网鼎杯2020Crypto题boom

网鼎杯2020Crypto题boom_第1张图片
打开题目,发现是一个exe文件,果断ida打开
网鼎杯2020Crypto题boom_第2张图片
发现是一个算法,然后得到flag

__main();
  menu();
  system("pause");
  system("cls");
  v7 = 70;
  v8 = 229;
  v9 = 239;
  v10 = 230;
  v11 = 22;
  v12 = 90;
  v13 = 90;
  v14 = 251;
  v15 = 54;
  v16 = 18;
  v17 = 23;
  v18 = 68;
  v19 = 106;
  v20 = 45;
  v21 = 189;
  v22 = 1;
  puts("first:this string md5:46e5efe6165a5afb361217446a2dbd01");
  scanf("%s", &v5);
  MD5Init(&v23);
  v3 = strlen(&v5);
  MD5Update((int)&v23, &v5, v3);
  MD5Final(&v23, v6);
  v28 = 1;
  for ( i = 0; i <= 15; ++i )
  {
    if ( v6[i] != *(&v7 + i) )
    {
      v28 = 0;
      break;
    }
  }
  if ( v28 != 1 )
  {
    printf("Game over");
    system("pause");
    exit(0);
  }
  puts("Great next level");
  system("pause");
  system("cls");
  puts("This time:Here are have some formulas");
  puts("3x-y+z=185");
  puts("2x+3y-z=321");
  puts("x+y+z=173");
  printf("input: x = ");
  scanf("%d", &v27);
  printf("input: y = ");
  scanf("%d", &v26);
  printf("input : z = ");
  scanf("%d", &v25);
  if ( 3 * v27 - v26 + v25 != 185 || 2 * v27 + 3 * v26 - v25 != 321 || v26 + v27 + v25 != 173 )
  {
    printf("Game over");
    exit(0);
  }
  printf("Great last level coming...");
  printf("pause");
  system("cls");
  puts("Last time: Kill it");
  puts("x*x+x-7943722218936282=0");
  printf("input x: ");
  scanf("%lld", &v24);
  if ( v24 * (v24 + 1) != 7943722218936282LL )
  {
    printf("Game over");
    exit(0);
  }
  puts("Great This is your FLAG");
  printf("flag{%s_%d%d%d_%lld}", &v5, v27, v26, v25, v24);
  return 0;
}

主要打代码贴在网络上面
我们分析下,大概过程就是&v5, v27, v26, v25, v24这几个变量组成了flag
&v5
puts(“first:this string md5:46e5efe6165a5afb361217446a2dbd01”);
scanf("%s", &v5);
我们将md5解密,最后的&v5的值为en5oy
其余的v27, v26, v25, v24,是x,y,z以及另一个x的值,而这些值我们要用代码块的变量解决
解决代码如下

for x in range(0,100):
    for y in range(0,100):
        for z in range(0,100):
            if 3*x-y+z==185 and 2*x+3*y-z==321 and x+y+z==173:
                print(x)
                print(y)
                print(z)

for x in range(500000,100000000):
    if x*x+x-7943722218936282==0:
        print(x)

解出
74
68
31
89127561
可以直接拼接flag
还可以在打开exe文件,按下面提示将下列字符一次输入(exe要再cmd行里允许,这样最后结果不会闪退)
en5oy
74
68
31
89127561
网鼎杯2020Crypto题boom_第3张图片

你可能感兴趣的:(CTF)