看雪CTF — 寻踪觅源 (week 2)

4.30日更新

😀起来后，对作业没咋学，有点难受，今天把任务完成！奥里给✍

今日任务：看雪CTF+小黄书

看雪CTF——寻踪觅源

用ida打开，发现有很多的不认识的符号表，估计是sig有的

在下面随便找了个符号进行查询，大概查到这是一个QuickJS的

所以👴直接去下载一下QuickJS看一下什么妖魔鬼怪！

直接去make & make intsall 一下

可以看到成功了，我们直接写一个很简单的js

可以看到直接是一个hello word！

我们直接去类似于这个题来编译二进制文件 hello.js

直接把hello.c拿出来分析一下

/* File generated automatically by the QuickJS compiler. */

#include "quickjs-libc.h"

const uint32_t qjsc_hello_size = 87;

const uint8_t qjsc_hello[87] = {
 0x02, 0x04, 0x0e, 0x63, 0x6f, 0x6e, 0x73, 0x6f,
 0x6c, 0x65, 0x06, 0x6c, 0x6f, 0x67, 0x16, 0x48,
 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, 0x72,
 0x6c, 0x64, 0x22, 0x65, 0x78, 0x61, 0x6d, 0x70,
 0x6c, 0x65, 0x73, 0x2f, 0x68, 0x65, 0x6c, 0x6c,
 0x6f, 0x2e, 0x6a, 0x73, 0x0e, 0x00, 0x06, 0x00,
 0x9e, 0x01, 0x00, 0x01, 0x00, 0x03, 0x00, 0x00,
 0x14, 0x01, 0xa0, 0x01, 0x00, 0x00, 0x00, 0x39,
 0xdf, 0x00, 0x00, 0x00, 0x43, 0xe0, 0x00, 0x00,
 0x00, 0x04, 0xe1, 0x00, 0x00, 0x00, 0x24, 0x01,
 0x00, 0xcf, 0x28, 0xc4, 0x03, 0x01, 0x00,
};
int main(int argc, char **argv)
{
  JSRuntime *rt;
  JSContext *ctx;
  rt = JS_NewRuntime();
  ctx = JS_NewContextRaw(rt);
  JS_SetModuleLoaderFunc(rt, NULL, js_module_loader, NULL);
  JS_AddIntrinsicBaseObjects(ctx);
  JS_AddIntrinsicDate(ctx);
  JS_AddIntrinsicEval(ctx);
  JS_AddIntrinsicStringNormalize(ctx);
  JS_AddIntrinsicRegExp(ctx);
  JS_AddIntrinsicJSON(ctx);
  JS_AddIntrinsicProxy(ctx);
  JS_AddIntrinsicMapSet(ctx);
  JS_AddIntrinsicTypedArrays(ctx);
  JS_AddIntrinsicPromise(ctx);
  JS_AddIntrinsicBigInt(ctx);
  js_std_add_helpers(ctx, argc, argv);
  js_std_eval_binary(ctx, qjsc_hello, qjsc_hello_size, 0);
  js_std_loop(ctx);
  JS_FreeContext(ctx);
  JS_FreeRuntime(rt);
  return 0;
}

编译出的字节码 qjsc_hello[87] 直接是字节码的方式，直接回到ida那里去看一下 字节码的部分

直接被我逮住好吧，这个咋和我的qjsc_hello[87] 这么像，直接我认为他是一个字节码😘

直接搞出来：

unsigned char _qjsc_s[988] = {
    0x02, 0x0E, 0x04, 0x75, 0x6E, 0x04, 0x73, 0x6E, 0x02, 0x73, 0x02, 0x69, 0x02, 0x6A, 0x02, 0x6B,
    0x02, 0x6C, 0x02, 0x6D, 0x02, 0x6E, 0x20, 0x4B, 0x43, 0x54, 0x46, 0x32, 0x30, 0x32, 0x30, 0x51,
    0x31, 0x6C, 0x65, 0x6C, 0x66, 0x65, 0x69, 0x40, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A,
    0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A,
    0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x14, 0x63, 0x68, 0x61, 0x72, 0x43, 0x6F, 0x64,
    0x65, 0x41, 0x74, 0x18, 0x66, 0x72, 0x6F, 0x6D, 0x43, 0x68, 0x61, 0x72, 0x43, 0x6F, 0x64, 0x65,
    0x0A, 0x70, 0x72, 0x69, 0x6E, 0x74, 0x0E, 0x00, 0x06, 0x00, 0x9E, 0x01, 0x00, 0x01, 0x00, 0x06,
    0x00, 0x0B, 0x81, 0x06, 0x01, 0xA0, 0x01, 0x00, 0x00, 0x00, 0x40, 0xDF, 0x00, 0x00, 0x00, 0x00,
    0x40, 0xE0, 0x00, 0x00, 0x00, 0x00, 0x40, 0xE1, 0x00, 0x00, 0x00, 0x00, 0x40, 0xE2, 0x00, 0x00,
    0x00, 0x00, 0x40, 0xE3, 0x00, 0x00, 0x00, 0x00, 0x40, 0xE4, 0x00, 0x00, 0x00, 0x00, 0x40, 0xE5,
    0x00, 0x00, 0x00, 0x00, 0x40, 0xE6, 0x00, 0x00, 0x00, 0x00, 0x40, 0xE7, 0x00, 0x00, 0x00, 0x00,
    0x40, 0xE2, 0x00, 0x00, 0x00, 0x00, 0x3F, 0xDF, 0x00, 0x00, 0x00, 0x00, 0x3F, 0xE0, 0x00, 0x00,
    0x00, 0x00, 0x3F, 0xE1, 0x00, 0x00, 0x00, 0x00, 0x3F, 0xE2, 0x00, 0x00, 0x00, 0x00, 0x3F, 0xE3,
    0x00, 0x00, 0x00, 0x00, 0x3F, 0xE4, 0x00, 0x00, 0x00, 0x00, 0x3F, 0xE5, 0x00, 0x00, 0x00, 0x00,
    0x3F, 0xE6, 0x00, 0x00, 0x00, 0x00, 0x3F, 0xE7, 0x00, 0x00, 0x00, 0x00, 0x3F, 0xE2, 0x00, 0x00,
    0x00, 0x00, 0x04, 0xE8, 0x00, 0x00, 0x00, 0x11, 0x3A, 0xDF, 0x00, 0x00, 0x00, 0xCB, 0x04, 0xE9,
    0x00, 0x00, 0x00, 0x11, 0x3A, 0xE0, 0x00, 0x00, 0x00, 0xCB, 0xC1, 0x00, 0x11, 0x3A, 0xE6, 0x00,
    0x00, 0x00, 0xCB, 0x06, 0xCB, 0xB7, 0x11, 0x3A, 0xE2, 0x00, 0x00, 0x00, 0x0E, 0x39, 0xE2, 0x00,
    0x00, 0x00, 0x39, 0xDF, 0x00, 0x00, 0x00, 0xEB, 0xA5, 0xEC, 0x43, 0x39, 0xE6, 0x00, 0x00, 0x00,
    0xC1, 0x01, 0x9C, 0x11, 0x3A, 0xE6, 0x00, 0x00, 0x00, 0xCB, 0x39, 0xE6, 0x00, 0x00, 0x00, 0x39,
    0xB0, 0x00, 0x00, 0x00, 0x39, 0xDF, 0x00, 0x00, 0x00, 0x43, 0xEA, 0x00, 0x00, 0x00, 0x39, 0xE2,
    0x00, 0x00, 0x00, 0x24, 0x01, 0x00, 0xF1, 0x9F, 0x11, 0x3A, 0xE6, 0x00, 0x00, 0x00, 0xCB, 0x39,
    0xE2, 0x00, 0x00, 0x00, 0x93, 0x3A, 0xE2, 0x00, 0x00, 0x00, 0x0E, 0xEE, 0xB1, 0x39, 0x96, 0x00,
    0x00, 0x00, 0x39, 0xE6, 0x00, 0x00, 0x00, 0xC1, 0x02, 0x9E, 0xF1, 0x11, 0x3A, 0xE5, 0x00, 0x00,
    0x00, 0xCB, 0xC1, 0x03, 0x11, 0x3A, 0xE7, 0x00, 0x00, 0x00, 0xCB, 0xB7, 0x11, 0x3A, 0xE1, 0x00,
    0x00, 0x00, 0xCB, 0xB7, 0x11, 0x3A, 0xE4, 0x00, 0x00, 0x00, 0xCB, 0x06, 0xCB, 0xB7, 0x11, 0x3A,
    0xE2, 0x00, 0x00, 0x00, 0x0E, 0x39, 0xE2, 0x00, 0x00, 0x00, 0x39, 0xE0, 0x00, 0x00, 0x00, 0xEB,
    0xA5, 0x6A, 0x4C, 0x01, 0x00, 0x00, 0x39, 0xE0, 0x00, 0x00, 0x00, 0x43, 0xEA, 0x00, 0x00, 0x00,
    0x39, 0xE2, 0x00, 0x00, 0x00, 0x24, 0x01, 0x00, 0x11, 0x3A, 0xE3, 0x00, 0x00, 0x00, 0xCB, 0x06,
    0xCB, 0x39, 0xE3, 0x00, 0x00, 0x00, 0xBF, 0x30, 0xA8, 0x11, 0xEC, 0x0A, 0x0E, 0x39, 0xE3, 0x00,
    0x00, 0x00, 0xBF, 0x39, 0xA6, 0x11, 0xED, 0x17, 0x0E, 0x39, 0xE3, 0x00, 0x00, 0x00, 0xBF, 0x61,
    0xA8, 0x6A, 0x0C, 0x01, 0x00, 0x00, 0x39, 0xE3, 0x00, 0x00, 0x00, 0xBF, 0x66, 0xA6, 0x6A, 0xFF,
    0x00, 0x00, 0x00, 0x39, 0xE4, 0x00, 0x00, 0x00, 0x93, 0x3A, 0xE4, 0x00, 0x00, 0x00, 0xCB, 0x39,
    0xE3, 0x00, 0x00, 0x00, 0xBF, 0x30, 0xA0, 0x11, 0x3A, 0xE3, 0x00, 0x00, 0x00, 0xCB, 0x06, 0xCB,
    0x39, 0xE3, 0x00, 0x00, 0x00, 0xBF, 0x09, 0xA7, 0xEC, 0x10, 0x39, 0xE3, 0x00, 0x00, 0x00, 0xBF,
    0x27, 0xA0, 0x11, 0x3A, 0xE3, 0x00, 0x00, 0x00, 0xCB, 0x39, 0xE1, 0x00, 0x00, 0x00, 0xBF, 0x10,
    0x9C, 0x11, 0x3A, 0xE1, 0x00, 0x00, 0x00, 0xCB, 0x39, 0xE1, 0x00, 0x00, 0x00, 0x39, 0xE3, 0x00,
    0x00, 0x00, 0x9F, 0x11, 0x3A, 0xE1, 0x00, 0x00, 0x00, 0xCB, 0x06, 0xCB, 0x39, 0xE4, 0x00, 0x00,
    0x00, 0xB9, 0x9E, 0xB7, 0xAB, 0x6A, 0x89, 0x00, 0x00, 0x00, 0x39, 0xE1, 0x00, 0x00, 0x00, 0x39,
    0xE5, 0x00, 0x00, 0x00, 0xB0, 0x11, 0x3A, 0xE1, 0x00, 0x00, 0x00, 0xCB, 0x06, 0xCB, 0x39, 0xE1,
    0x00, 0x00, 0x00, 0xBB, 0xA3, 0xBF, 0x09, 0xA7, 0x11, 0xED, 0x0D, 0x0E, 0x39, 0xE1, 0x00, 0x00,
    0x00, 0xBF, 0x10, 0x9E, 0xBF, 0x09, 0xA7, 0xEC, 0x0C, 0xC1, 0x04, 0x11, 0x3A, 0xE7, 0x00, 0x00,
    0x00, 0xCB, 0xEE, 0x5B, 0x39, 0xE1, 0x00, 0x00, 0x00, 0xBB, 0xA3, 0xBF, 0x0A, 0x9C, 0x39, 0xE1,
    0x00, 0x00, 0x00, 0xBF, 0x10, 0x9E, 0x9F, 0x11, 0x3A, 0xE1, 0x00, 0x00, 0x00, 0xCB, 0x39, 0xE7,
    0x00, 0x00, 0x00, 0xC1, 0x05, 0x9C, 0x11, 0x3A, 0xE7, 0x00, 0x00, 0x00, 0xCB, 0x39, 0xE7, 0x00,
    0x00, 0x00, 0x39, 0xB0, 0x00, 0x00, 0x00, 0x39, 0xE1, 0x00, 0x00, 0x00, 0xF1, 0x9F, 0x11, 0x3A,
    0xE7, 0x00, 0x00, 0x00, 0xCB, 0xB7, 0x11, 0x3A, 0xE1, 0x00, 0x00, 0x00, 0xCB, 0xEE, 0x01, 0x39,
    0xE2, 0x00, 0x00, 0x00, 0x93, 0x3A, 0xE2, 0x00, 0x00, 0x00, 0x0E, 0xEF, 0xA9, 0xFE, 0x06, 0xCB,
    0x39, 0xE6, 0x00, 0x00, 0x00, 0x39, 0xE7, 0x00, 0x00, 0x00, 0xAB, 0xEC, 0x0C, 0xC1, 0x06, 0x11,
    0x3A, 0xE7, 0x00, 0x00, 0x00, 0xCB, 0xEE, 0x0A, 0xC1, 0x07, 0x11, 0x3A, 0xE7, 0x00, 0x00, 0x00,
    0xCB, 0xC3, 0x11, 0x3A, 0xE1, 0x00, 0x00, 0x00, 0xCB, 0x06, 0xCB, 0x39, 0xE7, 0x00, 0x00, 0x00,
    0xC1, 0x08, 0xA7, 0xEC, 0x3A, 0x39, 0xE1, 0x00, 0x00, 0x00, 0x39, 0x97, 0x00, 0x00, 0x00, 0x43,
    0xEB, 0x00, 0x00, 0x00, 0x39, 0x96, 0x00, 0x00, 0x00, 0x39, 0xE7, 0x00, 0x00, 0x00, 0xC1, 0x09,
    0x9E, 0xF1, 0x24, 0x01, 0x00, 0x9F, 0x11, 0x3A, 0xE1, 0x00, 0x00, 0x00, 0xCB, 0x39, 0xE7, 0x00,
    0x00, 0x00, 0xC1, 0x0A, 0x9D, 0x11, 0x3A, 0xE7, 0x00, 0x00, 0x00, 0xCB, 0xEE, 0xBE, 0x39, 0xEC,
    0x00, 0x00, 0x00, 0x39, 0xE1, 0x00, 0x00, 0x00, 0xF1, 0xCF, 0x28, 0xC2, 0x03, 0x01, 0x2B, 0x00,
    0x3C, 0x01, 0x00, 0x3C, 0x06, 0x3F, 0x3F, 0x30, 0x7B, 0x4E, 0xBC, 0x49, 0x6D, 0x30, 0x2B, 0x2B,
    0x8A, 0x80, 0x00, 0x34, 0x02, 0x3F, 0x4E, 0x8A, 0x4E, 0x5D, 0x53, 0x5D, 0xCB, 0x85, 0x4E, 0x7B,
    0x2C, 0x0F, 0x4F, 0x85, 0x30, 0x2B, 0x3F, 0xCB, 0x4E, 0x0D, 0x0A, 0x00, 0x0A, 0x24, 0x01, 0xAC,
    0x0A, 0x28, 0x01, 0xFE, 0x0A, 0x00, 0x0A, 0x00, 0x0A, 0x28, 0x01, 0xC8, 0x0A, 0xE8, 0x01, 0x07,
    0x44, 0xB8, 0x90, 0xB5, 0x6B, 0x67, 0x80, 0x0A, 0xE8, 0x01, 0x07, 0x34, 0xA7, 0xB8, 0x48, 0x7F,
    0x8D, 0xAF, 0x0A, 0x00, 0x0A, 0x28, 0x01, 0xFE, 0x0A, 0x28, 0x01, 0xFE
};

我们修改后，直接去试一试，这里用的2020-1-09的版本才是好使的

我们把题中给编码直接放进去

那这么看，原来的文件，没有什么用处了，就直接执行这些字节码就可以跑出答案

分析一下源码，发现可以直接翻译，直接把这两个位置去掉注释，去再次编译，运行a.out

我们把编译出来的拿出来

0000:  02 0e                    14 atom indexes {
0002:  04 75 6e                   string: 1"un"
0005:  04 73 6e                   string: 1"sn"
0008:  02 73                      string: 1"s"
000a:  02 69                      string: 1"i"
000c:  02 6a                      string: 1"j"
000e:  02 6b                      string: 1"k"
0010:  02 6c                      string: 1"l"
0012:  02 6d                      string: 1"m"
0014:  02 6e                      string: 1"n"
0016:  20 35 41 44 41 43 41 45
       42 46 34 42 34 41 38 41
       34                         string: 1"5ADACAEBF4B4A8A4"
0027:  40 33 31 34 33 30 30 35
       37 62 30 35 35 37 30 32
       30 31 34 31 39 37 33 34
       30 32 37 33 36 2a 2a 2a
       2a                         string: 1"31430057b0557020141973402736****"
0048:  14 63 68 61 72 43 6f 64
       65 41 74                   string: 1"charCodeAt"
0053:  18 66 72 6f 6d 43 68 61
       72 43 6f 64 65             string: 1"fromCharCode"
0060:  0a 70 72 69 6e 74          string: 1"print"
                                }
0066:  0e                       function {
0067:  00 06 00 9e 01 00 01 00
       06 00 0b 81 06 01          name: "<eval>"
                                  args=0 vars=1 defargs=0 closures=0 cpool=11
                                  stack=6 bclen=769 locals=1
                                  vars {
0075:  a0 01 00 00 00               name: "<ret>"
                                  }
                                  bytecode {
007a:  40 df 00 00 00 00 40 e0
       00 00 00 00 40 e1 00 00
       00 00 40 e2 00 00 00 00
       40 e3 00 00 00 00 40 e4
       00 00 00 00 40 e5 00 00
       00 00 40 e6 00 00 00 00
       40 e7 00 00 00 00 40 e2
       00 00 00 00 3f df 00 00
       00 00 3f e0 00 00 00 00
       3f e1 00 00 00 00 3f e2
       00 00 00 00 3f e3 00 00
       00 00 3f e4 00 00 00 00
       3f e5 00 00 00 00 3f e6
       00 00 00 00 3f e7 00 00
       00 00 3f e2 00 00 00 00
       04 e8 00 00 00 11 3a df
       00 00 00 cb 04 e9 00 00
       00 11 3a e0 00 00 00 cb
       c1 00 11 3a e6 00 00 00
       cb 06 cb b7 11 3a e2 00
       00 00 0e 39 e2 00 00 00
       39 df 00 00 00 eb a5 ec
       43 39 e6 00 00 00 c1 01
       9c 11 3a e6 00 00 00 cb
       39 e6 00 00 00 39 b0 00
       00 00 39 df 00 00 00 43
       ea 00 00 00 39 e2 00 00
       00 24 01 00 f1 9f 11 3a
       e6 00 00 00 cb 39 e2 00
       00 00 93 3a e2 00 00 00
       0e ee b1 39 96 00 00 00
       39 e6 00 00 00 c1 02 9e
       f1 11 3a e5 00 00 00 cb
       c1 03 11 3a e7 00 00 00
       cb b7 11 3a e1 00 00 00
       cb b7 11 3a e4 00 00 00
       cb 06 cb b7 11 3a e2 00
       00 00 0e 39 e2 00 00 00
       39 e0 00 00 00 eb a5 6a
       4c 01 00 00 39 e0 00 00
       00 43 ea 00 00 00 39 e2
       00 00 00 24 01 00 11 3a
       e3 00 00 00 cb 06 cb 39
       e3 00 00 00 bf 30 a8 11
       ec 0a 0e 39 e3 00 00 00
       bf 39 a6 11 ed 17 0e 39
       e3 00 00 00 bf 61 a8 6a
       0c 01 00 00 39 e3 00 00
       00 bf 66 a6 6a ff 00 00
       00 39 e4 00 00 00 93 3a
       e4 00 00 00 cb 39 e3 00
       00 00 bf 30 a0 11 3a e3
       00 00 00 cb 06 cb 39 e3
       00 00 00 bf 09 a7 ec 10
       39 e3 00 00 00 bf 27 a0
       11 3a e3 00 00 00 cb 39
       e1 00 00 00 bf 10 9c 11
       3a e1 00 00 00 cb 39 e1
       00 00 00 39 e3 00 00 00
       9f 11 3a e1 00 00 00 cb
       06 cb 39 e4 00 00 00 b9
       9e b7 ab 6a 89 00 00 00
       39 e1 00 00 00 39 e5 00
       00 00 b0 11 3a e1 00 00
       00 cb 06 cb 39 e1 00 00
       00 bb a3 bf 09 a7 11 ed
       0d 0e 39 e1 00 00 00 bf
       10 9e bf 09 a7 ec 0c c1
       04 11 3a e7 00 00 00 cb
       ee 5b 39 e1 00 00 00 bb
       a3 bf 0a 9c 39 e1 00 00
       00 bf 10 9e 9f 11 3a e1
       00 00 00 cb 39 e7 00 00
       00 c1 05 9c 11 3a e7 00
       00 00 cb 39 e7 00 00 00
       39 b0 00 00 00 39 e1 00
       00 00 f1 9f 11 3a e7 00
       00 00 cb b7 11 3a e1 00
       00 00 cb ee 01 39 e2 00
       00 00 93 3a e2 00 00 00
       0e ef a9 fe 06 cb 39 e6
       00 00 00 39 e7 00 00 00
       ab ec 0c c1 06 11 3a e7
       00 00 00 cb ee 0a c1 07
       11 3a e7 00 00 00 cb c3
       11 3a e1 00 00 00 cb 06
       cb 39 e7 00 00 00 c1 08
       a7 ec 3a 39 e1 00 00 00
       39 97 00 00 00 43 eb 00
       00 00 39 96 00 00 00 39
       e7 00 00 00 c1 09 9e f1
       24 01 00 9f 11 3a e1 00
       00 00 cb 39 e7 00 00 00
       c1 0a 9d 11 3a e7 00 00
       00 cb ee be 39 ec 00 00
       00 39 e1 00 00 00 f1 cf
       28                           at 1, fixup atom: un
                                    at 7, fixup atom: sn
                                    at 13, fixup atom: s
                                    at 19, fixup atom: i
                                    at 25, fixup atom: j
                                    at 31, fixup atom: k
                                    at 37, fixup atom: l
                                    at 43, fixup atom: m
                                    at 49, fixup atom: n
                                    at 55, fixup atom: i
                                    at 61, fixup atom: un
                                    at 67, fixup atom: sn
                                    at 73, fixup atom: s
                                    at 79, fixup atom: i
                                    at 85, fixup atom: j
                                    at 91, fixup atom: k
                                    at 97, fixup atom: l
                                    at 103, fixup atom: m
                                    at 109, fixup atom: n
                                    at 115, fixup atom: i
                                    at 121, fixup atom: "5ADACAEBF4B4A8A4"
                                    at 127, fixup atom: un
                                    at 133, fixup atom: "31430057b0557020141973402736****"
                                    at 139, fixup atom: sn
                                    at 148, fixup atom: m
                                    at 158, fixup atom: i
                                    at 164, fixup atom: i
                                    at 169, fixup atom: un
                                    at 178, fixup atom: m
                                    at 187, fixup atom: m
                                    at 193, fixup atom: m
                                    at 198, fixup atom: BigInt
                                    at 203, fixup atom: un
                                    at 208, fixup atom: charCodeAt
                                    at 213, fixup atom: i
                                    at 224, fixup atom: m
                                    at 230, fixup atom: i
                                    at 236, fixup atom: i
                                    at 244, fixup atom: Number
                                    at 249, fixup atom: m
                                    at 259, fixup atom: l
                                    at 268, fixup atom: n
                                    at 276, fixup atom: s
                                    at 284, fixup atom: k
                                    at 294, fixup atom: i
                                    at 300, fixup atom: i
                                    at 305, fixup atom: sn
                                    at 317, fixup atom: sn
                                    at 322, fixup atom: charCodeAt
                                    at 327, fixup atom: i
                                    at 336, fixup atom: j
                                    at 344, fixup atom: j
                                    at 356, fixup atom: j
                                    at 368, fixup atom: j
                                    at 381, fixup atom: j
                                    at 394, fixup atom: k
                                    at 400, fixup atom: k
                                    at 406, fixup atom: j
                                    at 415, fixup atom: j
                                    at 423, fixup atom: j
                                    at 433, fixup atom: j
                                    at 442, fixup atom: j
                                    at 448, fixup atom: s
                                    at 457, fixup atom: s
                                    at 463, fixup atom: s
                                    at 468, fixup atom: j
                                    at 475, fixup atom: s
                                    at 483, fixup atom: k
                                    at 497, fixup atom: s
                                    at 502, fixup atom: l
                                    at 509, fixup atom: s
                                    at 517, fixup atom: s
                                    at 531, fixup atom: s
                                    at 547, fixup atom: n
                                    at 555, fixup atom: s
                                    at 565, fixup atom: s
                                    at 575, fixup atom: s
                                    at 581, fixup atom: n
                                    at 590, fixup atom: n
                                    at 596, fixup atom: n
                                    at 601, fixup atom: BigInt
                                    at 606, fixup atom: s
                                    at 614, fixup atom: n
                                    at 622, fixup atom: s
                                    at 630, fixup atom: i
                                    at 636, fixup atom: i
                                    at 647, fixup atom: m
                                    at 652, fixup atom: n
                                    at 663, fixup atom: n
                                    at 674, fixup atom: n
                                    at 682, fixup atom: s
                                    at 690, fixup atom: n
                                    at 700, fixup atom: s
                                    at 705, fixup atom: String
                                    at 710, fixup atom: fromCharCode
                                    at 715, fixup atom: Number
                                    at 720, fixup atom: n
                                    at 734, fixup atom: s
                                    at 740, fixup atom: n
                                    at 749, fixup atom: n
                                    at 757, fixup atom: print
                                    at 762, fixup atom: s
                                  }
                                  debug {
037b:  c2 03 01 2b 00 3c 01 00
       3c 06 3f 3f 30 7b 4e bc
       49 6d 30 2b 2b 8a 80 00
       34 02 3f 4e 8a 4e 5d 53
       5d cb 85 4e 7b 2c 0f 4f
       85 30 2b 3f cb 4e 0d         filename: s
                                  }
                                  cpool {
03aa:  0a                           bigint {
03ab:  00                           }
03ac:  0a                           bigint {
03ad:  24 01                          len=1
03af:  ac                           }
03b0:  0a                           bigint {
03b1:  28 01                          len=1
03b3:  fe                           }
03b4:  0a                           bigint {
03b5:  00                           }
03b6:  0a                           bigint {
03b7:  00                           }
03b8:  0a                           bigint {
03b9:  28 01                          len=1
03bb:  c8                           }
03bc:  0a                           bigint {
03bd:  e8 01 07                       len=7
03c0:  44 b8 90 b5 6b 67 80         }
03c7:  0a                           bigint {
03c8:  e8 01 07                       len=7
03cb:  34 a7 b8 48 7f 8d af         }
03d2:  0a                           bigint {
03d3:  00                           }
03d4:  0a                           bigint {
03d5:  28 01                          len=1
03d7:  fe                           }
03d8:  0a                           bigint {
03d9:  28 01                          len=1
03db:  fe                           }
                                  }
                                }
Success!

bytecode反汇编结果

s:1: function: <eval>
  locals:
    0: var <ret>
  stack_size: 6
  opcodes:
        check_define_var un,0
        check_define_var sn,0
        check_define_var s,0
        check_define_var i,0
        check_define_var j,0
        check_define_var k,0
        check_define_var l,0
        check_define_var m,0
        check_define_var n,0
        check_define_var i,0
        define_var un,0
        define_var sn,0
        define_var s,0
        define_var i,0
        define_var j,0
        define_var k,0
        define_var l,0
        define_var m,0
        define_var n,0
        define_var i,0
        push_atom_value "5ADACAEBF4B4A8A4"
        dup
        put_var un
        put_loc0 0: "<ret>"
        push_atom_value "31430057b0557020141973402736****"
        dup
        put_var sn
        put_loc0 0: "<ret>"
        push_const8 0: 0n
        dup
        put_var m
        put_loc0 0: "<ret>"
        undefined
        put_loc0 0: "<ret>"
        push_0 0
        dup
        put_var i
        drop
  163:  get_var i
        get_var un
        get_length
        lt
        if_false8 243
        get_var m
        push_const8 1: 43n
        mul
        dup
        put_var m
        put_loc0 0: "<ret>"
        get_var m
        get_var BigInt
        get_var un
        get_field2 charCodeAt
        get_var i
        call_method 1
        call1 1
        add
        dup
        put_var m
        put_loc0 0: "<ret>"
        get_var i
        post_inc
        put_var i
        drop
        goto8 163
  243:  get_var Number
        get_var m
        push_const8 2: 127n
        mod
        call1 1
        dup
        put_var l
        put_loc0 0: "<ret>"
        push_const8 3: 0n
        dup
        put_var n
        put_loc0 0: "<ret>"
        push_0 0
        dup
        put_var s
        put_loc0 0: "<ret>"
        push_0 0
        dup
        put_var k
        put_loc0 0: "<ret>"
        undefined
        put_loc0 0: "<ret>"
        push_0 0
        dup
        put_var i
        drop
  299:  get_var i
        get_var sn
        get_length
        lt
        if_false 644
        get_var sn
        get_field2 charCodeAt
        get_var i
        call_method 1
        dup
        put_var j
        put_loc0 0: "<ret>"
        undefined
        put_loc0 0: "<ret>"
        get_var j
        push_i8 48
        gte
        dup
        if_false8 363
        drop
        get_var j
        push_i8 57
        lte
  363:  dup
        if_true8 388
        drop
        get_var j
        push_i8 97
        gte
        if_false 644
        get_var j
        push_i8 102
        lte
  388:  if_false 644
        get_var k
        post_inc
        put_var k
        put_loc0 0: "<ret>"
        get_var j
        push_i8 48
        sub
        dup
        put_var j
        put_loc0 0: "<ret>"
        undefined
        put_loc0 0: "<ret>"
        get_var j
        push_i8 9
        gt
        if_false8 447
        get_var j
        push_i8 39
        sub
        dup
        put_var j
        put_loc0 0: "<ret>"
  447:  get_var s
        push_i8 16
        mul
        dup
        put_var s
        put_loc0 0: "<ret>"
        get_var s
        get_var j
        add
        dup
        put_var s
        put_loc0 0: "<ret>"
        undefined
        put_loc0 0: "<ret>"
        get_var k
        push_2 2
        mod
        push_0 0
        eq
        if_false 629
        get_var s
        get_var l
        xor
        dup
        put_var s
        put_loc0 0: "<ret>"
        undefined
        put_loc0 0: "<ret>"
        get_var s
        push_4 4
        sar
        push_i8 9
        gt
        dup
        if_true8 541
        drop
        get_var s
        push_i8 16
        mod
        push_i8 9
        gt
  541:  if_false8 554
        push_const8 4: 0n
        dup
        put_var n
        put_loc0 0: "<ret>"
        goto8 644
  554:  get_var s
        push_4 4
        sar
        push_i8 10
        mul
        get_var s
        push_i8 16
        mod
        add
        dup
        put_var s
        put_loc0 0: "<ret>"
        get_var n
        push_const8 5: 100n
        mul
        dup
        put_var n
        put_loc0 0: "<ret>"
        get_var n
        get_var BigInt
        get_var s
        call1 1
        add
        dup
        put_var n
        put_loc0 0: "<ret>"
        push_0 0
        dup
        put_var s
        put_loc0 0: "<ret>"
        goto8 629
  629:  get_var i
        post_inc
        put_var i
        drop
        goto16 299
  644:  undefined
        put_loc0 0: "<ret>"
        get_var m
        get_var n
        eq
        if_false8 670
        push_const8 6: 18071254662143010n
        dup
        put_var n
        put_loc0 0: "<ret>"
        goto8 679
  670:  push_const8 7: 24706849372394394n
        dup
        put_var n
        put_loc0 0: "<ret>"
  679:  push_empty_string
        dup
        put_var s
        put_loc0 0: "<ret>"
        undefined
        put_loc0 0: "<ret>"
  689:  get_var n
        push_const8 8: 0n
        gt
        if_false8 756
        get_var s
        get_var String
        get_field2 fromCharCode
        get_var Number
        get_var n
        push_const8 9: 127n
        mod
        call1 1
        call_method 1
        add
        dup
        put_var s
        put_loc0 0: "<ret>"
        get_var n
        push_const8 10: 127n
        div
        dup
        put_var n
        put_loc0 0: "<ret>"
        goto8 689
  756:  get_var print
        get_var s
        call1 1
        set_loc0 0: "<ret>"
        return
 
Success!

不难看出来，🙃我完全是鼓励自己，这都是个啥，慢慢看逻辑大概了解了

var un, sn, s;
var i, j, k, l, m, n;
un = "5ADACAEBF4B4A8A4";
sn = "31430057b0557020141973402736****";
m = 0n;
for(var i = 0; i < un.length; i++){
    m *= 43n; 
    m += BigInt(un.charCodeAt(i));
}
l = Number(m % 127n);
n = 0
;
s = 0;
k = 0;
for(i = 0; i < sn.length; i++){
    j = sn.charCodeAt(i);
    if((j>=48&&j<=57)||(j>=97&&j<=102)){
        k++;
        j -= 48;
        if(j > 9) j -= 0x27;
        s *= 16;
        s += j;
        if(k % 2 == 0){
            s ^= l;
            s = (s>>4)*10+s%16;
            n *= 100n;
            n += BigInt(s);
            s = 0;
        }
    }
    else
        break;
}
if(m == n) n = 18071254662143010n;
else n = 24706849372394394n;
s = "";
while(n > 0){
    s += String.fromCharCode(Number(n % 127n));
    n /= 127n;
}
print(s);

直接去逆一下js代码 求m和l

int main() {
	char A[] = "KCTFKCTFKCTFKCTF";  //75   67   84  70
	long long  m = 0;
	for (int i = 0; A[i]; i++) {
		m = m * 43 + ((int)A[i]);
	}
	int l = 0;
	l = m % 127;
	printf("m = %ld \ni = %ld", m, l);
	return 0;
}

我摊牌了我用计算机按的

得出来 m = 243377798925556026477314360，l =66

直接就可以去求序列号了：40017535dad01714402635730122

好的！👴决定先上传一波，然后去整理小黄书去！gogogo！🙆‍♂️