过来学习一下~

Re_funtion

压缩包有密码,可以看到右边有16进制数字,通过开头可以确定是png格式的文件

放到010editor中,改一下后缀,即可看到解码密码:

解压后,给出了的两个文件,先从re_easy_func1.exe中获取base64魔改后的加密字符串

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#include <stdio.h>
int main(int argv,char** argc){
	int s[28] = {0x64, 0x71, 0x54, 0x54, 0x64, 0x78, 0x74, 0x78, 0x64, 0x41, 0x40, 0x48, 0x70, 0x6D, 0x18, 0x4A, 0x41, 0x78, 0x66, 0x72, 0x41, 0x78, 0x5E, 0x4E, 0x5D, 0x52, 0x0E, 0x3D};
	int f[28] = {0};
	for (int i = 0;i<28;i++){
		if(i%2 == 0){
			f[i] = s[i]^0x37;
		}
		else{
			f[i] = s[i];
		}
	}
	for (int i = 0;i<28;i++){
		printf("%c",f[i]);
	}
	getchar();
	return 0;
} 
1
2
3
4
5
import base64
flag = "SqcTSxCxSAwHGm/JvxQrvxiNjR9="
string1 = "FeVYKw6a0lDIOsnZQ5EAf2MvjS1GUiLWPTtH4JqRgu3dbC8hrcNo9/mxzpXBky7+"
string2 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
print (base64.b64decode(flag.translate(str.maketrans(string1,string2))))

当然也可用神器cyberchef

ez_algorithm

用ida分析,可以得出下面的流程:

下面的encryption3函数的流程:

思路:先对字符串encryption3函数的逆向,下面是encryption3的运算:

把encryption3从ida里面复制出来,用c跑一下可以找到一下的对应关系:

1
2
3
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" 

"9876543210uvwxyztnopqrshijklmgabcdefUVWXYZTNOPQRSHIJKLMGABCDEF"

那么:

1
2
# "BRUF{E6oU9Ci#J9+6nWAhwMR9n:}"
# "VLAZ{Y3iA0Wo#P0+3hCUncSL0h:}"

当然也可以用代码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
string = "BRUF{E6oU9Ci#J9+6nWAhwMR9n:}"
s = ""
for i in string:
	if i in "uvwxyz" or i in "UVWXYZ":
		s+=chr(ord(i) - 20)
	elif i in "abcdef" or i in "ABCDEF":
		s+=chr(ord(i) + 20)
	elif i in "hijklm" or i in "HIJKLM":
		s+=chr(ord(i) + 6)
	elif i in "nopqrs" or i in "NOPQRS":
		s+=chr(ord(i) - 6)
	elif i == "g" or i == "G":
		s += chr(ord(i) + 13)
	elif i == "t" or i == "T":
		s += chr(ord(i) - 13)
	elif i in "0123456789":
		s += chr(105-ord(i))
	else:
		s += i
print(s)
# "VLAZ{Y3iA0Wo#P0+3hCUncSL0h:}"

再对字符串进行大小写转换

最后再根据i对4的求余值,进行逆运算

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
s = "VLAZ{Y3iA0Wo_P0_3hCUncSL0h:}".swapcase()
string1 = "ckagevdxizblqnwtmsrpufyhoj"
string2 = "TMQZWKGOIAGLBYHPCRJSUXEVND"


# encryption3逆运算   
flag = ""
for i in range(len(s)):
  if ord(s[i]) >= 97 and ord(s[i]) <= 122:
    index = string1.index(s[i])
    t = i % 4
    if t == 0:
      result = index + t
      flag += chr(result + 65)
    elif t == 1:
      result = index // t
      flag += chr(result + 65)
    elif t == 2:
      result = index ^ t
      flag += chr(result + 65)
    else :
      result = index - t
      flag += chr(result + 65)

  elif ord(s[i]) >= 65 and ord(s[i]) <= 90:
    index = string2.index(s[i])
    t = i % 4
    if t == 0:
      result = index + t
      flag += chr(result + 65)
    elif t == 1:
      result = index - t
      flag += chr(result + 65)
    elif t == 2:
      result = index // t
      flag += chr(result + 65)
    else:
      result = index ^ t
      flag += chr(result + 97)  
  else:
    flag += s[i]
print(flag)
# FLAG{W3lC0Me_T0_3NCRYPTI0N:}

然后放入ida中动调,稍微改改,对比一下,结果就出来了。

freestyle

解一下数学题,两个挑战,3277,105,MD5