前言
当时第一次做这种题,经验不够,用gpt翻译的代码也似是而非
解反混淆
decode
可以使用这个网站选择模式一,将下面选项全选可以得到一个大致算法流程,再自己恢复一下变量名称即可
function xor(_0x53b7bb, _0x590286) {
return _0x53b7bb ^ _0x590286;
}
function enc(flag) {
var list = [],
arr1 = [233, 129, 127, 238, 145, 144, 11, 43, 87, 134, 243, 158, 197, 216, 111, 136, 152, 29, 204, 31, 26, 228, 39, 148, 215, 220, 90, 76, 251, 57, 183, 184, 150, 157, 156, 176, 13, 41, 30, 86, 244, 8];
for (let i = 0; i < 42; i++) {
list[i] = xor(arr1['at'](i), flag["charAt"](i)['charCodeAt']());
}
for (let j = 0; j < 42; j++) {
list[j] = xor(list['at'](j), arr1['at'](41 - j));
}
console["log"](list);
return list;
}
function fff() {
var flag = "flag{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}",
encode = enc(flag),
cmp = [135, 25, 72, 151, 195, 212, 228, 212, 250, 101, 39, 77, 163, 77, 70, 167, 119, 184, 7, 77, 144, 154, 93, 10, 185, 48, 179, 77, 71, 163, 67, 61, 113, 156, 196, 136, 239, 241, 128, 93, 84, 156];
for (let i = 0; i < 42; i++) {
if (encode['at'](i) != cmp['at'](i)) {
console["log"]("Error");
return;
}
}
console["log"]("YES");
return;
}
fff();
发现加密流程很清楚:
- 先list =arr1 xor flag
- 然后在list =list ^arr1[::-1]
- 比较
wp
cmp = [135, 25, 72, 151, 195, 212, 228, 212, 250, 101, 39, 77, 163, 77, 70, 167, 119, 184, 7, 77, 144, 154, 93, 10, 185,
48, 179, 77, 71, 163, 67, 61, 113, 156, 196, 136, 239, 241, 128, 93, 84, 156];
arr1 = [233, 129, 127, 238, 145, 144, 11, 43, 87, 134, 243, 158, 197, 216, 111, 136, 152, 29, 204, 31, 26, 228, 39, 148,
215, 220, 90, 76, 251, 57, 183, 184, 150, 157, 156, 176, 13, 41, 30, 86, 244, 8];
flag =[]
for i in range(len(arr1)):
flag.append(arr1[41 -i] ^cmp[i])
end =''
for j in range(len(flag)):
end +=chr(flag[j] ^arr1[j])
print(end)
flag{I_c0uld_neu3r_undeRstand_jvaVs3rIpt!}
参考链接:
https://blog.csdn.net/OrientalGlass/article/details/131025651?app_version=5.15.5&code=app_1562916241&csdn_share_tail=%7B%22type%22%3A%22blog%22%2C%22rType%22%3A%22article%22%2C%22rId%22%3A%22131025651%22%2C%22source%22%3A%22OrientalGlass%22%7D&uLinkId=usr1mkqgl919blen&utm_source=app