目录
java逆向解密
java的class文件,用jd-gui打开,是一个简单的程序
import java.util.ArrayList;
import java.util.Scanner;
public class Reverse {
public static void main(String[] args) {
Scanner s = new Scanner(System.in);
System.out.println("Please input the flag );
String str = s.next();
System.out.println("Your input is );
System.out.println(str);
char[] stringArr = str.toCharArray();
Encrypt(stringArr);
}
public static void Encrypt(char[] arr) {
ArrayList<Integer> Resultlist = new ArrayList<>();
for (int i = 0; i < arr.length; i++) { //arr为flag
int result = arr[i] + 64 ^ 0x20; //对flag加密
Resultlist.add(Integer.valueOf(result));//valueOf()函数用于返回指定对象的原始值
}
int[] KEY = {
180, 136, 137, 147, 191, 137, 147, 191, 148, 136,
133, 191, 134, 140, 129, 135, 191, 65 };
ArrayList<Integer> KEYList = new ArrayList<>();
for (int j = 0; j < KEY.length; j++)
KEYList.add(Integer.valueOf(KEY[j]));
System.out.println("Result:");
if (Resultlist.equals(KEYList)) {//判断KEYLIST与Resultlist是否相等
System.out.println("Congratulations);
} else {
System.out.println("Error);
}
}
}
没什么可以说的,会一点java再查一查不懂的函数就行,写了个python脚本
key = [180, 136, 137, 147, 191, 137, 147, 191, 148, 136,
133, 191, 134, 140, 129, 135, 191, 65]
flag = ''
for i in range(len(key)):
flag += chr(key[i] - 64 ^ 0x20)
print(flag)
flag{This_is_the_flag_!}
[GXYCTF2019]luck_guy
查壳,64位elf无壳,放进IDA
先看看Strings window,发现字符串"OK, it's flag:",跟进根据交叉引用进入get_flag()函数
unsigned __int64 get_flag()
{
unsigned int v0; // eax
int i; // [rsp+4h] [rbp-3Ch]
int j; // [rsp+8h] [rbp-38h]
__int64 s; // [rsp+10h] [rbp-30h] BYREF
char v5; // [rsp+18h] [rbp-28h]
unsigned __int64 v6; // [rsp+38h] [rbp-8h]
v6 = __readfsqword(0x28u);
v0 = time(0LL);
srand(v0);
for ( i = 0; i <= 4; ++i )
{
switch ( rand() % 200 )
{
case 1:
puts("OK, it's flag:");
memset(&s, 0, 0x28uLL); // 将s的地址置零
strcat((char *)&s, f1); // f1= ' GXY{do_not_ '
strcat((char *)&s, &f2); // flag为f1+f2
printf("%s", (const char *)&s);
break;
case 2:
printf("Solar not like you");
break;
case 3:
printf("Solar want a girlfriend");
break;
case 4:
s = 7F666F6067756369;
v5 = 0;
strcat(&f2, (const char *)&s); // f2赋初值
break;
case 5:
for ( j = 0; j <= 7; ++j ) // f2加密