西柚的新生赛 地址https://www.ctfer.vip/#/contest/6/
WEB:gift_F12
没啥好说的 直接F12得了
NSSCTF{
We1c0me_t0_WLLMCTF_Th1s_1s_th3_G1ft}
RE
简简单单的解密
import base64, urllib.parse
def e():
key = "HereIsFlagggg"
flag = "xxxxxxxxxxxxxxxxxxx"
s_box = list(range(256))
j = 0
# 打乱s_box 和flag无关
for i in range(256):
j = (j + s_box[i] + ord(key[i % len(key)])) % 256
s_box[i], s_box[j] = s_box[j], s_box[i]
res = []
i = j = 0
for s in flag:
i = i + 1
j = (j + s_box[i]) % 256
s_box[i], s_box[j] = s_box[j], s_box[i]
t = (s_box[i] + s_box[j]) % 256
k = s_box[t]
res.append(chr(ord(s) ^ k))
enc = "".join(res)
#原来这里有个b64加密再解密 就等于没变 所以改了一下
enc = urllib.parse.quote(enc)
print(enc)
def d():
enc = "%C2%A6n%C2%87Y%1Ag%3F%C2%A01.%C2%9C%C3%B7%C3%8A%02%C3%80%C2%92W%C3%8C%C3%BA"
enc = urllib.parse.unquote(enc)#倒着往回做呗
key = "HereIsFlagggg"
s_box = list(range(256))
j = 0
r=[]
# 获得s_box
for i in range(256):
j = (j + s_box[i] + ord(key[i % len(key)])) % 256
s_box[i], s_box[j] = s_box[j], s_box[i]
i,j=0,0
for s in enc:
i = i + 1
j = (j + s_box[i]) % 256
s_box[i], s_box[j] = s_box[j], s_box[i]
t = (s_box[i] + s_box[j]) % 256
k = s_box[t]
r.append(chr(ord(s)^k))#基本直接复制就行 异或的逆运算就是再异或一次
print("".join(r))
if __name__ == '__main__':
e()
d()
脚本运行得到结果
NSSCTF{
REAL_EZ_RC4}
简简单单的逻辑
先上脚本
def e():
flag = 'xxxxxxxxxxxxxxxxxx'
list = [47, 138, 127, 57, 117, 188, 51, 143, 17, 84, 42, 135, 76, 105, 28, 169, 25]
result = ''
for i in range(len(list)):
key = (list[i] >> 4) + ((list[i] & 0xf) << 4)
a = hex(ord(flag[i]) ^ key)
result += str(a)[2:].zfill(2)
#分析得知 这是16进制补全两位 所以是一个flag字符对应两位
print(result)
def d():
list = [47, 138, 127, 57, 117, 188, 51, 143, 17, 84, 42, 135, 76, 105, 28, 169, 25]
result = "bcfba4d0038d48bd4b00f82796d393dfec"
nums = []
#截取 转换 得到原来十进制
for i in range(0,len(result),2):
nums.append("0x" + result[i:i+ 2])
for index in range(len(nums)):
nums[index]=int(nums[index],16)
#直接加密里面复制key的计算 然后再异或一次即可
for i in range(len(list)):
key = (list[i] >> 4) + ((list[i] & 0xf) << 4)
print(chr(nums[i]^key),end="")
if __name__ == '__main__':
# e()
d()
这看脚本就行了
NSSCTF{
EZEZ_RERE}
非常简单的逻辑题
def e():
flag = 'xxxxxxxxxxxxxxxxxxxxx'
s = 'wesyvbniazxchjko1973652048@$+-&*<>'
result = ''
for i in range(len(flag)):
s1 = ord(flag[i]) // 17
s2 = ord(flag[i]) % 17
#就 没啥好讲的 一点点拆开打断点调试就能看懂计算过程
#还是flag一个字符转换对应result的两个字符
a = s[(s1 + i) % 34]
b = s[-(s2 + i + 1) % 34]
result += a + b
print(result)
def d():
result = 'v0b9n1nkajz@j0c4jjo3oi1h1i937b395i5y5e0e$i'
s = 'wesyvbniazxchjko1973652048@$+-&*<>'
#套这么多层循环 主要是我不知道 取余怎么更方便的算回去
for x in range(-5, 5):
for y in range(-5, 5):
r = ""
for j in range(0, len(result), 2):
a = result[j]
b = result[j + 1]
#根据数学知识可得(
s1 = int(s.index(a) + 34 * x - j / 2)
s2 = -1*int(s.index(b) + 34 * y + j / 2 + 1)
#去除没啥意义的结果
if 32 < s1 * 17 + s2 < 130:
r += chr(s1 * 17 + s2)
else:
break
if len(r)==len('xxxxxxxxxxxxxxxxxxxxx'):
print(r)
if __name__ == '__main__':
# e()
d()
NSSCTF{
Fake_RERE_QAQ}
fakerondom
import random
def e():
flag = 'xxxxxxxxxxxxxxxxxxxx'
#别的都不重要 就是这个随机数种子
#同样的随机数种子生成的一定是相同的数字
random.seed(1)
l = []
for i in range(4):
l.append(random.getrandbits(8))
result = []
for i in range(len(l)):
random.seed(l[i])
for n in range(5):
result.append(ord(flag[i * 5 + n]) ^ random.getrandbits(8))
print(result)
def d():
result = [201, 8, 198, 68, 131, 152, 186, 136, 13, 130, 190, 112, 251, 93, 212, 1, 31, 214, 116, 244]
random.seed(1)
ran=[]
t=[]
for x in range(4):
ran.append(random.getrandbits(8))
l=ran[0:4]
for i in range(len(l)):
random.seed(l[i])
for n in range(5):
#异或题最好写了 基本原样复制代码就行
print(chr(result[i * 5 + n]^ random.getrandbits(8)),end="")
if __name__ == '__main__':
e()
d()
NSSCTF{
FakeE_random}
fakebase
def e():
flag = 'xxxxxxxxxxxxxxxxxxx'
s_box = 'qwertyuiopasdfghjkzxcvb123456#$'
tmp = ''
for i in flag:
x = bin(ord(i))
tmp += str(x)[2:].zfill(8)
b1 = int(tmp, 2)