2023全国大学生信息安全竞赛安徽省赛-初赛WP

目录

初赛一

base

nest

both

try_it

dota

初赛二

setting sun

rwx


初赛一

2023全国大学生信息安全竞赛安徽省赛-初赛WP_第1张图片题目质量很好 , 和去年不同的是本科专科题目一样,记录一下

base

原题:黑盾杯2019-MaybeBase

题目:

YMFZZTY0D3RMD3RMMTIZ 

这一串到底是什么!!!!为什么这么像base32却不是!!! 
明文的md5值为16478a151bdd41335dcd69b270f6b985
import base64, hashlib


def change(ch):
    if ord(ch) < 92:
        return chr(ord(ch) + 32)
    else:
        return chr(ord(ch) - 32)


'''
if __name__ == '__main__':
	flag='?????'
	rawstr=base64.b64encode(flag)
	finalstr=''
	for i in range(0,len(rawstr)):
		if ord(rawstr[i])>96 and ord(rawstr[i])<123:
			finalstr+=change(rawstr[i])
		else:
			finalstr+=rawstr[i]
	print rawstr
	print finalstr
'''


def enum(x, depth):
    if depth == 17:
        cipher = ''.join(x)
        if check(cipher):
            exit()
        return
    x1 = x[::1]
    x2 = x[::1]
    x2[t[depth]] = change(x2[t[depth]])
    enum(x1, depth + 1)
    enum(x2, depth + 1)


def check(cipher):
    m = hashlib.md5()
    b = base64.b64decode(cipher)
    m.update(b)
    res = m.hexdigest()
    print(cipher, res)
    if ans == res:
        print(b)
        return True


c = ['Y', 'M', 'F', 'Z', 'Z', 'T', 'Y', '0', 'D', '3', 'R', 'M', 'D', '3', 'R', 'M', 'M', 'T', 'I', 'Z']
t = [0, 1, 2, 3, 4, 5, 6, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19]
ans = '16478a151bdd41335dcd69b270f6b985'
enum(c, 0)
#flag{base64wtfwtf123}

nest

题目:

from secret import flag
from Crypto.Util.number import *
import gmpy2
p = getPrime(512)
q = p + 2
while True:
     if isPrime(q):
        break
     q += 2

N = p * q
e = 0x10001
m = bytes_to_long(flag)
c = pow(m, e, N)
print(c)
print(N)
c = 148424465798304945167250248254436660371772148039137809407743400737194128537141868847451364265636630340866508741642501886466340194647554617583629924131714531271539011128061022480521390215365303820954694837540067178184270211155380856554625937689079346774001636736492546883595465564744950751854489444787660248226
n = 177920246731961984692844675027794269351974655978633360958792135066811113973204490061355452695689806058893015396266267360582784890984276521557441293993864861033228213124084744486810727223671447408512757938978007969098885482833084907318019060009833379873711469730284507118386587060518773729384368339738258068433

题解:

加密函数 p q 相近,用费马分解得p,q

# from secret import flag
from Crypto.Util.number import *
import gmpy2

e = 0x10001
c = 148424465798304945167250248254436660371772148039137809407743400737194128537141868847451364265636630340866508741642501886466340194647554617583629924131714531271539011128061022480521390215365303820954694837540067178184270211155380856554625937689079346774001636736492546883595465564744950751854489444787660248226
n = 177920246731961984692844675027794269351974655978633360958792135066811113973204490061355452695689806058893015396266267360582784890984276521557441293993864861033228213124084744486810727223671447408512757938978007969098885482833084907318019060009833379873711469730284507118386587060518773729384368339738258068433

p = 13338674849173061115293654793180407094989029053925404248071219621296728291036306985378067182889271608069125757071973826272388440545180205478075524105332271
q = 13338674849173061115293654793180407094989029053925404248071219621296728291036306985378067182889271608069125757071973826272388440545180205478075524105332223

phi=(p-1)*(q-1)
n = p * q
d = gmpy2.invert(e,phi)
print(long_to_bytes(pow(c,d,n)))
#flag{3e364d7b-261d-3715-5d4d-4ddda6eb49f9}

both

原题: ciscn2020 - hyperthreading

多线程反调试花指令

2023全国大学生信息安全竞赛安徽省赛-初赛WP_第2张图片

只有第一个创建的线程有操作
第二个单纯和标志位相加,再调试时标志位不为0
所以直接忽视
第三个创建的就是个死循环检测调试也不用管
第一个有指令重叠,调试即可
花指令不用管只需要调试
先input[i] >> 2^input[i] << 6
然后xor 0x23
然后sleep让线程切换直接忽视
然后+ 0x23
最后比较

flag = ''
hape = [221, 91, 158, 29, 32, 158, 144, 145, 144, 144, 145, 146, 222, 139, 17, 209, 30, 158, 139, 81, 17, 80, 81, 139, 158, 93, 93, 17, 139, 144, 18, 145, 80, 18, 210, 145, 146, 30, 158, 144, 210, 159]
for i in range(len(hape)):
    hape[i] -= 0x23
    hape[i] &= 0xff
    hape[i] ^= 0x23
    hape[i] = ((hape[i] << 2) ^ (hape[i] >> 6)) & 0xff
    flag += chr(hape[i])
print flag
#flag{a959951b-76ca-4784-add7-93583251ca92}

try_it

爆破解压密码

解压密码123456789

jsfuck

flag{d7da7aeb-a3d6-4637-aff5-57ac9a00582b}

dota

原题:2021第六届楚慧杯-爱生活dota

32位,无壳,拖进IDA看,逻辑就在主函数,很简单,贴一下简单的分析

2023全国大学生信息安全竞赛安徽省赛-初赛WP_第3张图片

就是一个用户名和密码,用户名直接给了是StarsWarss,密码有个简单的异或,反推即可

text = [0x76, 0x2A, 0x1F, 0x58, 0x33, 0x2, 0x38, 0x76, 0x5F, 0x44,0x79]
tmp = 'WuSheng2009'
for i in range (len (text) ):
    print (chr (text[i] ^ ord(tmp[i])), end='')
#!_L0Vl_Dot@

2023全国大学生信息安全竞赛安徽省赛-初赛WP_第4张图片

KEY{StarsWarss!_L0VE_Dot@}

初赛二

2023全国大学生信息安全竞赛安徽省赛-初赛WP_第5张图片

三道和第一天的一样

setting sun

flag{2cd6ae0f-d5bb-4081-8f72-8b138dbee6c1}

rwx

from flag import flag
from Crypto.Util.number import long_to_bytes,bytes_to_long
from os import urandom
import hashlib

def know(m):
    r=[]
    w=[]
    x=[]
    e=[]
    for i in m:
        r.append(bin(ord(i))[-1])
        w.append(bin(ord(i))[-2])
        x.append(bin(ord(i))[-3])
        e.append(ord(i)>>3)
    return r,w,e,x

def inf(r,w,x,files):
    re=[]
    for i in range(len(files)):
        re.append(long_to_bytes(int(bin(bytes_to_long(files[i]))[2:]+r[i]+w[i]+x[i],2)))
    return re

r,w,e,x=know(flag)
files=[]
f=open("output","wb")
for i in range(len(flag)):
    files.append(urandom(8))
for i in files:
    f.write(i.encode("hex")+"\n")
files=inf(r,w,x,files)
for i in files:
    f.write(hashlib.sha256(i).hexdigest()+"\n")
for i in e:
    f.write(hashlib.sha256(str(i)+urandom(2)).hexdigest()+"\n")

print r
print w
print x
print e

题解:

import hashlib
from Crypto.Util.number import long_to_bytes,bytes_to_long
from os  import urandom

s = '3368003bfbca99e727ddfe6de1976fe7133392ddcf1e9b858af76aec41a3a0d6 e5cf55af23a0c8b42b4d9f22d1c9dfc2b04a22c0202cd35c783bbf9b82e79525 54ad655d2f450d96eb0198dd620758cbddc8987656b195df04a5e254447e9f19 d093a5e18283d59816ed32156eaaabe64fc2575bc3cee6b4fccf6325d4b669a3 8d32f93d356a459e8c2807c91ab52581c2d3ea225187b8fc2b7d6dc0dbf81500 8778e6d1901c10b1d1090c32cef6aeb36702d37dceac8c0e5a16356473f82a15 090bfe2dd0be43160b406e6b33845c6c5bde6bf47d466d26b7f69ea896eddfdd 91e3ece70e184e3f768925751fb5a0c2cf9369d6bc268464cd2737af38dea781 f16f4fae20ae181dc5a332e423a2a79fb3e2d28f072cb7ba2f8a0b29e2c1c698 b5efdd3705fcf45d3b330202e0387ab9d24c1b79af9577ba0563b669d420723d d31afdf0eb4149e516658867b07b3032ec3d685f2eb68a565249f4f439a688fa ac039fae367745a39019561e4f9f953068d0b4639c19a5eaf7a05abc46e734e0 f09637c3a24c14ad0d4fd442ede44009f85f898d506f9ba7a8563650cc4068e5 4bedd3d498e83bd16f363a3eaed9209d1b700f63eeb6f96f775d97ab31cac5f8 33c37802ce6c6dc22d15e60b62e68649ac2d2888ec1ea6fc8c44e01d9869dd75 b5610f79b982ce4666b0df76539cfd74255a00aca06d08acd05eaa7d60084a1c 24a8467f30d49602dc24318cd0665ea57b3333ed22aefde5f161a5f3044272bd 4b1b131e729d9bd102bd27ced202f6d5d800c2c17969c04a30bc7ad29664e59a 19429fd0d54ccf175abd9c4ecc7f24de183f5fee5193c5e895638dcda6a8bc27 6ce1410665315540b25e34c0f1e058567d88ef4fa91e710114f20d62114fd550 fec593226268610fbbc5352d0fb1f41b79a77eab3a2429f731feebaeb23841f7 33935fb947103ab453057052223fd5958a8897b665c8b3650b5cfaf1d8cccdc7 888b1eb7a6d29dc1cef64e6cc539d68b024c109736915630d5ddacc9c636851f 9970385c755daf6275142edb885d03506a738762bf5bfa957f9aadb31f31cb7a c5ff5de1968b6458758a641d70525d098272c714840e0c2057ba8ec05d531b63 2c208eb6a63a5beca0488ee83d4e5f0eedcc29227f6f25cddd169e87bd07a320 b1d6e133e07eacfa6fbdcd9178344a861599d73c0aa1480b7b0bd7335736d665 aefbae60c94eea15bfbc7a2824f7032b2740f95e19460bde15aae20cae0722ca 6bdfea1b95fd48f168d545e409626e783c272b12b0895cbd17564dbbcf2da66f 02a1b05474d3a86672f76712f0338a00ce95af62b7c6d2aca5492d3d7a8c7305 3a011998e70fe4460f0acdec68a77933b41f6efbad345e66b18cf014cd88af88 cd0fdb32c3e60912b54a2c1f26df90c3243626f636a9c498acbebcbcc2cbebbc 87dc8336d829915f3f98709041cfa033be859e2b1ace2c9478e26c457e4aadc0 d2e84a52aa49ed36237c81ea9f2ff66ca9d48d406df092535971601e80ec31d1 042025bb6c7535549c2cb536a04125348c48454ac6a8210cfef8a71e50813aff 436308db651644f181d02c1b90368c150f5499836d71e6b7ae8e8334811a258e 5b8b9c76b17324ef5f35692b9ee069ec3c6135b1725bb82900bf3fbe953e0586 0506511cdc9561f76e5d85d147120fd746668b043f5a71760148008ebe37d9f0 6d89ad6b0a094a7f9a9bf4ee1ca2f3b0e5ec56f924b7efeb16fbdfbfd41358d3 25019aa8cec744ea6937729fd454100c6f5a589284b007c645c6d7c6ef58c8bc 39322232c9118f9541f6432913384444309fd10a0f627c9ecc2f95309701ab13 115a84ee3ac24122fd5482b0f7eb900ce99382ca41777cc2577c82cec766cab0'
s = s.split(' ')
r = 'abb490d5efe69766 a42c15dd0717102b ee0d2fc5c7351947 4876242f69135f77 f7f7e8648cf39204 594b5fb7c4396a5d 5b254e10bc3f2e83 d27b465c51cb56aa 02fde9f77e201f13 5a5a717c5610113c 0228c96208f04be7 1f21b57c69e164c6 eb9ff8ed6de6ae5a e9ff62161ebfd07f fc92701a784575fb 246fb05d1f5a6f74 91a9a630e9e91e8b c27160d38c8b8247 4b473325d4de665c d1c1b9a58ca6d1e5 818cf44df4d7b088 569014c59066b916 408fb2edb34c77a9 d24576a95ddc151c 9284b46648b92a5c 073f776f6a36eb4a 1b9a6ff58b537364 9a327f0ff86f7687 be0fe6df6ce0726f 98734efb617a527b 3e0e772fd9669166 af8f0e61263ad605 326c9434cc213d55 5d6df6d0425fd13c c798fca9337f4e09 b8b44901c1e2847c 39c7932c6c9565d8 0df12d3f4023f6cf df47f8efee88f469 92bbcc351d041479 77b55a5574fa0830 24b60c00c2cda9c2 3c00ce8fad4bdb0e'
r = r.split(' ')
e = 'ed9f6161c423f30cc7ceac974ae5e432e755f08cb79b47ce3d43452dcf74c76c a3df8f1e5dd063595188044473fa1c2bc69eec2e29bafaeeb3962c2750585fca 3f8bb91ade38f8e0b0e269a57191d70cf60ac2db4c79518e79b48c08a737f6cb 439190a055187e9c9a0120ed91b15365f716330c8df21cadcf14f6ea0f35b4b8 dd1ce000a01a41ead05d03d74e184345aa1340c14873d75bf99275b6042c66a5 5e2002006de48dc19d2116bd6de751ede5bdcfd96bfafbc41d9a227b06c8f7e6 d05a972e1fa0d36533c88c3d6f51175df426ab3ad3950cbd82fe789907de7178 e108856d6e85ea36e8b0330a5b62489ce939c11f0e3aa673327eef4c87adfdf9 0f673f6397808e53248ce5778e31d669ad9ddcdd4c732a3dcea05a3c03322972 2c6d0af5b1ea6178d647eaad2a41f76bdf0111dce813b136262ab9cbd1a042da 2c4b24bc7213bd16739ac23b0988e27ea3b52fbf87b7c3648cae97d3535449d2 accea9e2c218217fc967bd11d772c442adf4cfbaf6d81c57e13eda48c907a584 befe454b22b4eb940732ab972657e474c211d6d9dfcddd34f68d9628b32d61fe fc1090ba15ccae04a9648183bfd9050e5513d98035af00a83e9a371bcff72512 d85b886abcdc31f028a2be8fdfa31ef3510c4b7f099baa0f15b9308493f3d2a7 2e631a9a04bf11d2354df921e482d6059684cc746ca1725b6d62952739c75ade 31dcc3a2dd334474173f6d16adcd3546736ddea1dda53d7ae7120bc5bcbc12f1 11d699bf7dcc57780f5b4217b4a6f777c0c4cdbd4269bf76b3daa5b6a6901fcb 02ae1e11650bf5ea33b0f2b9a65e830a0e4ff33b64be2f84eb0c89aeea0718fb e3d6ba04b3583099db6095205e50eaf338260cbd97c77c3b3d9058522f108892 81f062c17993b7266ce990b4d115721973958d5f81a9f24fa5e7c718b4bfd1be 9dbb8f5215d43034aff34bcb3a2cb950b76c5dc78320bf729739f28c2316c381 b5ce8e8ca3b8e872f7640f0980af6aec31cb8549f48911081264b87c94ed9a16 70cdeb42324021d98cb408f2e0e2425a4be90d6b263a44f05e65af40c842a105 ef679767995bfa61402bf90cd697f388199ed92b24e5a1cd67485f9951b73bf0 ccfb009cacb758e3ed525b4941c61e973d7bc2bc079c3a2bd089f85fbf634a2f f367d169e7fed794e76f711a4f75c0dbf8ac9426f1da48374bc86f179487d83a 90e786a6c635b110c1a9e8b717809b665d2ea91cf0851e8615ea276628544a6d 926cc73a86228b74a4ef8a386c2ecd56c7ed1c8979f2437dd53aa8c1a15b5513 32e8b07e1f7bb7da7012fff02cdcf84971d976fe056ddba651731657c7bce278 dbd86282a86ce7523cc2920ecd87070f46f436f4c9436667599fff95b0ebdc1b 4ab6a0ad4b50df2e2a178576f4aae0c7289ea00385b9d29be0c4e3b2921b5f2d 1b9a6ed279789ca017162f12586aef68f0d55acbbfb85f7a0ea294ff22a2eacf 07fc3be55d5d43dcb80f69121d6847aa0d093d4d4f723017ef75ab5b09ec555b efb6468f620d1a0dd71ddfdc66b1a5145a1666c07729db8cba93ccadf66d6363 25164ae1c0e8c1f6243fb7761310c398c607b3be6ff0cdc41fa7583288cece47 01baccd7e9415275d8e9f797b90362496935e279d02bcf68e5bcd89577688934 e6bb9d20c9f7b528dcf323143fde093be6859b63583e58fbe0c319d5f6104cfd 048856baa298e3d69421db8f4777fd44756f25933484edf6574f1ad0c3a35d6a 0799af8cad7311dd6c27f07a1b13e57eb81d9ff79520b05428d6599105d41c37 f34f86804facfee48869f64b42b2f507fab255425001d368078bae02ae660f21 dc658b6bef96c02fd9ddcf1aaa442a5994c4789cc6ab76b2e592a36e0f61e205 8852c503f1fe03706f3a6afffed6f5ad6a9f375f7ef430fc29ecbefc7696d28c 62a37ed7404473449d756a1750ff5d65de9b3e27e10367e63a25e38681a144d3'
e = e.split(' ')
flag2 = []
for tt in s:
    for i1 in range(0,2):
        for i2 in range(0,2):
            for i3 in range(0,2):
                for i in r:
                    n = '{}{}{}'.format(i1,i2,i3)
                    tmp = bytes.fromhex(i)
                    x = long_to_bytes(int(bin(bytes_to_long(tmp))[2:] + n,2))
                    x1 = hashlib.sha256(x).hexdigest()
                    if x1 == tt:
                        flag2.append(n)
print(len(e))
flag1 = []
for rt in e:
    for i1 in range(0xf+1):
        for i5 in range(0xff):
            for i6 in range(0xff):
                n1 = '{}'.format(i1)
                n = n1.encode() + bytes([i5,i6])
                xx = hashlib.sha256(n).hexdigest()
                if xx == rt:
                    flag1.append(int(n1))
                    print(flag1)

for i in range(len(flag2)):
    x = int(bin(flag1[i])+ str(flag2[i][::-1]),2)
    print(chr(x),end='')
#flag{8uuuuu_dd_3yyyui_like_the_internet_g0}

总结:期待决赛有更好的题

你可能感兴趣的:(网络安全)