NSSCTF逆向刷题记录

目录

[LitCTF 2023]enbase64

 [GDOUCTF 2023]Check_Your_Luck

 [HUBUCTF 2022 新生赛]help

 [HNCTF 2022 Week1]X0r

[LitCTF 2023]snake 

[SWPUCTF 2022 新生赛]xor

[WUSTCTF 2020]level1 

[LitCTF 2023]enbase64

NSSCTF逆向刷题记录_第1张图片

qmemcpy(&Source[1], &table[-(Source - &Source[1])], 4 * (((Source - &Source[1] + 65) & 0xFFFFFFFC) >> 2))

qmemcpy 是一个自定义的内存复制函数,用于将一个内存区域的数据复制到另一个内存区域。在这个代码片段中,qmemcpy 的作用是将 Source 数组的一部分数据复制到另一个数组中。对source数组没有影响。

NSSCTF逆向刷题记录_第2张图片

base64函数

NSSCTF逆向刷题记录_第3张图片

basechange函数

NSSCTF逆向刷题记录_第4张图片

strcpy() 函数将源字符串 Source 拷贝到目标字符串 Destination 中,并将拷贝的结果赋值给 result 变量。

然后进入外层循环,循环次数为 48 次。在内层循环中,变量 j 的取值范围为 0 到 63。循环中的语句 Source[j] = Destination[v3[j]]; 将目标字符串 Destination 中特定位置上的字符(通过索引 v3[j] 访问)赋值给源字符串 Source 中对应位置。

接着,通过 strcpy() 函数将经过处理后的源字符串 Source 再次拷贝回目标字符串 Destination 中,覆盖原有内容。

NSSCTF逆向刷题记录_第5张图片


Source = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
Destination = Source
v3 = [16, 34, 56, 7, 46, 2, 10, 44, 20, 41, 59, 31, 51, 60, 61, 26, 5, 40, 21, 38, 4, 54, 52, 47, 3, 11, 58, 48, 32, 15, 49, 14, 37, 0, 55, 53, 24, 35, 18, 25, 33, 43, 50, 39, 12, 19, 13, 42, 9, 17, 28, 30, 23, 36, 1, 22, 57, 63, 8, 27, 6, 62, 45, 29]

for i in range(48):
    Source = ''.join([Destination[v3[j]] for j in range(64)])
    Destination = Source

print(Destination)
import base64
str1 = "GQTZlSqQXZ/ghxxwhju3hbuZ4wufWjujWrhYe7Rce7ju"
string2 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
print(base64.b64decode(str1.translate(str.maketrans(Destination,string2))))

 [GDOUCTF 2023]Check_Your_Luck

NSSCTF逆向刷题记录_第6张图片

from z3 import *
s=Solver()
charArray=[Int('a1[' + str(i) + ']') for i in range(5)]
for i in range(9):
    s.add(charArray[0]* 23 + charArray[1] * -32 + charArray[2] * 98 + charArray[3] * 55 + charArray[4] * 90 == 333322)
    s.add(charArray[0] * 123 + charArray[1] * -322 + charArray[2] * 68 + charArray[3] * 67 + charArray[4] * 32 == 707724)
    s.add(charArray[0] * 266 + charArray[1] * -34 + charArray[2] * 43 + charArray[3] * 8 + charArray[4] * 32 == 1272529)
    s.add(charArray[0] * 343 + charArray[1] * -352 + charArray[2] * 58 + charArray[3] * 65 + charArray[4] * 5 == 1672457)
    s.add(charArray[0] * 231 + charArray[1] * -321 + charArray[2] * 938 + charArray[3] * 555 + charArray[4] * 970 == 3372367)
if s.check()==sat:
    print()
print(s.model())

NSSCTF逆向刷题记录_第7张图片

NSSCTF逆向刷题记录_第8张图片

flag即a1[0]+a1[1]+a1[2]+a[3]=NSSCTF{4544_123_677_1754_777} 

 [HUBUCTF 2022 新生赛]help

NSSCTF逆向刷题记录_第9张图片

在CreatMap处下断点

NSSCTF逆向刷题记录_第10张图片

动调,F8步过,点开map找到迷宫,将其转换为16X16的方阵

NSSCTF逆向刷题记录_第11张图片

NSSCTF逆向刷题记录_第12张图片

NSSCTF逆向刷题记录_第13张图片

NSSCTF逆向刷题记录_第14张图片

NSSCTF逆向刷题记录_第15张图片 按F8单步步过

NSSCTF逆向刷题记录_第16张图片

 打开CreatMap函数再点击map得到map

NSSCTF逆向刷题记录_第17张图片

NSSCTF逆向刷题记录_第18张图片

根据 可知该map是一个16X16的迷宫

map_arr = [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,1, 1, 1]
rows = 16
cols = 16
map_2d = [[0] * cols for _ in range(rows)]
for i in range(rows):
    for j in range(cols):
        map_2d[i][j] = map_arr[i*cols + j]

# 打印二维数组
for i in range(rows):
    for j in range(cols):
        print(map_2d[i][j], end=" ")
    print()

 NSSCTF逆向刷题记录_第19张图片

手搓

NSSCTF逆向刷题记录_第20张图片

wwdddwwwaaawwwwwwwwwddddssssdddssdsssssssdddwwwwddsssd

 MD5在线加密 (hwcha.com)NSSCTF逆向刷题记录_第21张图片

 [HNCTF 2022 Week1]X0r

简单的异或运算,str[i]=(arr[i]-900)^0x34

NSSCTF逆向刷题记录_第22张图片

arr[i]数据NSSCTF逆向刷题记录_第23张图片

flag=""
code = [0x3FE, 0x3EB,0x3EB, 0x3FB, 0x3E4, 0x3F6, 0x3D3, 0x3D0, 0x388, 0x3CA, 0x3EF, 0x389, 0x3CB, 0x3EF, 0x3CB, 0x388, 0x3EF, 0x3D5, 0x3D9, 0x3CB, 0x3D1, 0x3CD, 0x0A]
for i in range(22):
    flag+=chr((code[i]-900)^ 0x34)
print(flag)

NSSCTF逆向刷题记录_第24张图片

[LitCTF 2023]snake 

 题目所给的pyc为python3.7的,修改魔术头

NSSCTF逆向刷题记录_第25张图片

 在线反编译有问题,flag[i + 1] = flag[i] ^ 119应该为flag[i + 1] = flag[i+1] ^ 119

# Visit https://www.lddgo.net/string/pyc-compile-decompile for more information
# Version : Python 3.7

'''贪吃蛇'''
import random
import sys
import time
import pygame
from pygame.locals import *
from collections import deque
SCREEN_WIDTH = 600
SCREEN_HEIGHT = 480
SIZE = 20
LINE_WIDTH = 1
SCOPE_X = (0, SCREEN_WIDTH // SIZE - 1)
SCOPE_Y = (2, SCREEN_HEIGHT // SIZE - 1)
FOOD_STYLE_LIST = [
    (10, (255, 100, 100)),
    (20, (100, 255, 100)),
    (30, (100, 100, 255))]
LIGHT = (100, 100, 100)
DARK = (200, 200, 200)
BLACK = (0, 0, 0)
RED = (200, 30, 30)
BGCOLOR = (40, 40, 60)

def print_text(screen, font, x, y, text, fcolor = ((255, 255, 255),)):
    imgText = font.render(text, True, fcolor)
    screen.blit(imgText, (x, y))


def init_snake():
    snake = deque()
    snake.append((2, SCOPE_Y[0]))
    snake.append((1, SCOPE_Y[0]))
    snake.append((0, SCOPE_Y[0]))
    return snake


def create_food(snake):
    food_x = random.randint(SCOPE_X[0], SCOPE_X[1])
    food_y = random.randint(SCOPE_Y[0], SCOPE_Y[1])
    while (food_x, food_y) in snake:
        food_x = random.randint(SCOPE_X[0], SCOPE_X[1])
        food_y = random.randint(SCOPE_Y[0], SCOPE_Y[1])
    return (food_x, food_y)


def get_food_style():
    return FOOD_STYLE_LIST[random.randint(0, 2)]


def main():
    pygame.init()
    screen = pygame.display.set_mode((SCREEN_WIDTH, SCREEN_HEIGHT))
    pygame.display.set_caption('贪吃蛇')
    font1 = pygame.font.SysFont('SimHei', 24)
    font2 = pygame.font.Font(None, 72)
    (fwidth, fheight) = font2.size('GAME OVER')
    b = True
    snake = init_snake()
    food = create_food(snake)
    food_style = get_food_style()
    pos = (1, 0)
    game_over = True
    start = False
    score = 0
    orispeed = 0.5
    speed = orispeed
    last_move_time = None
    pause = False
    while None:
        for event in pygame.event.get():
            if event.type == QUIT:
                sys.exit()
                continue
            if event.type == KEYDOWN or event.key == K_RETURN or game_over:
                start = True
                game_over = False
                b = True
                snake = init_snake()
                food = create_food(snake)
                food_style = get_food_style()
                pos = (1, 0)
                score = 0
                last_move_time = time.time()
                continue
                if not event.key == K_SPACE or game_over:
                    pause = not pause
                    continue
                    if not (event.key in (K_w, K_UP) or b) and pos[1]:
                        pos = (0, -1)
                        b = False
                        continue
                        if not (event.key in (K_s, K_DOWN) or b) and pos[1]:
                            pos = (0, 1)
                            b = False
                            continue
                            if not (event.key in (K_a, K_LEFT) or b) and pos[0]:
                                pos = (-1, 0)
                                b = False
                                continue
                                if not event.key in (K_d, K_RIGHT) and b and pos[0]:
                                    pos = (1, 0)
                                    b = False
                                screen.fill(BGCOLOR)
                                for x in range(SIZE, SCREEN_WIDTH, SIZE):
                                    pygame.draw.line(screen, BLACK, (x, SCOPE_Y[0] * SIZE), (x, SCREEN_HEIGHT), LINE_WIDTH)
                                
        for y in range(SCOPE_Y[0] * SIZE, SCREEN_HEIGHT, SIZE):
            pygame.draw.line(screen, BLACK, (0, y), (SCREEN_WIDTH, y), LINE_WIDTH)
        
        if not game_over:
            curTime = time.time()
            if not curTime - last_move_time > speed and pause:
                b = True
                last_move_time = curTime
                next_s = (snake[0][0] + pos[0], snake[0][1] + pos[1])
                if next_s == food:
                    snake.appendleft(next_s)
                    score += food_style[0]
                    speed = orispeed - 0.03 * (score // 100)
                    food = create_food(snake)
                    food_style = get_food_style()
                elif next_s[0] <= next_s[0] or next_s[0] <= SCOPE_X[1]:
                    pass
                else:
                    SCOPE_X[0]
            elif next_s[1] <= next_s[1] or next_s[1] <= SCOPE_Y[1]:
                pass
            else:
                SCOPE_Y[0]
        elif next_s not in snake:
            snake.appendleft(next_s)
            snake.pop()
        else:
            game_over = True
        if not game_over:
            pygame.draw.rect(screen, food_style[1], (food[0] * SIZE, food[1] * SIZE, SIZE, SIZE), 0)
        for s in snake:
            pygame.draw.rect(screen, DARK, (s[0] * SIZE + LINE_WIDTH, s[1] * SIZE + LINE_WIDTH, SIZE - LINE_WIDTH * 2, SIZE - LINE_WIDTH * 2), 0)
        
        print_text(screen, font1, 450, 7, f'''得分: {score}''')
        if score > 1000:
            flag = [
                30,
                196,
                52,
                252,
                49,
                220,
                7,
                243,
                3,
                241,
                24,
                224,
                40,
                230,
                25,
                251,
                28,
                233,
                40,
                237,
                4,
                225,
                4,
                215,
                40,
                231,
                22,
                237,
                14,
                251,
                10,
                169]
            for i in range(0, len(flag), 2):
                flag[i] = flag[i + 1] ^ 136
                flag[i + 1] = flag[i] ^ 119
            
            print_text(screen, font2, (SCREEN_WIDTH - fwidth) // 2, (SCREEN_HEIGHT - fheight) // 2, bytes(flag).decode(), RED)
            pygame.display.update()
        if game_over and start:
            print_text(screen, font2, (SCREEN_WIDTH - fwidth) // 2, (SCREEN_HEIGHT - fheight) // 2, 'GAME OVER', RED)
        pygame.display.update()

if __name__ == '__main__':
    main()

这边还是推荐使用uncompyle6

NSSCTF逆向刷题记录_第26张图片

# uncompyle6 version 3.9.0
# Python bytecode version base 3.7.0 (3394)
# Decompiled from: Python 2.7.18rc1 (v2.7.18rc1:7a41638b5b, Apr  6 2020, 11:31:55) [MSC v.1500 32 bit (Intel)]
# Embedded file name: game.py
__doc__ = u'\u8d2a\u5403\u86c7'
import random, sys, time, pygame
from pygame.locals import *
from collections import deque
SCREEN_WIDTH = 600
SCREEN_HEIGHT = 480
SIZE = 20
LINE_WIDTH = 1
SCOPE_X = (
 0, SCREEN_WIDTH // SIZE - 1)
SCOPE_Y = (2, SCREEN_HEIGHT // SIZE - 1)
FOOD_STYLE_LIST = [
 (10, (255, 100, 100)), (20, (100, 255, 100)), (30, (100, 100, 255))]
LIGHT = (100, 100, 100)
DARK = (200, 200, 200)
BLACK = (0, 0, 0)
RED = (200, 30, 30)
BGCOLOR = (40, 40, 60)

def print_text(screen, font, x, y, text, fcolor=(255, 255, 255)):
    imgText = font.render(text, True, fcolor)
    screen.blit(imgText, (x, y))


def init_snake():
    snake = deque()
    snake.append((2, SCOPE_Y[0]))
    snake.append((1, SCOPE_Y[0]))
    snake.append((0, SCOPE_Y[0]))
    return snake


def create_food(snake):
    food_x = random.randint(SCOPE_X[0], SCOPE_X[1])
    food_y = random.randint(SCOPE_Y[0], SCOPE_Y[1])
    while (food_x, food_y) in snake:
        food_x = random.randint(SCOPE_X[0], SCOPE_X[1])
        food_y = random.randint(SCOPE_Y[0], SCOPE_Y[1])

    return (
     food_x, food_y)


def get_food_style():
    return FOOD_STYLE_LIST[random.randint(0, 2)]


def main():
    pygame.init()
    screen = pygame.display.set_mode((SCREEN_WIDTH, SCREEN_HEIGHT))
    pygame.display.set_caption(u'\u8d2a\u5403\u86c7')
    font1 = pygame.font.SysFont('SimHei', 24)
    font2 = pygame.font.Font(None, 72)
    fwidth, fheight = font2.size('GAME OVER')
    b = True
    snake = init_snake()
    food = create_food(snake)
    food_style = get_food_style()
    pos = (1, 0)
    game_over = True
    start = False
    score = 0
    orispeed = 0.5
    speed = orispeed
    last_move_time = None
    pause = False
    while 1:
        for event in pygame.event.get():
            if event.type == QUIT:
                sys.exit()

        screen.fill(BGCOLOR)
        for x in range(SIZE, SCREEN_WIDTH, SIZE):
            pygame.draw.line(screen, BLACK, (x, SCOPE_Y[0] * SIZE), (x, SCREEN_HEIGHT), LINE_WIDTH)

        for y in range(SCOPE_Y[0] * SIZE, SCREEN_HEIGHT, SIZE):
            pygame.draw.line(screen, BLACK, (0, y), (SCREEN_WIDTH, y), LINE_WIDTH)

        curTime = game_over or time.time()
        if curTime - last_move_time > speed and not pause:
            b = True
            last_move_time = curTime
            next_s = (snake[0][0] + pos[0], snake[0][1] + pos[1])
            if next_s == food:
                snake.appendleft(next_s)
                score += food_style[0]
                speed = orispeed - 0.03 * (score // 100)
                food = create_food(snake)
                food_style = get_food_style()
            else:
                if SCOPE_X[0] <= next_s[0] <= SCOPE_X[1]:
                    if SCOPE_Y[0] <= next_s[1] <= SCOPE_Y[1]:
                        if next_s not in snake:
                            snake.appendleft(next_s)
                            snake.pop()
                        else:
                            game_over = True
                    if not game_over:
                        pygame.draw.rect(screen, food_style[1], (food[0] * SIZE, food[1] * SIZE, SIZE, SIZE), 0)
                    for s in snake:
                        pygame.draw.rect(screen, DARK, (s[0] * SIZE + LINE_WIDTH, s[1] * SIZE + LINE_WIDTH,
                         SIZE - LINE_WIDTH * 2, SIZE - LINE_WIDTH * 2), 0)

                    print_text(screen, font1, 30, 7, f"u'\u901f\u5ea6: '{score // 100}")
                    print_text(screen, font1, 450, 7, f"u'\u5f97\u5206: '{score}")
                    if score > 1000:
                        flag = [
                         30, 196, 
                         52, 252, 49, 220, 7, 243, 
                         3, 241, 24, 224, 40, 230, 
                         25, 251, 28, 233, 40, 237, 
                         4, 225, 4, 215, 40, 231, 
                         22, 237, 14, 251, 10, 169]
                        for i in range(0, len(flag), 2):
                            flag[i], flag[i + 1] = flag[i + 1] ^ 136, flag[i] ^ 119

                        print_text(screen, font2, (SCREEN_WIDTH - fwidth) // 2, (SCREEN_HEIGHT - fheight) // 2, bytes(flag).decode(), RED)
                        pygame.display.update()
                    if game_over:
                        if start:
                            print_text(screen, font2, (SCREEN_WIDTH - fwidth) // 2, (SCREEN_HEIGHT - fheight) // 2, 'GAME OVER', RED)
                pygame.display.update()


if __name__ == '__main__':
    main()

 

这一句等价于flag[i + 1]= flag[i + 1] ^ 136,flag[i]=flag[i] ^ 119

那就超级简单了,for i in range(0, len(flag), 2)是两个一组flag[i + 1],flag[i]异或

flag = [
    30, 196, 52, 252, 49, 220, 7, 243, 3, 241, 24, 224, 40, 230, 25, 251,
    28, 233, 40, 237, 4, 225, 4, 215, 40, 231, 22, 237, 14, 251, 10, 169
]
for i in range(0, len(flag), 2):
    flag[i], flag[i + 1] = flag[i + 1] ^ 136, flag[i] ^ 119
for i in flag:
    print(chr(i),end='')

或者

flag = [
    30, 196, 52, 252, 49, 220, 7, 243, 3, 241, 24, 224, 40, 230, 25, 251,
    28, 233, 40, 237, 4, 225, 4, 215, 40, 231, 22, 237, 14, 251, 10, 169
]
for i in range(0, len(flag), 2):
    flag[i + 1] = flag[i + 1] ^ 136
    flag[i] = flag[i] ^ 119
for i in flag:
    print(chr(i),end='')

[SWPUCTF 2022 新生赛]xor

NSSCTF逆向刷题记录_第27张图片


code = "LQQAVDyZMP]3q]emmf]uc{]vm]glap{rv]dnce"
for i in code:
    print(chr(ord(i)^2),end="")

 NSSCTF逆向刷题记录_第28张图片

[WUSTCTF 2020]level1 

NSSCTF逆向刷题记录_第29张图片

  • 如果 i 是奇数,执行 printf("%ld\n", (unsigned int)(ptr[i] << i));,将第 i 个字节左移 i 位。

  • 如果 i 是偶数,执行 printf("%ld\n", (unsigned int)(i * ptr[i]));,将 i 乘以第 i 个字节的值

该循环从1开始,意味着我们要在题目所给的数据上加一位,随便加什么数字都可以

code = [0,198,232,816,200,1536,300,6144,984,51200,570,92160,1200,565248,756,1474560,800,6291456,1782,65536000]
for i in range(1,len(code)):
    if (i&1)!=0:
        code[i]=chr(code[i]>>i)
        print(code[i],end="")
    else:
        code[i]=chr(code[i]//i)
        print(code[i], end="")

 NSSCTF逆向刷题记录_第30张图片

你可能感兴趣的:(CTF逆向刷题记录,java,前端,javascript)