上海市大学生
PREFACE:比赛的时候在飞机上,题目很一般随手记录一下
# Reverse - 今天天气怎么样?
输入假 flag 做 key,进 smc 里 rc4 出真 flag
enc=[0x66,0x6B,0x63,0x64,0x7F,0x63,0x69,0x70,0x57,0x60,0x79,0x54,0x78,0x5B,0x6B,0x50,0x67,0x54,0x73,0x61,0x7C,0x50,0x64,0x48,0x6C,0x56,0x7E,0x46,0x65,0x60] | |
for i in range(len(enc)): | |
if ((i & 1) != 0): | |
enc[i] += i | |
else: | |
enc[i] ^= i | |
key = '' | |
for i in enc: | |
print(chr(i),end='') | |
key += chr(i) | |
class RC4: | |
def __init__(self, key) -> None: | |
self.key = key | |
self.S = 0 | |
self.__rc4_init__() | |
def __rc4_init__(self): | |
S = [i for i in range(256)] | |
j = 0 | |
for i in range(256): | |
j = (j + S[i] + key[i % len(key)]) % 256 | |
S[i], S[j] = S[j], S[i] | |
self.S = S | |
def rc4_encrypt(self, plain) -> list: | |
i = 0 | |
j = 0 | |
cipher = [] | |
for p in plain: | |
i = (i + 1) % 256 | |
j = (j + self.S[i]) % 256 | |
self.S[i], self.S[j] = self.S[j], self.S[i] | |
k = p ^ self.S[(self.S[i] + self.S[j]) % 256] | |
cipher.append(k) | |
return cipher | |
key = [ord(i) for i in key] | |
data = [0x4D,0xD8,0x76,0x2D,0x0C,0x26,0x0C,0x53,0xDA,0xC0,0x17,0x37,0x8C,0xD7,0xF3,0xD9,0xD0,0x46,0x2B,0x15,0x98,0x67,0xF1,0xAD,0xA6,0x0E,0x7C,0x66,0x90,0x7F] | |
rc4 = RC4(key) | |
plain = rc4.rc4_encrypt(data) | |
print() | |
for i in plain: | |
print(chr(i),end = "") |
# Reverse-ezlogin
DES BASE64 直接解
# Reverse-easy_iot
binwalk -e
在 bash 里面直接异或
# stm
合理是 qemu 调,然后异或拿到,晚点试试