2014三叶草校赛总结
2014-05-13 23:18
274 查看
逆向:
分数:100
描述:key是syclover的注册码
Link:题目链接
题目为 安卓逆向
最后 拷贝成java代码:
分数:200
描述:你猜^_^
Link:题目链接
题目比较简单 linux 程序64位,直接在IDA上看 逆向出代码:
分数:300
描述:上过初中的人都能做。提示1:upx脱壳 提示2:解方程组
程序为linux程序,IDA查看
下载对应版本的upx 然后脱壳
然后再拖进IDA分析
然后再逐步计算·············小菜算了很久···终于算出了
编程:
分数:100
描述:见连接
直接逆向得到主要关键代码:
女神的秘密
题目说明:
女神把重要的Secret信息送给了屌丝asdf君。
asdf君如获至宝,他把信息进行了某种加密,最后处理成了Secret{xxxx},其中xxxx就是加密后的信息。
asdf君把Secret{xxxx}藏在了某个文件中,你能找到嘛?
解法1:
解压文件。。然后在cmd里面输入copy * 0.txt
就会将所有文件组合在0.txt里面
然后搜索Secret字符串得到
Secret{S2V5OmZrbGo0JCEoUnExRiE=}
base64解密得到key
fklj4$!(Rq1F!
解法2:
re.compile(pattern[,
flags])
Compile a regular expression pattern into a regular expression object, which can be used for matching using its
match() and
search() methods, described below.
The sequence
is equivalent to
'.' (Dot.) In the default mode, this matches any character except a newline. If the
DOTALL flag has been specified, this matches any character including a newline. '?' Causes the resulting RE to match 0 or 1 repetitions of the preceding RE.
ab? will match either ‘a’ or ‘ab’. '*' Causes the resulting RE to match 0 or more repetitions of the preceding RE, as many repetitions as are possible.
ab* will match ‘a’, ‘ab’, or ‘a’ followed by any number of ‘b’s.
os.listdir(path)
Return a list containing the names of the entries in the directory given by
path. The list is in arbitrary order. It does not include the special entries
'.' and '..' even if they are present in the directory.
Secret{S2V5OmZrbGo0JCEoUnExRiE=}
分数:300
描述:程序比较大,前往下载
本地本应该是变成得出的,但编程了很久 始终不行,问题在于程序接受到指令的时间间隔,最后只能爆破得出,直接用IDA调试,修改程序对应的流程,跳到程序的KEY显示处
做法2:
开变速齿轮 然后输入60次得到KEY
杂项:
分数:100
描述:提示1:key不是大家喜欢的波波老师! 提示2:bmp+png 提示3:CRC
直接HEX看出是两个图片合成的,将PNG 图片抠出来,然后 发现 宽和高不知道, 需要了解 PNG格式知识
可以看到 宽 和 高 还缺少几位
显示图片KEY:
部分题目解析为转载~~~~~~~~~~~~~~
最简单的题目
分数:100描述:key是syclover的注册码
Link:题目链接
题目为 安卓逆向
最后 拷贝成java代码:
鬼子进村
分数:200描述:你猜^_^
Link:题目链接
题目比较简单 linux 程序64位,直接在IDA上看 逆向出代码:
char pass[]= "pqllauzduh"; for (int i=0;i<=4;i++) { pass[i] +=4; } for (i = 5;i<=9;i++) { pass[i] -=3; } puts(pass);//key:tupperware
初中数学题
分数:300描述:上过初中的人都能做。提示1:upx脱壳 提示2:解方程组
程序为linux程序,IDA查看
下载对应版本的upx 然后脱壳
然后再拖进IDA分析
然后再逐步计算·············小菜算了很久···终于算出了
char v12[]="12345678901"; int v10 = 0; v12[0] = 71; v12[1] = 111; v12[2] = 111; v12[3] = 100; v12[4] = 0x43; v12[5] = 0x72; v12[6] = 0x61; v12[7] = 0x63; v12[8] = 0x4B; v12[9]=51; v12[10] = 82; // for (int i = 4; i <= 8; ++i ) // { // if ( v10 + (char)(v12[i] ^ 0x11) != 0x52 ) //0x52,0x64,0x72,0x75,0x5e // 0 1 2 3 4 // return 0; // ++v10; // } printf("The key is %s\n", v12);
编程:
Code100
分数:100描述:见连接
直接逆向得到主要关键代码:
int main(int argc, char* argv[]) { char v1[100]; // [sp+1Ch] [bp-7Ch]@2 int v2; // [sp+80h] [bp-18h]@1 int v3; // [sp+84h] [bp-14h]@1 int v4; // [sp+88h] [bp-10h]@1 int i; // [sp+8Ch] [bp-Ch]@1 v4 = (int)"ASD$@SDF!@#SF"; v3 = (int)"CSDSDADASDSAD"; v2 = (int)"2145631201923"; for ( i = 0; *(char *)(i + v3); ++i ) { v1[i] = *(char *)(i + v3) ^ *(char *)(i + v2); v1[i] >>= 1; v1[i] ^= *(char *)(i + v4); if ( v1[i] <= 47 ) v1[i] *= 2; if ( v1[i] <= 47 ) v1[i] *= 2; v1[i + 1] = 0; } for ( i = 1; v1[i]; i += 2 ) printf("%X%c", v1[i], v1[i]); return 0; }
女神的秘密
题目说明:
女神把重要的Secret信息送给了屌丝asdf君。
asdf君如获至宝,他把信息进行了某种加密,最后处理成了Secret{xxxx},其中xxxx就是加密后的信息。
asdf君把Secret{xxxx}藏在了某个文件中,你能找到嘛?
解法1:
解压文件。。然后在cmd里面输入copy * 0.txt
就会将所有文件组合在0.txt里面
然后搜索Secret字符串得到
Secret{S2V5OmZrbGo0JCEoUnExRiE=}
base64解密得到key
fklj4$!(Rq1F!
解法2:
re.compile(pattern[,
flags])
Compile a regular expression pattern into a regular expression object, which can be used for matching using its
match() and
search() methods, described below.
The sequence
prog = re.compile(pattern) result = prog.match(string)
is equivalent to
result = re.match(pattern, string)
'.' (Dot.) In the default mode, this matches any character except a newline. If the
DOTALL flag has been specified, this matches any character including a newline. '?' Causes the resulting RE to match 0 or 1 repetitions of the preceding RE.
ab? will match either ‘a’ or ‘ab’. '*' Causes the resulting RE to match 0 or more repetitions of the preceding RE, as many repetitions as are possible.
ab* will match ‘a’, ‘ab’, or ‘a’ followed by any number of ‘b’s.
os.listdir(path)
Return a list containing the names of the entries in the directory given by
path. The list is in arbitrary order. It does not include the special entries
'.' and '..' even if they are present in the directory.
import os import re dir = r'D:\Secret' list = [] prog = re.compile('Secret{.*?}') for x in os.listdir(dir): x = dir+'\\'+x list.append(x) for x2 in list: f = file(x2) x3 = f.readlines() for x4 in x3: if prog.match(x4): print x4
Secret{S2V5OmZrbGo0JCEoUnExRiE=}
Code300
分数:300描述:程序比较大,前往下载
本地本应该是变成得出的,但编程了很久 始终不行,问题在于程序接受到指令的时间间隔,最后只能爆破得出,直接用IDA调试,修改程序对应的流程,跳到程序的KEY显示处
做法2:
开变速齿轮 然后输入60次得到KEY
杂项:
BP断点
分数:100描述:提示1:key不是大家喜欢的波波老师! 提示2:bmp+png 提示3:CRC
直接HEX看出是两个图片合成的,将PNG 图片抠出来,然后 发现 宽和高不知道, 需要了解 PNG格式知识
可以看到 宽 和 高 还缺少几位
import binascii def CalcCrc32(str): return hex(binascii.crc32(str) & 0xffffffff) str1 = "\x49\x48\x44\x52\x00\x00\x01" str2 = "\x00\x00" str3 = "\x08\x06\x00\x00\x00" chr1 = "\x00" chr2 = "\x00" chr3 = "\x00" num1 = ord(chr1) num2 = ord(chr2) num3 = ord(chr3) for i1 in xrange(0,255): for i2 in xrange(0,255): for i3 in xrange(0,255): if CalcCrc32(str1+chr1+str2+chr2+chr3+str3) == "0x80bf36ccL": print "find it" print hex(ord(chr1)),hex(ord(chr2)),hex(ord(chr3)) exit() else: num3 = ord(chr3)+1 chr3 = chr(num3) if num3 == 255: chr3 = "\x00" break num2 = ord(chr2) + 1 chr2 = chr(num2) if num2 == 255: chr2 = "\x00" break num1 = ord(chr1) + 1 chr1 = chr(num1) print "hello world"
显示图片KEY:
部分题目解析为转载~~~~~~~~~~~~~~
相关文章推荐
- 2014三叶草校赛总结
- 2014 中大校赛热身赛总结(题目来至:2011年珠海赛)
- 2014 华工校赛总结
- [14.05.09] CVPR 2014 讨论班总结
- 2014西安比赛总结::fengdalu::rpRUSH
- 2014亚洲区域赛西安站总结
- 【BJOI 2014】总结
- 2014-2015学年总结-跬步千里
- 2014校园招聘笔、面经历总结---华为双选会
- 2014黑龙江省赛总结
- 2014暑假总结
- 2014 Unity3d大会的部分总结
- 2013总结-2014展望
- 比赛总结(中原工学院校赛)
- 2014工作总结
- 总结(【中山市选2014】投票 【中山市选2014】dwarf tower 【中山市选2014】图 【NOIP2013提高组day2】华容道)
- 多校赛第三,第四场总结
- 2014总结 && 2015 goals
- 2014找工作总结-机会往往留给有准备的人
- 【NOIP2014】赛后总结