2023网信柏鹭杯

Reverse

imm

关键函数sub_415190

char __fastcall sub_415190(const char *s)
{
    int v1; // ebp
    unsigned int v3; // esi
    unsigned int v4; // edi
    char v5; // al
    unsigned int v6; // ecx
    char *v7; // ecx
    char *v8; // edx
    unsigned int v9; // esi
    bool v14; // cf
    char v16[32]; // [esp-B0h] [ebp-BCh]
    char v18[4]; // [esp-84h] [ebp-90h] BYREF
    char v19[32]; // [esp-80h] [ebp-8Ch] BYREF
    int v20; // [esp-60h] [ebp-6Ch]
    int v21; // [esp-5Ch] [ebp-68h]
    int v22; // [esp-58h] [ebp-64h]
    int v23; // [esp-54h] [ebp-60h]
    int v24; // [esp-50h] [ebp-5Ch]
    int v25; // [esp-4Ch] [ebp-58h]
    int v26; // [esp-48h] [ebp-54h]
    int v27; // [esp-44h] [ebp-50h]
    char v28[32]; // [esp-40h] [ebp-4Ch]
    char v29[32]; // [esp-20h] [ebp-2Ch] BYREF
    _DWORD v30[3]; // [esp+0h] [ebp-Ch] BYREF
    void *retaddr; // [esp+Ch] [ebp+0h]

    v30[0] = v1;
    v30[1] = retaddr;
    _EBP = v30;
    *(_OWORD *)v16 = 0i64;
    *(_OWORD *)&v16[16] = 0i64;
    *(_OWORD *)v29 = 0i64;
    *(_OWORD *)&v29[16] = 0i64;
    *(_DWORD *)v19 = -1;
    *(_DWORD *)&v19[4] = -1;
    *(_DWORD *)&v19[8] = -1;
    *(_DWORD *)&v19[12] = -1;
    *(_DWORD *)&v19[16] = -1;
    *(_DWORD *)&v19[20] = -1;
    *(_DWORD *)&v19[24] = -1;
    *(_DWORD *)&v19[28] = -1;
    v3 = strlen(s);
    if ( v3 <= 0x40 )
    {
        v4 = 0;
        for ( *(_DWORD *)v18 = 0; v4 < v3; v16[v6] = v5 )
        {
            v18[0] = s[v4];
            v18[1] = s[v4 + 1];
            v5 = strtol(v18, 0, 16);
            v6 = v4 >> 1;
            v4 += 2;
        }
    }
    *(_DWORD *)v28 = 0x765EEBCD;
    v7 = v29;
    *(_DWORD *)&v28[4] = 0x31AF220F;
    v8 = v19;
    *(_DWORD *)&v28[8] = 0xEF3C9282;
    v9 = 28;
    *(_DWORD *)&v28[12] = 0x676C1B8;
    *(_DWORD *)&v28[16] = 0x7DB52F18;
    *(_DWORD *)&v28[20] = 0x85EA0A7F;
    *(_DWORD *)&v28[24] = 0xA3890092;
    *(_DWORD *)&v28[28] = 0x32E7E22C;
    __asm
    {
        vmovdqu ymm0, ymmword ptr [ebp-40h]
            vpxor   ymm0, ymm0, ymmword ptr [ebp-0B0h]
        }
    v20 = 0xE06070A;
    v21 = 0xD030B02;
    v22 = 0x5000901;
    v23 = 0xC080F04;
    v24 = 0x1F17181B;
    v25 = 0x13121E14;
    v26 = 0x1C161D15;
    v27 = 0x1A191011;
    __asm { vpshufb ymm0, ymm0, ymmword ptr [ebp-60h] }
    *(_DWORD *)v29 = 0xE899915F;
    *(_DWORD *)&v29[4] = 0x92B0D04E;
    *(_DWORD *)&v29[8] = 0xF44F3CB1;
    *(_DWORD *)&v29[12] = 0x12DA7617;
    *(_DWORD *)&v29[16] = 0x1501352A;
    *(_DWORD *)&v29[20] = 0x195E97F9;
    *(_DWORD *)&v29[24] = 0x9915C29D;
    *(_DWORD *)&v29[28] = 0xCC9F7D70;
    __asm
    {
        vpcmpeqb ymm0, ymm0, ymmword ptr [ebp-20h]
            vmovdqu ymmword ptr [ebp-20h], ymm0
            vzeroupper
        }
    while ( *(_DWORD *)v7 == *(_DWORD *)v8 )
    {
        v7 += 4;
        v8 += 4;
        v14 = v9 < 4;
        v9 -= 4;
        if ( v14 )
            return 1;
    }
    return 0;
}

手动识别sha1,然后有个xor,乱序,提取反过来

msg = [0xCD, 0xEB, 0x5E, 0x76, 0x0F, 0x22, 0xAF, 0x31, 0x82, 0x92,
       0x3C, 0xEF, 0xB8, 0xC1, 0x76, 0x06, 0x18, 0x2F, 0xB5, 0x7D,
       0x7F, 0x0A, 0xEA, 0x85, 0x92, 0x00, 0x89, 0xA3, 0x2C, 0xE2,
       0xE7, 0x32]
index_ = [0x0A, 0x07, 0x06, 0x0E, 0x02, 0x0B, 0x03, 0x0D, 0x01, 0x09,
          0x00, 0x05, 0x04, 0x0F, 0x08, 0x0C, 0x1B, 0x18, 0x17, 0x1F,
          0x14, 0x1E, 0x12, 0x13, 0x15, 0x1D, 0x16, 0x1C, 0x11, 0x10,
          0x19, 0x1A]
des = [0x5F, 0x91, 0x99, 0xE8, 0x4E, 0xD0, 0xB0, 0x92, 0xB1, 0x3C,
       0x4F, 0xF4, 0x17, 0x76, 0xDA, 0x12, 0x2A, 0x35, 0x01, 0x15,
       0xF9, 0x97, 0x5E, 0x19, 0x9D, 0xC2, 0x15, 0x99, 0x70, 0x7D,
       0x9F, 0xCC]
des2 = []
for i in range(32):
    des2.append(des[index_[i]])

for i in des2:
    print(hex(i)[2:].upper(), end='')

des3 = []
for i in range(32):
    des3.append(des[index_.index(i)])

print()

for i in des3:
    print(hex(i)[2:].upper(), end='')

print()

for i in range(32):
    des3[i] ^= msg[i]

for i in des3:
    print(hex(i)[2:].upper(), end='')

'''
4F92B0DA99F4E876913C5FD04E12B117999D19CCF99F115977D5E70352AC215
4FB14EB017F49991DA3C5FD01292E8767D705E19F99D151359FCC2A99C29715
825A10C618D636A058AE633FAA539E70655FEB648697FF84A79F4589B5207027
 '''

运行程序，输入字符串就可以拿到flag

Input your code: 825A10C618D636A058AE633FAA539E70655FEB648697FF84A79F4589B5207027
Your Flag is: flagfISEC-a49d6b847bdba62c5bfa0a43b69c85753

Crypto

Crypto2

爆破sha1

import hashlib
import string

sha1 = "8c36e4?c1d294?df5bb7a9b?b8bd2d2?f22c1f?9"
dic = string.printable
for i in dic:
    for j in dic:
        for k in dic:
            for l in dic:
                pw = f'i{i}Bgt{j}_Ld{k}s{l}6c9'
                sha11 = hashlib.sha1(pw.encode()).hexdigest()
                if sha11[0:6] == sha1[0:6]:
                    print(pw, sha11)
                  
# idBgtV_Ld{sE6c9 8c36e414229315b89bfb39279fb2591cf474a188
# ifBgtd_LdTs+6c9 8c36e41f5c5c73579aec0cfb5bd99436606768f1
# ihBgtc_LdUs{6c9 8c36e46ea808b38b56c3a676c296226219243353
# ikBgtm_Ld*s46c9 8c36e4a43c55291fd0273356c7259c9fc99fc167
# ilBgt0_Ldzsp6c9 8c36e4eea79d01bdb59b9f15323e652a278eceb0
# ipBgt<_Ld)sa6c9 8c36e4a7ca1e295fb174fe8b215d126a944d4f4d
# iZBgtZ_Ldqs;6c9 8c36e471073904d2ba3e3a66c80899893dbbe27d
# i{Bgt)_Ldxs56c9 8c36e4637aad2cc5b043fa277efcefe3f35f280d
# i}Bgt,_Ld9s96c9 8c36e4c30ba623f0c7c1bcdf6e9073cddb462cc6
# i~Bgto_Ldes     6c9 8c36e463691b8d473455e2914ff623f6e962c7ed
# i~BgtN_Ld@sw6c9 8c36e45c1d2949df5bb7a9bfb8bd2d24f22c1f49

压缩包爆破得到第二层密码ROT47

结合密码对密码解ROT47得到密文

6JnsNxHKJ8mkvhS{rMO_c9apMfHDHObq80PMu{_ww_r{rq

变表vigenere，参考ctf/2017-12-09-seccon-quals/crypto_vigenere at master · p4-team/ctf

def _l(idx, s):
    return s[idx:] + s[:idx]

def encrypt(p, k1, k2):
    s = "abcd07efghij89klmnopqr16stuvwxyz-_{}ABCDEFGHIJKL34MNOPQRST25VWXYZ"
    t = [[_l((i+j) % len(s), s) for j in range(len(s))] for i in range(len(s))]
    i1 = 0
    i2 = 0
    c = ""
    for a in p:
        c += t[s.find(a)][s.find(k1[i1])][s.find(k2[i2])]
        i1 = (i1 + 1) % len(k1)
        i2 = (i2 + 1) % len(k2)
    return c

def decrypt(ct, k1, k2):
    s = "abcd07efghij89klmnopqr16stuvwxyz-_{}ABCDEFGHIJKL34MNOPQRST25VWXYZ"
    t = [[_l((i + j) % len(s), s) for j in range(len(s))] for i in range(len(s))]
    i1 = 0
    i2 = 0
    decrypted = ""
    for a in ct:
        for c in s:
            if t[s.find(c)][s.find(k1[i1])][s.find(k2[i2])] == a:
                decrypted += c
                break
        i1 = (i1 + 1) % len(k1)
        i2 = (i2 + 1) % len(k2)
    return decrypted

def recover_key(known_prefix, ciphertex):
    final_key = ['*'] * 20
    s = "abcd07efghij89klmnopqr16stuvwxyz-_{}ABCDEFGHIJKL34MNOPQRST25VWXYZ"
    for pos in range(10):
        for c in s:
            partial_candidate_key = ['*'] * 20 # 为2的倍数，多次尝试20得到key
            partial_candidate_key[pos] = c
            partial_candidate_key[19 - pos] = c
            key = "".join(partial_candidate_key)
            res = encrypt(known_prefix, key, key[::-1])
            if res[pos] == ciphertex[pos]:
                final_key[pos] = c
                final_key[19 - pos] = c
                print("".join(final_key))
    return "".join(final_key)

known = 'flag{ISEC-'
cipher = '6JnsNxHKJ8mkvhS{rMO_c9apMfHDHObq80PMu{_ww_r{rq'
key = "glFgFtudARRAdutFgFlg"

print(recover_key(known,cipher))
print(decrypt(cipher,key[::-1],key))

Crypto1

--/---/.-./..././..--.-/-.-./---/-.././..--.-/..-./..-/-./-./-.--
解摩斯转小写
morse_code_funny

连分数展开得到num1和num2，然后常规解rsa

# sage

data3 = 1.23389923415003373900567515471436168841941584796842188964423737295914869304653496800649965063081353720701415762591488370228399019899893688681309320356016722276295236528757306976510687729729934668311830828756908988350841843676900575414367123810470585198055372776278588638204471298838884740198056387082949710435502826460830711429956

c = continued_fraction(data3)

alist = c.convergents()

for i in alist:
    a = str(i).split('/')
    if len(a)>1 and gcd(int(a[0]),int(a[1])) == 1 and is_prime(int(a[0])) and is_prime(int(a[1])) and int(a[0]).bit_length()==512 and int(a[1]).bit_length()==512:
        print(a)

# ['11167377337790397338811417806698264734026040696284907854286100186126887838302430726803014418419121360514985339992064951270502853852777225947659429837569693', '9050477566333038464101590216458863799039754468566791821195736389139213194857548339787600682491327798736538059818887575696704421576721592454156775006222517']

n12=[11167377337790397338811417806698264734026040696284907854286100186126887838302430726803014418419121360514985339992064951270502853852777225947659429837569693, 9050477566333038464101590216458863799039754468566791821195736389139213194857548339787600682491327798736538059818887575696704421576721592454156775006222517]

leak = 23213363443983005040318061737977092634638640953366787443691593387275645092922646169818923792205696350020369122807136306157118385984272980615310163206933078119776935167207473544453080959202803743994251355133953187110546017667004996272367137522351606700447920805532616096125523674597551449412004735397779511371

PHI = (n12[0]-1)*(n12[1]-1)
p_qd = pow(n12[0],-1,PHI)
p_q = pow(leak,p_qd,n12[0]*n12[1])
print(p_q)

var("p,q")

ct = 31011170589632318837149853165664224847925206003567781692767655474759523146503572164952138829336342836023903919700264739071138739105931471740973631326608186969523753119546323993892359278563753903149741128282349467136720827132122619177620866305659196267641453819504766216964516467658995724859657544518337771393
N = 61860727516406742636690805639158184396057779906729165734489212939937929906456706343476469874085504076991779041906401043694401076841639925611957258119417559980829238154105119701407722069260962772947894516879731956778127512764229384957918619863998939985369399189275568362193066167855420897196095587732512368673

res = solve([N-p*q,p-q-p_q],[p,q],solution_dict=True)
print(res)

print(res[0][p])
print(res[0][q])
p = res[0][p]
q = res[0][q]

d = pow(65537,-1,(p-1)*(q-1))
m = pow(ct,d,N)
mm = m - n12[1]
print(bytes.fromhex(hex(mm)[2:]))