bj777的blog

记录学习每一瞬间

0%

网鼎杯

发表于

网鼎杯

这次网鼎杯总共3道re,出了两道,第三道出了一半卡在了写脚本,总之还是不错的。

fakeshell

很简单的一道题,主要是setjmp和longjmp这个知识点,已经做了三次这种题了,经过调试发现是一个加法和一个异或然后进行对比,直接给出脚本

1
2
3
4
5
cmp = [0x0000004B, 0x00000048, 0x00000079, 0x00000013, 0x00000045, 0x00000030, 0x0000005C, 0x00000049, 0x0000005A, 0x00000079, 0x00000013, 0x00000070, 0x0000006D, 0x00000078, 0x00000013, 0x0000006F, 0x00000048, 0x0000005D, 0x00000064, 0x00000064, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]
flag = ""
for i in range(len(cmp)):
    flag += chr(((cmp[i]^0x50)-10)^0x66)
print(flag)

handmake

纯纯动脑子题,一眼看出是个go语言,本来想着慢慢找,但发现他们都做的很快,其实可以直接改几处源码就行,15k行只用改main就行,将要得到的值输出就行。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
func main() {
	var nFAzj, CuSkl string
	jjxXf := []byte{
		37, 73, 151, 135, 65, 58, 241, 90, 33, 86, 71, 41, 102, 241, 213, 234, 67, 144, 139, 20, 112, 150, 41, 7, 158, 251, 167, 249, 24, 129, 72, 64, 83, 142, 166, 236, 67, 18, 211, 100, 91, 38, 83, 147, 40, 78, 239, 113, 232, 83, 227, 47, 192, 227, 70, 167, 201, 249, 156, 101, 216, 159, 116, 210, 152, 234, 38, 145, 198, 58, 24, 183, 72, 143, 136, 234, 246}
	KdlaH := []byte{
		191, 140, 114, 245, 142, 55, 190, 30, 161, 18, 200, 7, 21, 59, 17, 44, 34, 181, 109, 116, 146, 145, 189, 68, 142, 113, 0, 33, 46, 184, 21, 33, 66, 99, 124, 167, 201, 88, 133, 20, 211, 67, 133, 250, 62, 28, 138, 229, 105, 102, 125, 124, 208, 180, 50, 146, 67, 39, 55, 240, 239, 203, 230, 142, 20, 90, 205, 27, 128, 136, 151, 140, 222, 92, 152, 1, 222, 138, 254, 246, 223, 224, 236, 33, 60, 170, 189, 77, 124, 72, 135, 46, 235, 17, 32, 28, 245}
	fmt.Print(MPyt9GWTRfAFNvb1(jjxXf))
	fmt.Scanf("%20s\n", &nFAzj)
	fmt.Printf("First scanf: %s\n", nFAzj)
	fmt.Print(kZ2BFvOxepd5ALDR(KdlaH))
	fmt.Scanf("%20s", &CuSkl)
	fmt.Printf("Second Scanf: %s\n", CuSkl)
	vNvUO := GwSqNHQ7dPXpIG64(nFAzj)
	fmt.Printf("vNvUO %s\n", vNvUO)
	YJCya := ""
	mvOxK := YI3z8ZxOKhfLmTPC(CuSkl)
	fmt.Printf("\n")
	fmt.Printf("mvOxK %s\n", mvOxK)
	if mvOxK != nil {
		YJCya = mvOxK()
	}

	if YJCya != "" && vNvUO != "" {
		fmt.Printf("flag{%s%s}\n", vNvUO, YJCya)
	}
}
1
2
3
4
5
6
7
8
9
10
Input the first function, which has 6 parameters and the third named gLIhR: 
ZlXDJkH3OZN4Mayd
First scanf: ZlXDJkH3OZN4Mayd
Input the second function, which has 3 callers and invokes the function named cHZv5op8rOmlAkb6:
YsMgm9rKB7qiuQ1d
Second Scanf: YsMgm9rKB7qiuQ1d
vNvUO 3a4e76449355c414

mvOxK %!s(main.dIWKr=0x877d80)
flag{3a4e76449355c4148ce3da2b46019f75}

whereiscode