Xor
代码分析
puts("please input your flag!");
scanf("%s", Str);
// 输入22个字符串
if ( strlen(Str) != 22 )
{
printf("strlen error!");
exit(0);
}
// 将输入的22个字符与0x34进行异或并且 + 900要与arr相等
for ( i = 0; i <= 21; ++i )
{
if ( arr[i] != (Str[i] ^ 0x34) + 900 )
{
printf("flag error!");
exit(0);
}
}
printf("you are right!");
解题脚本
arr = [0x000003FE, 0x000003EB, 0x000003EB, 0x000003FB, 0x000003E4, 0x000003F6, 0x000003D3, 0x000003D0, 0x00000388,
0x000003CA, 0x000003EF, 0x00000389, 0x000003CB, 0x000003EF, 0x000003CB, 0x00000388, 0x000003EF, 0x000003D5,
0x000003D9, 0x000003CB, 0x000003D1, 0x000003CD]
for i in arr:
print(chr((i - 900) ^ 0x34), end='')
超级签到
代码分析
for ( j = 0; ; ++j )
{
v10 = j;
if ( j > j_strlen(Str2) )
break;
// 双击点进去,Str2为 {hello_world}
// 将字符o变成0
if ( Str2[j] == 111 )
Str2[j] = 48;
}
sub_1400111D1("input the flag:");
sub_14001128F("%20s", Str1);
v5 = j_strlen(Str2);
// 验证输入str1的是否与str2相等
if ( !strncmp(Str1, Str2, v5) )
sub_1400111D1("this is the right flag!\n");
else
sub_1400111D1("wrong flag\n");
return 0;
脚本(用不用都一样,直接手改还快):
str2 = '{hello_world}'
print(str2.replace(chr(111), chr(48)))
贝斯是什么乐器啊
代码分析
for ( i = 0; i < strlen(Str); ++i )
Str[i] -= i;
// base64加密
base64_encode(Str2, Str);
// 将加密后的数据与 enc对比
// 双击看到enc的值为TlJRQFBBdTs4alsrKFI6MjgwNi5p
if ( !strcmp(enc, Str2) )
printf("yes!");
else
printf("error");
解题脚本
import base64
data = list(base64.b64decode('TlJRQFBBdTs4alsrKFI6MjgwNi5p'))
for i in range(len(data)):
print(chr(data[i] + i), end='')
你知道什么是Py嘛
代码分析
s = str(input("please input your flag:"))
# 输入的字符串与下一个字符串异或后的结果
arr = [29, 0, 16, 23, 18, 61, 43, 41, 13, 28, 88, 94, 49, 110, 66, 44, 43, 28, 91, 108, 61, 7, 22, 7, 43, 51, 44, 46, 9,
18, 20, 6, 2, 24]
# 输入的长度为35,且第一个为N
if len(s) != 35 or s[0] != 'N':
print("error")
exit(0)
# 校验输入的字符与下一个字符异或是否等于 arr
for i in range(1, len(s)):
if ord(s[i - 1]) ^ ord(s[i]) != arr[i - 1]:
print("error!")
exit(0)
print("right!")
解题脚本
arr = [29, 0, 16, 23, 18, 61, 43, 41, 13, 28, 88, 94, 49, 110, 66, 44, 43, 28, 91, 108, 61, 7, 22, 7, 43, 51, 44, 46, 9,
18, 20, 6, 2, 24]
# 已知的唯一字符
flag = [ord('N')]
# a ^ b = c 则 a = c ^ b 或 b = c ^ a
# 第i个 arr与flag异或就能得到 i + 1 个flag的值
for i in range(0, len(arr)):
flag.append(arr[i] ^ flag[i])
print(chr(flag[i]), end='')
给阿姨倒一杯Jvav
代码分析
public static void Encrypt(char[] arr) {
// 将输入的值 + @ 然后 ^ 32
ArrayList<Integer> Resultlist = new ArrayList<>();
for (char c : arr) {
int result = (c + '@') ^ 32;
Resultlist.add(Integer.valueOf(result));
}
// 预期的结果(正确的结果)
int[] KEY = {180, 136, 137, 147, 191, 137, 147, 191, 148, 136, 133, 191, 134, 140, 129, 135, 191, 65};
ArrayList<Integer> KEYList = new ArrayList<>();
for (int i : KEY) {
KEYList.add(Integer.valueOf(i));
}
// 将输入的值进行加密后与 预期的结果比较
System.out.println("Result:");
if (Resultlist.equals(KEYList)) {
System.out.println("Congratulations!");
} else {
System.err.println("Error!");
}
}
解题脚本
key = [180, 136, 137, 147, 191, 137, 147, 191, 148, 136, 133, 191, 134, 140, 129, 135, 191, 65]
for i in range(len(key)):
tmp = (key[i] ^ 32) - ord('@')
print(chr(tmp), end='')
Little Endian
代码分析
puts("please input your flag");
// 输入字符串
scanf("%s", v4);
v6 = v4;
for ( i = 0; i <= 5; ++i )
{
// enc 与 0x12345678异或 然后比较输入的字符串
if ( *v6 != (enc[i] ^ 0x12345678) )
{
printf("Data3rr0r!");
exit(0);
}
v6 += 4;
}
printf("you are right!");
return 0;
解题脚本
import binascii
enc = [0x51670536, 0x5E4F102C, 0x7E402211, 0x7C71094B, 0x7C553F1C, 0x6F5A3816]
key = 0x12345678
tmp = b''
for i in enc:
tmp += binascii.hexlify(
# 将大端存储转换为小端存储
binascii.unhexlify(hex(i ^ key).removeprefix('0x'))[::-1])
print(binascii.unhexlify(tmp))