Skip to content

Commit

Permalink
Site updated: 2023-12-04 13:41:10
Browse files Browse the repository at this point in the history
  • Loading branch information
@ErodedElk
ErodedElk committed Dec 4, 2023
1 parent dc8a593 commit a96f40f
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 4 deletions.
6 changes: 3 additions & 3 deletions 2023/12/04/TPCTF 复现记录/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
}</style><style>:root {
--dark-background: url('/img/bg.jpg');
--light-background: url('/img/91110244_p0.jpg');
}</style><meta name="generator" content="Hexo 6.3.0"></head><body><div class="loading" style="opacity: 0;"><div class="loadingBar left"></div><div class="loadingBar right"></div></div><main><header class="closed"><div class="navBtn"><i class="navBtnIcon"><span class="navBtnIconBar"></span><span class="navBtnIconBar"></span><span class="navBtnIconBar"></span></i></div><nav><div class="navItem" id="search-header"><span class="navItemTitle"><input autocomplete="off" autocorrect="off" autocapitalize="none" placeholder="Search" spellcheck="false" maxlength="50" type="text" id="search-input"></span></div><div class="navItem" id="search-holder"></div><div class="search-popup"><div id="search-result"></div></div><ol class="navContent"><li class="navItem"><a class="navBlock" href="/"><span class="navItemTitle">Home</span></a></li><li class="navItem" matchdata="categories,tags"><a class="navBlock" href="/archives/"><span class="navItemTitle">Archives</span></a></li><li class="navItem"><a class="navBlock" href="/about/"><span class="navItemTitle">About</span></a></li><li class="navItem"><a class="navBlock" href="/links/"><span class="navItemTitle">Links</span></a></li></ol></nav></header><article><div id="post-bg"><div id="post-title"><h1>TPCTF Reverse 复现记录</h1><div id="post-info"><span>First Post: <div class="control"><time datetime="2023-12-04T05:34:00.000Z" id="date"> 2023-12-04</time></div></span><br><span>Last Update: <div class="control"><time datetime="2023-12-04T05:35:35.900Z" id="updated"> 2023-12-04</time></div></span></div></div><hr><div id="post-content"><p>好久没有正经写复现了,这次整个人脑子都处于网咖状态,彻彻底底变成肥宅了,得想办法改改,于是开始写复现报告了。考虑到某些需求,这次着重于逆向部分,Pwn 的部分等啥时候有时间和心情了再写吧。</p>
}</style><meta name="generator" content="Hexo 6.3.0"></head><body><div class="loading" style="opacity: 0;"><div class="loadingBar left"></div><div class="loadingBar right"></div></div><main><header class="closed"><div class="navBtn"><i class="navBtnIcon"><span class="navBtnIconBar"></span><span class="navBtnIconBar"></span><span class="navBtnIconBar"></span></i></div><nav><div class="navItem" id="search-header"><span class="navItemTitle"><input autocomplete="off" autocorrect="off" autocapitalize="none" placeholder="Search" spellcheck="false" maxlength="50" type="text" id="search-input"></span></div><div class="navItem" id="search-holder"></div><div class="search-popup"><div id="search-result"></div></div><ol class="navContent"><li class="navItem"><a class="navBlock" href="/"><span class="navItemTitle">Home</span></a></li><li class="navItem" matchdata="categories,tags"><a class="navBlock" href="/archives/"><span class="navItemTitle">Archives</span></a></li><li class="navItem"><a class="navBlock" href="/about/"><span class="navItemTitle">About</span></a></li><li class="navItem"><a class="navBlock" href="/links/"><span class="navItemTitle">Links</span></a></li></ol></nav></header><article><div id="post-bg"><div id="post-title"><h1>TPCTF Reverse 复现记录</h1><div id="post-info"><span>First Post: <div class="control"><time datetime="2023-12-04T05:34:00.000Z" id="date"> 2023-12-04</time></div></span><br><span>Last Update: <div class="control"><time datetime="2023-12-04T05:40:42.977Z" id="updated"> 2023-12-04</time></div></span></div></div><hr><div id="post-content"><p>好久没有正经写复现了,这次整个人脑子都处于网咖状态,彻彻底底变成肥宅了,得想办法改改,于是开始写复现报告了。考虑到某些需求,这次着重于逆向部分,Pwn 的部分等啥时候有时间和心情了再写吧。</p>
<h1 id="Reverse"><a href="#Reverse" class="headerlink" title="Reverse"></a>Reverse</h1><h2 id="funky"><a href="#funky" class="headerlink" title="funky"></a>funky</h2><p>程序流程很清晰,输入 flag 然后加密后和密文比对,相同即可。</p>
<p>然后是这段:</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><code class="hljs c"><span class="hljs-keyword">do</span><br>&#123;<br> v8 = *v7;<br> v14 = <span class="hljs-number">0LL</span>;<br> v15 = <span class="hljs-number">0LL</span>;<br> v16 = <span class="hljs-number">0LL</span>;<br> v17 = <span class="hljs-number">0LL</span>;<br> sub_17F0(v6, v8);<br> *(_QWORD *)(v9 - <span class="hljs-number">32</span>) = v14;<br> *(_QWORD *)(v9 - <span class="hljs-number">24</span>) = v15;<br> *(_QWORD *)(v9 - <span class="hljs-number">16</span>) = v16;<br> *(_QWORD *)(v9 - <span class="hljs-number">8</span>) = v17;<br>&#125;<br></code></pre></td></tr></table></figure>
Expand Down Expand Up @@ -60,12 +60,12 @@ <h2 id="nanoPyEnc"><a href="#nanoPyEnc" class="headerlink" title="nanoPyEnc"></a
<figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><code class="hljs python"><span class="hljs-keyword">import</span> os<br>files = os.listdir(<span class="hljs-string">&quot;solvepyc&quot;</span>)<br><span class="hljs-keyword">for</span> file <span class="hljs-keyword">in</span> files:<br> os.system(<span class="hljs-string">&quot;pycdc.exe &quot;</span> + <span class="hljs-string">&quot;solvepyc/&quot;</span> +file +<span class="hljs-string">&quot; &gt; &quot;</span> + <span class="hljs-string">&quot;solvepy/&quot;</span>+file+<span class="hljs-string">&quot;.py&quot;</span>)<br></code></pre></td></tr></table></figure>

<p>然后用 vscode 打开目录批量去搜关键字就可以了:</p>
<p>![[search.png]]</p>
<p class='item-img' data-src='/images/TPCTF2023/search.png'><img src="/images/TPCTF2023/search.png"></p>
<p>这里对 enc 进行了更新,估摸着是 <code>from Crypto.Util.number import *</code> 的时候触发的。不过还是解不出来。再看看代码中对数据的处理代码:</p>
<figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><code class="hljs python">    <span class="hljs-keyword">def</span> <span class="hljs-title function_">list</span>(<span class="hljs-params">s</span>):<br>        _x = time.time() % <span class="hljs-number">64</span> &lt; <span class="hljs-number">1</span><br>        <span class="hljs-keyword">return</span> (<span class="hljs-keyword">lambda</span> <span class="hljs-number">.0</span> = <span class="hljs-literal">None</span>: [ _x ^ x <span class="hljs-keyword">for</span> x <span class="hljs-keyword">in</span> <span class="hljs-number">.0</span> ])(s)<br></code></pre></td></tr></table></figure>

<p>代码重载了 list ,这会让每个字节异或上 1 再打包成数字:</p>
<p>![[decode.png]]</p>
<p class='item-img' data-src='/images/TPCTF2023/decode.png'><img src="/images/TPCTF2023/decode.png"></p>
<h3 id="总结"><a href="#总结" class="headerlink" title="总结"></a>总结</h3><p>主要是几个技巧:</p>
<ul>
<li>pyz 解包是可以得到 pyc 字节码的</li>
Expand Down
Binary file added images/TPCTF2023/decode.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added images/TPCTF2023/search.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion search.json
View file

Large diffs are not rendered by default.

0 comments on commit a96f40f

Please sign in to comment.