爆破还是可以试试的。

这个程序逻辑上非常简单,就俩函数,加密这块全在一个里

signed int __thiscall check(const char *this)
{const char *v1; // esiunsigned int v2; // kr00_4signed int result; // eaxunsigned int v4; // edxchar v5; // alunsigned int v6; // esisigned int v7; // ediint v8; // edxv1 = this;v2 = strlen(this);result = 0;if ( v2 == 20 ){while ( byte_40FD48[result] == (v1[result + 10] ^ 7) ){if ( ++result >= 10 ){v4 = -1;byte_4120C0[0] = *v1;byte_4120D1 = v1[1];byte_4120E2 = v1[2];byte_4120F3 = v1[3];byte_412104 = v1[4];byte_412115 = v1[5];byte_412126 = v1[6];byte_412137 = v1[7];byte_412148 = v1[8];v5 = v1[9];v6 = -1;byte_412159 = v5;v7 = 0;do{v6 = dword_40FD60[2 * (unsigned __int8)(v6 ^ byte_4120C0[v7])] ^ (v6 >> 8);v4 = dword_40FD64[2 * (unsigned __int8)(v4 ^ byte_4120C1[v7])] ^ (v4 >> 8);v7 += 2;}while ( v7 < 256 );v8 = ~v4;if ( ~v6 == 0xBA56C4F9 && v8 == 0xE89BA203 )return 1;break;}}result = 0;}return result;
}

当循环前10次时是拿后10个字符与给定值与7异或然后比较,所以这段很容易出结果

#10-19
key = b'd\'wuh`ufj&'
flag2 = ''.join([chr(i^7) for i in key])
print(flag2)
#c program!

从这可以得到一点信息(猜)未尾不是}所以开头也不是hctf{(这个在主函数里有提示),后来看到网上唯一一个写wp的,猜前4个是hctf然后写了一个运行不了的程序其实是不对的。这个不是纯时间暴力的问题。有点猜的成分。

然后第2个猜的更重要。

第2段加密是把输入的前10个字符放到key1里然后循环256轮将v6和v4进行查key1异或再查key2再异或前3字节。这个过程只能暴力。不过v6和v4分别处理的是偶数和奇数,这个每次只暴力5个字节就行了。

但是给了尾巴后结合名字可以猜到这个应该是 xxxxxx crc program! 也就是猜到后一个字母偶数应该是c。由于暴力范围确实比较大,写程序的时候只写偶数部分,一般这个偶数爆出来了,另一半可以猜!

几个小重点

  1. key2用python从程序里取再打印出来,因为太大了。
  2. v6无符号数右移和有符号数右移是不同的
  3. 由于256轮总是从前向后,每爆一个字符处理所以的n轮,会减少大量的cpu时间。只是不能两组一起暴了。但是可以把程序改一下两个人一起暴。
  4. 同样的机器,c运行一会比python,c,java都快,暴力用c。
#include <stdio.h>
#include <stdlib.h>int main()
{char key1[256] = "So this is a not diffcult problem if you have a very good compute.But if you do not have a good computer.It seems that This problem will take a lot of time.But not thing is impossible.So just try it!!Some times,The thing we seem is not reall [][]()()<><>..";int  key2[512] ={0, 0, 1996959894, 4067132163, 3993919788, 3778769143, 2567524794, 324072436, 124634137, 3348797215, 1886057615, 904991772, 3915621685, 648144872, 2657392035, 3570033899, 249268274, 2329499855, 2044508324, 2024987596, 3772115230, 1809983544, 2547177864, 2575936315, 162941995, 1296289744, 2125561021, 3207089363, 3887607047, 2893594407, 2428444049, 1578318884, 498536548, 274646895, 1789927666, 3795141740, 4089016648, 4049975192, 2227061214, 51262619, 450548861, 3619967088, 1843258603, 632279923, 4107580753, 922689671, 2211677639, 3298075524, 325883990, 2592579488, 1684777152, 1760304291, 4251122042, 2075979607, 2321926636, 2312596564, 335633487, 1562183871, 1661365465, 2943781820, 4195302755, 3156637768, 2366115317, 1313733451, 997073096, 549293790, 1281953886, 3537243613, 3579855332, 3246849577, 2724688242, 871202090, 1006888145, 3878099393, 1258607687, 357341890, 3524101629, 102525238, 2768942443, 4101499445, 901097722, 2858735121, 1119000684, 1477399826, 3686517206, 1264559846, 2898065728, 3107202533, 853044451, 1845379342, 1172266101, 2677391885, 3705015759, 2361733625, 2882616665, 2125378298, 651767980, 820201905, 1373503546, 3263744690, 3369554304, 3520608582, 3218104598, 598981189, 565507253, 4151959214, 1454621731, 85089709, 3485111705, 373468761, 3099436303, 3827903834, 671266974, 3124367742, 1594198024, 1213305469, 3322730930, 1526817161, 2970347812, 2842354314, 795835527, 2107672161, 1483230225, 2412447074, 3244367275, 2627466902, 3060149565, 1861252501, 1994146192, 1098587580, 31158534, 3004210879, 2563907772, 2688576843, 4023717930, 1378610760, 1907459465, 2262928035, 112637215, 1955203488, 2680153253, 1742404180, 3904427059, 2511436119, 2013776290, 3416409459, 251722036, 969524848, 2517215374, 714683780, 3775830040, 3639785095, 2137656763, 205050476, 141376813, 4266873199, 2439277719, 3976438427, 3865271297, 526918040, 1802195444, 1361435347, 476864866, 2739821008, 2238001368, 2954799652, 4066508878, 1114974503, 1812370925, 2529119692, 453092731, 1691668175, 2181625025, 2005155131, 4111451223, 2247081528, 1706088902, 3690758684, 314042704, 697762079, 2344532202, 986182379, 4240017532, 3366744552, 1658658271, 476452099, 366619977, 3993867776, 2362670323, 4250756596, 4224994405, 255256311, 1303535960, 1640403810, 984961486, 2477592673, 2747007092, 2164122517, 3569037538, 1922457750, 1256170817, 2791048317, 1037604311, 1412925310, 2765210733, 1197962378, 3554079995, 3037525897, 1131014506, 3944729517, 879679996, 427051182, 2909243462, 170179418, 3663771856, 4165941337, 1141124467, 746937522, 855842277, 3740196785, 2852801631, 3451792453, 3708648649, 1070968646, 1342533948, 1905808397, 654459306, 2213795598, 3188396048, 2426610938, 3373015174, 1657317369, 1466479909, 3053634322, 544179635, 1147748369, 3110523913, 1463399397, 3462522015, 2773627110, 1591671054, 4215344322, 702138776, 153784257, 2966460450, 444234805, 3352799412, 3893493558, 1504918807, 1021025245, 783551873, 3467647198, 3082640443, 3722505002, 3233442989, 797665321, 3988292384, 2197175160, 2596254646, 1889384571, 62317068, 1674398607, 1957810842, 2443626636, 3939845945, 1164749927, 2647816111, 3070701412, 81470997, 2757221520, 1943803523, 1446797203, 3814918930, 137323447, 2489596804, 4198817972, 225274430, 3910406976, 2053790376, 461344835, 3826175755, 3484808360, 2466906013, 1037989803, 167816743, 781091935, 2097651377, 3705997148, 4027552580, 2460548119, 2265490386, 1623424788, 503444072, 1939049696, 1762050814, 2180517859, 4150417245, 1429367560, 2154129355, 2807687179, 426522225, 3020495871, 1852507879, 1180866812, 4275313526, 410100952, 2312317920, 3927582683, 282753626, 4182430767, 1742555852, 186734380, 4189708143, 3756733383, 2394877945, 763408580, 397917763, 1053836080, 1622183637, 3434856499, 3604390888, 2722870694, 2714866558, 1344288421, 953729732, 1131464017, 1340076626, 2971354706, 3518719985, 1708204729, 2797360999, 2545590714, 1068828381, 2229949006, 1219638859, 1988219213, 3624741850, 680717673, 2936675148, 3673779818, 906185462, 3383336350, 1090812512, 1002577565, 3747672003, 4010310262, 2825379669, 493091189, 829329135, 238226049, 1181335161, 4233660802, 3412177804, 2987750089, 3160834842, 1082061258, 628085408, 1395524158, 1382605366, 2705686845, 3423369109, 1972364758, 3138078467, 2279892693, 570562233, 2494862625, 1426400815, 1725896226, 3317316542, 952904198, 2998733608, 3399985413, 733239954, 3656866545, 1555261956, 731699698, 3268935591, 4283874585, 3050360625, 222117402, 752459403, 510512622, 1541320221, 3959836397, 2607071920, 3280807620, 3965973030, 837199303, 1969922972, 582374963, 40735498, 3504198960, 2617837225, 68661723, 3943577151, 4135334616, 1913087877, 3844915500, 83908371, 390545967, 2512341634, 1230274059, 3803740692, 3141532936, 2075208622, 2825850620, 213261112, 1510247935, 2463272603, 2395924756, 3855990285, 2091215383, 2094854071, 1878366691, 198958881, 2644384480, 2262029012, 3553878443, 4057260610, 565732008, 1759359992, 854102364, 534414190, 3229815391, 2176718541, 340358836, 4139329115, 3861050807, 1873836001, 4117890627, 414664567, 119113024, 2282248934, 1493875044, 4279200368, 2875275879, 1711684554, 3090270611, 285281116, 1247431312, 2405801727, 2660249211, 4167216745, 1828433272, 1634467795, 2141937292, 376229701, 2378227087, 2685067896, 3811616794, 3608007406, 291187481, 1308918612, 34330861, 956543938, 4032846830, 2808555105, 615137029, 3495958263, 3603020806, 1231636301, 3314634738, 1047427035, 939183345, 2932959818, 1776939221, 3654703836, 2609017814, 1088359270, 2295496738, 936918000, 2058945313, 2847714899, 2926798794, 3736837829, 1545135305, 1202900863, 1330124605, 817233897, 3173225534, 3183342108, 4084100981, 3401237130, 17165430, 1404277552, 307568514, 615818150, 3762199681, 3134207493, 888469610, 3453421203, 3332340585, 1423857449, 3587147933, 601450431, 665062302, 3009837614, 2042050490, 3294710456, 2346497209, 1567103746, 2559330125, 711928724, 1793573966, 3020668471, 3190661285, 3272380065, 1279665062, 1510334235, 1595330642, 755167117, 2910671697};int v7=0;for(unsigned char i=0x20;i<0x80;i++){printf("%d %c\n", i,i);key1[0] = i;unsigned int tv6 = -1;for(v7=0;v7<34;v7+=2)tv6 = key2[2 * (unsigned char)(tv6 ^ key1[v7])] ^ (tv6 >> 8);for(unsigned char j=0x20;j<0x80;j++){key1[34] = j;unsigned int yv6 = tv6;for(v7=34;v7<68;v7+=2)yv6 = key2[2 * (unsigned char)(yv6 ^ key1[v7])] ^ (yv6 >> 8);for(unsigned char k=0x20;k<0x80;k++){key1[68] = k;unsigned int uv6 = yv6;for(v7=68;v7<102;v7+=2)uv6 = key2[2 * (unsigned char)(uv6 ^ key1[v7])] ^ (uv6 >> 8);for(unsigned char l=0x20;l<0x80;l++){key1[102] = l;unsigned int iv6 = uv6;for(v7=102;v7<136;v7+=2)iv6 = key2[2 * (unsigned char)(iv6 ^ key1[v7])] ^ (iv6 >> 8);for(unsigned char m=99;m<100;m++){   // crc program!key1[136] = m;unsigned int ov6 = iv6;for(v7=136;v7<0x100;v7+=2)ov6 = key2[2 * (unsigned char)(ov6 ^ key1[v7])] ^ (ov6 >> 8);if(~ov6 == 0xBA56C4F9){printf("%c %c %c %c %c [%d %d %d %d %d]\n",i,j,k,l,m,i,j,k,l,m);return 0;}}}}}}puts("fail");return 0;
}

很快可以暴到结果:

#I? ?s?a?c?c program!
#猜
#It is a crc program!
#hctf{It is a crc program!}

[XCTF-Reverse] 85 HCTF-2015_RE-crc-300相关推荐

  1. Xctf Reverse菜鸟题解之csaw2013reversing2

    Xctf Reverse菜鸟题解之csaw2013reversing2 IDA Pro静态分析 x32dbg动态调试分析 绕过反调试机制 IDA Pro静态分析 x32dbg动态调试分析 绕过反调试机 ...

  2. 寒武纪开盘暴涨350%,市值突破1000亿,85后创始人身家超300亿!千亿盛宴背后隐忧不可忽视!...

    来源:EETOP 7月20日,寒武纪科创板首发上市,发行价每股64.39元,开盘价为250元/股,涨幅288%.最高价更是达到了295元/股,涨幅358%!市值一度突破1000亿人民币,不过随后股民信 ...

  3. 全套CRC校验的算法

    尊重原作者的辛劳,转载只是为了收藏,以后能用得到,文章转载自:https://blog.csdn.net/cp1300/article/details/51443350 uint8_t crc4_it ...

  4. 一.对于crc校验的流程演示说明。

    一.CRC 是循环冗余校验的缩写,全称是 Cyclical Redundancy Check. CRC 的基本原理是发送端根据 CRC 算法,对总线上要传输的原始数据进行计算,得到一个 CRC 校验码 ...

  5. 【个人学习总结】CRC校验原理及实现

    [个人学习总结]CRC校验原理及实现 一.CRC校验原理[理论篇] 1.硬核视频讲解[重点看,非常非常好!!!] 2.基础文章[略看] 3.深入文章!!![代码.查表法有点看不懂,跨越有点大] 理解重 ...

  6. 补间动画 http://www.sunnyos.com/

    版权声明:本文为博主原创文章,未经博主允许不得转载. http://www.360doc.com/content/16/0322/07/31855033_544211806.shtml Tween动画 ...

  7. python和php合成,Python照片合成的方法详解

    [相关学习推荐:python教程] 文章目录前言 Github 效果 实现过程 整体代码 前言 看电影的时候发现一个照片墙的功能,觉得这样生成照片挺好玩的,于是就动手用Python做了一下,觉得用来作 ...

  8. 遗传算法求解装箱问题c语言,装箱或背包问题? (或者遗传算法解决)

    共有三个箱子分别容量为200.500.1000 ;物品有四个重量分别为150.200.300.800; 要求一次装箱把所有物品装完.箱子可以有空的,请问一共有多少种算法? 输出例子: 第一种装箱 :  ...

  9. pythontkinter图片_Python tkinter实现图片标注功能(完整代码)

    .tkinter tkinter是Python下面向tk的图形界面接口库,可以方便地进行图形界面设计和交互操作编程.tkinter的优点是简单易用.与Python的结合度好.tkinter在Pytho ...

  10. 叠片过滤器和叠片式过滤器以及盘式过滤器的区别介绍

    叠片过滤器和叠片式过滤器以及盘式过滤器的区别介绍: 叠片过滤器3寸4单元产品概述 3寸叠片式过滤芯是由一组两面带沟槽的盘片组成,沟槽棱边形成的交叉点可以把水中固体物截留,由于同时具有了表面拦截和深度凝 ...

最新文章

  1. C# Unity编程终极指南
  2. 李彦宏候选中国工程院院士
  3. Web服务器安全设置
  4. sh密码登录mysql_Shell下实现免密码快速登陆MySQL数据库的方法
  5. 电脑技巧:键盘上ESC按键的使用小技巧,你都知道吗?
  6. C# WinForm 中Label自动换行 解决方法
  7. 论文浅尝 | 一个模型解决所有问题:实体和事件的神经联合模型
  8. java九九成表发_用EXCEL可多种办法生成99乘法表
  9. Delphi 鼠标移动
  10. 关于跨团队合作的一些思考
  11. 问题:IndentationError: unindent does not match any outer indentation level
  12. matlibplot之条形图
  13. BT401蓝牙模块KT1025A蓝牙芯片用户修改BLE的广播包数据的说明以及方法
  14. 直播电商平台开发,点击让窗口抖动动画效果
  15. 关于在线银行卡支付限额问题 解决方案
  16. win10弹出计算机的内存不足,Win10系统提示“计算机内存不足”的解决方法
  17. 江苏省政府参事徐惠民莅临聚合数据走访指导
  18. Buty Adidas Alphabounce Engineered Polska uwolnienie
  19. 转专业申请加拿大计算机硕士,【2015】多伦多大学:转专业、低GPA,一切不再是问题!...
  20. 20200213ubuntu20.04下的笔记本USB摄像头的相关资料

热门文章

  1. RK3399在android12中三屏显示及声音调试
  2. python股票分析系列_Python股票分析系列——基础股票数据操作(二).p4
  3. switch日文键盘打中文_Switch怪猎崛起防具演示|天穗之咲稻姬Switch版预购销量是PS4版的两倍...
  4. 使用Jetty服务器和Axis2框架技术发布Webservice接口
  5. 桌面快捷方式图标变成空白解决方案
  6. 删除ppt文件内所有同一位置的内容
  7. 大连东软信息学院软件测试技术课程题库,自动化测试复习(大连东软信息学院整理版)...
  8. 魔兽争霸3地图(WarIII Maps):神魔之战
  9. 感受JavaOne: 昔日风光何在?
  10. 学习笔记四:HMM(隐马尔科夫模型)