平台

jactf

reverse签到

upload successful

签到无情,亦有情

upload successful

re_easy

upload successful

分析

upload successful

exp

In [1]: import angr

In [2]: pro = angr.Project("re1")

In [3]: pro = angr.Project("re1",auto_load_libs=False)

In [4]: sm = pro.factory.simulation_manager(pro.factory.entry_state())

In [5]: sm.explore(find=0x40091D,avoid=0x4008FA)
Out[5]: <SimulationManager with 1 found, 324 avoid>

In [6]: sm.found[0].posix.dumps(0)
Out[6]: 'bdctf{YOU_CRAKE_THE_RC4}'

In [7]: 

simplere

upload successful

分析

upload successful

我们输入的字符串加密之后与str2比较

关键函数

upload successful

upload successful

exp

flag = [102,0xA,0x6B,0xC,0x77,0x12,0x21,25,123,78,44,26,41,4,48,82,52,3,46,26,127,93,21,79,86,6,0,31,21,11,85,83,12,0,95,3,85,83,87,7,78,125]

for i in range(20,0,-1):
    flag[i] = flag[i] ^ flag[i-1]
for i in range(40,20,-1):
    flag[i] = flag[i] ^ flag[i+1]

print ''.join(chr(i) for i in flag)

ELF64

upload successful

分析

upload successful

输入的数据md5加密后与780438d5b6e29db0898bc4f0225935c0相比较

somd5

upload successful

baby_reverse

upload successful

分析

upload successful

upload successful

输入加密比较,没什么可说的

exp

flag = list("bIwhroo8cwqgwrxusi")

s = ''
for i in range(0,len(flag),3):
    s += chr((ord(flag[i]) ^ 18) - 6)
    s += chr((ord(flag[i+1]) ^ 18) + 6)
    s += chr(ord(flag[i+2])^6^18)
print s

py

upload successful

找一个在线反编译网站

pyc反编译

反编译失败,查看文件头发现少了修改时间于是乎添上,解密得到python代码

upload successful

print '[-]Please input your key:'
key = raw_input()
flag = "=Xm/>*<&?*=+:)k)='@)<[email protected])mZn.<"
flags = ''
for q in range(len(key)):
    if q % 2 == 0:
        flags += chr(ord(key[q]) + 10)
        continue
    flags += chr(ord(key[q]) - 10)

if flags == flag:
    print '[-]Good!'
else:
    print '[-]Wrong!'

exp

flag = list("=Xm/>*<&?*=+:)k)='@)<[email protected])mZn.<")
flags = ''

for i in range(0,len(flag)):
    if i % 2 == 0:
        flags += chr(ord(flag[i]) - 10)
        continue
    flags += chr(ord(flag[i]) + 10)

print flags

C是最好的语言

upload successful

难道不是我php是最好的语言吗

分析

upload successful

exp

符号问题坑死人

对python还是不太熟悉

#include <stdio.h>
#include <math.h>

int main(){
    unsigned int v8;
    int flag[] = {0, 7, 14, 21, 28, 35, 42, 49, 56, 63, 70, 77, 84, 91, 98, 106, 113, 120, 127, 134, 141, 148, 155, 162, 169, 176, 183, 190, 197, 205, 212, 219, 226, 233, 240, 247, 254, 261, 268, 275, 282, 289, 296, 304, 311, 318, 325, 332, 339, 346, 353, 360, 367, 374, 381, 388, 395, 403, 410, 417, 424, 431, 438, 445, 452, 459, 466, 473, 480, 487, 494, 502, 509, 516, 523, 530, 537, 544, 551, 558, 565, 572, 579, 586, 593, 601, 608, 615, 622, 629, 636, 643, 650, 657, 664, 671, 678, 685, 692, 699};
    int i,j,k,v9;
    for(i=0;i<sizeof(flag)/sizeof(int);i++){
        for(j=i+1;j<sizeof(flag)/sizeof(int);j++){
            for(k=j+1;k<sizeof(flag)/sizeof(int);k++){
                v9 = (flag[i]+flag[j]+flag[k])/2;
                v8 = (unsigned int)((v9-flag[k]) * ((v9-flag[j])*(v9-flag[i])) * v9);
                v8 = sqrt(v8*1.0);
                if((v8 - 58792) < 0.1){
                    printf("%d %d %d \n",flag[i],flag[j],flag[k]);
                }
            }
        }
    }
    return 0;
}

快下班了,emmm…..



reverse      jactf reverse

本博客所有文章除特别声明外,均采用 CC BY-SA 3.0协议 。转载请注明出处!