从老博客搬运的一些逆向的东西
最近突然又对逆向感兴趣了,准备陆续从老博客搬运一些逆向的东西过来。
1、unctf2021-Rejunk
下载程序拖进exeinfo查壳,无壳,运行后随机输入几个数提示length error,拖进idapro找到main函数后f5查看伪代码,根据题目提示垃圾代码混淆与逆向异或运算可观察得到关键的两行
我们可以看到几个字符串,这就是关键语句,分析易知将v9(从0开始循环的数与flag字符串中每个字符加上2的值异或运算得到了变换后的字符串),根据异或运算的性质开始写脚本
#include<bits/stdc++.h>
using namespace std;
int main(){
int i,j,k,mid[21],flag[21];
char a[]="WQGULxb>2:ooh95=''twk";
for(i=0;i<21;i++){
mid[i]=a[i]^i;
}
for(j=0;j<21;j++){
flag[j]=mid[j]-2;
}
for(k=0;k<21;k++){
printf("%c",flag[k]);
}
return 0;
}
结果:UNCTF{b781cbb29054db}
2、swctf-py_opcode
python字节码逆向,题目忘了(乐,反正逆字节码,照着总能逆出来的
import dis
def d():
sum=0
for i in range(0,len(s),2):
sum=sum+i
v0=flag[i]
v1=flag[i+1]
flag[i]=((((v1<<4)+i)^(v1+sum)))^((v1>>5)+sum)
flag[i+1]=(((v0>>2)-i-sum))^((v0<<1)-sum)
print(dis.dis(d))
def x():
sum=0
s = [1677, 250, 1875, 221, 1852, 241, 823, -125, 1794, -87, 1289, -90, 1174, -27, 1574, -178, 732, -189, 1925, -90,
1960, -106, 1544, -197, 1646, 185]
for i in range(0,len(s),2):
sum=sum+i
for a1 in range(0x20,0x7f):
for a2 in range(0x20, 0x7f):
v0=a1
v1=a2
v00=((((v1<<4)+i)^(v1+sum)))^((v1>>5)+sum)
v11=(((v0>>2)-i-sum))^((v0<<1)-sum)
if v00==s[i] and v11==s[i+1]:
print(chr(a1)+chr(a2),end='')
x()
结果:snert{D0-y6y0U-Like-0pCode?}
3 0 LOAD_CONST 1 (0)
2 STORE_FAST 0 (sum)
4 4 LOAD_GLOBAL 0 (range)
6 LOAD_CONST 1 (0)
8 LOAD_GLOBAL 1 (len)
10 LOAD_GLOBAL 2 (s)
12 CALL_FUNCTION 1
14 LOAD_CONST 2 (2)
16 CALL_FUNCTION 3
18 GET_ITER
>> 20 FOR_ITER 52 (to 126)
22 STORE_FAST 1 (i)
5 24 LOAD_FAST 0 (sum)
26 LOAD_FAST 1 (i)
28 BINARY_ADD
30 STORE_FAST 0 (sum)
6 32 LOAD_GLOBAL 3 (flag)
34 LOAD_FAST 1 (i)
36 BINARY_SUBSCR
38 STORE_FAST 2 (v0)
7 40 LOAD_GLOBAL 3 (flag)
42 LOAD_FAST 1 (i)
44 LOAD_CONST 3 (1)
46 BINARY_ADD
48 BINARY_SUBSCR
50 STORE_FAST 3 (v1)
8 52 LOAD_FAST 3 (v1)
54 LOAD_CONST 4 (4)
56 BINARY_LSHIFT
58 LOAD_FAST 1 (i)
60 BINARY_ADD
62 LOAD_FAST 3 (v1)
64 LOAD_FAST 0 (sum)
66 BINARY_ADD
68 BINARY_XOR
70 LOAD_FAST 3 (v1)
72 LOAD_CONST 5 (5)
74 BINARY_RSHIFT
76 LOAD_FAST 0 (sum)
78 BINARY_ADD
80 BINARY_XOR
82 LOAD_GLOBAL 3 (flag)
84 LOAD_FAST 1 (i)
86 STORE_SUBSCR
9 88 LOAD_FAST 2 (v0)
90 LOAD_CONST 2 (2)
92 BINARY_RSHIFT
94 LOAD_FAST 1 (i)
96 BINARY_SUBTRACT
98 LOAD_FAST 0 (sum)
100 BINARY_SUBTRACT
102 LOAD_FAST 2 (v0)
104 LOAD_CONST 3 (1)
106 BINARY_LSHIFT
108 LOAD_FAST 0 (sum)
110 BINARY_SUBTRACT
112 BINARY_XOR
114 LOAD_GLOBAL 3 (flag)
116 LOAD_FAST 1 (i)
118 LOAD_CONST 3 (1)
120 BINARY_ADD
122 STORE_SUBSCR
124 JUMP_ABSOLUTE 10 (to 20)
4 >> 126 LOAD_CONST 0 (None)
128 RETURN_VALUE
Comments NOTHING