找到了一道pyc逆向題目

拿來玩玩

下載得到一個壓縮包 解壓後拿到PYMD5.pyc

notepad++開啟是亂碼

ubuntu裝上uncompyle

[email protected]:~/Desktop$ uncompyle6 PYMD5.pyc > pymd5.py

處理一下拿到py檔案   內容如下：

# uncompyle6 version 3.2.4
# Python bytecode 2.7 (62211)
# Decompiled from: Python 2.7.6 (default, Nov 23 2017, 15:49:48) 
# [GCC 4.8.4]
# Embedded file name: unVm.py
# Compiled at: 2018-04-17 01:42:14
import md5
md5s = [40872900234340200352311496849171786925L,
 37774871274387226911544626909853297147L,
 136364329640288194110852557127415197202L,
 197102543045186090881257886713375686009L,
 46282790971609926574181364879232245714L,
 199788626591470902691740865303843697496L,
 139155483798021197733301619201494834453L,
 105977393849615850942572250680575701536L,
 103383262965894787541607484291344857033L,
 193549894376121578282270539756256252317L]
print 'Can you turn me back to python ? ...'
flag = raw_input('well as you wish.. what is the flag: ')
if len(flag) > 50:                #flag總長度小於等於50
    print 'nice try'
    exit()
if len(flag) % 5 != 0:            #flag長度是5的倍數
    print 'nice try'
    exit()
for i in range(0, len(flag), 5):  #每次取5位賦值給s 進行md5(s)生成十六進位制的串 再轉十進位制與md5s進行比較
    s = flag[i:i + 5]
    if int('0x' + md5.new(s).hexdigest(), 16) != md5s[i / 5]:
        print 'nice try'
        exit()

print 'Congratz now you have the flag'
# okay decompiling PYMD5.pyc
 

分析可以知道   flag應該是5*10 = 50位

根據經驗   猜測每五位都是小寫字母

先將md5s轉成十六進位制

md5s = [40872900234340200352311496849171786925L,
 37774871274387226911544626909853297147L,
 136364329640288194110852557127415197202L,
 197102543045186090881257886713375686009L,
 46282790971609926574181364879232245714L,
 199788626591470902691740865303843697496L,
 139155483798021197733301619201494834453L,
 105977393849615850942572250680575701536L,
 103383262965894787541607484291344857033L,
 193549894376121578282270539756256252317L]
for i in md5s:
    print('{:x}'.format(i))
'''得到下面
1ebfd5913ef450b92b9e65b6de09acad
1c6b2cf25eb36540376a3b3fa208a9fb
6696d088517c9390167fedb2bc876e12
944891a872a4891002f7caf24c70fd79
22d1bdc61cc009b82c178607a3569fd2
964de3cd368503d06156731676aff358
68b05f0ea56017a63e7255c991fd5d15
4fba80ed85d2b50ece2dd336da68b220
4dc6e4668713974d68d44544fa7177c9
919c5a8e20ae0da98ca1f673f7ae519d'''
 

接著這裡可以md5爆破(ps:工具，指令碼都可以的)

有個比較巧的辦法就是直接md5線上解密

#這是爆破第一部分
import hashlib
dic=['a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z']
for a in range(len(dic)):
    for b in range(len(dic)):
        for c in range(len(dic)):
            for d in range(len(dic)):
                for e in range(len(dic)):
                    m=dic[a]+dic[b]+dic[c]+dic[d]+dic[e]
                    flag=hashlib.md5()
                    flag.update(m)
                    md5=flag.hexdigest()
                    if md5=='1ebfd5913ef450b92b9e65b6de09acad':
                        print m
                        print md5
#whale
#1ebfd5913ef450b92b9e65b6de09acad   把這個分別替換再拼接下即可拿到flag
 

這個可以得到第一部分whale

把md5分別替換再拼接下即可拿到flag

參考連結：

https://blog.csdn.net/qq_36609913/article/details/78642078

https://www.jianshu.com/p/ff81b07d1c76