364Bh
seg000:00000024                 db  0Eh
seg000:00000025                 db 0Dh

main.lua里面有脚本语言，

local function getWinMessage()
    local content = nil
   
    if love.filesystem.getInfo("assets/flag.dat") then
        content = love.filesystem.read("assets/flag.dat")
    end

    if not content or currentDifficulty ~= "hard" then
        return "You WIN!"
    end

    local key = "52pojie"
    local keyLen = #key
    local result = {}
    local bit = require("bit")

    for i = 1, #content do
        local b = string.byte(content, i)
        local k = string.byte(key, ((i - 1) % keyLen) + 1)
        table.insert(result, string.char(bit.bxor(b, k)))
    end

    return table.concat(result)
end

然后观察逻辑，可以看到，key = "52pojie"，然后将data数据和key按个异或，可以得到key，

#include <stdio.h>
#include <string.h>

int main() {
    // 密文数据（从汇编代码中提取）
    unsigned char ciphertext[] = {
        0x53, 0x5E, 0x11, 0x08, 0x11, 0x5C, 0x57, 0x45,
        0x5D, 0x1A, 0x06, 0x0F, 0x36, 0x57, 0x05, 0x00,
        0x46, 0x30, 0x22, 0x08, 0x15, 0x45, 0x4B, 0x2F,
        0x21, 0x0F, 0x1E, 0x3A, 0x6C, 0x57, 0x11, 0x1D,
        0x4B, 0x36, 0x5B, 0x42, 0x0E, 0x0D
    };
   
    int len = sizeof(ciphertext);
    char key[] = "52pojie";
    int keyLen = strlen(key);
   
    printf("密文长度: %d 字节\n", len);
    printf("解密密钥: %s\n\n", key);
   
    printf("解密过程:\n");
    printf("索引\t密文(hex)\t密钥(char)\tXOR结果(char)\n");
    printf("------------------------------------------------\n");
   
    unsigned char plaintext[len + 1];
   
    for (int i = 0; i < len; i++) {
        int keyIndex = i % keyLen;
        unsigned char decrypted = ciphertext[i] ^ key[keyIndex];
        plaintext[i] = decrypted;
        
        printf("%d\t0x%02X\t\t%c (0x%02X)\t%c (0x%02X)\n",
               i, ciphertext[i],
               key[keyIndex], key[keyIndex],
               decrypted >= 32 && decrypted <= 126 ? decrypted : '.',
               decrypted);
    }
   
    plaintext[len] = '\0';
   
    printf("\n================================================\n");
    printf("解密结果: %s\n", plaintext);
    printf("================================================\n");
   
    return 0;
}

结果如下：flag{52pojie_2026_Happy_New_Year!_>w<}/md