re题⽬新⼿区练习
re题⽬新⼿区练习
re1
od打开字符串搜⼀下。
DUTCTF{We1c0met0DUTCTF}
re2
随便乱输⼀下
zsctf{T9is_tOpic_1s_v5ry_int7resting_b6t_others_are_n0t}
emm,实质就是⽐较灯。这⾥没有算法,直接全nop就⾏了
re3
将输⼊的转为16进制与已知16进制串对⽐
#!/usr/bin/env python
# coding=utf-8
flag =""
string ="437261636b4d654a757374466f7246756e"
for i in range(0,len(string),2):
flag +=chr(int(string[i:i+2],16))
print(flag)
#CrackMeJustForFun
re4
1. 第⼀段输⼊0xcafe
2. 第⼆段为就是8
3. 第三段为h4cky0u
4. 第四段 first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;
>>>0xcafe
51966
>>>8*25
200
>>>51966*31337+8*11+7-1615810207
12648430
>>>hex(12648430)
'0xc0ffee'
>>>
第⼀次带了0x没提交上。。
re5
upx -d 脱掉壳就拿到flag了。。
flag{Upx_1s_n0t_a_d3liv3r_c0mp4ny}
re6
>>>len(':\"AL_RT^L*.?+6/46')
17
#!/usr/bin/env python
# coding=utf-8
v7 =hex(0x65626D61726168)[2:]
v7 =[int(v7[i:i+2],16)for i in range(0,len(v7),2)][::-1]
string =':\"AL_RT^L*.?+6/46'
flag =""
for i in range(len(string)):
first = v7[i %7]
second =ord(string[i])^ first
flag +=chr(second)
print(flag)
# RC3-2016-XORISGUD
坑点,⼩端序列,我转成int后忘了倒序,⼀直是错的。。
re7
9447{This_is_a_flag}
re8
python写个算法跑⼀下
#!/usr/bin/env python
# coding=utf-8
List1 =[0x3A,0x14,0x00,0x00,0x36,0x14,0x00,0x00,0x37,0x14,0x00,0x00,0x3B,0x14,0x00,0x00,0x80,0x14,0x00,0x00,0x7A,0x14,0x00,0x0 0,0x71,0x14,0x00,0x00,0x78,0x14,0x00,0x00,0x63,0x14,0x00,0x00,0x66,0x14,0x00,0x00,0x73,0x14,0x00,0x00,0x67,0x14,0x00,0x00,0x6 2,0x14,0x00,0x00,0x65,0x14,0x00,0x00,0x73,0x14,0x00,0x00,0x60,0x14,0x00,0x00,0x6B,0x14,0x00,0x00,0x71,0x14,0x00,0x00,0x78,0x1 4,0x00,0x00,0x6A,0x14,0x00,0x00,0x73,0x14,0x00,0x00,0x70,0x14,0x00,0x00,0x64,0x14,0x00,0x00,0x78,0x14,0x00,0x00,0x6E,0x14,0x0 0,0x00,0x70,0x14,0x00,0x00,0x70,0x14,0x00,0x00,0x64,0x14,0x00,0x00,0x70,0x14,0x00,0x00,0x64,0x14,0x00,0x00,0x6E,0x14,0x00,0x0 0,0x7B,0x14,0x00,0x00,0x76,0x14,0x00,0x00,0x78,0x14,0x00,0x00,0x6A,0x14,0x00,0x00,0x73,0x14,0x00,0x00,0x7B,0x14,0x00,0x00,0x8 0,0x14,0x00,0x00,0x00,0x00,0x00]
List2 =[0x01,0x14,0x00,0x00,0x02,0x14,0x00,0x00,0x03,0x14,0x00,0x00,0x04,0x14,0x00,0x00,0x05,0x14,0x00,0x00]
v6 =len(List1)
v4 =0
v7 =len(List2)
while(v4 < v6):
List1[v4]-= List2[v4%v7]
v4 +=1
List1 =[i for i in List1 if i!=0][:-2]
flag =""
for i in List1:
flag +=chr(i)
print(flag)
9
94
944
9447
9447{
9447{y
9447{yo
9447{you
9447{you_
9447{you_a
9447{you_ar
9447{you_are
9447{you_are_
9447{you_are_a
9447{you_are_an
9447{you_are_an_
9447{you_are_an_i
9447{you_are_an_in
9447{you_are_an_int
9447{you_are_an_inte
9447{you_are_an_inter
9447{you_are_an_intern
9447{you_are_an_interna
9447{you_are_an_internat
9447{you_are_an_internati
9447{you_are_an_internatio
9447{you_are_an_internation
9447{you_are_an_internationa
9447{you_are_an_international
9447{you_are_an_international_
9447{you_are_an_international_m
9447{you_are_an_international_my
9447{you_are_an_international_mys
9447{you_are_an_international_myst
9447{you_are_an_international_myste
9447{you_are_an_international_myster
9447{you_are_an_international_mystery
9447{you_are_an_international_mystery}
re9
看下算法,跑下就⾏了,还是⼩端序问题
#!/usr/bin/env python
# coding=utf-8
List1 =[0xBCA0CCBB,0xB8BED1DC,0xAEBECFCD,0x82ABC4D2,0xB393D9D2,0xA993DED4,0x82B8CBD3,0xB9BECBD3,0x00CCD79A] v2 =0xDDCCAABB
flag =""
for i in range(len(List1)):
result =hex( List1[i]^ v2 )[2:]
for i in range(3,-1,-1):
temp =int(result[2*i:2*i+2],16)
flag +=chr(temp)
#flag += chr(result)
print(flag)
re10
string ="c61b68366edeb7bdce3c6820314b7498"
flag =""
for i in range(len(string)):
v3 =1if i&1else-1
result =ord(string[i])+v3
flag +=chr(result)
# S
flag0 ="SharifCTF{"
flag1 ="}"
flag = flag0 + flag + flag1
print(flag)
好坑的⼀道题。。少了个S,我还以为我做错了re11
#!/usr/bin/env python
# encoding: utf-8
# 如果觉得不错,可以推荐给你的朋友!tool.lu/pyc import base64
def encode(message):
s =''
for i in message:
x =ord(i)^32
x = x +16
s +=chr(x)
return base64.b64encode(s)
correct ='XlNkVmtUI1MgXWBZXCFeKY+AaXNt'
flag =''
print'Input flag:'
flag =raw_input()
if encode(flag)== correct:
print'correct'
else:
print'wrong'
#!/usr/bin/env python
# coding=utf-8
python新手代码练习import base64
correct ='XlNkVmtUI1MgXWBZXCFeKY+AaXNt' correct = base64.b64decode(correct)
def decode(message):
s =''
for i in message:
x=ord(i)-16
x = x ^32
s +=chr(x)
return s
flag = decode(correct)
print(flag)
#nctf{d3c0mpil1n9_PyC}
re12
control ='''
O -1 左
o +1 右
. -1 上
0 +1 下
'''
print(control)
maze =' ******* * **** * **** * *** *# *** *** *** *********'
for i in range(8):
print(maze[8*i:8*i+8])
result =raw_input()
flag =""
for i in result:
if i =='w':
flag +='.'
elif i =='a':
flag +='O'
elif i =='s':
flag +='0'
else:
flag +='o'
#flag = "OO.}"
flag0 ="nctf{"
print(flag0+flag +"}")
输⼊dsddssasssddddwwaa
得到flag nctf{o0oo00O000oooo…OO}
emm,有点坑。。我开头以为是从#号触发反过来⾛,然后错了,⽅向键我是盲猜的,我只能看运⽓,1/2
bool __fastcall sub_400650(_DWORD *a1)
{
int v1;// eax
v1 =(*a1)--;
return v1 >0;
}
bool __fastcall sub_400660(int*a1)
{
int v1;// eax
v1 =*a1 +1;
*a1 = v1;
return v1 <8;
}
sub_400660(&v9 +1)
sub_400680(&v9);
结合这4句,推测存储结构,⼀个__int64 8个字节, 2个字节⼀个分割,所以相当于 0x上下左右
sub_400690(asc_601060,SHIDWORD(v9), v9))
在结合这句,SHIDWORD
#define SHIDWORD(x) (*((int32*)&(x)+1))
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论