WMCTF2023 - 部分RE

General

因为缺乏可以霍霍的Android手机外加模拟器抽风,所以几个安卓没写,与此同时缺少MAC来完成IOS的有关逆向~~(什么大FW)~~

RightBack

题目为Python3.9下的一个 pyc 文件,其中加入了大量垃圾指令导致我们无法直接拿到对应的 py 代码

可以看到我们花指令由JUMP_FORWARD进行构成,通过查询对应的opcde编码,我们可以整理出来其花加入的格式为:

1
2
3
4
5
6
JUMP_FORWARD  0       6E 	0
JUMP_FORWARD  4       6E 	4
4 个无意义字节          1 2 3 4   
JUMP_FORWARD  2       6E 	2
两个无意义字节           5 6   
org

按照上述的格式进行去除对应的花指令后我们可以成功的进行反编译,但是拿到的对应程序我们似乎无法正常进行解密,还原回来的Python文件存在一定的问题

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
import struct

def T(num, round):
    numArr = bytearray(struct.pack('<I', num))
    for i in range(4):
        numArr[i] = Sbox[numArr[i]]
    return struct.unpack('<I', numArr)[0] ^ Rcon[round]


def p1(s, key):
    j = 0
    k = []
    for i in range(256):
        s.append(i)
        k.append(key[i % len(key)])
    for i in range(256):
        j = (j + s[i] + ord(k[i])) % 256
        s[i] = s[j]
        s[j] = s[i]


def p2(key):
    w = [
        0] * 44
    for i in range(4):
        w[i] = struct.unpack('<I', key[i * 4:i * 4 + 4])[0]
    cnt = 0
    for i in range(4, 44, 1):
        if i % 4 == 0:
            w[i] = w[i - 4] ^ T(w[i - 1], cnt)
            cnt += 1
            continue
        w[i] = w[i - 4] ^ w[i - 1]
    return w


def p3(s, p):
    i = j = 0
    for z in range(len(p)):
        i = (i + 1) % 256
        j = (j + s[i]) % 256
        s[i] = s[j]
        s[j] = s[i]
        p[z] ^= s[(s[i] + s[j]) % 256]
    return p


def F1(part1, part2):
    global REG
    REG = {
        'EAX': 0,
        'EBX': 0,
        'ECX': 0,
        'EDX': 0,
        'R8': 0,
        'CNT': 0,
        'EIP': 0 }
    REG['EAX'] = part1
    REG['EBX'] = part2


def F2(v1, v2, v3):
    if v1 == 1:
        REG[reg_table[str(v2)]] = extendKey[REG[reg_table[str(v3)]]]
    elif v1 == 2:
        REG[reg_table[str(v2)]] = REG[reg_table[str(v3)]]
    elif v1 == 3:
        REG[reg_table[str(v2)]] = v3
    REG['EIP'] += 4


def F3(v1, v2, v3):
    if v1 == 1:
        REG[reg_table[str(v2)]] = REG[reg_table[str(v2)]] + extendKey[REG[reg_table[str(v3)]]] & 0xFFFFFFFFL
    elif v1 == 2:
        REG[reg_table[str(v2)]] = REG[reg_table[str(v2)]] + REG[reg_table[str(v3)]] & 0xFFFFFFFFL
    elif v1 == 3:
        REG[reg_table[str(v2)]] = REG[reg_table[str(v2)]] + v3 & 0xFFFFFFFFL
    REG['EIP'] += 4


def F4(v1, v2):
    REG[reg_table[str(v1)]] ^= REG[reg_table[str(v2)]]
    REG['EIP'] += 3


def F5(v1, v2):
    REG[reg_table[str(v1)]] &= v2
    REG['EIP'] += 3


def F6(v1, v2, v3):
    if v1 == 1:
        REG[reg_table[str(v2)]] -= extendKey[v3]
    elif v1 == 2:
        REG[reg_table[str(v2)]] -= REG[reg_table[str(v3)]]
    elif v1 == 3:
        REG[reg_table[str(v2)]] -= v3
    REG['EIP'] += 4


def F7(v1, v2):
    REG[reg_table[str(v1)]] |= REG[reg_table[str(v2)]]
    REG['EIP'] += 3


def F8(v1, v2):
    REG[reg_table[str(v1)]] = REG[reg_table[str(v1)]] >> REG[reg_table[str(v2)]] & 0xFFFFFFFFL
    REG['EIP'] += 3


def F9(v1, v2):
    REG[reg_table[str(v1)]] = REG[reg_table[str(v1)]] << REG[reg_table[str(v2)]] & 0xFFFFFFFFL
    REG['EIP'] += 3


def FA(v1, v2, v3):
    if v1 == 1:
        REG[reg_table[str(v2)]] *= extendKey[v3]
    elif v1 == 2:
        REG[reg_table[str(v2)]] *= REG[reg_table[str(v3)]]
    elif v1 == 3:
        REG[reg_table[str(v2)]] *= v3
    REG['EIP'] += 4


def FB():
    REG['R8'] = REG['CNT'] == 21
    REG['EIP'] += 1


def WC():
    if not REG['R8']:
        REG['EIP'] = 16
    else:
        REG['EIP'] += 1


def VM(part1, part2):
    F1(part1, part2)
    EIP = REG['EIP']
    if opcode[EIP] == 80:
        F2(opcode[EIP + 1], opcode[EIP + 2], opcode[EIP + 3])
        continue
    if opcode[EIP] == 29:
        F3(opcode[EIP + 1], opcode[EIP + 2], opcode[EIP + 3])
        continue
    if opcode[EIP] == 113:
        F4(opcode[EIP + 1], opcode[EIP + 2])
        continue
    if opcode[EIP] == 114:
        F5(opcode[EIP + 1], opcode[EIP + 2])
        continue
    if opcode[EIP] == 150:
        F6(opcode[EIP + 1], opcode[EIP + 2], opcode[EIP + 3])
        continue
    if opcode[EIP] == 87:
        F7(opcode[EIP + 1], opcode[EIP + 2])
        continue
    if opcode[EIP] == 116:
        F8(opcode[EIP + 1], opcode[EIP + 2])
        continue
    if opcode[EIP] == 41:
        F9(opcode[EIP + 1], opcode[EIP + 2])
        continue
    if opcode[EIP] == 220:
        FA(opcode[EIP + 1], opcode[EIP + 2], opcode[EIP + 3])
        continue
    if opcode[EIP] == 7:
        FB()
        continue
    if opcode[EIP] == 153:
        WC()
        continue
    


def Have():
    Hello = '                                                                                                                                                                                                                                                \n||   / |  / /                                                                     \n||  /  | / /  ___     //  ___      ___      _   __      ___       __  ___  ___    \n|| / /||/ / //___) ) // //   ) ) //   ) ) // ) )  ) ) //___) )     / /   //   ) ) \n||/ / |  / //       // //       //   / / // / /  / / //           / /   //   / /  \n|  /  | / ((____   // ((____   ((___/ / // / /  / / ((____       / /   ((___/ /   \n                                                                                            \n                                                                                            \n||   / |  / / /|    //| |     //   ) ) /__  ___/ //   / / ___      ___      ___      ___    \n||  /  | / / //|   // | |    //          / /    //___   //   ) ) //   ) ) //   ) ) //   ) ) \n|| / /||/ / // |  //  | |   //          / /    / ___     ___/ / //   / /   ___/ /   __ / /  \n||/ / |  / //  | //   | |  //          / /    //       / ____/ //   / /  / ____/       ) )  \n|  /  | / //   |//    | | ((____/ /   / /    //       / /____ ((___/ /  / /____  ((___/ /     \n    '
    print(Hello)
    return input('RightBack: ').encode()


def Fun(right):
    if len(right) != 64:
        print('XD')
        exit()
    back = b''
    for i in range(0, len(right), 8):
        part1 = struct.unpack('>I', right[i + 0:i + 4])[0]
        part2 = struct.unpack('>I', right[i + 4:i + 8])[0]
        if i != 0:
            part1 ^= struct.unpack('>I', back[i - 8:i - 4])[0]
            part2 ^= struct.unpack('>I', back[i - 4:i])[0]
        VM(part1, part2)
        back += struct.pack('>I', REG['EAX'])
        back += struct.pack('>I', REG['EBX'])
    return back

if __name__ == '__main__':
    REG = { }
    EIP = 0
    reg_table = {
        '1': 'EAX',
        '2': 'EBX',
        '3': 'ECX',
        '4': 'EDX',
        '5': 'R8',
        '6': 'CNT',
        '7': 'EIP' }
    Sbox = [
        82,9,106,213,48,54,165,56,191,64,163,158,129,243,215,251,124,227,57,130,155,
        47,255,135,52,142,67,68,196,222,233,203,84,123,148,50,166,194,35,61,238,76,
        149,11,66,250,195,78,8,46,161,102,40,217,36,178,118,91,162,73,109,139,209,37,
        114,248,246,100,134,104,152,22,212,164,92,204,93,101,182,146,108,112,72,80,253,
        237,185,218,94,21,70,87,167,141,157,132,144,216,171,0,140,188,211,10,247,228,88,
        5,184,179,69,6,208,44,30,143,202,63,15,2,193,175,189,3,1,19,138,107,58,145,17,65,
        79,103,220,234,151,242,207,206,240,180,230,115,150,172,116,34,231,173,53,133,226,249,
        55,28,117,223,110,71,241,26,113,29,41,197,137,111,183,98,14,170,24,190,27,252,86,62,
        75,198,210,121,32,154,219,192,254,120,205,90,244,31,221,168,51,136,7,199,49,177,
        18,16,89,39,128,96,81,127,169,25,181,74,13,45,229,122,159,147,201,156,239,160,
        224,59,77,174,42,245,176,200,235,187,60,131,83,153,97,23,43,4,126,186,119,214,
        38,225,105,20,99,85,33,12,125]
    Rcon = [16777216,33554432,67108864,134217728,268435456,536870912,1073741824,0x80000000L,452984832,905969664]
    s = []
    key = 'CalmDownBelieveU'
    p1(s, key)
    key = [
        61,
        15,
        58,
        65,
        177,
        180,
        182,
        248,
        192,
        143,
        37,
        238,
        50,
        29,
        215,
        190]
    key = bytes(p3(s, key))
    extendKey = p2(bytes(key))
    opcode = [
        69,
        136,
        121,
        24,
        179,
        67,
        209,
        20,
        27,
        169,
        205,
        146,
        212,
        160,
        124,
        49,
        20,
        155,
        157,
        253,
        52,
        71,
        174,
        164,
        134,
        60,
        184,
        203,
        131,
        210,
        57,
        151,
        77,
        241,
        61,
        6,
        13,
        52,
        235,
        37,
        100,
        178,
        8,
        238,
        205,
        27,
        194,
        159,
        230,
        165,
        211,
        221,
        100,
        217,
        111,
        202,
        185,
        207,
        226,
        50,
        88,
        4,
        58,
        73,
        10,
        92,
        24,
        230,
        246,
        245,
        21,
        110,
        182,
        151,
        85,
        28,
        181,
        191,
        185,
        236,
        92,
        98,
        222,
        85,
        228,
        14,
        235,
        93,
        77,
        161,
        61,
        140,
        222,
        74,
        124,
        13,
        211,
        75,
        134,
        235,
        164,
        228,
        235,
        16,
        29,
        41,
        49,
        105,
        188,
        51,
        232,
        65,
        209,
        165,
        35,
        182,
        248,
        245,
        69,
        18,
        152,
        71,
        223,
        85,
        114]
    opcode = p3(s, opcode)
    right = Have()
    back = Fun(right)
    data1 = [
        228,
        244,
        207,
        251,
        194,
        124,
        252,
        61,
        198,
        145,
        97,
        98,
        89,
        25,
        92,
        208,
        155,
        38,
        34,
        225,
        98,
        206,
        234,
        245,
        223,
        54,
        214,
        137,
        35,
        86,
        180,
        66,
        223,
        234,
        90,
        136,
        5,
        189,
        166,
        117,
        111,
        222,
        39,
        156,
        163,
        173,
        36,
        174,
        47,
        144,
        15,
        160,
        45,
        239,
        211,
        11,
        190,
        181,
        24,
        164,
        234,
        114,
        174,
        27]
    data1 = bytes(p3(s, data1))
    data2 = [
        165,
        83,
        203,
        51,
        99,
        164,
        30,
        91,
        230,
        64,
        181,
        55,
        190,
        47,
        125,
        240,
        186,
        173,
        116,
        47,
        89,
        64,
        68,
        215,
        124,
        138,
        34,
        175,
        60,
        136,
        77,
        216,
        250,
        127,
        14,
        14,
        66,
        168,
        198,
        247,
        252,
        189,
        243,
        239,
        25,
        63,
        143,
        7,
        177,
        13,
        99,
        226,
        100,
        6,
        207,
        77,
        46,
        136,
        251,
        123,
        225,
        27,
        76,
        183]
    data2 = bytes(p3(s, data2))
    data3 = [
        95,
        219,
        46,
        178,
        111,
        141,
        17,
        168,
        254,
        60,
        68,
        59,
        41,
        183,
        182,
        118,
        3,
        47,
        150,
        240,
        140,
        159,
        110,
        238]
    data3 = bytes(p3(s, data3))
    if back == data2:
        print(bytes(data1).decode())
    else:
        print(bytes(data3).decode())

可以明显的发现对应的数据似乎缺少了一部分,我们简单修改后拿到的opcode与题目中的不符,此时采用了个笨办法,手动hook原来的pyc中的字节码,将其进行修改输出对应变量的值

将其进行一个魔改调用前面已有的print来对我们想要的变量值进行输出,可以成功的拿到对应的数据

1
2
3
4
5
key = [1835819331, 1853321028, 1768711490, 1432712805, 2177920767, 4020699579, 2261476601, 3551400604, 711874531, 3318306392, 1124217505, 2427199549, 3099853672, 2098025776, 1041196945, 2929936300, 246748610, 1941455090, 1303848803, 3809763535, 1395557789, 546751855, 1830937100, 2385871555, 2516030638, 3043054017, 3628118989, 1450520846, 1825094265, 3651791800, 32069749, 1469868411, 919887482, 4017993154, 4002737591, 3104343244, 4134211933, 420914335, 4152510760, 1317719524, 1990496755, 1873950060, 2553314372, 3602559392]

opcode = [80, 3, 3, 0, 29, 1, 1, 3, 80, 3, 3, 1, 29, 1, 2, 3, 29, 3, 6, 1, 113, 1, 2, 80, 2, 3, 1, 80, 2, 5, 2, 114, 2, 31, 41, 1, 2, 80, 3, 4, 32, 150, 2, 4, 2, 116, 3, 4, 87, 1, 3, 80, 2, 2, 6, 220, 3, 2, 2, 80, 1, 3, 2, 29, 2, 1, 3, 80, 2, 2, 5, 113, 2, 1, 80, 2, 3, 2, 80, 2, 4, 1, 114, 4, 31, 41, 2, 4, 80, 3, 5, 32, 150, 2, 5, 4, 116, 3, 5, 87, 2, 3, 80, 2, 3, 6, 220, 3, 3, 2, 29, 3, 3, 1, 80, 1, 4, 3, 29, 2, 2, 4, 7, 153, 255]

check = [70971958, 1454480124, 4145947100, 3683618452, 1295312797, 2622622830, 4227519997, 855210028, 3149806017, 3649402294, 687393912, 2766439826, 247296709, 2944897322, 2347888534, 375443730]

之后我们简单的整理一下对应虚拟机的逻辑可以得到:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
REG['EAX'] = part1
REG['EBX'] = part2
REG[ECX] = 0
REG[EAX] = REG[EAX] + extendKey[REG[ECX]] & 0xFFFFFFFF
REG[ECX] = 1
REG[EBX] = REG[EBX] + extendKey[REG[ECX]] & 0xFFFFFFFF
--------------------------------------------
REG[CNT] = REG[CNT] + 1 & 0xFFFFFFFF       开始循环
REG[EAX] ^= REG[EBX]
REG[ECX] = REG[EAX]
REG[R8] = REG[EBX]
REG[EBX] &= 31
REG[EAX] = REG[EAX] << REG[EBX] & 0xFFFFFFFF
REG[EDX] = 32
REG[EDX] -= REG[EBX]
REG[ECX] = REG[ECX] >> REG[EDX] & 0xFFFFFFFF
REG[EAX] |= REG[ECX]
REG[EBX] = REG[CNT]
REG[EBX] *= 2
REG[ECX] = extendKey[REG[EBX]]
REG[EAX] = REG[EAX] + REG[ECX] & 0xFFFFFFFF
REG[EBX] = REG[R8]
REG[EBX] ^= REG[EAX]
REG[ECX] = REG[EBX]
REG[EDX] = REG[EAX]
REG[EDX] &= 31
REG[EBX] = REG[EBX] << REG[EDX] & 0xFFFFFFFF
REG[R8] = 32
REG[R8] -= REG[EDX]
REG[ECX] = REG[ECX] >> REG[R8] & 0xFFFFFFFF
REG[EBX] |= REG[ECX]
REG[ECX] = REG[CNT]
REG[ECX] *= 2
REG[ECX] = REG[ECX] + 1 & 0xFFFFFFFF
REG[EDX] = extendKey[REG[ECX]]
REG[EBX] = REG[EBX] + REG[EDX] & 0xFFFFFFFF
REGREG[R8] = REG[CNT] == 21 			判断循环是否结束

R8为真时跳出对应的循环,我们此时可以写出对应解密脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
from z3 import *
from Crypto.Util.number import *

x = [BitVec("x[%d]"%i,33) for i in range(16)]
S = Solver()

key = [1835819331, 1853321028, 1768711490, 1432712805, 2177920767, 4020699579, 2261476601, 3551400604, 711874531, 3318306392, 1124217505, 2427199549, 3099853672, 2098025776, 1041196945, 2929936300, 246748610, 1941455090, 1303848803, 3809763535, 1395557789, 546751855, 1830937100, 2385871555, 2516030638, 3043054017, 3628118989, 1450520846, 1825094265, 3651791800, 32069749, 1469868411, 919887482, 4017993154, 4002737591, 3104343244, 4134211933, 420914335, 4152510760, 1317719524, 1990496755, 1873950060, 2553314372, 3602559392]

check = [70971958, 1454480124, 4145947100, 3683618452, 1295312797, 2622622830, 4227519997, 855210028, 3149806017, 3649402294, 687393912, 2766439826, 247296709, 2944897322, 2347888534, 375443730]

def enc(cin1,cin2,key):
    cnt = 0 
    eax = cin1 
    ebx = cin2
    ecx = 0 
    
    eax+=key[ecx]
    eax&=0xffffffff
    ecx = 1
    ebx+=key[ecx]
    ebx&=0xffffffff

    while(1):
        cnt+=1
        eax^=ebx
        ecx = eax
        r8 = ebx
        ebx &= 31
        eax<<=ebx
        eax&=0xffffffff
        edx = 32 - ebx
        ecx>>=edx
        eax |=ecx
        eax+=key[cnt*2]
        eax&=0xffffffff
        ebx = r8
        ebx^=eax
        ecx = ebx
        edx = eax
        edx &=31
        ebx<<=edx
        r8 = 32-edx
        ecx>>=r8
        ebx|=ecx
        ebx+=key[2*cnt+1]
        ebx&=0xffffffff
        if(cnt==21):
            break

    return eax,ebx

res = [0]*16
for i in range(8):
    if i > 0:
        x[2*i] ^= check[2*i-2]
        x[2*i+1] ^= check[2*i-1]
    res[2*i], res[2*i+1] = enc(x[2*i],x[2*i + 1], key)
    S.add(res[2*i]==check[2*i], res[2*i + 1] == check[2*i+1] )

flag =b''
res = S.check()
ans = S.model()
if res == sat:
    print("[+] Found!")
    print(ans)

x = [0]*16
x[4] = 1730238768
x[13] = 829583920
x[10] = 1667974770
x[15] = 1461789053
x[9] = 1752449633
x[14] = 1914787663
x[8] = 559049063
x[2] = 811877750
x[7] = 812462881
x[0] = 1464681300
x[12] = 1633905485
x[11] = 1869431345
x[6] = 1098343795
x[1] = 1182484272
x[5] = 1967223397
x[3] = 862873966   

for i in range(16):
    flag +=long_to_bytes(x[i])

print(flag)

# b'WMCTF{G00dEv3ning!Y0uAreAwes0m3!!RightBackFromB1ackM1rr0r!WOW!!}'

gohunt

题目为GO语言逆向,简单的运行后我们可以知道其将我们的输入转换为二维码图片,采用了go-qrcode的开源项目来进行生成

我们丢入IDA进行调试分析,可以看到的是main函数比较大,我们采用调试进行分析

最先可以看到的便是一个Base64,但是对其进行了换表

我们可以轻易的拿到对应的码表为NkQxHyXmiZTReo05ngu7dlv1BpE2SfLwM@qr6IUjb4AaP9+z3cDVOCKhJYFWs8tG

将对应字符串进行解密可以得到please input flag的字样

随后同样的操作我们可以看到对应采用了一个XXTEA来对输入进行加密,先将其转换为DWORD方便后续的计算过程

实现XXTEA部分:

随后又进行了循环异或,并将其转换为大数

随后的操作看上去就有点迷了,但是经过调试我们可以发现这个地方在对我们转换为大数后的值除以58

之后将对应转换后的数据进行取相应下标处的值

至此我们便可以推测出来其过程为Base58的转换过程,同时可以注意到对应的码表也进行了相应的修改,修改为了nY7TwcE41bzWvMQZXa8fyeprJoBdmhsu9DqVgxRPtFLKN65UH2CikG3SAj

之后的过程便是对应其调用相关的组件来进行生成二维码

至此我们可以分析到程序逻辑为输入flag后将其进行XXTEA加密,随后将其进行异或处理,再转换为大数后进行Base58的操作,我们扫描题目中给的二维码可以拿到加密后的数据为:YMQHsYFQu7kkTqu3Xmt1ruYUDLU8uaMoPpsfjqYF4TQMMKtw5KF7cpWrkWpk3

写出对应解密脚本如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
import base58
import xxtea
 
flag = base58.b58decode('YMQHsYFQu7kkTqu3Xmt1ruYUDLU8uaMoPpsfjqYF4TQMMKtw5KF7cpWrkWpk3', alphabet=b'nY7TwcE41bzWvMQZXa8fyeprJoBdmhsu9DqVgxRPtFLKN65UH2CikG3SAj')
flag = bytearray(flag)

xor_key = b'NPWrpd1CEJH2QcJ3'
for i in range(len(flag)):
    flag[i] ^= xor_key[i % len(xor_key)]
xxtea_key = b'FMT2ZCEHS6pcfD2R'
flag = xxtea.decrypt(flag, xxtea_key, padding=False)
print(flag)
# wmctf{YHNEBJx1WG0cKtZk8e2PNbxJa45WQF09}
Reverse
WMCTF2023 - 部分RE
https://equinox-shame.github.io/2023/08/30/WMCTF2023/
作者
梓曰
发布于
2023年8月30日
许可协议