CTF
CTF解题思路,CTF相关知识
yyyayo
互联网行业工作者
展开
-
picoCTF - RE - ARMssembly 3 writeup
.arch armv8-a .file "chall_3.c" .text .align 2 .global func1 .type func1, %functionfunc1: stp x29, x30, [sp, -48]! add x29, sp, 0 str w0, [x29, 28] str wzr, [x29, 44] b .L2.L4: ldr w0, [x29, 28] and w0, w0, 1 cmp w0, 0 beq .L3 ldr w0, [x2.原创 2021-07-14 11:26:51 · 367 阅读 · 0 评论 -
picoCTF - RE - Hurry up! Wait!
转载自:https://github.com/Dvd848/CTFs/blob/master/2021_picoCTF/Hurry_up_Wait.md下面这部分代码在 Ghidra - Window - Python 中运行import sys# 给出 offset,得到地址def getAddress(offset): return currentProgram.getAddressFactory().getDefaultAddressSpace().getAddress(offset)原创 2021-07-11 02:30:26 · 374 阅读 · 0 评论 -
picoCTF - RE - ARMssembly 2 writeup
.arch armv8-a .file "chall_2.c" .text .align 2 .global func1 .type func1, %functionfunc1: sub sp, sp, #32 str w0, [sp, 12] str wzr, [sp, 24] str wzr, [sp, 28] b .L2.L3: ldr w0, [sp, 24] add w0, w0, 3 str w0, [sp, 24] ldr w0, [sp, 28] add .原创 2021-07-10 22:50:27 · 264 阅读 · 0 评论 -
picoCTF - RE - ARMssembly 1 writeup
.arch armv8-a .file "chall_1.c" .text .align 2 .global func .type func, %functionfunc: sub sp, sp, #32 str w0, [sp, 12] mov w0, 81 str w0, [sp, 16] str wzr, [sp, 20] mov w0, 3 str w0, [sp, 24] ldr w0, [sp, 20] ldr w1, [sp, 16] lsl w0, w1, .原创 2021-07-10 22:27:32 · 317 阅读 · 0 评论 -
picoCTF - RE - Shop writeup
from pwn import *p = remote("mercury.picoctf.net", 24851)p.recv()p.sendline("0")p.recv()p.sendline("-6") # The program doesn't ensure the input is not negative. Or it should use unsigned int variables.p.recv()p.sendline("2")p.recv()p.sendline("原创 2021-07-10 19:10:45 · 218 阅读 · 0 评论 -
picoCTF - RE - speeds and feeds writeup
这道题太酷了,看到内容是一堆这样的代码:G17 G21 G40 G90 G64 P0.003 F50G0Z0.1G0Z0.1G0X0.8276Y3.8621G1Z0.1G1X0.8276Y-1.9310G0Z0.1G0X1.1034Y3.8621G1Z0.1G1X1.1034Y-1.9310G0Z0.1G0X1.1034Y3.0345G1Z0.1G1X1.6552Y3.5862G1X2.2069Y3.8621G1X2.7586Y3.8621G1X3.5862Y3.5862原创 2021-07-10 11:49:30 · 414 阅读 · 0 评论 -
picoCTF - RE - ARMssembly 0 writeup
题目是一段 ARM 代码,问如果输入是4112417903和1169092511,输出(十六进制形式)是什么? .arch armv8-a .file "chall.c" .text .align 2 .global func1 .type func1, %functionfunc1: sub sp, sp, #16 str w0, [sp, 12] str w1, [sp, 8] ldr w1, [sp, 12] ldr w0, [sp, 8] cmp w1, w0 bls .原创 2021-07-10 10:22:48 · 645 阅读 · 0 评论 -
picoCTF - RE - crackme writeup
代码给出了一个 ROT47 的例子。ROT47 其实就是 rotate by 47 places,是 ROT13 的一个变种。古老的加密方式了……一种 Caesar cipher,即一种 substitution cipher。解题:bezos_cc_secret = "A:4@r%uL`M-^M0c0AbcM-MFE02fh3e4a5N"# Reference alphabetalphabet = "!\"#$%&'()*+,-./0123456789:;<=>?@ABCDE原创 2021-07-09 16:40:29 · 206 阅读 · 0 评论 -
picoCTF - RE - keygenme-py writeup
这道题没什么意思……把代码里面一部分内容摘出来跑一下就可以了。主要就是下面这部分:if key[i] != hashlib.sha256(username_trial).hexdigest()[4]: return Falseelse: i += 1if key[i] != hashlib.sha256(username_trial).hexdigest()[5]: return Falseelse: i += 1if key[i] != hashlib.sh原创 2021-07-09 16:18:56 · 289 阅读 · 0 评论 -
picoCTF - RE - Transformation writeup
一份 binary 文件''.join([chr((ord(flag[i]) << 8) + ord(flag[i + 1])) for i in range(0, len(flag), 2)])上面是把 flag 转化为 binary 的过程,需要还原。解题如下:enc = open("enc", "r")buf = enc.read()for c in buf: print(chr(ord(c)>>8),end="") print(chr(ord(c)-(or.原创 2021-07-09 14:10:14 · 567 阅读 · 0 评论