re学习笔记（72）HGAME2021 Level - Week1 - RE WP

apacha

#include 
#include "mycrypto.h"
#include 
#include 

int main(void) {
     
    unsigned int data[35] = {
     
    0xE74EB323, 0xB7A72836, 0x59CA6FE2, 0x967CC5C1, 0xE7802674, 0x3D2D54E6, 0x8A9D0356, 0x99DCC39C,
    0x7026D8ED, 0x6A33FDAD, 0xF496550A, 0x5C9C6F9E, 0x1BE5D04C, 0x6723AE17, 0x5270A5C2, 0xAC42130A,
    0x84BE67B2, 0x705CC779, 0x5C513D98, 0xFB36DA2D, 0x22179645, 0x5CE3529D, 0xD189E1FB, 0xE85BD489,
    0x73C8D11F, 0x54B5C196, 0xB67CB490, 0x2117E4CA, 0x9DE3F994, 0x2F5AA1AA, 0xA7E801FD, 0xC30D6EAB,
    0x1BADDC9C, 0x3453B04A, 0x92A406F9
    };
    uint32_t key[4] = {
      1,2,3,4 };
    xxtea_crypt(data, -35, key);

    for(int i=0;i<35;i++)
        printf("%c", data[i]);
    // hgame{l00ks_1ike_y0u_f0Und_th3_t34}
}

其中头文件mycrypto.h在github

helloRe

l = [0x97, 0x99, 0x9C, 0x91, 0x9E, 0x81, 0x91, 0x9D, 0x9B, 0x9A, 0x9A, 0xAB, 0x81, 0x97, 0xAE, 0x80, 0x83, 0x8F, 0x94, 0x89, 0x99, 0x97]
flag = ""
n = 255
for i in range(22):
	flag += chr(l[i]^n)
	n -= 1
print(flag)
# hgame{hello_re_player}

pypy

python字节码，手动参考文档还原

得到还原后代码

raw_flag = input('give me your flag:\n')
cipher = list(raw_flag[6:-1])
length = len(cipher)
for i in range(length//2):
    cipher[2*i],cipher[i*2+1]=cipher[2*i+1],cipher[i*2]
res = []
for i in range(length):
    res.append(ord(cipher[i])^i)
res = bytes(res).hex()
print('your flag: '+res)

写解密脚本

flag = "30466633346f59213b4139794520572b45514d61583151576638643a"
flag = list(bytearray.fromhex(flag))
length = len(flag)
for i in range(length):
    flag[i] = flag[i]^i
for i in range(length//2):
    flag[2*i],flag[i*2+1]=flag[2*i+1],flag[i*2]
f = ""
for i in flag:
    f += chr(i)
print('hgame{'+f+"}")
# hgame{G00dj0&_H3r3-I$Y@Ur_$L@G!~!~}