2021 長安「戰疫」網路安全衛士守護賽 WriteUp
2022-01-09 11:00:16
麻薯星的zyz想要生猴子!!!麻薯星的zyz想要生猴子!!!麻薯星的zyz想要生猴子!!!
隊友第一輪做了倆Web之後就擺爛了 寄
總體來說長安戰疫基本大部分題都偏向入門,適合大一新生練練手
少部分多百度也能做。
還有很小部分就看積累吧。
文章目錄
Misc
八卦迷宮
按照迷宮走然後取字的拼音即可
字是戰長恙長戰恙河長山山安戰疫疫戰疫安疫長安恙
flag是:
cazy{zhanchangyangchangzhanyanghechangshanshananzhanyiyizhanyianyichanganyang}
樸實無華的取證
首先檢視版本 imageinfo得到WinXPSP2x86
然後pslist,注意到
![[外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片儲存下來直接上傳(img-wkF0LZgx-1641631822267)(mumuzi.assets/image-20220108103445403.png)]](https://s3.ap-northeast-1.wasabisys.com/img.tw511.com/202201/70d9fdd94bb24a0b86a723c880d5fe27ukvv453dmg4.png)
於是:
![[外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片儲存下來直接上傳(img-5u2OCci0-1641631822270)(mumuzi.assets/image-20220108103513837.png)]](https://s3.ap-northeast-1.wasabisys.com/img.tw511.com/202201/b6bc9593a9ca42f2a37a0d9efa4a45a54suaa3phpak.png)
發現目錄是桌面而並非Desktop,重新filescan一下,匯出有用資訊
![[外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片儲存下來直接上傳(img-r6LzEg9C-1641631822278)(mumuzi.assets/image-20220108103543050.png)]](https://s3.ap-northeast-1.wasabisys.com/img.tw511.com/202201/d7890c2bd0c246c0b9b28b41958b51e82avyno5wfh2.png)
首先zip的密碼是上面說的20211209
其次,得到的txt是加密函數,而密文在flag.png上。反過來寫一個指令碼
但是我寫了幾次都沒寫對
。。。。於是有了這個指令碼
s = 'fdcb[8ldq?zloo?fhuwdlqob?vxffhhg?lq?iljkwlqj?wkh?hslghplf]'
for i in s:
if(ord(i)>=ord('a') and ord(i)<=ord('w')):
print(chr(ord(i)-3),end='')
elif(i == 'a'):
print('x',end='')
elif(i == 'b'):
print('y',end='')
elif(i == 'c'):
print('z',end='')
elif(i == "|"):
print('_')
else:
print(chr(ord(i)+32),end='')
#ca`_{Xian_šill_certainl__s˜cceed_in_fighting_the_epidemic}
查了一下certainl後面應該還有個y
然後前面那個單詞是will,後面那個單詞是succeed,於是得到flag提交正確
cazy{Xian_will_certainly_succeed_in_fighting_the_epidemic}
無字天書
匯出HTTP流,在匯出的其中兩個檔案發現hex串,都是很明顯的zip,hex–>ascii,得到zip,開啟zip得到兩檔案,一個key.ws一個flag.txt
ws很明顯的whitespace,直接https://vii5ard.github.io/whitespace/得到key:XiAnWillBeSafe
然後flag.txt很明顯的SNOW
.\SNOW.EXE -p XiAnWillBeSafe -C .\flag.txt
![[外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片儲存下來直接上傳(img-5EINTl6Z-1641631822281)(mumuzi.assets/image-20220108104800137.png)]](https://s3.ap-northeast-1.wasabisys.com/img.tw511.com/202201/e73eff4d3bef4ba0ae7cb1e9ff69966045xmzygiclh.png)
cazy{C4n_y0u_underSt4nd_th3_b0oK_With0ut_Str1ng}
西安加油
檢視流量包發現大量的base64串,匯出http發現secret.txt,base64解碼發現是zip,儲存後開啟發現是拼圖
因為不知道大小,所以猜了一個12*4
命令montage *png -tile 12x4 -geometry 100x100+0+0 out2.png
然後用gaps
python3 gaps --image=out2.png --generations=10 --population=48 --size=100 --save
我gaps有問題,代數太多跑一會就報錯,不加save跑完就直接報錯。。。
![[外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片儲存下來直接上傳(img-qmPkoNBX-1641631822284)(mumuzi.assets/image-20220108104953204.png)]](https://s3.ap-northeast-1.wasabisys.com/img.tw511.com/202201/124b6b2052ac4ad0886eb56523ba6f4fy3s5ca035om.png)
得到flag,X的大小寫記不住了
cazy{make_XiAN_great_Again}
binary
檔案頭能看出來是class檔案,直接扔jadx
陣列轉出來
s = [77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 68, 65, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 65, 120, 77, 84, 65, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 70, 120, 117, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 70, 120, 117, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 86, 120, 117, 77, 84, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 84, 65, 119, 77, 70, 120, 117, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 65, 120, 77, 68, 65, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 84, 65, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 65, 120, 77, 70, 120, 117, 77, 84, 69, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 70, 120, 117, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 69, 119, 77, 68, 65, 120, 77, 84, 65, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 65, 120, 77, 68, 65, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 65, 120, 77, 84, 65, 120, 77, 68, 65, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 65, 119, 77, 68, 69, 120, 77, 84, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 84, 69, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 120, 77, 86, 120, 117, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 119, 77, 68, 69, 119, 77, 70, 120, 117, 77, 68, 69, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 68, 65, 120, 77, 68, 65, 120, 77, 68, 69, 120, 77, 86, 120, 117, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 65, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 65, 119, 77, 70, 120, 117, 77, 84, 65, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 65, 120, 77, 84, 65, 120, 77, 70, 120, 117, 77, 68, 65, 120, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 68, 69, 119, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 65, 120, 77, 84, 65, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 65, 120, 77, 84, 69, 120, 77, 86, 120, 117, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 65, 120, 77, 84, 69, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 65, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 70, 120, 117, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 65, 119, 77, 84, 69, 120, 77, 68, 65, 120, 77, 84, 69, 119, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 86, 120, 117, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 120, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 68, 69, 119, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 86, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 86, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 120, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 65, 119, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 69, 120, 77, 70, 120, 117, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 65, 120, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 68, 65, 120, 77, 84, 65, 119, 77, 65, 61, 61]
for i in s:
print(chr(i),end='')
得到base64,解碼是01串,明顯的二維條碼
s = '0000000101110000000011111101110000000\n0111110101101010111110001110110111110\n0100010100001111000111010110110100010\n0100010110000011000111000001010100010\n0100010111011011001101101011110100010\n0111110101110100000001001000010111110\n0000000101010101010101010101010000000\n1111111100100000000100110011111111111\n1100010101010000101111110100000011000\n0101101000110010010000100110101011101\n1011000001001111001100011010000010010\n1110111111110010101101000110101011100\n1010110001110000000110100000000000010\n0110101001000100011011101011101111101\n0010100100111111101110000110010100010\n0010001101110110110011001100110011101\n1110100110001111111011010011000000010\n0000111010100011100000101101111110111\n1101100110101101001100010100110000100\n0101001001111001000001001110010010111\n0101010011000111000110010000010101000\n1001101111101110110010011111101011101\n1101100010111000000101110110001011010\n0011001000111101100011110100100111101\n0101000001110101110110101111110100010\n0101011011001001000000110100010011111\n0110100010001110010110011011111001100\n0111001111100000010110110111001111100\n0100110010110010100010111011000000000\n1111111101011001110011100101011101011\n0000000111000111011010110001010100100\n0111110111001101010110101100011101111\n0100010100110000110011010000000000010\n0100010101111101100011111111110100111\n0100010101101111111100000010101010110\n0111110111111000101101001111000110110\n0000000111111011110110000000100011000'
s = s.split('\n')
from PIL import Image
pic = Image.new('RGB',(37,37),(255,255,255))
for i in range(37):
for j in range(37):
if(s[i][j] == '0'):
pic.putpixel((j,i),(0,0,0))
pic.show()
pic.save('fllllag.png')
掃碼得到flag
flag{932b2c0070e4897ea7df0190dbf36ece}
Ez_Steg
pyc的steg很明顯是劍龍,注意python版本號,我用3.9沒跑出來,3.6能跑
跑出來得到key:St3g1sV3ryFuNny
當然密文更明顯是emoji-aes,解密得到flag
cazy{Em0j1s_AES_4nd_PyC_St3g_D0_yoU_l1ke}
ez_Encrypt
這次題目的流量包都只需要匯出HTTP就能做了
匯出之後有個web123,是base64,同樣cyberchef解碼得到zip檔案,用D盾掃
![[外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片儲存下來直接上傳(img-fxGyG6JZ-1641631822289)(mumuzi.assets/image-20220108153726810.png)]](https://s3.ap-northeast-1.wasabisys.com/img.tw511.com/202201/b5d8a99411384ceb91fc6a783ef60ca1e0ne5fxp4tk.png)
![[外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片儲存下來直接上傳(img-jCDmViZG-1641631822293)(mumuzi.assets/image-20220108153734258.png)]](https://s3.ap-northeast-1.wasabisys.com/img.tw511.com/202201/38a20c385c2b4c039c108e524ec5b602mwlfnudefxj.png)
百度找一個解php混淆的,除去廣告第一個就是https://www.zhaoyuanma.com/phpjm.html
解密得到flag
![[外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片儲存下來直接上傳(img-U2XyWpF1-1641631822296)(mumuzi.assets/image-20220108153841460.png)]](https://s3.ap-northeast-1.wasabisys.com/img.tw511.com/202201/4718d768b066471ebdfa0f3029ef9b620ju5ybz1ehp.png)
cazy{PHP_ji4m1_1s_s00000_3aSyyyyyyyyyyy}
Crypto
no_cry_no_can
就單純的互斥或,通過格式cazy{找出key的值
key = b'\x5f\x11\x32\xff\x61'
s = b'<pH\x86\x1a&"m\xce\x12\x00pm\x97U1uA\xcf\x0c:NP\xcf\x18~l'
for i in range(len(s)):
print(chr(key[i%5]^s[i]),end='')
cazy{y3_1s_a_h4nds0me_b0y!}
no_can_no_bb
單純的爆破key,給了key的範圍是1,1<<20,還好簡單,要不然就不會做了
from Crypto.Util.number import *
from Crypto.Cipher import AES
from tqdm import tqdm
def pad(m):
tmp = 16-(len(m)%16)
return m + bytes([tmp for _ in range(tmp)])
enc=b'\x9d\x18K\x84n\xb8b|\x18\xad4\xc6\xfc\xec\xfe\x14\x0b_T\xe3\x1b\x03Q\x96e\x9e\xb8MQ\xd5\xc3\x1c'
for i in tqdm(range(1<<20)):
key=pad(long_to_bytes(i))
aes=AES.new(key,AES.MODE_ECB)
s = aes.decrypt(enc)
if b'cazy{' in s:
print(s)
no_math_no_cry
真就太久沒學數學唄,還有負根,一開始都忘乾淨了,果然我不適合做cry,但還好這三道和密碼學關係不是特別的大。
from Crypto.Util.number import*
import gmpy2
s = 10715086071862673209484250490600018105614048117055336074437503883703510511248211671489145400471130049712947188505612184220711949974689275316345656079538583389095869818942817127245278601695124271626668045250476877726638182396614587807925457735428719972874944279172128411500209111406507112585996098530169
s -= 0x0338470
s = gmpy2.iroot(s,2)[0]
s = -s
s += (1<<500)
print(long_to_bytes(s))
cazy{1234567890_no_m4th_n0_cRy}
Reverse
combat_slogan
jdgui開啟看main就看見加密的flag了,上面函數明顯的rot13
線上rot13解一下就行了,然後套上flag{}
flag{We_w11l_f1ght_t0_end_t0_end_cazy}
cute_doge
IDA開啟ctf1.exe,搜字串,看見ZmxhZ3tDaDFuYV95eWRzX2Nhenl9
base64解碼就是flag
flag{Ch1na_yyds_cazy}
hello_py
uncompyle6 easy_py.cpython-38.pyc > easy_py.py
出來一個py檔案,看了下,首先進encrypt1進行互斥或,再進入encrypt2進行互斥或,然後輸出和Happy進行比較
既然是這樣,那不妨反過來,把num從9到0改成從0到9,把該減的地方改成加,該執行的順序也換一下。
# uncompyle6 version 3.7.4
# Python bytecode 3.8 (3413)
# Decompiled from: Python 3.8.7 (default, Dec 22 2020, 10:37:26)
# [GCC 10.2.1 20201207]
# Embedded file name: C:\Users\Administrator\Desktop\easy_py.py
# Compiled at: 2021-12-28 15:45:17
# Size of source mod 2**32: 1099 bytes
import threading, time
def encode_1(n):
global num
while True:
if num <= 9:
flag[num] = flag[num] ^ num
num += 1
time.sleep(0.1)
if num > 9:
break
def encode_2(n):
global num
while True:
if num <= 9:
flag[num] = flag[num] ^ flag[(num + 1)]
num += 1
time.sleep(0.1)
if num > 9:
break
while True:
Happy = [
44, 100, 3, 50, 106, 90, 5, 102, 10, 112]
num = 0
f = input('Please input your flag:')
if len(f) == 10:
print('Your input is illegal')
else:
flag = [44, 100, 3, 50, 106, 90, 5, 102, 10, 112]
if(1 == 2):
print('crazymumuzi!')
else:
print("flag to 'ord':", flag)
t1 = threading.Thread(target=encode_1, args=(1, ))
t2 = threading.Thread(target=encode_2, args=(2,))
t2.start()
t1.start()
t1.join()
t2.join()
for i in flag:
print(chr(i),end='')
if flag == Happy:
print('Good job!')
else:
print('No no no!')
# okay decompiling easy_py.cpython-38.pyc
得到flag,包上flag{}即可
flag{He110_cazy}