数字中国APP赛道安全积分争夺赛初赛wp

app4

手快抢了个签到题一血

有混淆，用jeb查看代码

发现有md5常数，猜测直接是md5

在线得到flag

babyapk

baby_xor函数在so层

用给的key解密发现一直不对，也没找到交叉引用

init_array找到修改点

c=[119, 9, 40, 44, 106, 84, 113, 124, 34, 93, 122, 121, 119, 4, 120, 124, 36, 7, 127, 42, 117, 6, 112, 41, 32, 4, 112, 47, 119, 81, 123, 47, 33, 81, 40, 120, 114, 24]
c1=[0x11,0x65, 0x49, 0x4b]
for i in range(len(c)):
    c[i]^=c1[i%len(c1)]
    print(chr(c[i]),end="")
#flag{1873832fa175b6adc9b1a9df42d04a3c}

magic

两次encrypt

__int64 __fastcall encrypt(__int64 a1, __int64 a2, __int64 a3)
{
  unsigned __int8 v4; // [rsp+2Fh] [rbp-651h]
  FILE *v5; // [rsp+30h] [rbp-650h]
  __int64 v6; // [rsp+38h] [rbp-648h]
  int v7; // [rsp+44h] [rbp-63Ch]
  int fd; // [rsp+48h] [rbp-638h]
  int i; // [rsp+4Ch] [rbp-634h]
  unsigned __int8 *v10; // [rsp+50h] [rbp-630h]
  unsigned __int8 *StringUTFChars; // [rsp+58h] [rbp-628h]
  int v12; // [rsp+148h] [rbp-538h] BYREF
  socklen_t addr_len; // [rsp+14Ch] [rbp-534h] BYREF
  char s1[10]; // [rsp+150h] [rbp-530h] BYREF
  char v15[246]; // [rsp+15Ah] [rbp-526h] BYREF
  char v16[1032]; // [rsp+250h] [rbp-430h] BYREF
  struct sockaddr v17; // [rsp+658h] [rbp-28h] BYREF
  struct sockaddr addr; // [rsp+668h] [rbp-18h] BYREF
  unsigned __int64 v19; // [rsp+678h] [rbp-8h]

  v19 = __readfsqword(0x28u);
  StringUTFChars = (unsigned __int8 *)_JNIEnv::GetStringUTFChars(a1, a3, 0LL);
  v10 = (unsigned __int8 *)malloc(0x10uLL);
  addr_len = 16;
  fd = socket(2, 1, 0);
  if ( fd < 0 )
    __android_log_print(6LL, "NativeSocket", "TCP socket creation failed");
  addr.sa_family = 2;
  addr.sa_data[3] = 0;
  *(_WORD *)&addr.sa_data[4] = 0;
  strcpy(addr.sa_data, "09");
  if ( bind(fd, &addr, 0x10u) )
  {
    __android_log_print(6LL, "NativeSocket", "TCP bind failed");
    close(fd);
  }
  if ( listen(fd, 5) < 0 )
  {
    __android_log_print(6LL, "NativeSocket", "TCP listen failed");
    close(fd);
  }
  __android_log_print(3LL, "NativeSocket", "TCP Server listening on port %d...", 12345LL);
  v7 = accept(fd, &v17, &addr_len);
  if ( v7 < 0 )
  {
    __android_log_print(6LL, "NativeSocket", "TCP accept failed");
    close(fd);
  }
  v6 = __recvfrom_chk((unsigned int)v7, key, 16LL, 17LL, 0LL, 0LL, 0LL);
  if ( v6 >= 0 )
  {
    v16[v6] = 0;
    __android_log_print(3LL, "NativeSocket", "TCP Received: %s", v16);
  }
  else
  {
    __android_log_print(6LL, "NativeSocket", "TCP recv failed");
  }
  close(v7);
  close(fd);
  v5 = fopen("/proc/self/status", "r");
  v12 = 0;
  while ( __fgets_chk(s1, 256LL, v5, 256LL) )
  {
    if ( !strncmp(s1, "TracerPid:", 0xAuLL) )
    {
      sscanf(v15, "%d", &v12);
      break;
    }
  }
  fclose(v5);
  v4 = v12;
  for ( i = 0; i < 16; ++i )
  {
    v4 = sub_2AC0(v4);
    key[i] ^= v4;
  }
  aesEncrypt(key, 0x10u, StringUTFChars, v10, 0x10u);
  __memcpy_chk(&data, v10, 16LL, 25LL);
  return 0LL;
}

根据代码找到原始key

模拟异或得到真正的key

a=[0x12,0x34,0x55,0x66,0x77,0x88,0x43,0x21,0x70,0x34,0x73,0x73,0x57,0x72,0x30,0x64]
v4=0
for i in range(16):
    v4=(0x99*v4-1)%256
    a[i]^=v4
    print(hex(a[i]),end=",")
#0xed,0x52,0xa0,0xa,0xfc,0x9a,0x82,0x79,0xe7,0xa,0x7e,0xb7,0x74,0x98,0xe9,0xd4

先base64解密再aes_ecb，直接没解出来

s盒有魔改

比赛最后半小时做的，思路顺畅但是看到s盒魔改就五分钟了，ai直接给的脚本没有逆s盒，最后也没交上

b64_str = "l5FlaXCVBE2ALJgWLpekmm=="
custom_b64_table = "0123456789XYZabcdefghijklABCDEFGHIJKLMNOPQRSTUVWmnopqrstuvwxyz+/="

# 构造反查表
b64_rev_table = {char: i for i, char in enumerate(custom_b64_table)}

def custom_base64_decode(s):
    s = s.rstrip('=')
    buffer = 0
    bits = 0
    output = bytearray()

    for char in s:
        if char not in b64_rev_table:
            raise ValueError(f"Invalid character in Base64: {char}")
        buffer = (buffer << 6) + b64_rev_table[char]
        bits += 6
        while bits >= 8:
            bits -= 8
            output.append((buffer >> bits) & 0xFF)
    return bytes(output)

cipher_bytes = custom_base64_decode(b64_str)
print("🔐 解码后密文（hex）：", cipher_bytes.hex().upper())
print("🔐 解码后密文（16字节）：", cipher_bytes.hex().upper())

class IAES:
    global new_s_box
    def __init__(self):
        self.Nk = 4
        self.Nb = 4
        self.Nr = 10

    def arrays(self, raws):
        Nb = []
        for i in range(4):
            Nb = Nb + [raws[4 * 0 + i], raws[4 * 1 + i], raws[4 * 2 + i], raws[4 * 3 + i]]
        return Nb

    def Inv_arrays(self, raws):
        Inv_raws = []
        for i in range(4):
            Inv_raws = Inv_raws + [raws[4 * 0 + i], raws[4 * 1 + i], raws[4 * 2 + i], raws[4 * 3 + i]]
        return Inv_raws

    def view(self, raws):
        raws = self.Inv_arrays(raws)
        raws = ''.join([x.to_bytes(1, byteorder='big').hex() for x in raws])
        print(raws)

    def view2(self, list):
        for i in range(len(list)):
            print(format(list[i], '2x'), end=' ')
            if i & 3 == 3:  # i%4 == 3
                print('\n', end='')
        print('\n', end='')

    def AddRoundKey(self, raws, Keys):
        AddRoundKey = []
        for raw, Key in zip(raws, Keys):
            AddRoundKey.append(raw ^ Key)
        return AddRoundKey

    def SubBytes(self, raws):
        S_box=new_s_box
        raws_S_box = []
        for raw in raws:
            raws_S_box.append(S_box[raw])
        return raws_S_box

    def InvSubBytes(self, raws,inv_s_box):
        IS_box = inv_s_box
        raws_IS_box = []
        for raw in raws:
            raws_IS_box.append(IS_box[raw])
        return raws_IS_box

    def InvShiftRows(self, raws):
        s13 = raws.pop(7)
        raws.insert(4, s13)
        s2223 = raws[10:12]
        del raws[10:12]
        raws[8:0] = s2223
        s313233 = raws[13:16]
        del raws[13:16]
        raws[12:0] = s313233
        return raws

    def GMUL(self, a, b):  # Russian Peasant Multiplication algorithm
        p = 0
        while a and b:
            if b & 1:  # b%2
                p = p ^ a
            if a & 0x80:  # a=a*x^7(a>0),a >= 2**7(128)
                a = (a << 1) ^ 0x11b  # 0x11b = x^8 + x^4 + x^3 + x + 1 (0b100011011)
            else:
                a = a << 1
            b = b >> 1
        return p

    def InvMixColumns(self, raws):
        for i in range(4):
            raws[0 * 4 + i], \
                raws[1 * 4 + i], \
                raws[2 * 4 + i], \
                raws[3 * 4 + i] \
                = \
                self.GMUL(0x0e, raws[0 * 4 + i]) ^ self.GMUL(0x0b, raws[1 * 4 + i]) ^ self.GMUL(0x0d, raws[
                    2 * 4 + i]) ^ self.GMUL(0x09, raws[3 * 4 + i]), \
                self.GMUL(0x09, raws[0 * 4 + i]) ^ self.GMUL(0x0e, raws[1 * 4 + i]) ^ self.GMUL(0x0b, raws[
                    2 * 4 + i]) ^ self.GMUL(0x0d, raws[3 * 4 + i]), \
                self.GMUL(0x0d, raws[0 * 4 + i]) ^ self.GMUL(0x09, raws[1 * 4 + i]) ^ self.GMUL(0x0e, raws[
                    2 * 4 + i]) ^ self.GMUL(0x0b, raws[3 * 4 + i]), \
                self.GMUL(0x0b, raws[0 * 4 + i]) ^ self.GMUL(0x0d, raws[1 * 4 + i]) ^ self.GMUL(0x09, raws[
                    2 * 4 + i]) ^ self.GMUL(0x0e, raws[3 * 4 + i])
        return raws

    def RotWord(self, temp):
        b0 = temp.pop(0)
        temp.insert(3, b0)
        return temp

    def SubWord(self, temp):
        temp = self.SubBytes(temp)
        return temp

    def KeyExpansion(self, key):
        i = 0
        w = [[0]] * (self.Nb * (self.Nr + 1))
        Rcon = [[0x01, 0x00, 0x00, 0x00],
                [0x02, 0x00, 0x00, 0x00],
                [0x04, 0x00, 0x00, 0x00],
                [0x08, 0x00, 0x00, 0x00],
                [0x10, 0x00, 0x00, 0x00],
                [0x20, 0x00, 0x00, 0x00],
                [0x40, 0x00, 0x00, 0x00],
                [0x80, 0x00, 0x00, 0x00],
                [0x1B, 0x00, 0x00, 0x00],
                [0x36, 0x00, 0x00, 0x00]
                ]
        while i < self.Nk:
            w[i] = ([key[4 * i], key[4 * i + 1], key[4 * i + 2], key[4 * i + 3]])
            i = i + 1

        i = self.Nk

        while i < self.Nb * (self.Nr + 1):
            temp = w[i - 1].copy()
            if i % self.Nk == 0:
                temp = self.SubWord(self.RotWord(temp))
                temp2 = []
                for temp1, Rcon1 in zip(temp, Rcon[(i // self.Nk) - 1]):
                    temp2.append(temp1 ^ Rcon1)
                temp = temp2
            elif self.Nk > 6 and i % self.Nk == 4:
                temp = self.SubWord(temp)
            w_temp = []
            for w1, temp1 in zip(w[i - self.Nk], temp):
                w_temp.append(w1 ^ temp1)
            w[i] = w_temp
            i = i + 1
        return w

    def IAES(self, IInput, Cipher_Key,inv_s_box):
        IInput = [IInput1 for IInput1 in IInput]
        Cipher_Key = [Cipher_Key1 for Cipher_Key1 in Cipher_Key]
        KeyExpansion = self.KeyExpansion(Cipher_Key)
        keys = []
        for Key_index in range(len(KeyExpansion) // 4):
            keys_temp = (KeyExpansion[4 * Key_index] + KeyExpansion[4 * Key_index + 1] + KeyExpansion[
                4 * Key_index + 2] + KeyExpansion[4 * Key_index + 3])
            keys_temp = self.arrays(keys_temp)
            keys.append(keys_temp)
        IInput = self.arrays(IInput)
        self.view(IInput)
        self.view(keys[-1])
        IInput = self.AddRoundKey(IInput, keys[-1])
        self.view(IInput)
        for index in range(self.Nr - 1):
            IInput = self.InvShiftRows(IInput)
            self.view(IInput)
            IInput = self.InvSubBytes(IInput,inv_s_box)
            self.view(IInput)
            self.view(keys[-1 - 1 - index])
            IInput = self.AddRoundKey(IInput, keys[-1 - 1 - index])
            self.view(IInput)
            IInput = self.InvMixColumns(IInput)
            self.view(IInput)
        IInput = self.InvShiftRows(IInput)
        self.view(IInput)
        IInput = self.InvSubBytes(IInput,inv_s_box)
        self.view(IInput)
        self.view(keys[0])
        IInput = self.AddRoundKey(IInput, keys[0])
        self.view(IInput)
        IInput = self.Inv_arrays(IInput)
        IInput = bytes(IInput)
        return IInput

new_s_box = [0x31, 0x52, 0x5A, 0xC8, 0x0B, 0xAC, 0xF3, 0x3A, 0x8B, 0x54, 0x27, 0x9B, 0xAB, 0x95, 0xDE, 0x83,
             0x60, 0xCB, 0x53, 0x7F, 0xC4, 0xE3, 0x0A, 0x97, 0xE0, 0x29, 0xD5, 0x68, 0xC5, 0xDF, 0xF4, 0x7B,
             0xAA, 0xD6, 0x42, 0x78, 0x6C, 0xE9, 0x70, 0x17, 0xD7, 0x37, 0x24, 0x49, 0x75, 0xA9, 0x89, 0x67,
             0x03, 0xFA, 0xD9, 0x91, 0xB4, 0x5B, 0xC2, 0x4E, 0x92, 0xFC, 0x46, 0xB1, 0x73, 0x08, 0xC7, 0x74,
             0x09, 0xAF, 0xEC, 0xF5, 0x4D, 0x2D, 0xEA, 0xA5, 0xDA, 0xEF, 0xA6, 0x2B, 0x7E, 0x0C, 0x8F, 0xB0,
             0x04, 0x06, 0x62, 0x84, 0x15, 0x8E, 0x12, 0x1D, 0x44, 0xC0, 0xE2, 0x38, 0xD4, 0x47, 0x28, 0x45,
             0x6E, 0x9D, 0x63, 0xCF, 0xE6, 0x8C, 0x18, 0x82, 0x1B, 0x2C, 0xEE, 0x87, 0x94, 0x10, 0xC1, 0x20,
             0x07, 0x4A, 0xA4, 0xEB, 0x77, 0xBC, 0xD3, 0xE1, 0x66, 0x2A, 0x6B, 0xE7, 0x79, 0xCC, 0x86, 0x16,
             0xD0, 0xD1, 0x19, 0x55, 0x3C, 0x9F, 0xFB, 0x30, 0x98, 0xBD, 0xB8, 0xF1, 0x9E, 0x61, 0xCD, 0x90,
             0xCE, 0x7C, 0x8D, 0x57, 0xAE, 0x6A, 0xB3, 0x3D, 0x76, 0xA7, 0x71, 0x88, 0xA2, 0xBA, 0x4F, 0x3E,
             0x40, 0x64, 0x0F, 0x48, 0x21, 0x35, 0x36, 0x2F, 0xE8, 0x14, 0x5D, 0x51, 0xD8, 0xB5, 0xFE, 0xD2,
             0x96, 0x93, 0xA1, 0xB6, 0x43, 0x0D, 0x4C, 0x80, 0xC9, 0xFF, 0xA3, 0xDD, 0x72, 0x05, 0x59, 0xBF,
             0x0E, 0x26, 0x34, 0x1F, 0x13, 0xE5, 0xDC, 0xF2, 0xC6, 0x50, 0x1E, 0xE4, 0x85, 0xB7, 0x39, 0x8A,
             0xCA, 0xED, 0x9C, 0xBB, 0x56, 0x23, 0x1A, 0xF0, 0x32, 0x58, 0xB2, 0x65, 0x33, 0x6F, 0x41, 0xBE,
             0x3F, 0x6D, 0x11, 0x00, 0xAD, 0x5F, 0xC3, 0x81, 0x25, 0xA8, 0xA0, 0x9A, 0xF6, 0xF7, 0x5E, 0x99,
             0x22, 0x2E, 0x4B, 0xF9, 0x3B, 0x02, 0x7A, 0xB9, 0x5C, 0x69, 0xF8, 0x1C, 0xDB, 0x01, 0x7D, 0xFD]

# 构造逆 S-box
new_contrary_sbox = [0] * 256
for i in range(256):
    val = new_s_box[i]
    new_contrary_sbox[val] = i

# 替换 key
Cipher_Key = bytes([
    0xed, 0x52, 0xa0, 0x0a,
    0xfc, 0x9a, 0x82, 0x79,
    0xe7, 0x0a, 0x7e, 0xb7,
    0x74, 0x98, 0xe9, 0xd4
])

# 解密
aes = IAES()
plaintext = aes.IAES(cipher_bytes, Cipher_Key, new_contrary_sbox)

print("📝 明文文本：", plaintext.decode("utf-8", errors="replace"))

#3a7e1d9c0b8f4e56

比赛wp

数字中国APP赛道安全积分争夺赛初赛wp

https://j1ya-22.github.io/2025/03/31/数字中国APP赛道安全积分争夺赛初赛wp/

作者

j1ya

发布于

2025年3月31日

许可协议

OLLVM混淆so文件初探上一篇

减少虚拟机占的物理内存下一篇