5.9日更新
接着昨天的更新的来吧!😡以后一定不熬夜了,现在熬夜熬得身体扛不住,以后早起学习!
DontEatMe
刚开始有个ZwSetInformationThread的反调试,直接nop了就好了
继续分析分析逻辑
这里生成了一个迷宫,直接把迷宫拿出来
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 0 1 1 1 1 1 1 1 0 1 1 1 1 1 1 1 0 1 1 1 1 1 1 1 0 1 1 1 1 1 1 1 0 1 1 1 1 0 0 0 0 * 0 0 1 1 1 1 0 1 1 1 1 0 1 1 1 1 1 0 1 1 1 1 0 1 1 1 1 0 1 1 1 1 1 0 1 1 1 1 0 1 1 1 1 0 0 0 0 1 1 0 1 1 1 1 0 1 1 1 1 1 1 1 0 1 1 0 1 1 1 1 0 1 1 1 1 1 1 1 0 1 1 0 1 1 1 1 0 0 0 0 * 0 0 0 0 1 1 0 1 1 1 1 1 1 1 1 0 1 1 1 1 1 1 0 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
初始下标为(10,5),终点为(4,9)
直接走一下ddddwwwaaawwwddd 应该是最短路径,然后寻找blowfish算法的key
000F1A01353A3B20
db824ef8605c5235b4bbacfa2ff8e0875c1a0401b3b63dd7,因为这个BLowfish是对称密码,我们的密文是32位的,所以明文就是32位
RCTF{db824ef8605c5235b4bbacfa2ff8e087}
sourceguardian
这个题打开像是个PHP强混淆,这个阿鹏哥直接给了我文件,(花钱就会让你变得更强,这个强混淆tb一手子)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 <?php function a($q, $y, $z, $p, $e, $k) { return ($z >> 5 & 134217727 ^ $y << 2) + ($y >> 3 & 536870911 ^ $z << 4) ^ ($q ^ $y) + ($k[$p & 3 ^ $e] ^ $z); } function verify($str) { if( php_sapi_name() === "phpdbg" ) { exit( "Sorry but no phpdbg" ); } if( ini_get("vld.active") == 1 ) { dir("Sorry but no vld"); } $v = unpack("V*", $str . str_repeat("", 4 - strlen($str) % 4 & 3)); $v = array_values($v); $v[count($v)] = strlen($str); $b = array( 1029560848, 2323109303, 4208702724, 3423862500, 3597800709, 2222997091, 4137082249, 2050017171, 4045896598 ); $k = array( 1752186684, 1600069744, 1953259880, 1836016479 ); $n = count($v) - 1; $z = $v[$n]; $q = floor(6 + 52 / ($n + 1)); $sum = 0; while( 0 < $q-- ) { $sum = $sum + 2654435769 & 4294967295; $e = $sum >> 2 & 3; $p = 0; while( $p < $n ) { $y = $v[$p + 1]; $v[$p] = $v[$p] + a($sum, $y, $z, $p, $e, $k) & 4294967295; $z = $v[$p]; $p++; } $y = $v[0]; $v[$n] = $v[$n] + a($sum, $y, $z, $p, $e, $k) & 4294967295; $z = $v[$n]; } $i = 0; while( $i < count($v) ) { $v[$i] = $v[$i] ^ $k[$i % 4]; $i++; } return $v == $b; }
看一下,就是个xxtea,加上一个异或,直接解吧
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 #include <stdio.h> #include <stdint.h> #include<iostream> using namespace std; #define DELTA 0x9e3779b9 #define MX (((z>>5^y<<2) + (y>>3^z<<4)) ^ ((sum^y) + (key[(p&3)^e] ^ z))) void btea(long* v, int n, long* key) { uint32_t y, z, sum; unsigned p, rounds, e; if (n > 1) /* Coding Part */ { rounds = 6 + 52 / n; sum = 0; z = v[n - 1]; do { sum += DELTA; e = (sum >> 2) & 3; for (p = 0; p < n - 1; p++) { y = v[p + 1]; z = v[p] += MX; } y = v[0]; z = v[n - 1] += MX; } while (--rounds); } else if (n < -1) /* Decoding Part */ { n = -n; rounds = 6 + 52 / n; sum = rounds * DELTA; y = v[0]; do { e = (sum >> 2) & 3; for (p = n - 1; p > 0; p--) { z = v[p - 1]; y = v[p] -= MX; } z = v[n - 1]; y = v[0] -= MX; sum -= DELTA; } while (--rounds); } } int main() { long cipher[] = { 1029560848, 2323109303, 4208702724, 3423862500, 3597800709, 2222997091, 4137082249, 2050017171, 4045896598 }; long key[] = { 1752186684, 1600069744, 1953259880, 1836016479 }; for (int i = 0; i < 9; i++) { cipher[i] ^= key[i % 4]; } btea(cipher, -9, key); cout << (char*)cipher << endl; }
RCTF{h0w_d1d_you_crack_sg11?}
crack
打开程序后,看到了路飞!嗯!我喜欢的动漫😍,好啦不多说了,做题,感觉crackme大部分跟看雪的ctf差不多,我直接用od和ida搞一下
用ida打开看一下
算法问题:https://projecteuler.net/problem=67
总共有0x200*0x200行数据,每行的前n个元素是金字塔中对应元素,其余的元素根据输入的过程拼接起来变成一个函数
这里用到了动态规划,所以我要去认真学习一下了,估计明天的笔记,NO!是后天,明天网鼎杯,大概会写一下wp,写完回来学习动态规划,我去休息啦,晚安!😘
直接去od看一下key
在00402762会被调用,相加总和要为0x100758E540F
