当前位置：首页 > news >正文

NSSCTF-做题笔记

news 2025/7/19 5:52:32

[羊城杯 2020]easyre

查壳，无壳，64位，ida打开

encode_one

encode_tow

encode_three

那么我们开始一步一步解密，从最外层开始

def decode_three(encrypted_str):decrypted_str = ""for char in encrypted_str:char_code = ord(char)if 65 <= char_code <= 90:decrypted_str += chr((char_code - 65 - 3) % 26 + 65)elif 97 <= char_code <= 122:decrypted_str += chr((char_code - 97 - 3) % 26 + 97)elif 48 <= char_code <= 57:decrypted_str += chr((char_code - 48 - 3) % 10 + 48)else:decrypted_str += charreturn decrypted_strencrypted_string = "EmBmP5Pmn7QcPU4gLYKv5QcMmB3PWHcP5YkPq3=cT6QckkPckoRG"
decrypted_result = decode_three(encrypted_string)
print(decrypted_result)

第二层

BjYjM2Mjk4NzM   3
R1dIVHs2NzJjY   1
0MTEzM2VhMn0=   4
zQ3NzhhMzhlOD   2

第三层

import base64def decode_base64_string(encoded_str):try:decoded_bytes = base64.b64decode(encoded_str.encode())return decoded_bytes.decode()except base64.binascii.Error as e:print(f"解码错误: {e}")return Nonea = "R1dIVHs2NzJjYzQ3NzhhMzhlODBjYjM2Mjk4NzM0MTEzM2VhMn0="
decoded_result = decode_base64_string(a)
if decoded_result:print(decoded_result)

[WUSTCTF 2020]level3

查看字符串

发现类似码表

发现不对，是一串乱码感觉码表被换了

def reverse_look_at_you(base64_table):for i in range(0, 10):temp = base64_table[i]base64_table[i] = base64_table[19 - i]base64_table[19 - i] = tempreturn base64_table
original_base64_table = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
transformed_base64_table = list(original_base64_table)# 假设这里已经对码表执行了类似O_OLookAtYou函数的操作，现在进行逆向还原
reversed_table = reverse_look_at_you(transformed_base64_table)print("".join(reversed_table))

[GWCTF 2019]pyre

下载发现是一个pyc

在线反编译一下

#!/usr/bin/env python
# visit https://tool.lu/pyc/ for more information
# Version: Python 2.7print 'Welcome to Re World!'
print 'Your input1 is your flag~'
l = len(input1)
for i in range(l):num = ((input1[i] + i) % 128 + 128) % 128code += numfor i in range(l - 1):code[i] = code[i] ^ code[i + 1]print code
code = ['%1f','%12','%1d','(','0','4','%01','%06','%14','4',',','%1b','U','?','o','6','*',':','%01','D',';','%','%13']

def decrypt_code(code):code_length = len(code)# 先将列表中的字符转换为对应的ASCII码值，方便后续批量计算code_ascii = [ord(char) for char in code]# 逆向异或操作for i in range(code_length - 2, -1, -1):code_ascii[i] ^= code_ascii[i + 1]# 逆向取模和减法操作decrypted_ascii = []for i in range(code_length):decrypted_ascii.append((code_ascii[i] - i) % 128)# 将还原后的ASCII码值转换为字符并拼接成字符串decrypted_string = "".join(chr(ascii_val) for ascii_val in decrypted_ascii)return decrypted_string
code = ['\x1f', '\x12', '\x1d', '(', '0', '4', '\x01', '\x06', '\x14', '4',',', '\x1b', 'U', '?', 'o', '6', '*', ':', '\x01', 'D', ';', '%', '\x13']
decrypted_result = decrypt_code(code)
print(decrypted_result)

[广东省大学生攻防大赛 2022]pyre

下载发现是一个压缩包，解压发现是一个py.exe文件那么直接转pyc提取py代码

def reverse_check():c = [144, 163, 158, 177, 121, 39, 58, 58, 91, 111, 25, 158, 72, 53, 152,78, 171, 12, 53, 105, 45, 12, 12, 53, 12, 171, 111, 91, 53,152, 105, 45, 152, 144, 39, 171, 45, 91, 78, 45, 158, 8]b = 179# 逆向计算每个字符的ASCII码值possible_chars = []for i in range(len(c)):found = Falsefor j in range(128):  # 假设字符的ASCII码值范围是0到127if (j * 33 % b) == c[i]:possible_chars.append(j)found = Truebreakif not found:print("无法根据给定规则还原出某些字符，可能加密规则有误或数据有问题。")return# 将还原出的ASCII码值转换为字符并拼接成字符串possible_flag = ''.join(chr(char_code) for char_code in possible_chars)return possible_flagreversed_result = reverse_check()
if reversed_result:print("可能的flag:", reversed_result)