2020数字中国创新大赛 虎符网络安全赛道 WP

Posted on

上周的比赛,wp忘记发了,部分题目下载

带着新人打了一下hfctf,题目质量还行,排名刚好卡在决赛线外,有点可惜,写一个我做的几道题吧

Crypto

GM

Goldwasser - Micali加密算法

图源:https://blog.csdn.net/qq_26816591/article/details/82957481

gm

只要分解N就行了,然而题目可以直接算出 p,最后解密即可

1
p=(n-phi+1-long(gmpy2.iroot((n-phi+1)**2-4*n,2)[0]))//2

得到p 为

1
p=94130524494940356506875940901901506872984699033610928814269310978003376307730580667234209640309443564560267414630644861712331559440658853201804556781784493376284446426393074882942957446869925558422146677774085449915333876201669456003375126689843738090285370245240893337253184644114745083294361228182569510971

sage脚本搞定

1
2
3
4
from Crypto.Util.number import long_to_bytes
Fp=Integers(p)
f2=[0 if Fp(f).is_square() else 1 for f in c]
print(long_to_bytes(int(''.join(list(map(str,f2))),2)))

flag

flag{bd4f1790-f4a2-4904-b4d2-8db8b24fd864}

PELL

这道题有点可惜,以为是送分题,顺手写了一下求解的代码然后扔给队友写exp,但是很奇怪的是exp要跑151轮才给flag?赛后才debug出来orz,求解代码也写得不太好,成功率百分之20左右(b限制了只能为1,且只要求小整数解,某些表达式无解),不想改了,反正思路就是那样,先爆破出最小的两组解,然后递推求其他整数解,下面是exp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#!/usr/bin/env python
#! -*- encoding:utf8 -*-
import random
import string
from hashlib import sha256
from pwn import *
#context.log_level = 'debug'


def crack(a, b):
    for i in range(1, 0x3ff):
        for j in range(1, 0x3ff):
            ax = i
            bx = j
            ax *= ax
            bx *= bx
            bx *= a
            if ax - bx == b:
                return i, j
    return 0, 0


def proof(pad, res):
    dictionary = 'qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890'
    for a in dictionary:
        for b in dictionary:
            for c in dictionary:
                for d in dictionary:
                    xxxx = a + b + c + d
                    pf = xxxx + pad
                    digest = sha256(pf).hexdigest()
                    if digest == res:
                        print("%s" % pf)
                        return pf


r = remote('39.97.210.182', 61235)
r.recvuntil('sha256(XXXX+')
pad = r.recvuntil(') == ')[:-5]
res = r.recvline()[:-1]
print('pad -> ' + pad)
print('res -> ' + res)

prf = proof(pad, res)
xxxx = prf[:4]
print('prf -> ' + prf)
print('xxx -> ' + xxxx)
r.sendline(xxxx)

r.recvuntil('a = ')
a = int(r.recvuntil(',')[:-1])
r.recvuntil('b = ')
b = int(r.recvuntil('\n')[:-1])

print('a -> ' + str(a))
print('b -> ' + str(b))

# x ** 2 - a * y ** 2 = b\n
# a = 8
# b = 1
s0, t0 = crack(a, b)
s1, t1 = s0, t0
print(s0, t0)
r.sendline(str(s1))
r.sendline(str(t1))
sleep(0.2)
for i in range(150):
    s = s1 * s0 + a * t1 * t0
    t = t1 * s0 + t0 * s1
    s1 = s
    t1 = t
    print(s1, t1)
    r.sendline(str(s1))
    r.sendline(str(t1))
    sleep(0.2)

r.interactive()
r.close()

Reverse

game

python字节码,没啥好说的,人肉反编译就行了,因为不难我就没做,给新人练练手,所以wp就不贴了。

enc

非正经做法,逆出加密函数的源码,然后我就去看vm了,dalao帮忙写了反函数,然后后面自己继续逆剩下的几个part,因为时间不够还原前面生成key的算法了,所以直接用原本的二进制文件直接爆key(复杂度最大也才0xb1),运气还好,很快就爆就出来了

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
def crack(key):
    c = [0x0, 0x0, 0x0, 0x0]

    d = [0xAE,0xED,0x13,0x5C,0xBD,0xD2,0xA1,0x74,0x9C,0x4C,0x5E,0x02,0xD3,0x28,0x9B,0x60]
    for i in range(8):
        d[2*i],d[2*i+1] = d[2*i+1],d[2*i]

    for i in range(16):
        d[i] ^= i

    c[0] = d[0]|d[1]<<8|d[2]<<16|d[3]<<24
    c[1] = d[4]|d[5]<<8|d[6]<<16|d[7]<<24
    c[2] = d[8]|d[9]<<8|d[10]<<16|d[11]<<24
    c[3] = d[12]|d[13]<<8|d[14]<<16|d[15]<<24

    c[0] = (c[0] - key[42])&0xffffffff
    c[2] = (c[2] - key[43])&0xffffffff

    cc = [0] * 4

    def rol(x, n):
        n %= 32
        x &= 0xffffffff
        return ((x << n) | (x >> (32 - n))) & 0xffffffff


    for i in range(0x15 - 1, 1 - 1, -1):
        kk1 = key[2 * i]
        kk2 = key[2 * i + 1]

        v19 = (c[1] - kk2) & 0xffffffff
        v18 = (c[3] - kk1) & 0xffffffff

        cc[3] = c[2]
        cc[1] = c[0]

        cc[2] = rol(v19, 32 - rol(cc[1] * (2 * cc[1] + 1), 5)) ^ rol(cc[3] * (2 * cc[3] + 1), 5)
        cc[0] = rol(v18, 32 - rol(cc[3] * (2 * cc[3] + 1), 5)) ^ rol(cc[1] * (2 * cc[1] + 1), 5)

        c = cc
        cc = [0] * 4

    c[1] = (c[1] - key[0])&0xffffffff
    c[3] = (c[3] - key[1])&0xffffffff
    from Crypto.Util.number import long_to_bytes
    for t in c:
        print(long_to_bytes(t)[::-1],end='')


key=[[0xAB0F2108, 0x419DE692, 0x3D8BD958, 0x54AA56E4, 0x3E8B2FF0, 0x7DC44A63, 0x976AF17D, 0x111D26AD, 0x5637C670, 0x09BFAF6F, 0x3F529651, 0xE98D31BD, 0x60B12E65, 0x9DCA93B9, 0x5602B831, 0xB36D9C9E, 0xA44B2FDB, 0x10426BBB, 0x9664E255, 0x4838E950, 0x606BF0F9, 0x56A13CEF, 0xC137201A, 0x31A58AEB, 0x93D16525, 0x459BC001, 0xF19A4644, 0xF6AB5184, 0x8C9C30F5, 0x4FA4FB23, 0xA872CA4D, 0x30A38C44, 0x3D081B31, 0x4AA67FDB, 0x9B919E15, 0xC0BC49E8, 0xD47447FC, 0xA4D2F17B, 0x133929C7, 0x532CAD91, 0x9457B645, 0x9AAE09CA, 0x1AB68B19, 0x5FE27E82],[0x10725F64, 0x0A840DBB, 0x39212215, 0x743F102D, 0x67A7F0A7, 0xAD936652, 0xBB3A0F8A, 0x84AA0C45, 0xCC9BAA6D, 0x27F924C4, 0xEE83E189, 0x0F337E26, 0xAA4978F0, 0xA5CE22A0, 0x4B04F3DF, 0x3D81A2FB, 0x74C71922, 0xB1972D22, 0x5F35B657, 0x8E3149D6, 0x7AB8500E, 0xAFC0D105, 0xAA58B1A1, 0x94F3B8D4, 0x03D3DD37, 0x28F446BC, 0x9DC9D84C, 0x1508A745, 0x7598A96C, 0x92C03A5F, 0x5084C44C, 0x756A8C8F, 0x4385F34D, 0x95747620, 0x701C609C, 0xFE32549A, 0x08FE0863, 0xA1A14D1C, 0xE8F4339B, 0xA360787B, 0xBD57F53D, 0xE5DEBE81, 0x01909483, 0x772A1122],[0xC4E3C818, 0xD9350120, 0xB63A5555, 0xF25F2853, 0xFC0BFBA4, 0xCCD78AEB, 0x79661102, 0x0220AC99, 0x09532BCF, 0x038EF8F5, 0x01EF7E51, 0xE6E7AE6E, 0x30D39B67, 0x5F2E6143, 0x908E27CE, 0x8AD876ED, 0x4A556F6C, 0x420BAE66, 0xE888EBC9, 0xDE4D1270, 0xF89F2370, 0x54B4CF9F, 0x7ADF2B8F, 0x3E086A26, 0x7DE9CBAB, 0x9AFF6F68, 0xE9DC2EE4, 0x86FD0E17, 0xBBD6960D, 0x847BED45, 0x98CC2E56, 0xDDBBF7C7, 0xDB0878FD, 0xAC4F9BAA, 0xE0482377, 0x00DC67CD, 0x4B7A2C82, 0xB1941733, 0xB41B07FA, 0x1717238A, 0x93476896, 0xB0E31A8F, 0x87B1ECF0, 0xBE8BD2F4],[0x806ED81B, 0x2B2C2112, 0xCA24DB08, 0x7E611FC7, 0x5EE6A3F6, 0x2563B6E3, 0x0AD38142, 0x6A71D95A, 0xA1B55CDC, 0xB37E97CC, 0x3670C30A, 0x33847229, 0x05B44EAC, 0xC27F880B, 0xD38DAC47, 0xE19D918A, 0xED9C3FE7, 0x5EB8257B, 0x5641AF08, 0xCED91E15, 0x6896CB80, 0xF204F648, 0xF8805EDC, 0x4F4347A9, 0x7890BD5E, 0xB5911CA9, 0x3E0DF84D, 0xE612C152, 0x50C19EE1, 0xCD3DF0D8, 0xDCD568BA, 0x4B4CB0AB, 0xFEC2FCB7, 0x30DD4715, 0x59FECB95, 0xDF2DC6A8, 0xDBDCB725, 0xC76515B9, 0x5ABFE7EC, 0xD18CE96D, 0x4F685554, 0x5B8EBADD, 0xC6D94CCF, 0xD544D98A],[0x8FEAF8D9, 0x50C65B2C, 0xE92F9F65, 0xE1EF721F, 0xC679A6BC, 0xEF3C8105, 0xF7B1FAA8, 0xCE2038DD, 0xBDD2F5A8, 0x28598B9D, 0xFD68E1BD, 0x92FD0919, 0x74405C5F, 0xBD0CB4B7, 0x5C195621, 0xC812F14F, 0x53D440B3, 0x22DC9A81, 0xB6383D6F, 0xC9C5A23D, 0xBEF894BA, 0x27123396, 0xF6F773F4, 0x9B65B1AE, 0xE419AFD9, 0xD0917BB0, 0xDE609010, 0xA84881D0, 0x7A3E30DE, 0xA542F6CC, 0x1FAD0A46, 0xF3BC1930, 0x8B09D464, 0x08B833F9, 0x0F965FA1, 0xC4B09DEB, 0x19281ABF, 0x2CA3B2CA, 0x483B2F78, 0xF2D5EA28, 0xE4BF2A67, 0xC7BFA63C, 0x8616C7F5, 0xE9721306],[0x66D3FCE9, 0x298683CC, 0x482E3B27, 0xDBDFAC23, 0x9A064265, 0xE1244948, 0x7089D94B, 0x8B76DA02, 0x375E67BE, 0x33C19ACF, 0x375171B6, 0x606EA16B, 0x87DF5ED6, 0x93A72EA4, 0xDF2C6CC8, 0x55DC56EB, 0x5459C1D8, 0x01A35154, 0x4CA67765, 0x8D7784BA, 0xFCB45FEE, 0x4A027A0F, 0x6A34CF7B, 0x96C2A980, 0x7BA4A92F, 0x185C8384, 0x718A644F, 0x8ACCCC63, 0xD08943EF, 0xEF51722C, 0x8EDEC9EB, 0x5ED8D33F, 0x4A341451, 0x515BD706, 0x951CBE38, 0x13638CAB, 0xA026C8F5, 0x1A25E471, 0x3D4576FD, 0xACCEA563, 0xB06070E9, 0x2BB3DF8D, 0x818FB415, 0xDB38ECD0],[0xF688B498, 0x181FFA13, 0x846F6FF3, 0x15C3A876, 0xC10F01E5, 0x8BBA1AC3, 0x72D53B69, 0x8E685D56, 0xF408F256, 0x6F0F44CC, 0x39EA6330, 0xB4C8EBA3, 0xF5C29F83, 0x4A0955DC, 0x2FFBD4BF, 0x0B6BCC55, 0x82D72835, 0xF7FB8201, 0xD6F42081, 0xDB4DB149, 0xA5E9E119, 0xFC1C287F, 0x41A5CEC5, 0xE3B4EDBD, 0x5B37440A, 0x0848C198, 0xD00FD942, 0xD92875DD, 0xC3CBCFB7, 0x68B9BC35, 0xC7FD4A2A, 0xAAC196C9, 0xE335959B, 0xC8BCECA9, 0x414D5263, 0xCBB92548, 0x8152DF17, 0x9161040E, 0xBB4FB6FD, 0x79042D65, 0x30EA9B02, 0xE090D552, 0xD6F6FA74, 0x6124BC5E],[0x75527CD6, 0xAEE9168C, 0x5A711DE4, 0x3F580120, 0xA7138199, 0x45FE7C8E, 0xC0CDF0DB, 0xA2FF1AAE, 0xFCF6834A, 0x1CDACFF6, 0x1DCE63A4, 0xEC3FBDA0, 0x51F68D9E, 0x4AB713EC, 0x8A3A3578, 0x9B6AEDC3, 0x0EFE3405, 0x35814825, 0xEC982FFE, 0x4A79AD97, 0x8EEA858A, 0x1CCF854D, 0x3584D1F8, 0x53717CE8, 0xC44A59D3, 0x7648D4F0, 0xF053E94A, 0x592571D6, 0xB818747D, 0x69869E3C, 0x6629CD58, 0x9F877F0D, 0x1D88DD4F, 0x6072C5D3, 0x1E064322, 0x79685B73, 0xE0F6CC92, 0xD5148D07, 0xA3DFD718, 0x98ACF0AD, 0xC0A98EEE, 0x079FEDD0, 0x3B1A75A2, 0x95B2B068],[0xDEAD04BF, 0xDDC3957B, 0x1B3101E8, 0x10A04B04, 0x27F71998, 0x0FEA556D, 0x57F70468, 0xD70D6DD6, 0x04E1A1D8, 0x037BF163, 0x16407279, 0xC13D3D7C, 0x1E5B21F3, 0xD7AF7B87, 0xEE1B70C1, 0xF1CD618D, 0xA6EA6131, 0xCA6B0D45, 0x2580CACC, 0xFE9DD3B8, 0x48A9D263, 0xCA6B9234, 0x9371AC08, 0x5E3B301F, 0x5771161C, 0x9CEF46AF, 0x603F104F, 0xE80FBD6C, 0x1DE9E987, 0xE74AC9AA, 0x5C85379D, 0x6F143967, 0xFAA3B3AE, 0x94F18AAC, 0xA01CB1E2, 0x749FC5C7, 0x5270AC5A, 0x42FDD447, 0xD5DE0564, 0xB73AA050, 0x5131D8A0, 0x4FEE094D, 0xF1216BA4, 0x23A52B2D],[0x43ED0700, 0x5214299A, 0xB7B0A166, 0x8B0CBBE5, 0xD240D7EC, 0x6FA33176, 0x31C3E22D, 0xC93AB257, 0x16ADD406, 0x06FCB6BF, 0x0EE87DC6, 0x9C08BC7A, 0xEF20D2B5, 0x09DD8F4B, 0x598B5AE5, 0x28EC50DD, 0x74A1BB9E, 0xE998ADD6, 0x9BEB31C9, 0xDA6A2A13, 0xE924E16E, 0x7D429DAF, 0xCDA67ACB, 0x211ADA5C, 0x72E4A672, 0xFE1DF984, 0xB6B63E45, 0x4202AB16, 0xB1779F74, 0x193C0656, 0x2DED2DE0, 0x976FB34C, 0x0C1012B4, 0xA0308EAD, 0x884A98B6, 0xE8CA51E8, 0xAAF478B3, 0x0869008C, 0x748DE496, 0xF7F4AEB3, 0xEDF4872C, 0xE03B1398, 0x58F8F442, 0x054C1CF6],[0x7CB66443, 0xF4557CDC, 0xA512E95E, 0x02E25CFD, 0xDB21ED67, 0x1F4A354C, 0x0C42B495, 0xC9DB90CA, 0x240518D0, 0xF55A134D, 0x8D63238F, 0xBAF73F6F, 0x66B81A36, 0x18423F30, 0xF34A6159, 0x620B109C, 0xDE5F17C1, 0xFA0C60D8, 0x0E109004, 0x3C19CE5E, 0xDDFD5B17, 0x218BCA09, 0x97C819B9, 0x1D9156C7, 0x432FE478, 0x443DFD27, 0xA5645E7E, 0x8F37520B, 0x66298684, 0x52825584, 0xBAF18FE8, 0xBCCCEE10, 0x99058EAD, 0x0359BF2E, 0x8EDE7881, 0xF6102D7E, 0xB06627D9, 0x7F235594, 0x182D314F, 0x6F2BF458, 0xE0E792F7, 0x0EC77347, 0xAC70F66F, 0xD919C2C0],[0xDB8FC5AE, 0x4FA6F448, 0x44B4CF2E, 0x97F0D744, 0xF0BA1CFB, 0x68FB197B, 0x7456DFA5, 0x2419762E, 0x7EEFA696, 0x2B4DBBE2, 0x6F73C4C7, 0xC116F898, 0xF16F7C05, 0xD38DB33E, 0x917366F1, 0xF22DEEA6, 0xCEB0C056, 0x6E82228A, 0x6F4EAF59, 0x9A386464, 0xBA79F175, 0xCB701421, 0x063E489F, 0x5307D041, 0xE594F091, 0x8F0CDF74, 0x5CFC4548, 0x233B198E, 0x0574F6E4, 0x33473244, 0xA895F966, 0xFA2982B8, 0xB5BD628C, 0x625240E6, 0x59E71307, 0x619F772D, 0xC8AB7348, 0x773AFFD2, 0x38942AD6, 0x980FE8F9, 0xE3BAA335, 0x7D5457B0, 0x0C95170C, 0x0A257F9E],[0xC3709D42, 0xCB9FA5D6, 0x267C73A3, 0x14025EDC, 0x366973D1, 0x7F9E1407, 0x60E2826B, 0xB5CCAB2B, 0xED6575C2, 0x6D89058A, 0x045C09CD, 0x31C2D599, 0x8A2AFA18, 0xE7A564AF, 0x0FE4A9B4, 0x5D0F2CB3, 0xCDBA9D67, 0x13D9B405, 0x9E5D16A0, 0x0412D485, 0xD4C1C2A3, 0x35DCDD25, 0x238EB4D8, 0x960C0EF0, 0x299A4D1A, 0xD4B4FBE8, 0x4C8F7907, 0xFDDF1F71, 0x8C5930DE, 0x17FEBC83, 0x37F5A3E2, 0x0877C28C, 0xB0E525F6, 0xBDE9BBD3, 0xAAC4393A, 0xB0857237, 0xC2091B84, 0x8D275CAC, 0x9795405A, 0x181E92BB, 0x4BB09C86, 0x35BB7596, 0x48DA5CCC, 0x69454381],[0x50129293, 0xFE704520, 0x0F235DB5, 0x38DA497F, 0x44DE9B63, 0xC37CC08C, 0x306E76B9, 0x8931F20B, 0x78086D4A, 0x1396924C, 0x394825F3, 0x32477390, 0x13C78EB9, 0x7F4D02F4, 0xFC00DB5A, 0x81300DBB, 0x442C743E, 0x7779EF9A, 0x9BEAA423, 0xC967F496, 0x254BBDD9, 0xA20BD07B, 0x4088E266, 0xFAED2D26, 0x195B9FF3, 0x7F0636E9, 0x45FECB7A, 0x4D644305, 0x2EE55EA7, 0x1232B2D2, 0x52B0159A, 0x6EC80D39, 0x2A4A54BB, 0x16DE089A, 0xB7839A20, 0x377B6F8A, 0x9FDEB96D, 0x3AB1845C, 0x25EAC0E0, 0x526D3C0F, 0x259C6123, 0x58B6B6AF, 0x5AF1DEAD, 0x7D662677],[0xC6F32FCD, 0x0D420221, 0xB06C919F, 0xFB5F1940, 0xBA0ABCE5, 0x1462357B, 0x130B47F5, 0xB47422ED, 0xE7086C08, 0x0FE2E91B, 0x052501B2, 0x556D4179, 0xD0F36C28, 0xA553641A, 0xF2B9DC69, 0x115BB7A9, 0x1D84B162, 0x6AE2C6D8, 0x13693469, 0x6904A382, 0xF05DAAD9, 0x4BB8AB95, 0x14179234, 0xC79B4379, 0x6245B599, 0x02D49DA7, 0x678C15F3, 0x375CA223, 0x1FE06239, 0x8CB85372, 0x87509923, 0x4DB559F1, 0x75BCF41E, 0x8FCF796D, 0xC03DBBD9, 0x4910DCA9, 0x55491C83, 0x270DC066, 0xFE3AF669, 0xE3DBEFBE, 0xF1A77D56, 0x2373355A, 0x4FF0542D, 0x4EB10196],[0xF0BEF40B, 0xE0AEB045, 0x52482761, 0xE4FDCD4D, 0xEC4C49CC, 0x23244799, 0x5A83D4E1, 0xB1756C3C, 0x0FBF112B, 0x54B3025A, 0xE86B37DE, 0x28DDADA7, 0xA6876AC5, 0x73BF5787, 0xA9E164F3, 0x384E396B, 0xAB0C81A0, 0xC59FD8AC, 0x239DA1B7, 0xBEC5120D, 0x57500958, 0x924A372E, 0x7C7C69E0, 0xC7E067E6, 0x1AEF1044, 0xB4CDDA41, 0x9EE4C3F0, 0xFBE63650, 0xBCC3CE1D, 0xCA24FD33, 0x61CD2BB8, 0x53567B49, 0xDBCA3B28, 0x63A1D60F, 0xE8D0CDC2, 0x05844A38, 0xD8069E2C, 0x7A722D39, 0x438E4034, 0x1A4093C6, 0x6B9AD515, 0xEF8A3F6C, 0xE452C7A7, 0x9361BD5B],[0xAA5EF76A, 0x7627C1C7, 0x9D2E6C40, 0xF4BDD44C, 0xAC376B96, 0xDCF5D5D0, 0x5C6CC1FE, 0xB3C5197D, 0xBBAFD99F, 0x1B97A80F, 0x448678B1, 0xEF081069, 0x0CDCCF95, 0x90459E5B, 0xDF7BB813, 0xEB90DA01, 0x441A5866, 0xB0A238F5, 0x1551F6B4, 0x22470A24, 0x92809374, 0x19B8D404, 0xC7106F4D, 0xC5B9A188, 0x4448522A, 0xAE6DCF2C, 0x0B58128E, 0xE9901A93, 0x0F6EDF0E, 0x540132AC, 0x3890AE36, 0x63818E17, 0xA79CDB18, 0xC4416446, 0xE4093FAF, 0xB598F6B3, 0xA84FBE37, 0xE75A18CA, 0x167A0AC6, 0x77F79D73, 0xCDAB4E65, 0x726F0D3D, 0x3F02CE52, 0xFBC955D0],[0x779B42B4, 0xA941E665, 0x69214097, 0x91EC0794, 0x618D0822, 0x205299F8, 0x998FE987, 0x56BB3484, 0xBF785A47, 0x3ADDE8A6, 0x981D96C0, 0x75C96984, 0xFBBE6638, 0x8C85D3FA, 0xD5033835, 0x1DB60738, 0x456A2C0C, 0x57431882, 0xD971AED8, 0x594FAE4D, 0x8772AB8A, 0xCAE95B0B, 0x5364D0D6, 0x4198358A, 0x3D90BB86, 0xFC8728A4, 0xBD7A452F, 0x6C3BAB15, 0x49F6F78F, 0xE6DF049E, 0xA28356DF, 0x21CC1A83, 0x4698B547, 0x0DDADBB2, 0x72053F40, 0xF2364F6F, 0x755DFA1D, 0x4CE44019, 0xFFA42DB6, 0xC4567E33, 0x4F9D5629, 0x9DB461F5, 0xEE404858, 0x5A623039],[0x3827C436, 0x52DAAECA, 0x3751DEE3, 0x6779CD33, 0x452A0428, 0xBCA2170A, 0xBC8A8035, 0xC911B3D1, 0xEB86FA78, 0x1F9EB51A, 0x45190687, 0xDC7AFAB1, 0x0E2EBBFF, 0x5A871BE9, 0xB7C2377B, 0xFA8F26B9, 0xE7331ECE, 0x73C2BE57, 0xC5DF84F5, 0xB623C73E, 0x7C012196, 0xCC2B3911, 0xCE80DDF8, 0x35312B60, 0xE8AE349D, 0x2ED3568A, 0x750E7E73, 0xBD5DCEB8, 0x0807E1EE, 0x7D404630, 0xC41DC648, 0xB77CB9E1, 0x5F75390B, 0x3D5DBD0C, 0xC5904DE8, 0x8DD07E84, 0xE6692E1A, 0x88F074B4, 0x705652E5, 0x686CAD0F, 0x1E236F59, 0x8136482D, 0xBA26B4BB, 0x07EBF7F6],[0x59E40D24, 0x61E7A89B, 0xC91FEF46, 0x8A184FB9, 0xC24FEFF1, 0x1675CCCE, 0xC09D557A, 0x54159739, 0x24A29A0B, 0xF8918D88, 0x170B96D5, 0x5CB1502F, 0x0F6B8858, 0x806651B5, 0xACC04005, 0x7376A41F, 0x46BF7F78, 0x87E6C261, 0x257343A8, 0x7B5ACA8A, 0x93EC0EEE, 0x372F6676, 0xB58DCCF3, 0x1C6B2CE1, 0xDA389382, 0x890195E1, 0xBFB7EEDD, 0x33FD35F4, 0x03DBF938, 0x6DF4B4D3, 0xB3BF98B4, 0xB6D2DC6F, 0x905EBDFE, 0xB9B95178, 0x0AE0D519, 0x1B1B81AF, 0x6EC59717, 0x41989155, 0x9441AC7F, 0x16232FF3, 0xF725FADB, 0xD05B0A92, 0x06EF5678, 0x54402960],[0x44E532BF, 0xD9B72C20, 0xE7537EA7, 0x4E8FFE6E, 0xCA9A9D08, 0x361DA4C3, 0xC2C1569E, 0xF802E535, 0xC025C6FD, 0x7082DF1B, 0xF72574AD, 0xB484354A, 0x55E66874, 0xD792C08D, 0x093EB818, 0xBD238672, 0xFD6E7DF9, 0x16EA5868, 0xC67D6991, 0x6443347C, 0x87069C97, 0xAD30E723, 0xA7D829C4, 0x87155F17, 0x55CEA872, 0x4C606A5C, 0xB13142E1, 0x7EB8B918, 0x77611EC0, 0x0EDA1CE3, 0xFFDA0E8A, 0x936E7437, 0xDEB788D7, 0x9720DFC8, 0xF582D016, 0x6138BEF8, 0x03A91E3F, 0xE170A4B5, 0xE0397B1F, 0xDDA39A63, 0x74B4EDCC, 0x5EC3150F, 0x6A6CDC95, 0xF4D76109],[0x688D3825, 0x8868A784, 0xE53BA5F8, 0xA9C654B0, 0x48788046, 0xC8A84B55, 0x7DFD7B3F, 0xB698FED6, 0x6058C693, 0xFFE77388, 0xFA108BF3, 0x2AA3A3AA, 0x45708C22, 0xC5A21BE4, 0x4AB3D009, 0xB6E79ED4, 0xD7B1AF64, 0xF5E5ADEB, 0xD232921C, 0x10DA75BE, 0x4A42CDED, 0x9C2F639C, 0x27C102BC, 0xE8EC30D2, 0x95AB6291, 0x41F7C9A8, 0x24C0F575, 0xD01CD112, 0x94226C89, 0x24EFAC24, 0x2AE1274B, 0x9207F582, 0x95D6E265, 0x05A399F3, 0x2641E914, 0x119B73ED, 0x570CC95B, 0xD1107EE1, 0xE8A676BC, 0x9E934722, 0x727FBDF3, 0x4E91C7F0, 0x094B1AB1, 0x08EFCFF2]]

for i in range(len(key)):
    crack(key[i])
    print('')

flag 为 flag{s3cReTH3rE}

vm

看起来像基于栈的虚拟机,好像不难但是看了下时间,来不及在比赛结束前逆完了(菜),果断放弃。

0%