[ACTF新生赛2020]easyre
Start
UPX壳,直接linux自带的UPX脱壳就行了
查看字符串:
定位到Please Input
,交叉引用过去,来到关键位置:
这里注意下类型:
v13-v15
和v21-v23
都是int
类型,所以flag
的长度是12个字符
先列出byte_402000
的所有结果,然后用v1-v12
进行碰撞,得到下标再+1得到的就是flag
exp.py:
key_hex_list = ['0x7e']
key_list1 = '}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-,+*)('
key_list2 = '&%$# !"'
for i in key_list1:
key_hex_list.append(hex(ord(i)))
key_hex_list.append('0x27')
for i in key_list2:
key_hex_list.append(hex(ord(i)))
encrypted_list = [42, 70, 39, 34, 78, 44, 34, 40, 73, 63, 43, 64]
tmp = []
for i in encrypted_list:
tmp.append(hex(i))
index_list = []
for i in tmp:
index_list.append(key_hex_list.index(i) + 1)
flag = ''.join(chr(i) for i in index_list)
print(flag)
Result:
flag{U9X_1S_W6@T?}