题目来源http://ctf.idf.cn/index.php?g=game&m=article&a=index&id=36
.NET逆向第一题
嗯,看名字就应该明白了,快去下载吧!
http://pan.baidu.com/s/1bnvVbp9
下载后是一个DotNetCrackMe1.exe文件。
分析
逆向分析的基础问题,可以参考以下资源列表
豆瓣逆向分析基础总结:https://www.douban.com/note/214872071/
看雪逆向精华区:http://bbs.pediy.com/forumdisplay.php?viewgoodnees=1&f=4&prefixid=phpforce_20
看雪破解精华区:http://bbs.pediy.com/forumdisplay.php?viewgoodnees=1&f=37
下面从头讲讲这个小题的解决思路:
1.安装.net4.0、ILSPY2.3 or 更高版本
2.用ILSPY2.3打开DotNetCrackMe1.exe
3.展开DotNetCrackMe1,看到这个.net程序很简单,就一个WindowsFormsApplication1,里面就一个Form1,Form1下有button1_click方法,其中的判断语句
if ("fOCPTVF0diO+B0IMXntkPoRJDUj5CCsT" == this.Encode(this.textBox1.get_Text()))
意味着它提交一个用户输入值进行Encode(),然后判断是否与"fOCPTVF0diO+B0IMXntkPoRJDUj5CCsT"相同,若相同后就“OK"了。
4.再看一下Encode()函数,可以看出来是一个DES加密过程,最后又进行了base64的编码。
public string Encode(string data)
{
string result;
try
{
byte[] bytes = Encoding.get_ASCII().GetBytes("wctf{wol");
byte[] bytes2 = Encoding.get_ASCII().GetBytes("dy_crack}");
DESCryptoServiceProvider dESCryptoServiceProvider
= new DESCryptoServiceProvider();
int keySize = dESCryptoServiceProvider.get_KeySize();
MemoryStream memoryStream = new MemoryStream();
CryptoStream cryptoStream
= new CryptoStream(memoryStream,
dESCryptoServiceProvider.CreateEncryptor(bytes, bytes2), 1);
StreamWriter streamWriter = new StreamWriter(cryptoStream);
streamWriter.Write(data);
streamWriter.Flush();
cryptoStream.FlushFinalBlock();
streamWriter.Flush();
result = Convert.ToBase64String(memoryStream.GetBuffer(),
0, (int)memoryStream.get_Length());
}
catch
{
result = "http://weibo.com/woldy";
}
return result;
}
5.那么解决过程显然是根据上面的编码进行解码。网上已经有人解决了,我转载一下:
来源:http://blog.csdn.net/u010379510/article/details/44496995
public string Decode(string data)
{
string result;
byte[] byte1;
try
{
byte1 = Convert.FromBase64String("fOCPTVF0diO+B0IMXntkPoRJDUj5CCsT");
byte[] bytes = Encoding.ASCII.GetBytes("wctf{wol");
byte[] bytes2 = Encoding.ASCII.GetBytes("dy_crack}");
DESCryptoServiceProvider dESCryptoServiceProvider
= new DESCryptoServiceProvider();
MemoryStream memoryStream = new MemoryStream();
CryptoStream cryptoStream = new CryptoStream(memoryStream,
dESCryptoServiceProvider.CreateDecryptor(bytes, bytes2),
CryptoStreamMode.Write);
cryptoStream.Write(byte1, 0, byte1.Length);
cryptoStream.FlushFinalBlock();
System.Text.Encoding encoding = System.Text.Encoding.UTF8;
result = encoding.GetString(memoryStream.ToArray());
}
catch
{
result = "http://weibo.com/woldy";
}
return result;
}
另外,如果单独解决base64的编、解码问题,可以参考:http://blog.csdn.net/morewindows/article/details/11922473
最后附上逆向工具ILSPY的下载地址:
http://pan.baidu.com/share/link?shareid=505596871&uk=1376014793
答案:解码得到wctf{dotnet_crackme1}