iscc2018-Reverse-writeup
阿新 • • 發佈:2018-05-26
height 求解 分享圖片 lvm 兩個 image utf ring XP
RSA256
解析公鑰
yafu質因數分解
p=325045504186436346209877301320131277983
q=302825536744096741518546212761194311477
e=65537
生成
1 import math 2 import sys 3 from Crypto.PublicKey import RSA 4 5 keypair = RSA.generate(1024) 6 7 keypair.p = 325045504186436346209877301320131277983 8 keypair.q = 302825536744096741518546212761194311477 9keypair.e = 65537 10 keypair.n = keypair.p * keypair.q 11 q = long((keypair.p-1) * (keypair.q-1)) 12 i = 1 13 while True: 14 x=(q*i)+1 15 if (x % keypair.e == 0): 16 keypair.d = x / keypair.e 17 break 18 i += 1 19 print keypair.d #1958518567680136759381316911808879057130620824462099039954817237801766103617 20 private = open(‘private.pem‘,‘w‘) 21 private.write(keypair.exportKey()) 22 private.close()
解密腳本
1 #coding=utf-8 2 import rsa,base64 3 4 with open(‘private.pem‘,‘r‘) as f: 5 privkey = rsa.PrivateKey.load_pkcs1(f.read().encode())6 7 f1=open(‘encrypted.message1‘,‘r‘) 8 f2=open(‘encrypted.message2‘,‘r‘) 9 f3=open(‘encrypted.message3‘,‘r‘) 10 a=f1.read() 11 message1 = rsa.decrypt(a, privkey).decode().rstrip() 12 a=f2.read() 13 message2 = rsa.decrypt(a, privkey).decode().rstrip() 14 a=f3.read() 15 message3 = rsa.decrypt(a, privkey).decode().rstrip() 16 print message1+message2+message3 #flag{3b6d3806-4b2b-11e7-95a0-000c29d7e93d}
leftleftrightright
peid查殼
手動脫殼
ida查看偽代碼
還原flag:Flag{this_was_simple_isnt_it}
My math is bad
elf64,ida查看,題目要求為兩個四元方程組求解
1 from sympy import * 2 a=Symbol(‘a‘) 3 b=Symbol(‘b‘) 4 c=Symbol(‘c‘) 5 d=Symbol(‘d‘) 6 e=Symbol(‘e‘) 7 f=Symbol(‘f‘) 8 g=Symbol(‘g‘) 9 h=Symbol(‘h‘) 10 print solve([ 11 a*b-c*d-2652042832920173142, 12 3*c+4*d-b-2*a-397958918, 13 3*d*a-b*c-3345692380376715070, 14 27*b+a-11*d-c-40179413815 15 ],[a,b,c,d])[0] 16 print solve([ 17 22*e-f-g+39*h-61799700179, 18 45*g-45*f+e+h-48753725643, 19 35*e+41*f-g-h-59322698861, 20 e-f+36*g-13*h-51664230587 21 ],[e,f,g,h])
1 a=1869639009 2 b=1801073242 3 c=829124174 4 d=862734414 5 e=811816014 6 f=828593230 7 g=1867395930 8 h=1195788129 9 l=[a,b,c,d,e,f,g,h] 10 s=‘‘ 11 for i in l: 12 c=‘‘ 13 for j in range(4): 14 c+=chr(int(hex(i)[2+j*2:4+j*2],16)) 15 s+=c[::-1] 16 print s #ampoZ2ZkNnk1NHl3NTc0NTc1Z3NoaGFG
obfuscation and encode
import string,base64 aphla=‘FeVYKw6a0lDIOsnZQ5EAf2MvjS1GUiLWPTtH4JqRgu3dbC8hrcNo9/mxzpXBky7+‘ base=‘ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/‘ s=‘lUFBuT7hADvItXEGn7KgTEjqw8U5VQUq‘ m=[2 ,2, 4, -5, 1 ,1, 3, -3, -1, -2, -3, 4, -1,0, -2, 2] s1=‘‘ for c in s: s1+=base[aphla.index(c)] s1=base64.b64decode(s1) for i in string.printable: for j in string.printable: for k in string.printable: for l in string.printable: s=i+j+k+l s0=‘‘ for n in range(4): v10=0 for o in range(4): v10+=ord(s[o])*m[4*n+o] s0+=chr(v10%256) if s0==s1[0:4]: print s,1 if s0==s1[4:8]: print s,2 if s0==s1[8:12]: print s,3 if s0==s1[12:16]: print s,4 if s0==s1[16:20]: print s,5 if s0==s1[20:24]: print s,6 ‘‘‘ s3=‘flag{dO_y0U_KNoW_0IlVm?}‘
iscc2018-Reverse-writeup