![](https://img-blog.csdnimg.cn/20201014180756923.png?x-oss-process=image/resize,m_fixed,h_64,w_64)
国赛
顾殇の点
blog:https://blog.sec1yu.com
展开
-
ciscn 2020 Misc the_best_ctf_game
Start娱乐局Winhex打开发现flagexp.cpp:#include <iostream>#include <Windows.h>int main() { LPCTSTR lpFileName = TEXT("D://flag"); HANDLE hFile = CreateFile(lpFileName, FILE_GENERIC_READ, 0, NULL, OPEN_EXI原创 2020-08-21 22:16:20 · 1852 阅读 · 0 评论 -
ciscn 2020 Crypto bd
Start简单RSAfrom secret import flagfrom Crypto.Util.number import *m = bytes_to_long(flag)p = getPrime(512)q = getPrime(512)N = p * qphi = (p-1) * (q-1)while True: d = getRandomNBitInteger(200) if GCD(d, phi) == 1: e = inverse(d, p原创 2020-08-21 22:13:37 · 947 阅读 · 0 评论 -
ciscn 2020 reverse hyperthreading
hyperthreadingStart搜索字符串找到关键函数:int sub_401270(){ signed int v0; // eax HANDLE Handles; // [esp+8h] [ebp-Ch] HANDLE v3; // [esp+Ch] [ebp-8h] printf("plz input your flag:"); scanf("%42s", byte_40336C); Handles = CreateThread(0, 0, StartAddre原创 2020-08-21 22:09:54 · 520 阅读 · 0 评论 -
ciscn 2020 reverse z3
z3startshift+F12找到查看引用往下拉看到关键比较:发现Dst来自:memcpy(Dst, &unk_404020, 0xA8ui64);找到加密后的字符串,这里注意是int类型的,并且是小端存储的,所以17 4F 0 0 应该读成0x00004F17整理后就可以得到完整的加密后的字符串随后看到那一大堆乱七八糟的加密发现规律,6个七元一次方程,解出42个字符即为flagexp.pyimport numpy as npfrom scipy.linalg i原创 2020-08-21 21:51:54 · 665 阅读 · 0 评论