REVERSE-PRACTICE-CTFSHOW-7

  • 签层饼
  • Tea_tube_pot
  • easy
  • 贪吃蛇的秘密

签层饼

32位exe,ida打开
main函数中,输入两个大于0的数字,如果flag_num为0,则将两个输入作为flag的一部分,打印flag

选中input_1按x查找交叉引用,发现一条由input_1参与的cmp指令

跟进过去,判断input_1==input_2^333509是否成立,一般来说这种判断都需要成立才行

再对input_2查找交叉引用,同样发现一条由input_2参与的cmp指令

跟进过去,判断input_2<=881778^666是否成立,同样一般来说这种判断都需要成立才行

由于对input_2的判断是个不等式,而对input_1的判断是个和input_2相关的等式
我们从大到小爆破一下input_2,让input_1=input_2^333509
两个数字都正确即可得到flag

from itertools import *
import subprocess
for in_2 in range(882408,0,-1):in_1=in_2^333509p = subprocess.Popen(["D:\\ctfdownloadfiles\\re.exe"], stdin=subprocess.PIPE, stdout=subprocess.PIPE,stderr=subprocess.PIPE)p.stdin.write(str(in_1)+"\n"+str(in_2))p.stdin.close()out = p.stdout.read()p.stdout.close()if "yeah!" in out:print(out)exit()
# Hello!Welcome to ctfshow,You need to input two numbers
# number1:
# number2:yeah!Your flag:ctfshow{c52e1e1a335489030e882402c}

Tea_tube_pot

64位elf,ida打开
main函数中提示flag由三部分组成
sub_C11函数,TEA加密

#include <stdio.h>
#include <stdint.h>
//加密函数
void encrypt(uint32_t* v, uint32_t* k) {uint32_t v0 = v[0], v1 = v[1], sum = 0, i;           /* set up */uint32_t delta = 0x9e3779b9;                     /* a key schedule constant */uint32_t k0 = k[0], k1 = k[1], k2 = k[2], k3 = k[3];   /* cache key */for (i = 0; i < 32; i++) {                       /* basic cycle start */sum += delta;v0 += ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1);v1 += ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3);}                                              /* end cycle */v[0] = v0; v[1] = v1;
}
//解密函数
void decrypt(uint32_t* v, uint32_t* k) {uint32_t v0 = v[0], v1 = v[1], sum = 0xC6EF3720, i;  /* set up */uint32_t delta = 0x9e3779b9;                     /* a key schedule constant */uint32_t k0 = k[0], k1 = k[1], k2 = k[2], k3 = k[3];   /* cache key */for (i = 0; i<32; i++) {                         /* basic cycle start */v1 -= ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3);v0 -= ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1);sum -= delta;}                                              /* end cycle */v[0] = v0; v[1] = v1;
}int main()
{uint32_t v[2] = { 0x5FD744F6,0x95832046 }, k[4] = { 0x73696854, 0x5F73695F, 0x74616574, 0x21656275 };int n = sizeof(v) / sizeof(uint32_t);decrypt(v, k);for (int i = 0; i < n; i++){for (int j = 0; j < 4; j++){printf("%c", (v[i] >> (j * 8)) & 0xFF);}}printf("\n");return 0;
}
//T1nyENCr

sub_CA5函数,XTEA加密

#include <stdio.h>
#include <stdint.h>/* take 64 bits of data in v[0] and v[1] and 128 bits of key[0] - key[3] */
void encipher(unsigned int num_rounds, uint32_t v[2], uint32_t const key[4]) {unsigned int i;uint32_t v0 = v[0], v1 = v[1], sum = 0, delta = 0x9E3779B9;for (i = 0; i < num_rounds; i++) {v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);sum += delta;v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum >> 11) & 3]);}v[0] = v0; v[1] = v1;
}void decipher(unsigned int num_rounds, uint32_t v[2], uint32_t const key[4]) {unsigned int i;uint32_t v0 = v[0], v1 = v[1], delta = 0x9E3779B9, sum = delta*num_rounds;for (i = 0; i < num_rounds; i++) {v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum >> 11) & 3]);sum -= delta;v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);}v[0] = v0; v[1] = v1;
}int main()
{uint32_t v[2] = { 0xFD731313,0x6662CB90};uint32_t const k[4] = { 0x73696854, 0x5F73695F, 0x74616574, 0x21656275 };int n = sizeof(v) / sizeof(uint32_t);unsigned int r = 32;decipher(r, v, k);for (int i = 0; i < n; i++){for (int j = 0; j < 4; j++){printf("%c", (v[i] >> (j * 8)) & 0xFF);}}printf("\n");return 0;
}
//yPti0nA1

sub_D45函数,XXTEA加密

#include <stdio.h>
#include <stdint.h>
#define DELTA 0x9e3779b9
#define MX (((z>>5^y<<2) + (y>>3^z<<4)) ^ ((sum^y) + (key[(p&3)^e] ^ z)))void btea(uint32_t *v, int n, uint32_t const key[4])
{uint32_t y, z, sum;unsigned p, rounds, e;if (n > 1)            /* Coding Part */{rounds = 6 + 52 / n;sum = 0;z = v[n - 1];do{sum += DELTA;e = (sum >> 2) & 3;for (p = 0; p<n - 1; p++){y = v[p + 1];z = v[p] += MX;}y = v[0];z = v[n - 1] += MX;} while (--rounds);}else if (n < -1)      /* Decoding Part */{n = -n;rounds = 6 + 52 / n;sum = rounds*DELTA;y = v[0];do{e = (sum >> 2) & 3;for (p = n - 1; p>0; p--){z = v[p - 1];y = v[p] -= MX;}z = v[n - 1];y = v[0] -= MX;sum -= DELTA;} while (--rounds);}
}int main()
{uint32_t v[2] = {(unsigned int)0x4B136C82, (unsigned int)0x1A6E9613};uint32_t const k[4] = {(unsigned int)0x73696854, (unsigned int)0x5F73695F,(unsigned int)0x74616574, (unsigned int)0x21656275 };int n = sizeof(v) / sizeof(uint32_t);btea(v, -n, k);for (int i = 0; i < n; i++){for (int j = 0; j < 4; j++){printf("%c", (v[i] >> (j * 8)) & 0xFF);}}printf("\n");return 0;
}
//9ori7hM!

运行elf,输入三段明文,拼接后即为flag

easy

32位exe,ida打开,main函数中,读取输入,长度为20,将输入传入check函数进行验证

进入check函数,将输入中每5个字符为一组,组成4个32位的整型,共4组
然后4个32位的整型转成1个128位的整型,依次存入v11中
从第40行开始,对v11中存储的4个128位的整型进行位运算
最后与已知的dword_532188进行比较

写爆破脚本得到flag

res=[0x1a9,0x233,0x179,0x17f,0x1a5,0x2c6,0x137,0x358,0xe1,0x305,0x3ec,0x153,0x15d,0x247,0x17b,0x201]
arr=[]
for i in range(len(res)):for j in range(0,0xffff):tmp_0=j&0x20tmp_1=~tmp_0tmp_2=j^0x20tmp_3=tmp_1&tmp_2if tmp_3==res[i]:arr.append(j)
table="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_!"
flag=""
i=0
#i=4
#i=8
#i=12
for i0 in table:for i1 in table:for i2 in table:for i3 in table:for i4 in table:tmp_0 = ((ord(i0) << 2 & 0xffffffff) | (ord(i1) >> 6 & 0xffffffff)) & 0xfffffffftmp_1 = (((ord(i1) & 0x3f) << 4 & 0xffffffff) | ((ord(i2) >> 4) & 0xffffffff)) & 0xfffffffftmp_2 = (((ord(i2) & 0xf) << 6 & 0xffffffff) | ((ord(i3) >> 2) & 0xffffffff)) & 0xfffffffftmp_3 = (((ord(i3) & 0x3) << 8 & 0xffffffff) | (ord(i4) & 0xffffffff)) & 0xffffffffif tmp_0==arr[i] and tmp_1==arr[i+1] and tmp_2==arr[i+2] and tmp_3==arr[i+3]:flag+=i0+i1+i2+i3+i4print(flag)exit()
# ba5e_and_x0r_1s_fun!

贪吃蛇的秘密

.py文件打包成的exe,用"pyinstxtractor.py"解包
uncompyle6反编译snake1.pyc文件

import pygame, sys, random
SCREEN_X = 700
SCREEN_Y = 700class Snake(object):def __init__(self):self.dirction = pygame.K_RIGHTself.body = []for x in range(5):self.addnode()def addnode(self):left, top = (0, 0)if self.body:left, top = self.body[0].left, self.body[0].topelse:node = pygame.Rect(left, top, 20, 20)if self.dirction == pygame.K_LEFT:node.left -= 20else:if self.dirction == pygame.K_RIGHT:node.left += 20else:if self.dirction == pygame.K_UP:node.top -= 20else:if self.dirction == pygame.K_DOWN:node.top += 20self.body.insert(0, node)def delnode(self):self.body.pop()def isdead(self):if self.body[0].x not in range(SCREEN_X):return Trueif self.body[0].y not in range(SCREEN_Y):return Trueif self.body[0] in self.body[1:]:return Truereturn Falsedef move(self):self.addnode()self.delnode()def changedirection(self, curkey):LR = [pygame.K_LEFT, pygame.K_RIGHT]UD = [pygame.K_UP, pygame.K_DOWN]if curkey in LR + UD:if curkey in LR:if self.dirction in LR:returnif curkey in UD:if self.dirction in UD:returnself.dirction = curkeyclass Food:def __init__(self):self.rect = pygame.Rect(-20, 0, 20, 20)def remove(self):self.rect.x = -20def set(self):if self.rect.x == -20:allpos = [(100, 540), (200, 200), (500, 160), (360, 400), (280, 300), (500, 300), (360, 160), (420, 360), (160, 320), (420, 300), (320, 200), (540, 440), (360, 120), (100, 220), (380, 100), (440, 140), (40, 440), (100, 300), (480, 140), (420, 480), (460, 520), (280, 380), (600, 260), (440, 320), (480, 400), (40, 540), (440, 300), (440, 80), (400, 40), (300, 580), (540, 400), (180, 320), (80, 340), (40, 520), (340, 140), (160, 540), (260, 300), (480, 380), (280, 60), (40, 480), (340, 40), (260, 220), (440, 500), (380, 40), (80, 360), (340, 280), (480, 80), (200, 340), (240, 300), (600, 120), (120, 40), (520, 80), (480, 520), (100, 100), (320, 560), (100, 80), (260, 580), (40, 400), (540, 560), (440, 380), (220, 600), (40, 420), (260, 420), (560, 160), (140, 600), (80, 240), (580, 460), (40, 60), (360, 560), (80, 40), (600, 200), (140, 440), (520, 440), (440, 480), (280, 160), (100, 420), (520, 220), (80, 160), (600, 140), (120, 220), (500, 320), (400, 560), (440, 100), (140, 480), (240, 220), (220, 200), (120, 520), (340, 200), (180, 240), (40, 240), (500, 540), (60, 480), (40, 580), (100, 120), (440, 440), (460, 300), (480, 560), (540, 300), (320, 300), (240, 380), (480, 300), (140, 280), (180, 300), (540, 480), (600, 160), (460, 220), (240, 180), (120, 400), (200, 220), (380, 240), (380, 560), (540, 160), (320, 380), (160, 200), (80, 380), (200, 520), (440, 580), (360, 260), (40, 160), (480, 160), (440, 520), (580, 420), (280, 260), (540, 120), (80, 260), (400, 300), (600, 220), (160, 120), (240, 100), (240, 40), (580, 560), (200, 560), (100, 340), (40, 360), (120, 120), (80, 100), (260, 520), (200, 180), (480, 260), (420, 80), (600, 100), (160, 600), (560, 300), (220, 100), (500, 220), (360, 420), (580, 580), (540, 100), (600, 40), (260, 320), (200, 160), (440, 120), (480, 120), (260, 280), (220, 560), (520, 300), (560, 100), (140, 400), (40, 380), (300, 420), (420, 600), (40, 100), (420, 540), (440, 240), (280, 520), (40, 560), (260, 480), (520, 260), (200, 60), (480, 420), (80, 440), (360, 440), (340, 80), (580, 200), (520, 40), (320, 260), (160, 240), (600, 300), (40, 280), (360, 600), (360, 320), (200, 360), (80, 200), (600, 460), (280, 200), (560, 80), (340, 580), (200, 540), (220, 340), (200, 140), (120, 360), (140, 160), (300, 460), (220, 280), (520, 460), (40, 340), (220, 300), (100, 480), (340, 260), (400, 460), (540, 500), (320, 240), (340, 360), (340, 600), (520, 600), (100, 400), (80, 600), (280, 460), (160, 280), (320, 340), (280, 220), (320, 440), (120, 340), (320, 280), (300, 180), (440, 360), (160, 400), (300, 400), (160, 100), (260, 540), (240, 360), (320, 420), (360, 520), (300, 380), (500, 200), (100, 560), (520, 100), (120, 320), (120, 240), (100, 40), (340, 340), (440, 260), (160, 480), (80, 120), (380, 440), (560, 120), (360, 360), (120, 200), (360, 500), (140, 40), (340, 520), (200, 80), (300, 500), (400, 420), (120, 560), (580, 380), (520, 500), (520, 560), (560, 380), (200, 300), (220, 60), (260, 200), (520, 380), (60, 340), (100, 280), (580, 260), (180, 380), (380, 60), (540, 600), (540, 40), (340, 480), (460, 380), (600, 80), (260, 600), (500, 580), (440, 180), (200, 460), (540, 80), (300, 60), (340, 100), (460, 240), (540, 380), (400, 340), (340, 240), (360, 40), (220, 420), (580, 220), (40, 600), (560, 200), (120, 600), (100, 520), (400, 200), (580, 160), (100, 600), (500, 520), (460, 420), (80, 520), (380, 500), (80, 480), (60, 220), (500, 380), (200, 260), (500, 280), (100, 360), (600, 380), (300, 540), (240, 520), (40, 140), (420, 280), (320, 160), (40, 120), (440, 160), (160, 60), (540, 340), (360, 180), (520, 420), (260, 240), (520, 120), (100, 160), (120, 540), (560, 40), (520, 520), (540, 220), (380, 580), (140, 260), (580, 360), (420, 100), (340, 440), (440, 460), (600, 420), (240, 160), (260, 440), (80, 540), (60, 160), (520, 480), (500, 600), (500, 240), (400, 120), (400, 160), (440, 40), (160, 440), (160, 500), (320, 60), (240, 260), (320, 600), (80, 560), (340, 460), (360, 540), (160, 160), (500, 440), (360, 80), (380, 220), (540, 280), (380, 320), (520, 160), (160, 80), (340, 220), (240, 240), (160, 40), (480, 220), (60, 600), (160, 140), (220, 480), (320, 480), (120, 100), (80, 300), (40, 80), (320, 400), (200, 40), (480, 340), (340, 500), (480, 480), (420, 500), (420, 380), (480, 200), (120, 480), (160, 560), (480, 320), (320, 120), (240, 140), (280, 180), (280, 320), (400, 240), (120, 440), (460, 440), (560, 360), (400, 360), (320, 220), (300, 300), (160, 580), (40, 300), (420, 340), (280, 120), (40, 500), (400, 140), (460, 560), (320, 580), (220, 120), (160, 520), (480, 440), (420, 60), (300, 320), (120, 160), (340, 60), (80, 80), (120, 80), (40, 40), (540, 260), (120, 260), (100, 200), (460, 200), (320, 500), (380, 420), (200, 380), (300, 600), (320, 80), (580, 40), (160, 360), (260, 460), (540, 580), (260, 120), (560, 520), (500, 40), (540, 420), (600, 60), (220, 460), (480, 100), (180, 360), (460, 600), (400, 600), (300, 140), (500, 560), (480, 40), (220, 80), (60, 40), (440, 400), (480, 60), (440, 420), (560, 400)]random.shuffle(allpos)self.rect.left, self.rect.top = random.choice(allpos)def show_text(screen, pos, text, color, font_bold=False, font_size=30, font_italic=False):cur_font = pygame.font.SysFont('宋体', font_size)cur_font.set_bold(font_bold)cur_font.set_italic(font_italic)text_fmt = cur_font.render(text, 1, color)screen.blit(text_fmt, pos)def main():pygame.init()screen_size = (SCREEN_X, SCREEN_Y)screen = pygame.display.set_mode(screen_size)pygame.display.set_caption('Snake')clock = pygame.time.Clock()scores = 0isdead = Falsesnake = Snake()food = Food()while True:for event in pygame.event.get():if event.type == pygame.QUIT:sys.exit()if event.type == pygame.KEYDOWN:snake.changedirection(event.key)if event.key == pygame.K_SPACE and isdead:return main()screen.fill((205, 205, 205))if not isdead:snake.move()for rect in snake.body:pygame.draw.rect(screen, (20, 220, 39), rect, 0)isdead = snake.isdead()if isdead:show_text(screen, (100, 200), 'YOU DEAD!', (227, 29, 18), False, 100)show_text(screen, (150, 260), 'press space to try again...', (0, 0, 22), False, 30)if food.rect == snake.body[0]:scores += 100food.remove()snake.addnode()food.set()pygame.draw.rect(screen, (136, 0, 21), food.rect, 0)show_text(screen, (50, 600), 'Scores: ' + str(scores), (223, 0, 0))if scores > 1000:show_text(screen, (450, 650), 'Try to get 10000 points', (223, 223, 223))if scores >= 10000:show_text(screen, (100, 670), 'wtf,you really got 10000 points?check the source code', (223,223,223))pygame.display.update()clock.tick(10)if __name__ == '__main__':main()

一个贪吃蛇游戏,根据提示2,“注意看下蛇吃的究竟是个啥,pos”
将所有食物会出现的位置画成一张二维图像

import matplotlib.pyplot as plt
ax=plt.axes()
plt.figure(figsize=(100,100))
allpos = [(100, 540), (200, 200), (500, 160), (360, 400), (280, 300), (500, 300), (360, 160), (420, 360), (160, 320), (420, 300), (320, 200), (540, 440), (360, 120), (100, 220), (380, 100), (440, 140), (40, 440), (100, 300), (480, 140), (420, 480), (460, 520), (280, 380), (600, 260), (440, 320), (480, 400), (40, 540), (440, 300), (440, 80), (400, 40), (300, 580), (540, 400), (180, 320), (80, 340), (40, 520), (340, 140), (160, 540), (260, 300), (480, 380), (280, 60), (40, 480), (340, 40), (260, 220), (440, 500), (380, 40), (80, 360), (340, 280), (480, 80), (200, 340), (240, 300), (600, 120), (120, 40), (520, 80), (480, 520), (100, 100), (320, 560), (100, 80), (260, 580), (40, 400), (540, 560), (440, 380), (220, 600), (40, 420), (260, 420), (560, 160), (140, 600), (80, 240), (580, 460), (40, 60), (360, 560), (80, 40), (600, 200), (140, 440), (520, 440), (440, 480), (280, 160), (100, 420), (520, 220), (80, 160), (600, 140), (120, 220), (500, 320), (400, 560), (440, 100), (140, 480), (240, 220), (220, 200), (120, 520), (340, 200), (180, 240), (40, 240), (500, 540), (60, 480), (40, 580), (100, 120), (440, 440), (460, 300), (480, 560), (540, 300), (320, 300), (240, 380), (480, 300), (140, 280), (180, 300), (540, 480), (600, 160), (460, 220), (240, 180), (120, 400), (200, 220), (380, 240), (380, 560), (540, 160), (320, 380), (160, 200), (80, 380), (200, 520), (440, 580), (360, 260), (40, 160), (480, 160), (440, 520), (580, 420), (280, 260), (540, 120), (80, 260), (400, 300), (600, 220), (160, 120), (240, 100), (240, 40), (580, 560), (200, 560), (100, 340), (40, 360), (120, 120), (80, 100), (260, 520), (200, 180), (480, 260), (420, 80), (600, 100), (160, 600), (560, 300), (220, 100), (500, 220), (360, 420), (580, 580), (540, 100), (600, 40), (260, 320), (200, 160), (440, 120), (480, 120), (260, 280), (220, 560), (520, 300), (560, 100), (140, 400), (40, 380), (300, 420), (420, 600), (40, 100), (420, 540), (440, 240), (280, 520), (40, 560), (260, 480), (520, 260), (200, 60), (480, 420), (80, 440), (360, 440), (340, 80), (580, 200), (520, 40), (320, 260), (160, 240), (600, 300), (40, 280), (360, 600), (360, 320), (200, 360), (80, 200), (600, 460), (280, 200), (560, 80), (340, 580), (200, 540), (220, 340), (200, 140), (120, 360), (140, 160), (300, 460), (220, 280), (520, 460), (40, 340), (220, 300), (100, 480), (340, 260), (400, 460), (540, 500), (320, 240), (340, 360), (340, 600), (520, 600), (100, 400), (80, 600), (280, 460), (160, 280), (320, 340), (280, 220), (320, 440), (120, 340), (320, 280), (300, 180), (440, 360), (160, 400), (300, 400), (160, 100), (260, 540), (240, 360), (320, 420), (360, 520), (300, 380), (500, 200), (100, 560), (520, 100), (120, 320), (120, 240), (100, 40), (340, 340), (440, 260), (160, 480), (80, 120), (380, 440), (560, 120), (360, 360), (120, 200), (360, 500), (140, 40), (340, 520), (200, 80), (300, 500), (400, 420), (120, 560), (580, 380), (520, 500), (520, 560), (560, 380), (200, 300), (220, 60), (260, 200), (520, 380), (60, 340), (100, 280), (580, 260), (180, 380), (380, 60), (540, 600), (540, 40), (340, 480), (460, 380), (600, 80), (260, 600), (500, 580), (440, 180), (200, 460), (540, 80), (300, 60), (340, 100), (460, 240), (540, 380), (400, 340), (340, 240), (360, 40), (220, 420), (580, 220), (40, 600), (560, 200), (120, 600), (100, 520), (400, 200), (580, 160), (100, 600), (500, 520), (460, 420), (80, 520), (380, 500), (80, 480), (60, 220), (500, 380), (200, 260), (500, 280), (100, 360), (600, 380), (300, 540), (240, 520), (40, 140), (420, 280), (320, 160), (40, 120), (440, 160), (160, 60), (540, 340), (360, 180), (520, 420), (260, 240), (520, 120), (100, 160), (120, 540), (560, 40), (520, 520), (540, 220), (380, 580), (140, 260), (580, 360), (420, 100), (340, 440), (440, 460), (600, 420), (240, 160), (260, 440), (80, 540), (60, 160), (520, 480), (500, 600), (500, 240), (400, 120), (400, 160), (440, 40), (160, 440), (160, 500), (320, 60), (240, 260), (320, 600), (80, 560), (340, 460), (360, 540), (160, 160), (500, 440), (360, 80), (380, 220), (540, 280), (380, 320), (520, 160), (160, 80), (340, 220), (240, 240), (160, 40), (480, 220), (60, 600), (160, 140), (220, 480), (320, 480), (120, 100), (80, 300), (40, 80), (320, 400), (200, 40), (480, 340), (340, 500), (480, 480), (420, 500), (420, 380), (480, 200), (120, 480), (160, 560), (480, 320), (320, 120), (240, 140), (280, 180), (280, 320), (400, 240), (120, 440), (460, 440), (560, 360), (400, 360), (320, 220), (300, 300), (160, 580), (40, 300), (420, 340), (280, 120), (40, 500), (400, 140), (460, 560), (320, 580), (220, 120), (160, 520), (480, 440), (420, 60), (300, 320), (120, 160), (340, 60), (80, 80), (120, 80), (40, 40), (540, 260), (120, 260), (100, 200), (460, 200), (320, 500), (380, 420), (200, 380), (300, 600), (320, 80), (580, 40), (160, 360), (260, 460), (540, 580), (260, 120), (560, 520), (500, 40), (540, 420), (600, 60), (220, 460), (480, 100), (180, 360), (460, 600), (400, 600), (300, 140), (500, 560), (480, 40), (220, 80), (60, 40), (440, 400), (480, 60), (440, 420), (560, 400)]
xline=[i[0] for i in allpos]
yline=[i[1] for i in allpos]
ax.scatter(xline,yline)
plt.show()

画出来的图像是一个二维码,手机离远点可以扫出来,flag{snake_eat_QRcode}

REVERSE-PRACTICE-CTFSHOW-7相关推荐

  1. ctfshow逆向reverse笔记

    re1 逆向签到题 直接ida打开就可以看到flag.可以直接找main函数. flag{7ujm8ikhy6} re2 用ollydebug打开,我的ida不好使了.... 这里是简单的异或 DHm ...

  2. linux内核路由反向检查,反向路径过滤——reverse path filter

    反向路径过滤--reverse path filter 一.原理 先介绍个非对称路由的概念 参考<Understanding Linux Network Internals>三十章, 30 ...

  3. CTFshow sql注入 上篇(web171-220)

    目录 前言 题目 web 171(万能密码) web 172(回显内容过滤,base64或者hex编码绕过) web 173(回显内容过滤,base64或者hex编码绕过) web 174 (布尔盲注 ...

  4. java中Collections常用方法总结(包括sort,copy,reverse等)

    1.sort(Collection)方法的使用(含义:对集合进行排序). 例:对已知集合c进行排序public class Practice {public static void main(Stri ...

  5. A Guide To Reverse Tethering

    By Kevin Pocock on February 04, 2013 Using a mobile device such as a smartphone to act as a hotspot ...

  6. CTFSHOW WEB入门

    ----------信息搜集---------- 源码泄露 查看源码即可 前台JS绕过 直接开发者工具查看源码 当然也可以抓包查看 也可以禁用js查看源码 协议头信息泄露 或者抓一下包也可 robot ...

  7. picoCTF,Reverse Engineering,逆向类,42/55

    picoCTF,Reverse Engineering,42/55 2019 picoCTF 01.vault-door-training,50分 02.vault-door-1,100分 03.va ...

  8. [ctf.show.reverse] 红包六

    下来是个压缩包,解开后一个原码,解码后是notflag,发现压缩包有5k大而解出的java文件只有1k,显然包里还有内容未解出 用010打开包发现有两个EzJar.class文件,手工切出解压 imp ...

  9. ctfshow 月饼杯(第二届) 部分WriteUp

    Misc 杂项签到 右键附件,从链接另存文件.然后用16进制编辑器或者你想用notepad也彳亍看文件尾,有一串base64,解码即可. ctfshow{we1come_to_mooncake_cap ...

  10. CTFSHOW新手杯MISC部分WriteUp

    引文 之前复现了CTFSHOW新人杯的WEB方向部分题目,今天就复现一下MISC为主的题目,可能有些读者不太明白MISC方向是什么意思,简单来说就是"杂项",包括:隐写,压缩包处理 ...

最新文章

  1. 2021年度中国计算机大会的技术论坛,值得一谈
  2. 省市区三级联动 数据精确到乡镇一级
  3. 使用缓冲流有什么好处_使用档案密集柜有什么好处?不看一看会后悔
  4. 如何解决Mac无法写入U盘的问题
  5. python可以做什么工作-学了那么多年python到底可以找什么工作?
  6. iOS底层探索之多线程(五)—GCD不同队列源码分析
  7. GameSalad是html5游戏的搅局者吗?看中国式游戏
  8. 高德地图---行政区划分
  9. Python中统一快速更换变量的名称
  10. 使用vue开源项目vue-framework-wz遇到的问题以及解决方案
  11. 解决百度网盘超过4G限制,
  12. Java.千呼万唤始出来
  13. ImageJ 叠加明场和荧光场图片
  14. 浅谈扫描二维码登录微信网页版与摇一摇传图的实现原理
  15. 在广告文案中的最有诱惑力的十个词
  16. qlabel 详解
  17. SSClone非ARP会话劫持原理分析-ARP原理
  18. 近年创业目睹之怪现状
  19. 岁月的剪影【七月My way】
  20. 使用Advanced Installer为LabVIEW应用(exe)制作升级更新程序(updater)

热门文章

  1. Noip 2014酱油记+简要题解
  2. 关于64位Linux配置android开发环境出现 No such file or directory
  3. __dopostback
  4. LINK : fatal error LNK1104: 无法打开文件“LIBCD.lib”
  5. python 修改图片尺寸_python 批量修改图片大小
  6. 5自适应单页源码_超详细!如何建立一个CPA单页网站,附高转化CPA模板源码
  7. oracle 怎么创建类型,ORACLE—002:Create之创建类型
  8. linux脚本ls输出到变量中,bash – 将命令输出的错误消息存储到shell变量中
  9. redis集群关闭 启动报错_使用虚拟机搭建 Redis 集群,实现数据库的负载均衡功能。...
  10. usb接口多少钱_工控机一般有多少个串口