首页 > 其他分享 >[NPUCTF2020]Anti-IDA

[NPUCTF2020]Anti-IDA

时间:2024-11-01 19:48:01浏览次数:1  
标签:x33 enc x37 x34 x35 x39 Anti NPUCTF2020 IDA

[NPUCTF2020]Anti-IDA

buuctf刷题碰到的。

没见到网上有wp就写一份吧

很多无关的操作,只要不对输入数据影响就不需要管,最后exp如下

enc = b"\x33\x44\x33\x39\x33\x41\x33\x37\x33\x34\x33\x43\x33\x39\x33\x37\x33\x41\x33\x34\x33\x41\x33\x37\x33\x44\x33\x36\x33\x36\x33\x41\x33\x42\x33\x39\x33\x34\x33\x33\x33\x35\x33\x39\x33\x36\x33\x34\x33\x37\x33\x37\x33\x39\x33\x34\x33\x38\x33\x37\x33\x36\x33\x37\x33\x42\x33\x38\x33\x33\x33\x44\x33\x44\x33\x44\x33\x37\x33\x31\x33\x43\x33\x42\x33\x41\x33\x36\x33\x35\x33\x43\x33\x39\x33\x34\x33\x37\x33\x37\x33\x43\x33\x38\x33\x45\x33\x34\x33\x34\x33\x34\x33\x39\x33\x42\x33\x34\x33\x34\x33\x43\x33\x37\x33\x34\x33\x45\x33\x37\x33\x42\x33\x43\x33\x39\x33\x38\x33\x34\x33\x43\x33\x43\x33\x39\x33\x38\x33\x32\x33\x38\x33\x37\x33\x46\x33\x36\x33\x32\x33\x43\x33\x43\x33\x39\x33\x33\x33\x38\x33\x39\x33\x39\x33\x36\x33\x35\x33\x35\x33\x37\x33\x41\x33\x37\x33\x35\x33\x35\x33\x39\x33\x46\x33\x37\x33\x44\x33\x34\x33\x37\x33\x43\x33\x34\x33\x35\x33\x35\x33\x39\x33\x43\x33\x39\x33\x38\x33\x33\x33\x36\x33\x36\x33\x42\x33\x37\x33\x33\x33\x36\x33\x39\x33\x35\x33\x34\x33\x35\x33\x39\x33\x42\x33\x44\x33\x31\x33\x36\x33\x36\x33\x36\x33\x42\x33\x35\x33\x36\x33\x38\x33\x33\x33\x38\x33\x44\x33\x35\x33\x33\x33\x45\x33\x41\x33\x35\x33\x32\x33\x38\x33\x38\x33\x37\x33\x35\x33\x34\x33\x38\x33\x37\x33\x45\x33\x37\x33\x34\x33\x37\x33\x34\x33\x45\x33\x34\x33\x36\x33\x41\x33\x44\x33\x41\x33\x32\x33\x33\x33\x39\x33\x39\x33\x39\x33\x32\x33\x37\x33\x35\x33\x39\x33\x41\x33\x44\x33\x36\x33\x42\x33\x42\x33\x37\x33\x36\x33\x33\x33\x42\x33\x43\x33\x34\x33\x36\x33\x31\x33\x46\x33\x43\x33\x44\x33\x34\x33\x35\x33\x36\x33\x35\x33\x37\x33\x35\x33\x37\x33\x39\x33\x34\x33\x41\x33\x33\x33\x34\x33\x32\x33\x39\x33\x38\x33\x33\x33\x34\x33\x36\x33\x45\x33\x33\x33\x39\x33\x37\x33\x42\x33\x37\x33\x41\x33\x36\x33\x34\x33\x37\x33\x44\x33\x42\x33\x36\x33\x32\x33\x37\x33\x43\x33\x42\x33\x35\x33\x32\x33\x44\x33\x37\x33\x37\x33\x32\x33\x38\x33\x37\x33\x39\x33\x35\x33\x34\x33\x35\x33\x35\x33\x41\x33\x38\x33\x34\x33\x35\x33\x35\x33\x38\x33\x34\x33\x39\x33\x34".decode()
enc = bytes.fromhex(enc)
add = [0x00000004, 0x00000005, 0x00000002, 0x00000003, 0x00000001, 0x00000004, 0x00000002]
xor = [0x00000001, 0x00000003, 0x00000005, 0x00000007, 0x00000009, 0x0000000B]
mul = [0x00000036, 0x00000002, 0x00000003, 0x00000005, 0x00000007, 0x0000000B, 0x0000000D]
enc = enc[::-1]
enc = list(enc)
for i in range(len(enc)):
    enc[i]-=i%4 + add[i%7]
enc = bytes(enc).decode()
enc_s = []
print(len(enc))
for i in range(len(enc)//5):
    enc_s.append(int(enc[i*5:i*5+5]))
print(" ".join(map(hex,enc_s)))
print(len(enc_s))
for i in range(len(enc_s)):
    enc_s[i]-=i*(i-1)
    enc_s[i]//=mul[i%7]
    enc_s[i]-=2*i
    enc_s[i]^=xor[i%6]^(i%4)
    enc_s[i]-=add[i%7]
enc = bytes(enc_s).decode()
enc = enc[::-1]
enc = bytes.fromhex(enc)
print(enc)
enc = list(enc)
for i in range(1,len(enc),1):
    enc[i]-=enc[i-1]
    enc[i]&=0xff
enc[-1]-=10
enc[-1]&=0xff
for i in range(len(enc)-2,-1,-1):
    enc[i]-=enc[i+1]
    enc[i] &= 0xff
for i in range(len(enc)):
    enc[i]+=0x20
    enc[i] &= 0xff
print(bytes(enc))

程序无关操作干扰计算操作比较多,但整体算法比较简单加上近似为无的花指令勉强算道中等题吧XD

标签:x33,enc,x37,x34,x35,x39,Anti,NPUCTF2020,IDA
From: https://www.cnblogs.com/BMK-RE/p/18521150

相关文章

  • ROLL: Long-Term Robust LiDAR-based Localization With Temporary Mapping in Changi
    开源代码:GitHub-HaisenbergPeng/ROLL:Areal-time,robustLiDAR-inertiallocalizationsystemROLL:Long-TermRobustLiDAR-basedLocalizationWithTemporaryMappinginChangingEnvironmentsROLL:基于LiDAR的长期稳健定位,在不断变化的环境中提供临时测绘摘要:长......
  • 开发 react 技术栈的前台项目,选用 semantic-ui-react 组件库是否是较好的选择
    在前端开发中,合适的UI组件库的选择至关重要,它能在保证交互和视觉一致性的同时,大大提升开发效率。Semantic-UI-React是React技术栈中备受关注的UI组件库之一,以其丰富的组件和友好的API受到了许多开发者的欢迎。然而,是否选择它作为项目的UI组件库需结合多个因素综合考虑......
  • IDA修改WeChatAppEx,打补丁提示 Permission denied
    手贱,升级了下PC微信的版本,结果导致微信内置浏览器上的开发者模式(Devtools)失效,有时候需要在微信环境中看下别人的HTML不是很方便,特别是对于微信视频号中的视频更是看不到。新版本的已经没有【检查】这个选项了操作步骤如下:复制一份WeChatAppEx.exe,退出登录的PC微信,使用IDA......
  • validation
    PreparetrainingandtestdataX=np.array([item["Image"]foritemindata])/255.0#Normalizeto[0,1]y=np.array([item["Label"]foritemindata])Splitintotrainingandvalidationsetssplit_idx=int(0.8*len(X))X_train,......
  • 论文阅读Nature:Detecting hallucinations in large language models using semantic e
    论文阅读-Nature:Detectinghallucinationsinlargelanguagemodelsusingsemanticentropy(使用语义熵来检测大模型中的幻觉)作者:SebastianFarquhar,JannikKossen,LorenzKuhn&YarinGal单位:牛津大学,计算机科学学院,OATML实验室期刊:Nature时间线:2023年7月提交→......
  • 学习使用IDA
    学习使用IDA文章目录学习使用IDA使用步骤一.查壳二.使用IDAPro(64-bit)或IDAPro(32-bit)打开.exe文件三.按shift+F12,进入下图界面,找到flag,双击四.进入下图界面,点击flag,按ctrl+x,会出现弹窗,点OK五.进入以下界面,点Tab六.进入以下界面,分析代码得到flag(很大几率需要进行动......
  • 【semantic Kernel】对接 Ollama
    在chatGPT的推动下。LLM简直火出天际,各行各业都在蹭。听说最近meta开源的llama3模型可以轻松在普通PC上运行,这让我也忍不住来蹭一层。以下是使用ollama试玩llama3的一些记录。什么是llamaLLaMA(LargeLanguageModelMetaAI)是Meta开发的大规模预训练语言模型,基于T......
  • 【semantic Kernel】接入其他平台AI(智普)
    SemantieKernel中对话请求默认是发送到OpenAI去的其他与OpenAI对话请求接口兼容的模型平台,一般只需要修改host即可,path不需要修改,可以通过HttpClientHandler修改接入智普AI但是智谱AI的对话接口地址是api/paas/v4/chat/completions,和OpenAI不同,所以需要修改host和path智普......
  • 【揭秘】如何用ConstraintValidator自定义校验注解,让你的代码更简洁高效!
    在Java中,自定义校验注解(CustomValidationAnnotation)通常用于BeanValidation框架(如HibernateValidator),以便对特定字段或方法参数进行验证。以下是如何创建和使用自定义校验注解的详细步骤和代码示例:1.定义自定义校验注解首先,我们需要定义一个自定义校验注解。这个注解需......
  • A 2-D LiDAR-SLAM Algorithm for Indoor Similar Environment With Deep Visual Loop
      具有深度视觉闭环的室内类似环境的二维LiDAR-SLAM算法A2-DLiDAR-SLAMAlgorithmforIndoorSimilarEnvironmentWithDeepVisualLoopClosure摘要:同步定位与建图(SLAM)是实现机器人智能的关键技术。与摄像头相比,在室内环境下使用光探测和测距(LiDAR)可以实现更高......