RE2
1.中文字符的显示
2.对文件的读取操作
3.RC4加密 (有一点是魔改的)
4.enflag.txt文件里面的密文是ASCII编码之后的数据(可以放ida中)
也可以放到 010 里(推荐)
enc='DH~mqqvqxB^||zll@Jq~jkwpmvez{'
key=''
for i in enc:
key+=chr(ord(i)^0x1f)
print(key)
flag=''
data=[ 0xC3, 0x82, 0xA3, 0x25, 0xF6, 0x4C, 0x36, 0x3B, 0x59, 0xCC,
0xC4, 0xE9, 0xF1, 0xB5, 0x32, 0x18, 0xB1, 0x96, 0xAE, 0xBF,
0x08, 0x35]
S=list(range(256))
# K=[]
# for i in range(256):
# K.append(ord(key[i%len(key)]))
# init fix box
j=0
for i in range(256):
j=(j+S[i]+ord(key[i%len(key)]))%256
S[i],S[j]=S[j],S[i]
# de encrypt
i=0
j=0
for c in data:
i=(i+1)%256
j=(j+S[i])%256
S[i],S[j]=S[j],S[i]
tmp=(S[i]+(S[j]%256))%256
flag+=chr(S[tmp]^c)
print(flag)
# [Warnning]Access_Unauthorized
# flag{RC4&->ENc0d3F1le}
RE3
还要注意的就是 key 输入过多,就会覆盖到后面的变量里(地址连着)
flag{1a9f} len=10 所以就是 1a9f (存到了v19)付给了 dest
真感觉直接不好猜
逆向4
逆向的话:
所以首先 ..v4p$$!>Y59- 与7异或,得到 v7数组,即v9字符串,然后得出其在那26个字符的索引
# first get v7 str
enc='/..v4p$$!>Y59-'
v7=''
for i in enc:
v7+=(chr(ord(i)^7))
print(v7)
# second get each char in v7 places in table
table=')(*&^%489$!057@#><:2163qwe'
site=[]
for c in v7:
site.append(table.index(c))
# change sites into 26 site num
flag=0
for i in range(len(site)):
flag*=26
flag+=site[i]
print(flag)
# ())q3w##&9^2>*
# 2484524302484524302
扫一扫
196
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
