前言
hgame 2021的逆向部分题解,一道nc题和一道安卓逆向没有做,每周的题目都看了看,做了四分之三左右,杭电的比赛题目出得很有水平,自己学到了很多东西,wp本来说每周都写的,但是懒,比赛都结束一个月了才偷工减料得写出来。有兴趣的师傅凑合着看看吧吧🤪
RE-week1
一杯阿帕茶
明显的TEA加密标志,后面分析为XXTEA加密
加密后的数据,刚好35位
#include <stdint.h>
#include <stdio.h>
#define DELTA 0x9e3779b9
#define MX (((z>>5 ^ y<<2) + (y>>3 ^ z<<4)) ^ ((sum ^ y) + (k[(p&3) ^ e] ^ z)))
void XXTEA(int n, uint32_t* v, uint32_t* k)
{
uint32_t sum, y, z;
uint32_t p, rounds, e;
if (n > 1) {
rounds = 6 + 52 / n;
sum = 0;
z = v[n - 1];
do {
sum += DELTA;
e = (sum >> 2) & 3;
for (p = 0; p < n - 1; p++) {
y = v[p + 1];
z = v[p] += MX;
}
y = v[0];
z = v[n - 1] += MX;
} while (--rounds);
}
else if (n < -1) {
n = -n;
rounds = 6 + 52 / n;
sum = rounds * DELTA;
y = v[0];
do {
e = (sum >> 2) & 3;
for (p = n - 1; p > 0; p--) {
z = v[p - 1];
y = v[p] -= MX;
}
z = v[n - 1];
y = v[0] -= MX;
sum -= DELTA;
} while (--rounds);
}
}
int main()
{
uint32_t arr[] = {3880694563, 3081185334, 1506439138, 2524759489, 3883935348, 1026381030, 2325545814, 2581382044, 1881594093, 1781792173, 4103492874, 1553756062, 468045900, 1730391575, 1383114178, 2890011402, 2227070898, 1885128569, 1548828056, 4214676013, 571971141, 1558401693, 3515474427, 3898332297, 1942540575, 1421197718, 3061626000, 555214026, 2648963476, 794468778, 2816999933, 3272437419, 464379036, 877899850, 2460223225};
uint32_t key[] = { 1,2,3,4 };
XXTEA(-35, arr, key);
for (int i = 0; i < 35; i++) {
printf("%c", arr[i]);
}
return 0;
}
Welcome to reverse world !
简单题,一个异或直接搞定
from ida_bytes import *
def re():
addr = 0x00007FF7F7513480
flag = ''
for i in range(22):
flag += chr((0xff - i) ^ get_byte(addr +i))
print(flag)
pypy
给了我们python字节码,需要我们自己还原成python代码,下面贴还原过后的代码,加密过程很简单
import dis
def input_func():
raw_flag = input('give me your flag:\n')
cipher = list(raw_flag[6:-1])
length = len(cipher)
for i in range(length // 2):
cipher[2*i], cipher[2*i+1] = cipher[2*i+1] , cipher[2*i]
res = []
for i in range(length):
res.append(ord(cipher[i]) ^ i)
res = bytes(res).hex()
print('your flag: ' + res)
# print(dis.dis(input_func))
解密脚本
def Cip():
flag = ''
res = []
cipher = '30466633346f59213b4139794520572b45514d61583151576638643a'
length = len(cipher)
for i in range(0, length, 2):
res.append(int(cipher[i:i+2],16))
for i in range(len(res)):
flag += chr(res[i] ^ i)
flag = list(flag)
for i in range(len(flag) // 2):
flag[i*2+1], flag[i*2] = flag[i*2],flag[i*2 + 1]
for i in range(len(flag)):
print(flag[i],end='')
# hgame{G00dj0&_H3r3-I$Y@Ur_$L@G!~!~}