findit
String m = String.valueOf(x)
valueOf()将不同类型数据转换为字符串
m.equals(edit.getText().toString())
edit.getText()通常用于从用户界面中获取文本输入,toString()方法将其转换为字符串,然后使用equals()方法进行比较
我改成了c++代码,结果有问题
改成python,跑出来了
a = ['T', 'h', 'i', 's', 'I', 's', 'T', 'h', 'e', 'F', 'l', 'a', 'g', 'H', 'o', 'm', 'e']
b = ['p', 'v', 'k', 'q', '{', 'm', '1', '6', '4', '6', '7', '5', '2', '6', '2', '0', '3', '3', 'l', '4', 'm', '4', '9', 'l', 'n', 'p', '7', 'p', '9', 'm', 'n', 'k', '2', '8', 'k', '7', '5', '}']
x = [''] * 17
y = [''] * 38
for i in range(17):if (a[i] < 'I' and a[i] >= 'A') or (a[i] < 'i' and a[i] >= 'a'):x[i] = chr(ord(a[i]) + 18)elif (a[i] >= 'A' and a[i] <= 'Z') or (a[i] >= 'a' and a[i] <= 'z'):x[i] = chr(ord(a[i]) - 8)else:x[i] = a[i]
for i2 in range(38):if (b[i2] >= 'A' and b[i2] <= 'Z') or (b[i2] >= 'a' and b[i2] <= 'z'):y[i2] = chr(ord(b[i2]) + 16)if (y[i2] > 'Z' and y[i2] < 'a') or y[i2] >= 'z':y[i2] = chr(ord(y[i2]) - 26)else:y[i2] = b[i2]
# 输出字符列表中的所有元素
print(''.join(y))
# flag{c164675262033b4c49bdf7f9cda28a75}[FlareOn4]login
是个html代码,输入flag的,看不太懂
<!DOCTYPE Html />
<html><head><title>FLARE On 2017</title></head><body><input type="text" name="flag" id="flag" value="Enter the flag" /><input type="button" id="prompt" value="Click to check the flag" /><script type="text/javascript">document.getElementById("prompt").onclick = function () {var flag = document.getElementById("flag").value;var rotFlag = flag.replace(/[a-zA-Z]/g, function(c){return String.fromCharCode((c <= "Z" ? 90 : 122) >= (c = c.charCodeAt(0) + 13) ? c : c - 26);});if ("PyvragFvqrYbtvafNerRnfl@syner-ba.pbz" == rotFlag) {alert("Correct flag!");} else {alert("Incorrect flag, rot again");}}</script></body>
</html>
gpt转换一下, 其实也就是凯撒密码,偏移量为13
enc='PyvragFvqrYbtvafNerRnfl@syner-ba.pbz'
for i in range(len(enc)):k=ord(enc[i])if 65<=k<=90:if k-13<65:print(chr(k-13+26),end='')else:print(chr(k-13),end='')elif 97<=k<=122:if k-13<97:print(chr(k-13+26),end='')else:print(chr(k-13),end='')else:print(enc[i],end='')
# ClientSideLoginsAreEasy@flare-on.com[WUSTCTF2020]level1
ptr = [198, 232, 816, 200, 1536, 300, 6144, 984, 51200, 570, 92160,1200, 565248, 756, 1474560, 800, 6291456, 1782, 65536000]for i in range(19):if (i+1) & 1:print(chr(ptr[i] >> (i+1)), end="")else:print(chr(ptr[i] // (i+1)), end="")或者
key = [0,198,232,816,200,1536,300,6144,984,51200,570,92160,1200,565248,
756,1474560,800,6291456,1782,65536000]
for i in range(1,20)://i是从1开始的。if i%2 == 1:print(chr(key[i] >> i),end='')else:print(chr(key[i]//(整除符)i),end='')、
[WUSTCTF2020]level2
还是是不能有那个括号,去除了就成功了。
flag就出来了。
[WUSTCTF2020]level3
简单替换后,解密得到flag
import base64
table='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
enc='d2G0ZjLwHjS7DmOzZAY0X2lzX3CoZV9zdNOydO9vZl9yZXZlcnGlfD=='
hh=list(table)
for i in range(10):v1=table[i]hh[i]=hh[19-i]hh[19-i]=v1
print(''.join(hh))
str='TSRQPONMLKJIHGFEDCBAUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
print(base64.b64decode(enc.translate(str.maketrans(str,table))))
[ACTF新生赛2020]rome
strcpy(v12, "Qsw3sj_lz4_Ujw@l");printf("Please input:");scanf("%s", &input);result = input;if ( input == 'A' ){result = v3;if ( v3 == 'C' ){result = v4;if ( v4 == 'T' ){result = v5;if ( v5 == 'F' ){result = v6;if ( v6 == '{' ){result = v11;if ( v11 == '}' ){v1[0] = v7;v1[1] = v8;v1[2] = v9;v1[3] = v10;*&v12[17] = 0;while ( *&v12[17] <= 15 ){if ( *(v1 + *&v12[17]) > 64 && *(v1 + *&v12[17]) <= 90 )// A-Z*(v1 + *&v12[17]) = (*(v1 + *&v12[17]) - 51) % 26 + 65;if ( *(v1 + *&v12[17]) > 96 && *(v1 + *&v12[17]) <= 122 )// a-z*(v1 + *&v12[17]) = (*(v1 + *&v12[17]) - 79) % 26 + 97;++*&v12[17];}*&v12[17] = 0;while ( *&v12[17] <= 15 ){result = v12[*&v12[17]];if ( *(v1 + *&v12[17]) != result )return result;++*&v12[17];}return printf("You are correct!");}}}}}}看到有取模,嗯就想到了爆破,并且%26+65肯定还是大写字母,范围没变。
enc='Qsw3sj_lz4_Ujw@l'
for i in range(len(enc)):k=ord(enc[i])if 65<=k<=90:for m in range(65,91,1):if k==(m-51)%26+65:print(chr(m),end='')breakelif 97<=k<=122:for n in range(97,123,1):if k==(n-79)%26+97:print(chr(n),end='')breakelse:print(enc[i],end='')[FlareOn4]IgniteMe
汇编语言指令 ROL
循环左移指令:ROL DEST,COUNT
指令功能:把目的地址中的数据循环左移COUNT次,每次从最高位(最左)移出的数据位都补充到最低位(最右),最后从最高位(最左)移出的数据位保存到CF标志位。
标志位影响:CF标志用于保存最后从最高位移出的数据位。如果COUNT=1,OF标志有意义,如果移位前后数据的符号位发生了变化,OF=1;如果符号位没有发生变化,OF=0。如果COUNT>1,OF标志不确定(没有意义)。
(unsigned __int16)__ROL4__(0x80070000, 4) >> 1; ROL4就是左移4位,v4=00700004
v4本来等于0x00700004的,我的理解是:因为目标字符里面都是两位的,其实v4也应该保留两位,不然就行不通
嗯,突然想到不知道这个汇编指令,也可以通过动调,找到这个值
byte30=[0x0D, 0x26, 0x49, 0x45, 0x2A, 0x17, 0x78, 0x44, 0x2B, 0x6C,0x5D, 0x5E, 0x45, 0x12, 0x2F, 0x17, 0x2B, 0x44, 0x6F, 0x6E,0x56, 0x09, 0x5F, 0x45, 0x47, 0x73, 0x26, 0x0A, 0x0D, 0x13,0x17, 0x48, 0x42, 0x01, 0x40, 0x4D, 0x0C, 0x02, 0x69]
v4=0x04
date=[]
print(len(byte30))
for i in range(len(byte30)-1,-1,-1):k=byte30[i]^v4date.append(k)v4=k
for i in range(39):print(chr(date[38-i]),end='')
![[系统安全] 六十.威胁狩猎 (1)APT攻击检测及防御与常见APT组织的攻击案例分析](https://img-blog.csdnimg.cn/20200509001045491.png#pic_center)
![[极客大挑战 2019]Upload、[ACTF2020 新生赛]Upload、[MRCTF2020]你传你呢](https://img-blog.csdnimg.cn/direct/f0dc2705f06d4a3ba3ac1c97bdf116cc.png)
