[安洵杯 2019]game & [SUCTF2018]babyre

发布时间：2023年12月20日

无脑挂点wp，大概率只有简单描述和脚本

[安洵杯 2019]game

llvm，deflat去混淆，然后就是个数独的填写，前面有一堆简单置换，直接逆写

s = [0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00,
  0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
  0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x04, 0x00,
  0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00,
  0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00,
  0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x08, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00,
  0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x04, 0x00, 0x00, 0x00]
temp = []
for i in range(81):
  temp.append(s[i*4])
print(temp.count(0))
w = [0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x05, 0x00,
  0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
  0x07, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x09, 0x00,
  0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
  0x03, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06, 0x00,
  0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
  0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x07, 0x00,
  0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
  0x02, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x01, 0x00,
  0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
  0x04, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x04, 0x00,
  0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00,
  0x01, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x05, 0x00,
  0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
  0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00,
  0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
  0x07, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x09, 0x00,
  0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00,
  0x07, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x03, 0x00,
  0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
  0x06, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x08, 0x00,
  0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
  0x06, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x05, 0x00,
  0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
  0x08, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x09, 0x00,
  0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
  0x04, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x06, 0x00,
  0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
  0x03, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x05, 0x00,
  0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
  0x09, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x08, 0x00,
  0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00,
  0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00]
temp1 = []
for i in range(81):
  temp1.append(w[i*4])
for i in range(81):
  if temp[i] == 0:
    print(temp1[i],end=',')

key = [4,6,9,3,6,4,1,7,6,2,8,9,4,6,8,5,7,2,2,8,4,3,5,5,6,1,3,7,2,1,9,8,7,6,2,5,5,9,8,6]
key = [i+68 for i in key]
key = [(temp & 0xf3 | ~temp & 0xc) for temp in key]
print(len(key))
for i in range(20):
    temp = key[i*2]
    key[i*2] = key[i*2+1]
    key[i*2+1] = temp
for i in range(20,40):
    print(chr(key[i]),end='')
for i in range(0,20):
    print(chr(key[i]),end='')
# KDEEIFGKIJ@AFGEJAEF@FDKADFGIJFA@FDE@JG@J

[SUCTF2018]babyre

虽然是个bin，但是不影响ida64识别
输入一个数字还mod 65536，直接仿写爆破

#include <bits/stdc++.h>
using namespace std;
int main()
{
  int v4[10000] = {0};
    v4[0] = 2;
  v4[1] = 3;
  v4[2] = 2;
  v4[3] = 1;
  v4[4] = 4;
  v4[5] = 7;
  v4[6] = 4;
  v4[7] = 5;
  v4[8] = 10;
  v4[9] = 11;
  v4[10] = 10;
  v4[11] = 9;
  v4[12] = 14;
  v4[13] = 15;
  v4[14] = 12;
  v4[15] = 13;
  v4[16] = 16;
  v4[17] = 19;
  v4[18] = 16;
  v4[19] = 17;
  v4[20] = 20;
  v4[21] = 23;
  v4[22] = 22;
  v4[23] = 19;
  v4[24] = 28;
  v4[25] = 25;
  v4[26] = 30;
  v4[27] = 31;
  v4[28] = 28;
  v4[29] = 25;
  v4[30] = 26;
  v4[31] = 31;
  v4[32]=36;
v4[33]=33;
v4[34]=34;
v4[35]=39;
v4[36]=36;
v4[37]=33;
v4[38]=34;
v4[39]=35;
v4[40]=40;
v4[41]=41;
v4[42]=46;
v4[43]=43;
v4[44]=36;
v4[45]=45;
v4[46]=38;
v4[47]=47;
v4[48]=56;
v4[49]=49;
v4[50]=58;
v4[51]=59;
v4[52]=52;
v4[53]=61;
v4[54]=62;
v4[55]=55;
v4[56]=48;
v4[57]=57;
v4[58]=50;
v4[59]=59;
v4[60]=60;
v4[61]=53;
v4[62]=54;
v4[63]=55;
v4[64]=72;
v4[65]=73;
v4[66]=66;
v4[67]=66;
v4[68]=68;
v4[69]=68;
v4[70]=70;
v4[71]=71;
v4[72]=72;
v4[73]=73;
v4[74]=74;
v4[75]=74;
v4[76]=77;
v4[77]=77;
v4[78]=79;
v4[79]=78;
v4[80]=80;
v4[81]=80;
v4[82]=82;
v4[83]=83;
v4[84]=85;
v4[85]=84;
v4[86]=86;
v4[87]=87;
v4[88]=89;
v4[89]=89;
v4[90]=90;
v4[91]=91;
v4[92]=92;
v4[93]=93;
v4[94]=94;
v4[95]=94;
v4[96]=96;
v4[97]=96;
v4[98]=99;
v4[99]=99;
v4[100]=100;
v4[101]=101;
v4[102]=103;
v4[103]=103;
v4[104]=105;
v4[105]=105;
v4[106]=107;
v4[107]=107;
v4[108]=108;
v4[109]=109;
v4[110]=110;
v4[111]=110;
v4[112]=112;
v4[113]=112;
v4[114]=114;
v4[115]=115;
v4[116]=116;
v4[117]=117;
v4[118]=119;
v4[119]=119;
v4[120]=120;
v4[121]=121;
v4[122]=123;
v4[123]=123;
v4[124]=125;
v4[125]=125;
  v4[126] = 0x7F;
  v4[127] = 127;
  v4[128] = 0x81;
  v4[129] = 0x81;
  v4[130] = 131;
  v4[131] = 131;
  v4[132] = 0x8C;
  v4[133] = 0x8D;
  v4[134] = 0x8E;
  v4[135] = -113;
  v4[136] = -120;
  v4[137] = -119;
  v4[138] = -118;
  v4[139] = -117;
  v4[140] = -116;
  v4[141] = -115;
  v4[142] = -114;
  v4[143] = -121;
  v4[144] = -104;
  v4[145] = -111;
  v4[146] = -110;
  v4[147] = -109;
  v4[148] = -108;
  v4[149] = -107;
  v4[150] = -106;
  v4[151] = -105;
  v4[152] = -104;
  v4[153] = -103;
  v4[154] = -102;
  v4[155] = -102;
  v4[156] = -100;
  v4[157] = -100;
  v4[158] = -98;
  v4[159] = -98;
  v4[160] = -96;
  v4[161] = -96;
  v4[162] = -94;
  v4[163] = -94;
  v4[164] = -92;
  v4[165] = -92;
  v4[166] = -90;
  v4[167] = -90;
  v4[168] = -88;
  v4[169] = -88;
  v4[170] = -86;
  v4[171] = -86;
  v4[172] = -84;
  v4[173] = -84;
  v4[174] = -82;
  v4[175] = -82;
  v4[176] = -80;
  v4[177] = -79;
  v4[178] = -78;
  v4[179] = -77;
  
  int v9,v10;
  for(int i = 0; i < 65536; i++){
    int v6[31] = {0};
    v6[30] = 8;
    while ( v6[30] )
    {
      --v6[30];
      for (int j = 22; j; v6[j] |= v10 << v6[30] )
      {
        v9 = v4[22 * v6[30] + --j];
        v10 = (v9 >> ((i >> (2 * v6[30])) & 3)) & 1;
      }
    }
    if ((char)v6[0] == 'S'){
      for(int temp = 0; v6[temp];temp++){
        cout <<(char)v6[temp];
      }
      cout <<endl;
    }
  }
  return 0;
   
}

文章来源:https://blog.csdn.net/qq_59700927/article/details/135113968
本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若内容造成侵权/违法违规/事实不符，请联系我的编程经验分享网邮箱：chenni525@qq.com进行投诉反馈，一经查实，立即删除！