James Hoi's Blog

BUU平台逆向刷题

Word count: 302Reading time: 1 min
2021/02/06 Share

pyre

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
code = ['\x1f', '\x12', '\x1d', '(', '0', '4', '\x01', '\x06', '\x14', '4', ',', '\x1b', 'U', '?', 'o', '6', '*', ':', '\x01', 'D', ';', '%', '\x13']
l = len(code)

for i in range(l - 1):
i = l-2-i
code[i] = chr(ord(code[i]) ^ ord(code[(i + 1)]))

def in_range(j):
return 33<= j and j <= 125

for i in range(l):
i = l-1-i
tmp = ord(code[i])-i
data = tmp if in_range(tmp) else tmp+128
code[i] = chr(data)

print("".join(code))
#GWHT{Just_Re_1s_Ha66y!}

IgniteMe

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
enflag = [
0x0D, 0x26, 0x49, 0x45, 0x2A, 0x17, 0x78, 0x44, 0x2B, 0x6C,
0x5D, 0x5E, 0x45, 0x12, 0x2F, 0x17, 0x2B, 0x44, 0x6F, 0x6E,
0x56, 0x09, 0x5F, 0x45, 0x47, 0x73, 0x26, 0x0A, 0x0D, 0x13,
0x17, 0x48, 0x42, 0x01, 0x40, 0x4D, 0x0C, 0x02, 0x69
]

v4 = 4; flag = ["" for i in range(len(enflag))]
for i in range(len(enflag)):
j = len(enflag)-i-1
data = enflag[j]^v4
flag[j] = chr(data)
v4 = data

print("".join(flag))
# R_y0u_H0t_3n0ugH_t0_1gn1t3@flare-on.com

SimpleRev

1
2
3
4
5
6
7
8
9
10
11
12
13
14

def encode(v1,v3):
v5 = 0xA
key = "adsfkndcls"
return (v1 - 39 - ord(key[v3 % v5]) + 97) % 26 + 97;

def brute(v3):
answer = "killshadow"
for i in range(65,91):
if encode(i,v3+10) == ord(answer[v3]): print(chr(i),end="")

for i in range(10):
brute(i)
# KLDQCUDFZO

特殊的 BASE64

1
2
3
4
5
6
7
8
import string
import base64
my_base64table = "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz0987654321/+"
std_base64table ="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
s = "mTyqm7wjODkrNLcWl0eqO8K8gc1BPk1GNLgUpI=="
s = s.translate(str.maketrans(my_base64table,std_base64table))
print(base64.b64decode(s))
# flag{Special_Base64_By_Lich}

刮开有奖

CATALOG
  1. 1. pyre
  2. 2. IgniteMe
  3. 3. SimpleRev
  4. 4. 特殊的 BASE64
  5. 5. 刮开有奖