[GHCTF 2024 新生赛]UP+——入土为安的第一天

注意：这道题需要脱壳，而且需要改特征值，详细请看

[LitCTF 2024]hello_upx——入土为安的第一天-CSDN博客

脱完壳发现有256这个特殊的数，是rc4类型的题，最后有一个异或

a = "9F041CEFA92386B6F56F27B96155FD42"
aa = "5E4C614B08306D1502BC6854D68716D4"

# Splitting strings into pairs of hexadecimal characters
b = [a[i:i+2] for i in range(0,len(a),2)]
c = b[::-1]
d1 = ''.join(c)

b = [aa[i:i+2] for i in range(0,len(aa),2)]
c = b[::-1]
d2 = ''.join(c)

print(d1)
print(d2)

# Concatenating d1 and d2
encode = d1 + d2
print(encode)

# Converting concatenated string to list of integers
ddd = [int(encode[i:i+2],16) for i in range(0,len(encode),2)]

# Initialize flag list
flag = []

# Initializing variables
v22 = [0]*256
v20 = [0]*256

key = [ord(i) for i in "justfortest"]
print(key)

# Initialization of S-box v22 and v20
for i in range(256):
    v22[i] = i
    v20[i] = key[i % len(key)]

v5 = 0
for i in range(256):
    v8 = v22[i]
    v5 = (v8 + v20[i] + v5) % 256
    v22[i], v22[v5] = v22[v5], v22[i]

v9 = 0
v10 = 0

# Encryption process
for i in range(len(ddd)):
    v10 = (v10 + 1) % 256
    v11 = v22[v10]
    v9 = (v11 + v9) % 256
    v22[v10], v22[v9] = v22[v9], v22[v10]  # Swap
    flag.append(ddd[i] ^ v22[(v22[v10] + v22[v9]) % 256])

# Printing encrypted flag in hexadecimal
hex_flag = [hex(f) for f in flag]
print(hex_flag)

# Attempting to decode encrypted flag to string (handle UnicodeDecodeError)
try:
    decrypted_text = ''.join(chr(f) for f in flag)
    print("Decrypted text:", decrypted_text)
except UnicodeDecodeError:
    print("Decryption result contains non-printable characters.")

# Printing encrypted flag as ASCII characters (for demonstration, may cause errors)
for i in range(len(flag)):
    try:
        print(chr(flag[i]), end='')
    except ValueError:
        print("[Non-printable]", end='')