c10udlnk_Log po5tst4gscateg0riesslid3sl1nksWho Am I
【wp】2022SUSCTF
|Write up
Words cnt: 1.3k|Need time: 6 分钟

逆向手终于来整理逆向啦(喜大普奔,可能会有其他两个逆向题的复现+1?

有幸苟在Top14,队友们tql!

Reverse

DigitalCircuits

exe典型pyinstaller打包,甚至图标都没改(

按照 RE套路 - 关于pyinstaller打包文件的复原 解出来python源码,然后读代码的过程中顺便给一些函数命了名(便于分析):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
import time

def myand(a, b):
    if a == '1':
        if b == '1':
            return '1'
    return '0'

def myor(a, b):
    if a == '0':
        if b == '0':
            return '0'
    return '1'

def mynot(a):
    if a == '1':
        return '0'
    if a == '0':
        return '1'

def myxor(a, b):
    return myor(myand(a, mynot(b)), myand(mynot(a), b))

def myadd(x, y, z):
    s = myxor(myxor(x, y), z)
    c = myor(myand(x, y), myand(z, myor(x, y)))
    return (s, c)

def add(a, b):
    ans = ''
    z = '0'
    a = a[::-1]
    b = b[::-1]
    for i in range(32):
        ans += myadd(a[i], b[i], z)[0]
        z = myadd(a[i], b[i], z)[1]
    return ans[::-1]

def shl(a, n):
    return a[n:] + '0' * n

def shr(a, n):
    return n * '0' + a[:-n]

def xor(a, b):
    ans = ''
    for i in range(32):
        ans += myxor(a[i], b[i])
    return ans

def f10(v0, v1, k0, k1, k2, k3):
    s = '00000000000000000000000000000000'
    d = '10011110001101110111100110111001'
    for i in range(32):
        s = add(s, d)
        v0 = add(v0, xor(xor(add(shl(v1, 4), k0), add(v1, s)), add(shr(v1, 5), k1)))
        v1 = add(v1, xor(xor(add(shl(v0, 4), k2), add(v0, s)), add(shr(v0, 5), k3)))

    return v0 + v1

k0 = '0100010001000101'.zfill(32)
k1 = '0100000101000100'.zfill(32)
k2 = '0100001001000101'.zfill(32)
k3 = '0100010101000110'.zfill(32)
flag = input('please input flag:')
if flag[0:7] != 'SUSCTF{' or flag[(-1)] != '}':
    print('Error!!!The formate of flag is SUSCTF{XXX}')
    time.sleep(5)
    exit(0)
flagstr = flag[7:-1]
if len(flagstr) != 24:
    print('Error!!!The length of flag 24')
    time.sleep(5)
    exit(0)
else:
    res = ''
    for i in range(0, len(flagstr), 8):
        v0 = flagstr[i:i + 4]
        v0 = bin(ord(flagstr[i]))[2:].zfill(8) + bin(ord(flagstr[(i + 1)]))[2:].zfill(8) + bin(ord(flagstr[(i + 2)]))[2:].zfill(8) + bin(ord(flagstr[(i + 3)]))[2:].zfill(8)
        v1 = bin(ord(flagstr[(i + 4)]))[2:].zfill(8) + bin(ord(flagstr[(i + 5)]))[2:].zfill(8) + bin(ord(flagstr[(i + 6)]))[2:].zfill(8) + bin(ord(flagstr[(i + 7)]))[2:].zfill(8)
        res += f10(v0, v1, k0, k1, k2, k3)
    if res == '001111101000100101000111110010111100110010010100010001100011100100110001001101011000001110001000001110110000101101101000100100111101101001100010011100110110000100111011001011100110010000100111':
        print('True')
    else:
        print('False')
time.sleep(5)

从前三个函数开始分析出与门、或门和非门,剩下的根据数电/离散学的一些知识来推(比如myadd这里是一个全加器,返回进位c和结果s)。

分析完以后可以发现f10其实就是个原版TEA,魔数都不带改的那种(u1s1看到这四个kx = '...'.zfill(32)就有猜到是TEA系列了hhh

key是k0-k3,密文是res,明文就是我们要的flag

用python把密钥和密文处理一下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
res = '001111101000100101000111110010111100110010010100010001100011100100110001001101011000001110001000001110110000101101101000100100111101101001100010011100110110000100111011001011100110010000100111'
dst = []
for i in range(0, len(res), 32):
    dst.append(int(res[i:i+32], 2))
print(dst)

k = [0] * 4
k[0] = '0100010001000101'.zfill(32)
k[1] = '0100000101000100'.zfill(32)
k[2] = '0100001001000101'.zfill(32)
k[3] = '0100010101000110'.zfill(32)
key = []
for x in k:
    key.append(int(x, 2))
print(key)

TEA、XTEA、XXTEA加密解密算法 抄一个tea解密,改一下main函数(需要注意一下flag塞进去的顺序):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#include <stdio.h>  
#include <stdint.h>  
  
//加密函数  
void encrypt (uint32_t* v, uint32_t* k) {  
    uint32_t v0=v[0], v1=v[1], sum=0, i;           /* set up */  
    uint32_t delta=0x9e3779b9;                     /* a key schedule constant */  
    uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3];   /* cache key */  
    for (i=0; i < 32; i++) {                       /* basic cycle start */  
        sum += delta;  
        v0 += ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);  
        v1 += ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);  
    }                                              /* end cycle */  
    v[0]=v0; v[1]=v1;  
}  
//解密函数  
void decrypt (uint32_t* v, uint32_t* k) {  
    uint32_t v0=v[0], v1=v[1], sum=0xC6EF3720, i;  /* set up */  
    uint32_t delta=0x9e3779b9;                     /* a key schedule constant */  
    uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3];   /* cache key */  
    for (i=0; i<32; i++) {                         /* basic cycle start */  
        v1 -= ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);  
        v0 -= ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);  
        sum -= delta;  
    }                                              /* end cycle */  
    v[0]=v0; v[1]=v1;  
}  
  
int main()  
{  
    uint32_t v[6]={1049184203, 3432269369, 825590664, 990603411, 3663885153, 992896039}, k[4]={17477, 16708, 16965, 17734};  
    for (int i = 0; i < 6; i += 2) {
        decrypt((uint32_t*)&v + i, k);
    }
    for (int i = 0; i < 6; i++) {
        printf("%08x", v[i]);
    }
    return 0;  
}

然后unhex一下:

flag:SUSCTF{XBvfaEdQvbcrxPBh8AOcJ6gA}

hell_world

在某g搜“vhdl 逆向”的时候搜到一道类似的题:https://team-su.github.io/passages/2021-11-20-XHLJ/

思路跟这个题差不多(可以说除了数据、case和算法其他都是一样的,连2233都一样),xjb逆+动态调试就行

搜字符串“flag”,定位到一样的主操作函数

最开始的已知数组在dword_7FF74A635C50

case11这里有另一个已知数组

然后把两个已知数组前面几个相互xor起来会发现刚好是SUS。。

然后就出来了(

(如果不确定是xor的话也可以通过动态调试看输出来判断,比较的加密后的密文在case7这里)

exp:

1
2
3
4
5
6
7
arr1 = [0x00000056, 0x000000DA, 0x000000CD, 0x0000003A, 0x0000007E, 0x00000086, 0x00000013, 0x000000B5, 0x0000001D, 0x0000009D, 0x000000FC, 0x00000097, 0x0000008C, 0x00000031, 0x0000006B, 0x000000C9, 0x000000FB, 0x0000001A, 0x000000E2, 0x0000002D, 0x000000DC, 0x000000D3, 0x000000F1, 0x000000F4, 0x00000036, 0x00000009, 0x00000020, 0x00000042, 0x00000004, 0x0000006A, 0x00000071, 0x00000053, 0x00000078, 0x000000A4, 0x00000097, 0x0000008F, 0x0000007A, 0x00000072, 0x00000039, 0x000000E8, 0x0000003D, 0x000000FA, 0x00000040, 0x0000003D]
arr2 = [0x00000005, 0x0000008F, 0x0000009E, 0x00000079, 0x0000002A, 0x000000C0, 0x00000068, 0x00000081, 0x0000002D, 0x000000FC, 0x000000CF, 0x000000A4, 0x000000B5, 0x00000055, 0x0000005F, 0x000000E4, 0x0000009D, 0x00000023, 0x000000D6, 0x0000001D, 0x000000F1, 0x000000E7, 0x00000097, 0x00000091, 0x00000006, 0x00000024, 0x00000042, 0x00000071, 0x0000003C, 0x00000058, 0x0000005C, 0x00000030, 0x00000019, 0x000000C6, 0x000000F5, 0x000000BC, 0x0000004B, 0x00000042, 0x0000005D, 0x000000DA, 0x00000058, 0x0000009B, 0x00000024, 0x00000040]

flag = ""
for i in range(44):
    flag += chr(arr1[i] ^ arr2[i])
print(flag)

flag:SUSCTF{40a339d4-f940-4fe0-b382-cabb310d2ead}

本文作者: c10udlnk
本文链接: https://c10udlnk.top/p/wpFor-2022SUSCTF/
版权声明: 本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 c10udlnk_Log (https://c10udlnk.top)!
CTFReversewp