首页 > 其他分享 >“华为杯”第二届中国研究生网络安全创新大赛初赛 RE

“华为杯”第二届中国研究生网络安全创新大赛初赛 RE

时间:2023-09-28 11:16:06浏览次数:34  
标签:网络安全 return string int text 初赛 RE Token RID

easy_xor

反调试直接patch

关注异或

enc=[  0x99, 0x48, 0x5E, 0xBD, 0xC5, 0x9B, 0x85, 0x96, 0x20, 0xFC,
  0x18, 0xB2, 0x00, 0xC5, 0xDA, 0xC0, 0xB1, 0xC8, 0x6C, 0x81,
  0x63, 0xBD, 0x09, 0x50, 0xC2, 0xBB, 0xEC, 0x33, 0xD6, 0xD7,
  0x8F, 0xAF, 0xAD, 0xCE, 0x14, 0xED, 0x8C, 0xCE, 0x6F, 0xA9,
  0xA8, 0x02, 0x8C, 0x90, 0x94, 0x67]
xorkey=[  0xFF, 0x24, 0x3F, 0xDA, 0xBE, 0xA9, 0xB6, 0xF7, 0x12, 0x8F,
  0x29, 0xD0, 0x73, 0xF7, 0xF7, 0xA2, 0x83, 0xAD, 0x5F, 0xB0,
  0x51, 0x90, 0x3F, 0x68, 0xF6, 0x8C, 0xC1, 0x0A, 0xB7, 0xB5,
  0xBC, 0x82, 0xCC, 0xFC, 0x67, 0xDE, 0xE9, 0xFF, 0x5B, 0xCB,
  0xC9, 0x67, 0xEA, 0xF6, 0xA6, 0x1A, 0x39, 0x56, 0xCA, 0x23,
  0x46, 0xE3, 0xC8, 0x71, 0x43, 0x53, 0xFF, 0x72, 0x2F, 0xC3,
  0x5C, 0x1C, 0x5B, 0x94]
for i in range(len(enc)):
    enc[i]^=xorkey[i]
print(bytes(enc))
##b'flag{23a2s1bs2-b2e312-6847-9ab3-a2s3e14baeff2}'

Plant A tree

反调试,patch

enc=[0x2C, 0x40, 0xCE, 0x88, 0xEA, 0xB3, 0xA7, 0xFA, 0xBE, 0xE3, 
  0x32, 0xD9, 0x8B, 0xE4, 0x1C, 0x77, 0xFC, 0xD4, 0x76, 0xAB, 
  0x87, 0x41, 0xB0, 0xCE, 0xF5, 0x5E, 0x61, 0x86, 0xA8, 0xCF, 
  0x71, 0x99, 0x5C, 0xB1]
index=[4, 19, 9, 1, 24, 14, 5, 0, 18, 31, 21, 16, 11, 29, 12, 2, 30, 13, 3, 15, 8, 7, 17, 32, 33, 6, 25, 20, 26, 10, 23, 22, 27, 28]

先检验长度->导入input

再RC4

再进行自异或

最后密文对比

enc=[ 0x2C, 0x40, 0xCE, 0x88, 0xEA, 0xB3, 0xA7, 0xFA, 0xBE, 0xE3,
  0x32, 0xD9, 0x8B, 0xE4, 0x1C, 0x77, 0xFC, 0xD4, 0x76, 0xAB,
  0x87, 0x41, 0xB0, 0xCE, 0xF5, 0x5E, 0x61, 0x86, 0xA8, 0xCF,
  0x71, 0x99, 0x5C, 0xB1]
for i in range(len(enc)-2,-1,-1):
    enc[i]^=enc[i+1]
for i in range(len(enc)):
    print(hex(enc[i])[2:].zfill(2),end='')#ffd3935dd53f8c2bd16f8cbe67ec0814639f4b3d961150e02edb85e462ca0574edb1

然后RC4

{k_leeTf@!s_rpaayvgleeM!}4_eHTm_@p
s='{k_leeTf@!s_rpaayvgleeM!}4_eHTm_@p'
m=[0]*len(s)
index=[4, 19, 9, 1, 24, 14, 5, 0, 18, 31, 21, 16, 11, 29, 12, 2, 30, 13, 3, 15, 8, 7, 17, 32, 33, 6, 25, 20, 26, 10, 23, 22, 27, 28]

for i in range(len(s)):
    m[index[i]]=ord(s[i])
print(bytes(m))#b'flag{T4ee_Travel_M@kes_me_H@ppy!!}'

Robbie gave up

提取数据

using System;
using System;
using System.Collections.Generic;
using System.Text;
namespace ConsoleApp3
{
	// Token: 0x02000003 RID: 3
	public class Crypt
	{
		// Token: 0x06000003 RID: 3 RVA: 0x00002058 File Offset: 0x00000258
		public Crypt()
		{
			this.T = new List<char>();
			this.K = "あいうえおかきくけこさしすせそたちつてとなにぬねのはひふへほまみむめもやよらりるれろわをぐげござじずぞだぢづでばびぶべぱぴぷぺぽ";
		}

		// Token: 0x17000001 RID: 1
		// (get) Token: 0x06000004 RID: 4 RVA: 0x00002076 File Offset: 0x00000276
		// (set) Token: 0x06000005 RID: 5 RVA: 0x00002150 File Offset: 0x00000350
		public string Token
		{
			get
			{
				if (this.S != null)
				{
					return this.S;
				}
				return this.K;
			}
			set
			{
				this.T.Clear();
				this.S = value;
				if (this.S == null)
				{
					foreach (char item in this.K)
					{
						this.T.Add(item);
					}
					return;
				}
				if (this.S.Length < 64)
				{
					foreach (char item2 in this.S)
					{
						this.T.Add(item2);
					}
					for (int j = 0; j < 64 - this.S.Length; j++)
					{
						this.T.Add(this.K[j]);
					}
					return;
				}
				for (int k = 0; k < 64; k++)
				{
					this.T.Add(this.S[k]);
				}
			}
		}

		// Token: 0x06000006 RID: 6 RVA: 0x0000208D File Offset: 0x0000028D
		public string Encode(string x)
		{
			if (!string.IsNullOrEmpty(x))
			{
				return this.InternalEncode(Encoding.UTF8.GetBytes(x));
			}
			return x;
		}

		// Token: 0x06000007 RID: 7 RVA: 0x000020AA File Offset: 0x000002AA
		public string Decode(string x)
		{
			if (!string.IsNullOrEmpty(x))
			{
				return Encoding.UTF8.GetString(this.InternalDecode(x));
			}
			return x;
		}

		// Token: 0x06000008 RID: 8 RVA: 0x000020C7 File Offset: 0x000002C7
		public byte[] Encode(byte[] x)
		{
			if (x != null)
			{
				return Encoding.UTF8.GetBytes(this.InternalEncode(x));
			}
			return null;
		}

		// Token: 0x06000009 RID: 9 RVA: 0x000020DF File Offset: 0x000002DF
		public byte[] Decode(byte[] x)
		{
			if (x != null)
			{
				return this.InternalDecode(Encoding.UTF8.GetString(x));
			}
			return null;
		}

		// Token: 0x0600000A RID: 10 RVA: 0x000020F7 File Offset: 0x000002F7
		private void CheckToken()
		{
			if (this.T.Count != 64)
			{
				this.Token = this.K;
			}
		}

		// Token: 0x0600000B RID: 11 RVA: 0x00002240 File Offset: 0x00000440
		private byte[] InternalDecode(string x)
		{
			this.CheckToken();
			int num = 0;
			int num2 = x.Length / 4;
			int num3 = x.Length % 4;
			byte[] array;
			if (num3 == 0)
			{
				array = new byte[3 * num2];
			}
			else
			{
				array = new byte[3 * num2 + num3 - 1];
				string text = string.Empty;
				for (int i = num3; i > 0; i--)
				{
					text += this.ByteToBin((byte)this.T.IndexOf(x[x.Length - i])).Substring(2);
				}
				for (int j = 0; j < num3 - 1; j++)
				{
					array[3 * num2 + j] = this.BinToByte(text.Substring(8 * j, 8));
				}
			}
			for (int k = 0; k < num2; k++)
			{
				string text = string.Empty;
				for (int l = 0; l < 4; l++)
				{
					text += this.ByteToBin((byte)this.T.IndexOf(x[4 * k + l])).Substring(2);
				}
				for (int m = 0; m < text.Length / 8; m++)
				{
					array[num++] = this.BinToByte(text.Substring(8 * m, 8));
				}
			}
			return array;
		}

		// Token: 0x0600000C RID: 12 RVA: 0x00002378 File Offset: 0x00000578
		private string InternalEncode(byte[] x)
		{
			this.CheckToken();
			string text = string.Empty;
			int num = x.Length / 3;
			int num2 = x.Length % 3;
			for (int i = 0; i < num; i++)
			{
				string text2 = string.Empty;
				for (int j = 0; j < 3; j++)
				{
					text2 += this.ByteToBin(x[3 * i + j]);
				}
				text += this.cryptEncode(text2);
			}
			if (num2 == 1)
			{
				string text2 = this.ByteToBin(x[x.Length - 1]).PadRight(12, '0');
				text += this.cryptEncode(text2);
			}
			else if (num2 == 2)
			{
				string text2 = string.Empty;
				for (int k = num2; k > 0; k--)
				{
					text2 += this.ByteToBin(x[x.Length - k]);
				}
				text2 = text2.PadRight(18, '0');
				text += this.cryptEncode(text2);
			}
			return text;
		}

		// Token: 0x0600000D RID: 13 RVA: 0x0000245C File Offset: 0x0000065C
		private string cryptEncode(string x)
		{
			string text = string.Empty;
			for (int i = 0; i < x.Length / 6; i++)
			{
				text += this.T[(int)this.BinToByte(x.Substring(6 * i, 6))].ToString();
			}
			return text;
		}

		// Token: 0x0600000E RID: 14 RVA: 0x00002114 File Offset: 0x00000314
		private string ByteToBin(byte x)
		{
			return Convert.ToString(x, 2).PadLeft(8, '0');
		}

		// Token: 0x0600000F RID: 15 RVA: 0x00002125 File Offset: 0x00000325
		private byte BinToByte(string x)
		{
			return Convert.ToByte(x, 2);
		}

		// Token: 0x04000001 RID: 1
		private string S;

		// Token: 0x04000002 RID: 2
		private string K;

		// Token: 0x04000003 RID: 3
		private List<char> T;
	}
	class Program
    {
		public static string Method()
		{
			string x = "はりずめはばぐだすだちずそぬけびせやのぞはとらよはやこらのとほめせだむばのだのぢはやよぢせりにやのばぢ";
			return new Crypt().Decode(x);
		}
		static void Main(string[] args)
        {
            Console.WriteLine(Method());
			//flag{33419b8662e9df2ea7a787c64f946ecc}
		}
	}
}

小林的世界

第一个挑战

rot13,发现和最后base64解密出的DASCTF{hasaki-pdtzptz-vxnfnu}
铜钥匙 hasaki对应
挑战2,银钥匙对应vxnfnu

挑战3,密文是pdtzptz,凯撒加密,5

所以最后的flag为

DASCTF{hasaki-kyoukou-vxnfnu}

标签:网络安全,return,string,int,text,初赛,RE,Token,RID
From: https://www.cnblogs.com/maffy/p/17735224.html

相关文章

  • D. Reverse Madness
    根据数据可知,字符串s被分成互不相交的子集,然后在每个子集内根据x的位置经行左右翻转,可知翻转为偶数时恢复原样,所以可以根据差分数组进行求解点击查看代码#include<bits/stdc++.h>usingnamespacestd;#defineLLlonglongconstintN=2e5+10;inta[N],b[N];voids......
  • 五个步骤!轻松将ASP.NET MVC项目迁移至ASP.NET Core
    TelerikUIforASP.NETCore是用于跨平台响应式Web和云开发的最完整的UI工具集,拥有超过60个由KendoUI支持的ASP.NETCore组件。它的响应式和自适应的HTML5网格,提供从过滤、排序数据到分页和分层数据分组等100多项高级功能。获取TelerikUIforASP.NETCore新版下载QQ技术交流......
  • Java 21 新特性:虚拟线程(Virtual Threads)
    在Java21中,引入了虚拟线程(VirtualThreads)来简化和增强并发性,这使得在Java中编程并发程序更容易、更高效。虚拟线程,也称为“用户模式线程(user-modethreads)”或“纤程(fibers)”。该功能旨在简化并发编程并提供更好的可扩展性。虚拟线程是轻量级的,这意味着它们可以比传统线程创建......
  • Ant Design Pro版中后台原型模板及Axure rplib元件库组件
    AntDesignPro版中后台原型模板及Axurerplib元件库组件,AntDesign服务于企业级产品的设计体系,基于确定和自然的设计价值观上的模块化解决方案,让设计者和开发者专注于更好的用户体验。AntDesign是阿里巴巴开源的一套admin框架,是当前非常主流的设计方案。本套素材,使用axureRP软......
  • ISO/ SAE 21434 道路车辆网络安全工程
    ISO/SAE21434道路车辆网络安全工程是全球首个面向汽车行业网络安全管理的国际标准,明确了网络安全风险管理以及产品全生命周期各阶段的工程要求.ISO/SAE21434标准明确了与网络安全相关的术语、目标、要求和指导方针,制定了一个结构化的抽象框架,以帮助包括整车制造商以及供应......
  • Server.Transfer和Response.Redirect的区别
    Response.Redirect简单地发送一条消息到浏览器,告诉浏览器定位到另一个页面。你可以使用下面的代码将用户引导到另一个页面:Response.Redirect("WebForm2.aspx")或者Response.Redirect("http://www.cnnas.com/")Server.Transfer也是通过一条语句将用户引导到另一页面,比如:S......
  • 安装Redis(详细教程)
    一.访问git地址下载安装包解压到一个路径https://github.com/tporadowski/redis/releases  二.在路径输入cmd进入redis,启动redis:redis-server.exeredis.windows.conf 三.配置环境变量 四.打开Redsi客户端进行连接(在Redis路径下cmd输入)redis-cli.exe 不成功......
  • Git/TortoiseGit冲突:commit your changes or stash them before you can merge[解决之
    最近在pull代码时,遇到了‘commityourchangesorstashthembeforeyoucanmerge’的提示,针对此问题,我查阅了大量的资料,得到了解决办法,给大家分享下问题:在你mergeorchangemaster前,提交你的改变,或者存储改变。问题原因:上次commit后,代码发生了新的变化,如果merge或者change......
  • 网络安全学习常见的靶场环境
    01DVWADVWA靶场是我们新手入门必练靶场之一,包含暴力破解(BruteForce)、命令注入(CommandInjection)、跨站请求伪造(CSRF)、文件包含(FileInclusion)、文件上传(FileUpload)、不安全的验证码(InsecureCAPTCHA)、SQL注入(SQLInjection)、SQL盲注(SQLInjectionBlind)、反射......
  • Windows版Redis3.2X64部署教程
    1.使用的Redis-x64-3.2.100.ZIP解压版redis免安装版链接:https://pan.baidu.com/s/1MYmNxiY8JIOuXjVr0W_-5A 提取码:12342.下载完毕之后解压在你的安装目录内 3.启动服务端cmd进入文件夹中,执行:redis-serverredis.windows.conf如下就代表运行成功.如果失败重新解压尝试 ......