newstarctf2023 reverse 题解汇总

week1

easy_RE

die查
无壳 64 直接IDA启动
跟到main函数 找到两部分flag拼起来就行了。
flag{we1c0me_to_rev3rse!!}

ELF

die查
64 ELF IDA启动
稍微读一下
写个py逆一下它的加密就行了
flag{D0_4ou_7now_wha7_ELF_1s?}

import base64
a = "VlxRV2t0II8kX2WPJ15fZ49nWFEnj3V8do8hYy9t"
a = base64.b64decode(a)
#print(a)
ans = ""
for _ in a: 
    now = (ord(chr(_))-16)^0x20
    ans += chr(now)
print(ans)
#flag{D0_4ou_7now_wha7_ELF_1s?}

Segments

die查ELF 64
根据提示直接IDA shift+F7查看段
拼一下
flag{You_ar3_g0od_at_f1nding_ELF_segments_name}

咳

die查
upx壳
脱一下
读一下加密过程写PY开逆
flag{C0ngratu1at10ns0nPa221ngTheF1rstPZGALAXY1eve1}

a = "gmbh|D1ohsbuv2bu21ot1oQb332ohUifG2stuQ[HBMBYZ2fwf2~"
ans = ""
for _ in a:
    nw = chr(ord(_)-1)
    ans += nw
print(ans)
#flag{C0ngratu1at10ns0nPa221ngTheF1rstPZGALAXY1eve1}

Endian

考察小端序
写py逆回去就好了
可能要用到.to_bytes(字节数，大端还是小段)

a = [0x75553A1E, 0x7B583A03, 0x4D58220C, 0x7B50383D, 0x736B3819]
flag = b''
for i in range(len(a)):
    flag += (a[i]^0x12345678).to_bytes(4,'little')
print(flag)
# flag{llittl_Endian_a}

expe

首先文件被改了
对着正常的找找不同修一下
然后开逆加密就行
flag{Y0u_kn0w_what_1s_PE_File_F0rmat}

IDA ctrl+E 导出数据
python range(a,b,-1)实现逆向循环

enc = [0x0A, 0x0C, 0x04, 0x1F, 0x26, 0x6C, 0x43, 0x2D, 0x3C, 0x0C, 
  0x54, 0x4C, 0x24, 0x25, 0x11, 0x06, 0x05, 0x3A, 0x7C, 0x51, 
  0x38, 0x1A, 0x03, 0x0D, 0x01, 0x36, 0x1F, 0x12, 0x26, 0x04, 
  0x68, 0x5D, 0x3F, 0x2D, 0x37, 0x2A, 0x7D]
l = len(enc)
for i in range(l-2,-1,-1):
    enc[i] = enc[i]^i^enc[i+1]
for i in enc:
    print(chr(i),end="")

AndroXor

跟mainactivity
逆一下加密过程就行
flag{3z_And0r1d_X0r_x1x1}

str2 = "happyx3"
cArr = [14,ord('\r'),17,23,2,ord('K'),ord('I'),ord('7'),ord(' '),30,20,
ord('I'),ord('\n'),2,ord('\f'),ord('>'),ord('('),ord('@'),11,ord('\''),
ord('K'),ord('Y'),25,ord('A'),ord('\r')]
ans = ""
for i in range (0, 25):
    charAt = chr(cArr[i]^ord(str2[i%7]))
    ans += charAt
print(ans)
#flag{3z_And0r1d_X0r_x1x1}

lazy_activity

进flagactivity
直接搜就找到了
flag{Act1v1ty_!s_so00oo0o_Impor#an#}

week2

PZthon

py逆向
先进行pyinstxtractor解开exe
然后反汇编得到源码
flag{Y0uMade1tThr0ughT2eSec0ndPZGALAXY1eve1T2at1sC001}

enc = [115,121,116,114,110,76,37,96,88,116,113,112,36,97,65,125,103,37,96,114,125,65,39,112,70,112,118,37,123,113,69,79,82,84,89,84,77,76,36,112,99,112,36,65,39,116,97,36,102,86,37,37,36,104,]
for i in enc:
    print(chr(i^21),end="")
#flag{Y0uMade1tThr0ughT2eSec0ndPZGALAXY1eve1T2at1sC001}