1、GoGoGo
首先通过DIE检测发现属于go语言编写的程序,然后通过IDA 64打开得到编译后的源代码
通过IDA打开main_main函数,然后发现发现flag关键字符串,然后通过函数名称大概了解一下程序的逻辑结构:
输入字符串
判断长度是否是32位
字符串异或
字符串逆序
字符串转bytes
ascii85编码
bytes转字符串
判断与目标字符串是否相等
通过在线go语言进行第一层解码
package main
import "fmt"
import "encoding/ascii85"
func main() {
str1 := []byte(".P$!!,:t#gFa\"rQ-$1RY2Es2d4$@Lt0f3E\"AnGO2")
dst2 := make([]byte, 32, 32)
ascii85.Decode(dst2, str1, false)
fmt.Println(dst2)
}
#[42 43 127 43 35 45 32 43 117 119 32 35 37 116 41 32 54 63 57 63 59 61 111 107 49 52 100 55 102 102 99 54]
然后继续逆序就可以,这个地方发现异或并不是简单的与32异或
实际上通过与result进行异或,result是从0开始递增的数字,最后到32,那么异或就是从0到32即可
str1 = [42,43,127,43,35,45,32,43,117,119,32,35,37,116,41,32,54,63,57,63,59,61,111,107,49,52,100,55,102,102,99,54][::-1] //逆序
for index in range(len(str1)):
print(chr(str1[index]^index),end='')
#6bde3a26cf70341908f675ab39787b55
得到flag如下:
6bde3a26cf70341908f675ab39787b55
2、affext
下载得到题目源码如下:
from Crypto.Util.number import *
import random
tables = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789{}'
flag = 'DASCTF{%s}'%("".join(random.sample(tables[:-2], 32)))
tables = "".join(random.sample(tables, len(tables)))
print('tables =', tables)
a = getPrime(6)
b = getPrime(6)
c = ''
for i in range(len(flag)):
c += tables[(a * (len(tables) - 1 - tables.find(flag[i])) + b) % len(tables)]
print('c =', c)
'''
tables = zuSYnb}O1{VoARpPDMgmKwiWZUxde9qNQkL30sTtJvjBH658Er4yhCXafc7G2IlF
c = h17d}vaMUGgNy}ioSD9B8Fvm12qOsXbc6LPzAKQT
'''
思路就是通过已知的DASCTF{
爆破出a和b的值,然后接着爆破出flag的其他字符串
tables = 'zuSYnb}O1{VoARpPDMgmKwiWZUxde9qNQkL30sTtJvjBH658Er4yhCXafc7G2IlF'
ciphey = 'h17d}vaMUGgNy}ioSD9B8Fvm12qOsXbc6LPzAKQT'
flag = ''
# a = getPrime(6)
# b = getPrime(6)
#爆破a和b
# for a in range(2**5,2**6):
# for b in range(2**5,2**6):
# c = ''
# for i in range(len(flag)):
# c += tables[(a * (len(tables) - 1 - tables.find(flag[i])) + b) % len(tables)]
# if c == ciphey[:len(flag)]:
# print(a,b)
# exit(0)
a = 37
b = 41
#爆破flag
for i in range(len(ciphey)):
for ch in tables:
check = flag + ch
c = ''
for i in range(len(check)):
c += tables[(a * (len(tables) - 1 - tables.find(check[i])) + b) % len(tables)]
if c == ciphey[:len(check)]:
flag += ch
break
print(flag)
#DASCTF{aPwVuITibx0dsrkF9AJ5cyXm8o7MhZEK}
得到flag如下:
DASCTF{aPwVuITibx0dsrkF9AJ5cyXm8o7MhZEK}