FlareOn6 Memecat Battlestation
根据提示拖到dnspy中,找到两处打怪的函数,发现第一个怪用的是明文比对
第二个怪用的是简单异或
>>> a = ['\u0003',' ','&','$','-','\u001e','\u0002',' ','/','/','.','/']
>>> b = ''
>>> for i in range(len(a)):
b += chr(ord(a[i]) ^ ord('A'))
>>> b
'Bagel_Cannon'
flag{Kitteh_save_galixy@flare-on.com}
Findit
直接拖入JADX
写出脚本
b = 'pvkq{m164675262033l4m49lnp7p9mnk28k75}'
y = [0] * 38
for i in range(38):
if((ord(b[i]) < 65 or ord(b[i]) > 90) and (ord(b[i]) < 97 or ord(b[i]) > 122)):
y[i] = b[i]
else:
y[i]=chr(ord(b[i]) + 16)
print(i)
if((ord(y[i]) > 90 and ord(y[i]) < 97) or ord(y[i]) >= 122):
y[i] = chr(ord(y[i]) -26)
y=''.join(y)
print(y)
//flag{c164675262033b4c49bdf7f9cda28a75}
Pyre
首先用uncompyle6反编译
# uncompyle6 version 3.7.4
# Python bytecode 2.7 (62211)
# Decompiled from: Python 3.7.8 (tags/v3.7.8:4b47a5b6ba, Jun 28 2020, 08:53:46) [MSC v.1916 64 bit (AMD64)]
# Embedded file name: encode.py
# Compiled at: 2019-08-19 21:01:57
print 'Welcome to Re World!'
print 'Your input1 is your flag~'
l = len(input1)
for i in range(l):
num = ((input1[i] + i) % 128 + 128) % 128
code += num
for i in range(l - 1):
code[i] = code[i] ^ code[(i + 1)]
print code
code = ['\x1f', '\x12', '\x1d', '(', '0', '4', '\x01', '\x06', '\x14', '4', ',', '\x1b', 'U', '?', 'o', '6', '*', ':', '\x01', 'D', ';', '%', '\x13']
写脚本,要注意的是中间那个%128不能省。。因为有个数据异或之后为1,直接减去i的话会小于0,chr会报错,必须要%128才行。
code = ['\x1f', '\x12', '\x1d', '(', '0', '4', '\x01', '\x06', '\x14', '4', ',', '\x1b', 'U', '?', 'o', '6', '*', ':', '\x01', 'D', ';', '%', '\x13']
for i in range(len(code)-2,-1,-1):
code[i] = chr(ord(code[i]) ^ ord(code[i + 1]))
//code['G', 'X', 'J', 'W', '\x7f', 'O', '{', 'z', '|', 'h', '\\', 'p', 'k', '>', '\x01', 'n', 'X', 'r', 'H', 'I', '\r', '6', '\x13']
for i in range(len(code)):
code[i] = chr((ord(code[i]) -i) % 128)
code = ''.join(code)
print(code)
//'GWHT{Just_Re_1s_Ha66y!}'
还是CTF好玩啊,打工不好玩