wp-ukfc

其他方向的队友去隔壁打icpc了，象征性发一下

web

ezrce

Misc

管道

re

我的upx -d怎么坏了

手动脱壳dump程序
迷宫题
迷宫生成

s = [0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A,0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x53, 0x30, 0x30, 0x30,0x2A, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x2A, 0x2A,0x2A, 0x30, 0x2A, 0x2A, 0x30, 0x30, 0x30, 0x2A, 0x2A, 0x2A,0x2A, 0x2A, 0x30, 0x2A, 0x2A, 0x2A, 0x30, 0x2A, 0x30, 0x30,0x2A, 0x30, 0x2A, 0x30, 0x30, 0x30, 0x2A, 0x30, 0x2A, 0x2A,0x2A, 0x30, 0x30, 0x30, 0x2A, 0x2A, 0x30, 0x2A, 0x30, 0x2A,0x30, 0x2A, 0x30, 0x2A, 0x2A, 0x2A, 0x30, 0x2A, 0x2A, 0x2A,0x30, 0x30, 0x2A, 0x30, 0x2A, 0x30, 0x2A, 0x30, 0x30, 0x2A,0x2A, 0x30, 0x2A, 0x2A, 0x2A, 0x30, 0x2A, 0x2A, 0x30, 0x2A,0x30, 0x2A, 0x2A, 0x30, 0x2A, 0x2A, 0x30, 0x30, 0x30, 0x2A,0x30, 0x2A, 0x30, 0x30, 0x2A, 0x30, 0x30, 0x2A, 0x30, 0x2A,0x2A, 0x2A, 0x2A, 0x30, 0x2A, 0x30, 0x2A, 0x2A, 0x2A, 0x2A,0x2A, 0x2A, 0x30, 0x23, 0x2A, 0x2A, 0x2A, 0x2A, 0x30, 0x2A,0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x2A, 0x2A,0x2A, 0x30, 0x30, 0x30, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A,0x2A, 0x2A, 0x30, 0x2A, 0x2A, 0x2A, 0x30, 0x2A, 0x2A, 0x2A,0x30, 0x30, 0x30, 0x30, 0x30, 0x2A, 0x30, 0x30, 0x2A, 0x2A,0x2A, 0x30, 0x2A, 0x30, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x30,0x2A, 0x2A, 0x30, 0x2A, 0x2A, 0x2A, 0x30, 0x30, 0x30, 0x30,0x30, 0x30, 0x30, 0x2A, 0x30, 0x30, 0x30, 0x30, 0x30, 0x2A,0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x2A,0x2A, 0x2A, 0x2A, 0x2A, 0x2A, 0x00]
for i in range(len(s)):print(chr(s[i]),end=' ')if (i+1) % 15 == 0:print()

* * * * * * * * * * * * * * *
* S 0 0 0 * 0 0 0 0 0 0 0 * *
* 0 * * 0 0 0 * * * * * 0 * *
* 0 * 0 0 * 0 * 0 0 0 * 0 * *
* 0 0 0 * * 0 * 0 * 0 * 0 * *
* 0 * * * 0 0 * 0 * 0 * 0 0 *
* 0 * * * 0 * * 0 * 0 * * 0 *
* 0 0 0 * 0 * 0 0 * 0 0 * 0 *
* * * 0 * 0 * * * * * * 0 # *
* * * 0 * 0 0 0 0 0 0 0 0 * *
* 0 0 0 * * * * * * * * 0 * *
* 0 * * * 0 0 0 0 0 * 0 0 * *
* 0 * 0 * * * * * 0 * * 0 * *
* 0 0 0 0 0 0 0 * 0 0 0 0 0 *
* * * * * * * * * * * * * * *
RRRDRRURRRRRRDDDDRDDD

最后md5路径

Babypython

字节码
输出：1nb0A3b7AUQwB3b84mQ/E0MvJUb+EXbx5TQwF3bt52bAZncsd9c
输出时先base64加密，然后逆序，再替换了三个字符，字节码翻译成伪代码如图
手搓得到伪代码

import base64
s = '1nb0A3b7AUQwB3b84mQ/E0MvJUb+EXbx5TQwF3bt52bAZncsd9c'
s = s.replace('1','g')
s = s.replace('3','H')
s = s.replace('9','W')
s = s[::-1]
# decode
t = 'qglrv@onmlqpA>qmq>mBo3A?Bn<lppA@;lp4nx'
for i in t:print(chr((ord(i) - 3) ^ 8),end='')
# flag{5dcbafe63fbf3b7d8647c1aee650ae9c}

BadCoffee

是一道加了混淆后的js代码，混淆主要就是在数字和字符串上，逻辑感觉上并无影响，虽然关键逻辑就一点点。
一步一步手动解混淆，把表达式都求出来，是两个42个数字的数组，再将一些不好看的字符串重命名一下。再看逻辑，如图：
Xxx函数就是传入两个数进行异或。大概就是将input逐位异或num_42数组，再倒着异或一遍num_42数组，得到了最后的密文，在最后有对密文的比较
exp

#include  <bits/stdc++.h>
int main()
{unsigned char num[]={233,129,127,238,145,144,11,43,87,134,243,158,197,216,111,136,152,29,204,31,26,228,39,148,215,220,90,76,251,57,183,184,150,157,156,176,13,41,30,86,244,8};unsigned char miwen[]={135,25,72,151,195,212,228,212,250,101,39,77,163,77,70,167,119,184,7,77,144,154,93,10,185,48,179,77,71,163,67,61,113,156,196,136,239,241,128,93,84,156};for (int i = 41; i >= 0;i--)miwen[41 - i] ^= num[i];for(int i = 0; i < 42; i++){miwen[i] ^= num[i];printf("%c",miwen[i]);}  return 0;
}
//flag{I_c0uld_neu3r_undeRstand_jvaVs3rIpt!}

Crypto

HaM3

pq乘积的高位和低位在n中泄露，但是这个中间有一位需要自己猜

构造之后yafu爆破

s = '1426720866262835870'
t = '6081295993762052633'
for i in range(10):print(s + str(i) + t,end=',')

之后就是生成PPQQ正常求解rsa

from Crypto.Util.number import *
from gmpy2 import gmpy2
n = 142672086626283587048017713116658568907056287246536918432205313755474498483915485435443731126588499776739329317569276048159601495493064346081295993762052633
c = 35771468551700967499031290145813826705314774357494021918317304230766070868171631520643911378972522363861624359732252684003796428570328730483253546904382041
p = 9937378783676979077
q = 14357114660923972229
P = int(str(p) + str(q))
Q = int(str(q) + str(p))
PP = int(str(P) + str(Q))
QQ = int(str(Q) + str(P))
phi = (PP-1) * (QQ-1)
e = 65537
d = gmpy2.invert(e,phi)
m = pow(c,d,n)
print(long_to_bytes(m))
# b'flag{HaMbu2g3r_1S_2ea1ll_D3lci0U3_By_R3A!!}'

陕西省赛2023-ukfc相关推荐

xdu1068暨2013陕西省赛C题题解
xdu1068暨2013陕西省赛C题题解题意知道两个数列M和F,每次从M中选择一个人,和从F中选择的一个人配对,结果是Mi*Fj,请问所有配对情况中第k大的情况是多少. 笺释先对M和F从小到大排 ...
2016陕西省赛 Rui and her functions
2016陕西省赛 Rui and her functions 题目链接:http://oj.xjtuacm.com/contest/4/problem/35/ 题目大意:每组数据给定$n$和$m$,定 ...
[2016陕西省赛B] Rui and her functions
2016陕西省赛B 给定n个函数,其中 fi(x)=(ai∗bxi+ci)moddi f_i(x) = (a_i*b_i^x+c_i) \mod d_i 求对于每个函数最小的 x x,使得fif_i取 ...
备赛2023：关于信号发生器DDS的学习
备赛2023:关于信号发生器DDS的学习本文仅做学习使用,为备战23电赛所写总结一.AD9959 1.特性参数模块供电:5V 模块驱动电流:400mA(MAX) 模块带宽:200MHz 模块输出 ...
2023陕西省赛-Crypto
本人是密码初学者,有错误的地方希望能斧正. 奇怪的sar 解题思路:根据线性同余去求出a,b,继而求出seed import gmpy2 from gmpy2 import * from Crypto ...
2023陕西省赛wp
文章目录 WEB ezpop test ezrce Esc4pe_T0_Mong0 unserialize Blockchain 被销毁的flag Crypto 奇怪的sar HaM3 misc 你是 ...
GLPT团队程序设计天梯赛 2023正式赛
2023.4.22 13:30-16:30 162分团队1556分 L1-1 最好的文档 5 15990/21484(74.43%) 在一行中输出 Good code is its own best ...
2021年ICPC第九届陕西省赛题解（10/12）
结合官方榜与自己做题体验,按难度做题顺序:I -> J -> E -> C -> D -> G -> A -> L -> H -> B -> ...
2022 电赛陕西省赛
一:题目: 声源定位跟踪系统(E题) 设计制作一个声源定位跟踪系统,能够实时显示及指示声源的位置,当声源移动时能够用激光笔动态跟踪声源. 设计并制作声音发生装置--"声源",装置最 ...
首届盘古石杯全国电子数据取证大赛技能赛晋级赛 2023年奇安信取证比赛题目
2023盘古石杯技术交流wechat N34939 更多网络安全CTF题目,欢迎来polarctf.com来刷题链接:https://pan.baidu.com/s/1bcEDEeh3A1RnHA ...

陕西省赛2023-ukfc

wp-ukfc

web

ezrce

Misc

管道

re

我的upx -d怎么坏了

Babypython

BadCoffee

Crypto

HaM3

陕西省赛2023-ukfc相关推荐

最新文章

热门文章