zoukankan      html  css  js  c++  java
  • CTFshow-萌新赛逆向_签退

    查看题目信息

     下载re3.pyc文件

    使用uncompyle把re3.pyc反编译为re3.py

    uncompyle6 re3.pyc > re3.py

     查看re3.py文件

    # uncompyle6 version 3.6.4
    # Python bytecode 2.7 (62211)
    # Decompiled from: Python 2.7.15 (v2.7.15:ca079a3ea3, Apr 30 2018, 16:30:26) [MSC v.1500 64 bit (AMD64)]
    # Embedded file name: re3.py
    # Compiled at: 2020-03-06 17:43:28
    import string
    c_charset = string.ascii_uppercase + string.ascii_lowercase + string.digits + '()'
    flag = 'BozjB3vlZ3ThBn9bZ2jhOH93ZaH9'    #这个是最后输出的密文
    
    def encode(origin_bytes):    #这个函数是base64加密
        c_bytes = [ ('{:0>8}').format(str(bin(b)).replace('0b', '')) for b in origin_bytes ]
        resp = ''
        nums = len(c_bytes) // 3
        remain = len(c_bytes) % 3
        integral_part = c_bytes[0:3 * nums]
        while integral_part:
            tmp_unit = ('').join(integral_part[0:3])
            tmp_unit = [ int(tmp_unit[x:x + 6], 2) for x in [0, 6, 12, 18] ]
            resp += ('').join([ c_charset[i] for i in tmp_unit ])
            integral_part = integral_part[3:]
    
        if remain:
            remain_part = ('').join(c_bytes[3 * nums:]) + (3 - remain) * '0' * 8
            tmp_unit = [ int(remain_part[x:x + 6], 2) for x in [0, 6, 12, 18] ][:remain + 1]
            resp += ('').join([ c_charset[i] for i in tmp_unit ]) + (3 - remain) * '.'
        return rend(resp)    #这个代码说明先进行base64加密,然后进行凯撒加密
    
    
    def rend(s):
    
        def encodeCh(ch):    #这个函数是凯撒加密
            f = lambda x: chr((ord(ch) - x + 2) % 26 + x)
            if ch.islower():
                return f(97)
            if ch.isupper():
                return f(65)
            return ch
    
        return ('').join(encodeCh(c) for c in s)
    # okay decompiling re3.pyc

    文件分析在如上

    首先使用凯撒密码进行解密

     把解密后的密文写入base.txt文件中

    使用脚本进行解密

    成功拿到flag

    附上解密脚本

    #! /usr/bin/env python
    # _*_  coding:utf-8 _*_
    import base64
    
    
    filename = "base64.txt"
    f = open(filename,'r')
    while True:
        text_base =f.readline()
        if not text_base:
            break
        else:
            text_str = str(base64.b64decode(text_base))
            if "flag" in text_str:
                text_str =text_str.replace("'","").replace("b","")
                print(text_str)
  • 相关阅读:
    博客园
    hdu 2071 Max Num
    函数的可选参数
    JqueryUI的使用方法
    [转]淘宝网的设计流程
    hover!= mouseover+mouseout。但hover=mouseenter + mouseleave
    转:理解Progressive enhancement
    jQuery对象和DOM对象的区别
    JS字符串的slice和splice
    内家武功招数
  • 原文地址:https://www.cnblogs.com/anweilx/p/12443932.html
Copyright © 2011-2022 走看看