vivo2021千镜杯
没想到已经快2年了,时光荏苒
mob1:
jadx 打开就给flag
mob2
就是异或,动调出异或的值就行
import base64
s="3y7/5zbYyaDBe/eYNWspKr+zdhPgR14H"
s=base64.b64decode(s)
print(s)
enc=[i for i in s]
print(len(s))
xorkey=[0x27,0xfa,0x5d,0x78,0x20,0x78,0x25,0x46,0x5d,0xd0,0x4c,0x25,0x95,0xbb,0xc8,0x7,0x4b,0xd,0x5f,0xc1,0x3d,0xed,0xe4,0x39]
RC4_xorkey=[0x8f,0xb1,0xce,0xfc,0x79,0xcd,0x89,0xc6,0xe8,0xc4,0x9b,0xce,0xc5,0xb3,0x8d,0x42,0x82,0xdb,0x5b,0xf3,0xdd,0xaa,0xba,0x3e]
for i in range(len(enc)):
enc[i]^=RC4_xorkey[i]^xorkey[i]
print(bytes(enc))
b'welcome to seclover!\x00\x00\x00\x00'
mob4
打开so发现函数名称被混淆了
找到加密逻辑
根据aes的s盒推测是aes
key=secloverneedyou.
密文对比
from Crypto.Cipher import AES
key='secloverneedyou.'
enc=[0xf9,0xde,0xff,0xff,0xbf,0x42,0xed,0x90,0xcb,0x8e,0xad,0x52,0xca,0xfc,0x92,0xc1,0xe9,0x27,0x9c,0x2a,0x57,0x28,0xcc,0x47,0x57,0x5f,0x90,0x7b,0x03,0xac,0x18,0x56,]
aes = AES.new(key.encode(),AES.MODE_CBC,key.encode()) #创建一个aes对象
den_text = aes.decrypt(bytes(enc)) # 解密密文
print(den_text)
#b'vivo-welcome-you\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10'