zoukankan      html  css  js  c++  java

  • 攻防世界APK-逆向2

    虚假的APK,权当我学习python了:

    net程序一个:

    dnspy分析源码: 主逻辑就三,先读取自己,然后search关键字符串得到最后输出

    using System;
using System.Diagnostics;
using System.IO;
using System.Net.Sockets;
using System.Text;

namespace Rev_100
{
    // Token: 0x02000002 RID: 2
    internal class Program
    {
        // Token: 0x06000001 RID: 1 RVA: 0x00002050 File Offset: 0x00000250
        private static void Main(string[] args)
        {
            string hostname = "127.0.0.1";
            int port = 31337;
            TcpClient tcpClient = new TcpClient();
            try
            {
                Console.WriteLine("Connecting...");
                tcpClient.Connect(hostname, port);
            }
            catch (Exception)
            {
                Console.WriteLine("Cannot connect!
Fail!");
                return;
            }
            Socket client = tcpClient.Client;
            string text = "Super Secret Key";   //硬编码字符
            string text2 = Program.read();       //调用read函数得到text2
            client.Send(Encoding.ASCII.GetBytes("CTF{"));
            foreach (char x in text)  //
            {
                client.Send(Encoding.ASCII.GetBytes(Program.search(x, text2)));  //text2里面搜索text1里面的字符串
            }
            client.Send(Encoding.ASCII.GetBytes("}"));
            client.Close();
            tcpClient.Close();
            Console.WriteLine("Success!");
        }

        // Token: 0x06000002 RID: 2 RVA: 0x0000213C File Offset: 0x0000033C
        private static string read()
        {
            string fileName = Process.GetCurrentProcess().MainModule.FileName;   //获取当前进程
            string[] array = fileName.Split(new char[]
            {
                '\'
            });
            string path = array[array.Length - 1];
            string result = "";
            using (StreamReader streamReader = new StreamReader(path))  
            {
                result = streamReader.ReadToEnd();   //读取整个文件
            }
            return result;
        }

        // Token: 0x06000003 RID: 3 RVA: 0x000021B0 File Offset: 0x000003B0
        private static string search(char x, string text)
        {
            int length = text.Length;
            for (int i = 0; i < length; i++)
            {
                if (x == text[i])
                {
                    int value = i * 1337 % 256;   //如果字符存在就下标变换一下得到返回
                    return Convert.ToString(value, 16).PadLeft(2, '0'); //uincode输出
                }
            }
            return "??";
        }
    }
}

    keygen:

    # coding=gbk  
text='Super Secret Key'
text2 = open('D:\4122e391e1574335907f8e2c4f438d0e.exe','r',encoding = 'unicode-escape').read()
flag = ""
num = len(text2)
def search(i,text2,num):
    for j in range(0,num):
        if i == text2[j]:
            x = j * 1337 % 256
            return '%02x' % x
for i in text:
    flag += search(i,text2,num)

print("CTF{"+ flag + '}')

    CTF{7eb67b0bb4427e0b43b40b6042670b55}
  • 相关阅读:
    016_笼统概述MapReduce执行流程结合wordcount程序
    015_[小插曲]看黄老师《炼数成金Hadoop应用开发实战案例》笔记
    014_HDFS存储架构、架构可靠性分析、副本放置策略、各组件之间的关系
    013_HDFS文件合并上传putmarge功能(类似于hadoop fs -getmerge)
    012_Eclipse中使用 HDFS URL API 事例介绍
    JQuery dataTable插件
    Json对象与Json字符串的转化、JSON字符串与Java对象的转换
    Maven 环境变量设置
    怎样给win7系统硬盘分区
    JDK安装与环境变量配置
  • 原文地址:https://www.cnblogs.com/jentleTao/p/12665406.html
Copyright © 2011-2022 走看看