[reverse][buuctf]
题目 简单注册器
过程
用jadx打开apk
查看onCreate函数
看到注册码生成逻辑:
对字符串 x = "dd2940c04462b4dd7c450528835cca15的某几位进行计算取代后逆序
直接根据反编译的java代码写python代码
x = "dd2940c04462b4dd7c450528835cca15"
x = list(x)
x[2] = chr((ord(x[2]) + ord(x[3])) - 50)
x[4] = chr((ord(x[2]) + ord(x[5])) - 48)
x[30] = chr((ord(x[31]) + ord(x[9])) - 48)
x[14] = chr((ord(x[27]) + ord(x[28])) - 97)
for i in range(16):
a = x[31 - i]
x[31 - i] = x[i]
x[i] = a
x=''.join(x)
print x
运行得出flag字符串
59acc538825054c7de4b26440c0999dd
题目 [GWCTF 2019]pyre
使用uncompyle6工具把pyc转py
uncompyle6.exe -o attachment.py attachment.pyc
从后往前计算
input1=''
code = ['\x1f', '\x12', '\x1d', '(', '0', '4', '\x01', '\x06', '\x14', '4', ',', '\x1b', 'U', '?', 'o', '6', '*', ':', '\x01', 'D', ';', '%', '\x13']
l = len(code)
for i in range(l - 1):
code[l-2-i] = chr(ord(code[l-2-i]) ^ ord(code[l-1-i]))
for i in range(l):
for x in range(3):#num=((input1[i]+i)%128+128)%128=(input1[i]+i)%128=>input1[i]=128*x+num-i
num = 128 * x + ord(code[i]) - i
if num > 0 and num < 128:
input1 += chr(num)
break
print(input1)
input1=GWHT{Just_Re_1s_Ha66y!}