2025 NSSCTF Round28 RE wp

发表于 阅读次数: 本文字数: 3.1k 阅读时长 ≈ 3 分钟

动态调试

ida打开附件 逻辑很清晰

动态调试

就是对输入的flag跟随机数进行一次异或 起调试根据输入与输出计算一下key 在异或即可

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
enc = [  0xC9, 0xC2, 0xE2, 0x3F, 0xAB, 0xE0, 0xFB, 0x64, 0x33, 0x8E,

  0x5C, 0x2F, 0x38, 0x11, 0x56, 0x11, 0xED, 0x2E, 0x93, 0x55,

  0xFC, 0x24, 0xF4, 0x1D, 0x19, 0x3C, 0xAE, 0x22, 0x18, 0x37,

  0x15, 0xC7, 0x7D, 0x68, 0x28]

input = b'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'

key = []

for i in range(35):

    key.append(enc[i] ^ input[i])

enc1=[0xC6, 0xD0, 0xF0, 0x3D, 0xBE, 0xE7, 0xC1, 0x72, 0x17, 0x83,

  0x7E, 0x01, 0x34, 0x35, 0x48, 0x04, 0x9C, 0x30, 0xA6, 0x7C,

  0xD8, 0x3A, 0xE7, 0x3D, 0x36, 0x19, 0xDF, 0x0E, 0x06, 0x21,

  0x64, 0xF4, 0x50, 0x4D, 0x14]

flag=[]

for i in range(35):

    flag.append(enc1[i] ^ key[i])

    print(chr(flag[i]),end='')
#NSSCTF{WeLcoMe_T0_the_Rand0m_W0rld}

来做算术题叭

有upx壳 脱掉
未命名

ida打开附件
加密是先+5在跟后一位异或
来做算术题叭

直接写逆向脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
enc = [0x0B, 0x00, 0x10, 0x11, 0x12, 0xCB, 0xC7, 0x21, 0x1E, 0x16,

  0x06, 0x0C, 0x51, 0x40, 0x1F, 0x1D, 0x11, 0x1F, 0x17, 0x5B,

  0x46, 0x0B, 0x1C, 0x22, 0x31, 0x1D, 0x0E, 0x33, 0x3D, 0x0C,

  0x17, 0x00, 0x0F, 0x1A, 0x1C, 0x16, 0x1C, 0x27, 0x24, 0x1B,

  0xE8, 0x82]

for j in range(42 - 2, -1, -1):

      enc[j] ^= enc[j + 1]

for i in range(42):

      enc[i] -= 5

      print(chr(enc[i]), end="")
#NSSCTF{Basic_0perati0ns_Are_Really_simPle}

Ciallo

ida打开附件 逻辑很清晰
Ciallo

加密就是先tea 随后rc4 逆着写解密即可

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
def KSA(key):

    S = list(range(256))

    j = 0

    for i in range(256):

        j = (j + S[i] + key[i % len(key)]) % 256

        S[i], S[j] = S[j], S[i]

    return S

  

def PRGA(S):

    i, j = 0, 0

    while True:

        i = (i + 1) % 256

        j = (j + S[i]) % 256

        S[i], S[j] = S[j], S[i]

        K = S[(S[i] + S[j]) % 256]

        yield K

  

def RC4(key, text):

    S = KSA(key)

    keystream = PRGA(S)

    return bytes([char ^ next(keystream) for char in text])

  

key = b'harukaze'

plaintext = b'\x9c\x83\x85V\xab\xa4\xf1"\xdeq\x8f\x85\x80&O\xb57lG\x02\xc6`>\x90'

  

flag = RC4(key, plaintext)

#print(flag)

#b'\xc2{K\x0c\x17?\xf2p\x10\x1b2SO\xd9\xe3\xa8\xc4E\x01\xa6(\x0c\xa1\xb9'

  

def tea_decrypt_block(block, key):

    v0 = int.from_bytes(block[:4], 'little')

    v1 = int.from_bytes(block[4:8], 'little')

    delta = 0x61C88647

    sum_val = (-delta * 32) & 0xFFFFFFFF

  

    for _ in range(32):

        term1 = (key[2] + ((v0 << 4) & 0xFFFFFFFF)) & 0xFFFFFFFF

        term2 = (key[3] + (v0 >> 5)) & 0xFFFFFFFF

        delta_v1 = ((v0 + sum_val) ^ term1 ^ term2) & 0xFFFFFFFF

        v1 = (v1 - delta_v1) & 0xFFFFFFFF

  

        term1 = (key[0] + ((v1 << 4) & 0xFFFFFFFF)) & 0xFFFFFFFF

        term2 = (key[1] + (v1 >> 5)) & 0xFFFFFFFF

        delta_v0 = ((v1 + sum_val) ^ term1 ^ term2) & 0xFFFFFFFF

        v0 = (v0 - delta_v0) & 0xFFFFFFFF

  

        sum_val = (sum_val + delta) & 0xFFFFFFFF

  

    return v0.to_bytes(4, 'little') + v1.to_bytes(4, 'little')

  

def decrypt_data(ciphertext, key):

    plaintext = bytearray()

    for i in range(0, len(ciphertext), 8):

        block = ciphertext[i:i+8]

        decrypted_block = tea_decrypt_block(block, key)

        plaintext.extend(decrypted_block)

    return bytes(plaintext)

  

key = [0x12345678, 0x9ABCDEF0, 0x2468ACE0, 0xF13579B3]

ciphertext = b'\xc2{K\x0c\x17?\xf2p\x10\x1b2SO\xd9\xe3\xa8\xc4E\x01\xa6(\x0c\xa1\xb9'

  
  

plaintext = decrypt_data(ciphertext, key)

print(plaintext)

#b'NSSCTF{Harukaze_l0ve_r3}'