零基础黑客教程,黑客圈新闻,安全面试经验
尽在 # 暗网黑客教程 #
话不多说
咱直接进入正题
一
判断文件类型
不管题目中所给文件带有什么扩展名,我们都应该亲自去检查文件头,使用任意文本编辑工具打开这个二进制文件
二
查壳与脱壳
三
静态分析
四
一些常见题型
-
方程组(HCTF2017逆向第一题)
对输入做了异或
本题中三个方程的关键代码
爆破解法:
def solve(idx1,idx2,idx3,idx4):
for x in range(0,255):
if(((x ^ idx1 )& idx2 )>> idx3) | (((x ^ idx1) << idx3 )& idx2) == idx4:
print(chr(x^0x76), end='')
key1 = [0x6f,0xdd,0xdd,0x48,0x64,0x63,0xd7]
for ele in key1:
solve(0xAD,0xAA,0x1,ele)
key2 = [0x2e,0x2c,0xfe,0x6a,0x6d,0x2a,0xf2]
for ele in key2:
solve(0xbe,0xcc,0x2,ele)
key3=[0x6f,0x9a,0x4d,0x8b,0x4b,0xfa,0x1a]
for ele in key3:
solve(0xef,0xf0,0x4,ele)
Z3约束器解法:
from z3 import *
def z3_solve(idx1,idx2,idx3,idx4):
solver = Solver()
x = BitVec('x', 32)
solver.add((((x ^ idx1 )& idx2 )>> idx3) | (((x ^ idx1) << idx3 )& idx2) == idx4)
if solver.check() == sat:
print(chr(solver.model()[x].as_long() ^ 0x76), end='')
key1 = [0x6f,0xdd,0xdd,0x48,0x64,0x63,0xd7]
for ele in key1:
z3_solve(0xAD,0xAA,0x1,ele)
key2 = [0x2e,0x2c,0xfe,0x6a,0x6d,0x2a,0xf2]
for ele in key2:
z3_solve(0xbe,0xcc,0x2,ele)
key3=[0x6f,0x9a,0x4d,0x8b,0x4b,0xfa,0x1a]
for ele in key3:
z3_solve(0xef,0xf0,0x4,ele)
黑客教程~ 课件 靶场 ~ 限!时!免费!送!
长按识别二维码,即可限时免费报名课程。
点击在看~好文大家给一起看!👇
原文始发于微信公众号(白帽子左一):CTF中逆向的一些经验
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论