攻防世界逆向re4-unvm-me的WP

下载下来后是一个pyc文件，打开在线反编译网站拖入后得到python2代码：

import md5
md5s = [
    0x831DAA3C843BA8B087C895F0ED305CE7,
    0x6722F7A07246C6AF20662B855846C2C8,
    0x5F04850FEC81A27AB5FC98BEFA4EB40C,
    0xECF8DCAC7503E63A6A3667C5FB94F610,
    0xC0FD15AE2C3931BC1E140523AE934722,
    0x569F606FD6DA5D612F10CFB95C0BDE6D,
    0x68CB5A1CF54C078BF0E7E89584C1A4E,
    0xC11E2CD82D1F9FBD7E4D6EE9581FF3BD,
    0x1DF4C637D625313720F45706A48FF20F,
    0x3122EF3A001AAECDB8DD9D843C029E06,
    0xADB778A0F729293E7E0B19B96A4C5A61,
    0x938C747C6A051B3E163EB802A325148E,
    0x38543C5E820DD9403B57BEFF6020596D]
print ('Can you turn me back to python ? ...')
flag = input('well as you wish.. what is the flag: ')
if len(flag) > 69:
    print ('nice try')
    exit()
if len(flag) % 5 != 0:
    print ('nice try')
    exit()
for i in range(0, len(flag), 5):
    s = flag[i:i + 5]
    if int('0x' + md5.new(s).hexdigest(), 16) != md5s[i / 5]:
        print ('nice try')
        exit()
        continue
print( 'Congratz now you have the flag')

可以看出我们的输入必须小于69且是5的倍数。for循环语句里的内容是解此题的关键。它将输入5个5个分为一组，每5个进行一次md5变换，得到的值和md5s数组中相应的元素进行比较，全部相等即可通过验证。
打开MD5在线解密网站（推荐这个，目前不收费），将md5s数组中的数据逐个解密，即可得到flag。
解密细节如下：

md5s数组	解密数据
0x831DAA3C843BA8B087C895F0ED305CE7	ALEXC
0x6722F7A07246C6AF20662B855846C2C8	TF{dv
0x5F04850FEC81A27AB5FC98BEFA4EB40C	5d4s2
0xECF8DCAC7503E63A6A3667C5FB94F610	vj8nk
0xC0FD15AE2C3931BC1E140523AE934722	43s8d
0x569F606FD6DA5D612F10CFB95C0BDE6D	8l6m1
0x68CB5A1CF54C078BF0E7E89584C1A4E	n5l67
0xC11E2CD82D1F9FBD7E4D6EE9581FF3BD	ds9v4
0x1DF4C637D625313720F45706A48FF20F	1n52n
0x3122EF3A001AAECDB8DD9D843C029E06	v37j4
0xADB778A0F729293E7E0B19B96A4C5A61	81h3d
0x938C747C6A051B3E163EB802A325148E	28n4b
0x38543C5E820DD9403B57BEFF6020596D	6v3k}

最终结果：ALEXCTF{dv5d4s2vj8nk43s8d8l6m1n5l67ds9v41n52nv37j481h3d28n4b6v3k}