本文主要是介绍第四届“长城杯”信息安全铁人三项赛 Junklanguage,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
第四届“长城杯”信息安全铁人三项赛 Junk&&language
Junk
一眼花指令
这里发现call了个函数,仔细看发现
pop 出了返回地址
然后返回地址+10
63+a=6D
所以这部分
等同于nop
直接nop
同理
一样的道理
v7 % 100001 == 331 && v7 % 10000079 == 1009 && v7 % 10001269 == 10001
求出v7的最小值就行,中国剩余定理
language
加密逻辑是先用num进行sha256在base64之后的值进行异或
import subprocess
from typing import Listdef f1(s1: str, s2: str) -> str:return "".join(chr(ord(c1) ^ c2) for (c1, c2) in zip(s1, s2))def f2(command: str) -> str:proc = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE)return proc.stdout.read().decode()def main() -> None:with open("flag.txt", "r") as f:contents = f.read().strip()number = int(input("Key? "))arr = [13817382882945892163, 11981362477940068859, 15565376004970860571, 9289653146223670153, 10756880856242106767, 9894127981516380841, 10238229679407507287, 9710703753422507729, 10657889945311313641, 13504220130461522129, 13803825974548049497, 14920116056534898233, 15632599539576708509, 13759455315204814571, 10093307776393200077, 15238687618512734183]t = [num % x for (num, x) in zip([number] * len(arr), arr)]assert number < prod(arr), "too big"assert t == [10310396961361403274, 4961986008647557365, 13968825266080359119, 5116430780059239731, 7325364491754059752, 4473328037653903247, 2810438785866611784, 8321467780510747289, 5892005478714175254, 12851142119012897040, 7300192969480689261, 2282831960924441046, 5121069978296721861, 6987308129012337675, 7813058204868331779, 11203522277396859834], "assertion failed"z = f"echo -n {number} | openssl dgst -binary -sha256 | base64"a = f2(z).strip()b = len(contents)print(f1(contents, a[:b]))if __name__ == "__main__":main()
先求num
再求flag
import itertools
import base64
import hashlibenc='\r\x05#\x0b/\x0fDPD\x13[\x02=\\\x04;\x14&$*'
s='5uLbdPjORVBoFSq82hVowTFZ6AAWjEuFPd4FOFKNwNg==='
num=172422282955526557272420239733996943438305195882249154057182238824896714153729386270058950137909604957537166221848663721197156751566234144960275930080154385567483899397625311698926178394763250035442862353002682792293201635194627062199951208188367133165847351849183776402598921549002077207777900223672050874
aa = base64.b64encode(hashlib.sha256(str(num).encode()).digest()).decode()
for i in range(len(enc)):print(chr(ord(enc[i])^ord(aa[i])),end='')#flag{H45ke11_s0_Fun}
这篇关于第四届“长城杯”信息安全铁人三项赛 Junklanguage的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
