distributed

一些密码/逆向

re

re1.exe

迷宫题，把迷宫爬出来

********************
*.......************
*.*.***.************
*.*.*****...*.******
*.*...***.*.*....***
*.***..**.*.****..**
*.****....*.*****..*
*....******....***.*
****.......***.....*
********************

得到通路为

ddsssddsdsdddwwwddssssdddsdddd

re1.pyc

直接丢进在线工具里

https://tool.lu/pyc

#!/usr/bin/env python
# visit https://tool.lu/pyc/ for more information
import base64

def encode(a):
    b = ''
    for i in range(len(a)):
        b += chr(ord(a[i]) ^ 48)
    
    if base64.b64encode(b) == 'VlxRV0tSAQRWUQAIVR1VU1YJHQQHAgAdUgNTVB0ECQFUAFQJVAAIBlRN':
        print 'true'
    else:
        print 'false'

a = raw_input('plz input your flag:')
encode(a)

逆向脚本

from base64 import *

s='VlxRV0tSAQRWUQAIVR1VU1YJHQQHAgAdUgNTVB0ECQFUAFQJVAAIBlRN'
s1=b64decode(s)
print(s1)
print("".join([chr(i^48) for i in s1]))

re10

寻址表，直接复制粘贴脚本

#include<cstdio>
#include<iostream>
#include<bits/stdc++.h>
using namespace std;
char v6[42]={}; 
int main()
{
	v6[0] = 5;
  v6[1] = 20;
  v6[2] = 0;
  v6[3] = 19;
  v6[4] = 16;
  v6[5] = 6;
  v6[6] = 0;
  v6[7] = 5;
  v6[8] = 0;
  v6[9] = 5;
  v6[10] = 0;
  v6[11] = 0;
  v6[12] = 14;
  v6[13] = 18;
  v6[14] = 4;
  v6[15] = 12;
  v6[16] = 14;
  v6[17] = 4;
  v6[18] = 18;
  v6[19] = 10;
  v6[20] = 5;
  v6[21] = 5;
  v6[22] = 10;
  v6[23] = 18;
  v6[24] = 1;
  v6[25] = 5;
  v6[26] = 11;
  v6[27] = 11;
  v6[28] = 18;
  v6[29] = 4;
  v6[30] = 7;
  v6[31] = 8;
  v6[32] = 2;
  v6[33] = 13;
  v6[34] = 1;
  v6[35] = 11;
  v6[36] = 4;
  v6[37] = 8;
  v6[38] = 4;
  v6[39] = 11;
  v6[40] = 13;
  v6[41] = 17;
  char v5[]="abcdef0123456789{}-gl";
  for(int i=0;i<42;i++)
  printf("%c",v5[v6[i]]);
  printf("\n"); 
	return 0;
}

gogogo

读出来是华容道，右%上@下#左$

然后手写了一会儿，zuobudongle

写了一个笨笨的bfs

from copy import *
ans=[[1,2,3,4],[5,6,7,8],[9,10,11,12],[13,14,15,-1]]
def fid(matrix,path,pos,l,la):
    if l==32:
        if pos==(3,3) and matrix==ans:
            
            print(matrix,path)

        return  
    if pos[0]!=0 and la!='s':
        pos1=(pos[0]-1,pos[1])
        matrix1=deepcopy(matrix)
        matrix1[pos1[0]][pos1[1]]=matrix[pos[0]][pos[1]]
        matrix1[pos[0]][pos[1]]=matrix[pos1[0]][pos1[1]]
        fid(matrix1,path+"w",pos1,l+1,'w')
        
    if pos[0]!=3 and la != "w":
        pos1=(pos[0]+1,pos[1])
        matrix1=deepcopy(matrix)
        matrix1[pos1[0]][pos1[1]]=matrix[pos[0]][pos[1]]
        matrix1[pos[0]][pos[1]]=matrix[pos1[0]][pos1[1]]
        fid(matrix1,path+"s",pos1,l+1,'s')
    if pos[1]!=0 and la != 'd':
        pos1=(pos[0],pos[1]-1)
        matrix1=deepcopy(matrix)
        matrix1[pos1[0]][pos1[1]]=matrix[pos[0]][pos[1]]
        matrix1[pos[0]][pos[1]]=matrix[pos1[0]][pos1[1]]
        fid(matrix1,path+"a",pos1,l+1,'a')
    if pos[1]!=3 and la !='a':
        pos1=(pos[0],pos[1]+1)
        matrix1=deepcopy(matrix)
        matrix1[pos1[0]][pos1[1]]=matrix[pos[0]][pos[1]]
        matrix1[pos[0]][pos[1]]=matrix[pos1[0]][pos1[1]]
        fid(matrix1,path+"d",pos1,l+1,'d')

m=[[5,1,-1,2],[9,6,3,8],[0xd,0xf,0xa,0xb],[0xe,4,7,0xc]]
ps=(0,2)

fid(m,"",ps,0,'')

跑了跑，失败

然后找到了一些开源的华容道项目https://github.com/Dpxx/Klotski-15puzzles

然后有个开源https://dpxx.github.io/

###$@%#$$@@@%#%#%@$@%##$$@@%##%#

re12

aspack壳,直接一路运行到input，然后去搜关键字符串找到了代码段。

复制粘贴略加修改得到

#include<cstdio>
#include<iostream>
#include<bits/stdc++.h>
using namespace std;
int main()
{
	char v2[42];
  *(long long *)v2 = 1195461702;
  *(long long  *)&v2[4] = 286671963;
  *(long long *)&v2[8] = 269619473;
  *(long long *)&v2[12] = 403836182;
  *(long long *)&v2[16] = 336400966;
  *(long long *)&v2[20] = 219287577;
  *(long long *)&v2[24] = 1128416792;
  *(long long *)&v2[28] = 1178748173;
  *(long long *)&v2[32] = 306594326;
  *(long long *)&v2[36] = 303437073;
  *(short *)&v2[40] = 23875;
  for(int i=0;i<42;i++)
  printf("%c",v2[i]^0x20);
	return 0;
}

得到结果

cry

rsa padding attack

coppersmith，构造最大公因式。

(感谢这个题，顺带切了cryptohack)

本文采用署名-非商业性使用-相同方式共享 4.0 国际许可协议，转载请注明出处。