[Christmas 2020] REVERSING - lock
by jennysgapChallenge:
분석:
아... 실제 CTF에서 i-(i/param4)*param4 이 부분 때문에 풀지 못한 문제 ㅜㅜ
i/param4 정수를 나눌때는 몫만 가져온다는 걸 놓침i-(i/param4)*param4 이 식은 i%param4로도 표현할 수 있다.
Solve:
value0 = [0x96, 0x19, 0x7, 0x11, 0x99, 0x19, 0x2, 0x11]
value1 = [0xF7, 0x7B, 0x64, 0x75, 0xFC, 0x7F, 0x65, 0x79, 0xFF, 0x73, 0x6C, 0x7D, 0xF4, 0x77, 0x6D, 0x61, 0xE7, 0x6B, 0x74, 0x65, 0xEC, 0x6F, 0x75, 0x69, 0xEF, 0x63, 0x46, 0x53, 0xDA, 0x5D, 0x47, 0x57, 0xD1, 0x51, 0x4E, 0x5B, 0xD2, 0x55, 0x4F, 0x5F, 0xD9, 0x49, 0x56, 0x43, 0xCA, 0x4D, 0x57, 0x47, 0xC1, 0x41, 0x5E, 0x4B, 0xA9, 0x28, 0x30, 0x22, 0xA2, 0x2C, 0x31, 0x26, 0xA1, 0x20]
value2 = [0x69, 0x22, 0x22, 0x38, 0x1F, 0x43, 0x5B, 0x1C, 0x45, 0xE, 0x3C, 0x8, 0x5, 0x5E, 0x30, 0x17, 0x5F, 0x1B, 0x6, 0x19, 0x3B, 0x44, 0x7, 0x17, 0x6E, 0x7, 0x53, 0x1E, 0x17, 0x55, 0x12]
'''
num = 0x8
for i in range(0, 9):
data = i - (i/num) * num # i % num
print(data)
'''
def sub_9fc(param1, param2, param3, param4):
result = ''
for i in range(param2):
result += chr((param1[i] ^ param3[i%param4]) & 0xff)
print(result) # abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
return result
def sub_b30():
param1 = [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]
param2 = sub_9fc(value1, 0x3e, value0, 0x8)
param1[0x6] = ord(param2[0xe])
param1[0x4] = ord(param2[0x3])
param1[0x3] = ord(param2[0xa])
param1[0x7] = ord(param2[0x11])
param1[0x1] = ord(param2[0xe])
param1[0x5] = ord(param2[0x34])
param1[0x0] = ord(param2[0x35])
param1[0x2] = ord(param2[0x2])
print(''.join(chr(x) for x in param1)) # 1ockd0or
result = sub_9fc(value2, 0x1f, param1, len(param1))
return result
sub_b30()
Flag:
XMAS{s4nta_can_enter_the_h0use}
반응형
'BOX' 카테고리의 다른 글
| [Christmas 2020] REVERSING - screw_driver (0) | 2021.01.08 |
|---|---|
| [TetCTF 2021] WEB - mysqlimit (0) | 2021.01.05 |
| [TetCTF 2021] WEB - Super Calc (0) | 2021.01.05 |
| [TetCTF 2021] WEB - HPNY (0) | 2021.01.05 |
| 공개키 암호 방식(RSA) (0) | 2020.12.15 |
블로그의 정보
jennysgap
jennysgap