Gogpt
看见是go语言,首先想到了golanghelper,但是这玩意不争气,一直报错,后来用了go_parser,真的香
符号恢复之后,查看函数可以看到最后一个是main函数,动调可以看见,有一个shuffle函数将main函数里面的cH@t_GpT_15_h3R3改成了TcR@3t_3hp_5_G1H
随后就是异或和base64
赛博厨子
ez_code
附件是一个powershell经过混淆之后的脚本文件,改成.ps1文件之后放到powershellDecoder里面日出一个假flag。看了大佬的博客后得知编码里面有两个
然后放进vdcode里面进行调试
随便调试一下出来一个变量,也就是[CHar]的这串字符加密代码,把这一段放到windows自带的powershell调试器ISE里面运行,就会得到加密代码
class chiper():
def __init__(self):
self.d = 0x87654321
k0 = 0x67452301
k1 = 0xefcdab89
k2 = 0x98badcfe
k3 = 0x10325476
self.k = [k0, k1, k2, k3]
def e(self, n, v):
from ctypes import c_uint32
def MX(z, y, total, key, p, e):
temp1 = (z.value >> 6 ^ y.value << 4) + \
(y.value >> 2 ^ z.value << 5)
temp2 = (total.value ^ y.value) + \
(key[(p & 3) ^ e.value] ^ z.value)
return c_uint32(temp1 ^ temp2)
key = self.k
delta = self.d
rounds = 6 + 52//n
total = c_uint32(0)
z = c_uint32(v[n-1])
e = c_uint32(0)
while rounds > 0:
total.value += delta
e.value = (total.value >> 2) & 3
for p in range(n-1):
y = c_uint32(v[p+1])
v[p] = c_uint32(v[p] + MX(z, y, total, key, p, e).value).value
z.value = v[p]
y = c_uint32(v[0])
v[n-1] = c_uint32(v[n-1] + MX(z, y, total,
key, n-1, e).value).value
z.value = v[n-1]
rounds -= 1
return v
def bytes2ints(self,cs:bytes)->list:
new_length=len(cs)+(8-len(cs)%8)%8
barray=cs.ljust(new_length,b'\x00')
i=0
v=[]
while i < new_length:
v0 = int.from_bytes(barray[i:i+4], 'little')
v1 = int.from_bytes(barray[i+4:i+8], 'little')
v.append(v0)
v.append(v1)
i += 8
return v
def check(instr:str,checklist:list)->int:
length=len(instr)
if length%8:
print("Incorrect format.")
exit(1)
c=chiper()
v = c.bytes2ints(instr.encode())
output=list(c.e(len(v),v))
i=0
while(i<len(checklist)):
if i<len(output) and output[i]==checklist[i]:
i+=1
else:
break
if i==len(checklist):
return 1
return 0
if __name__=="__main__":
ans=[1374278842, 2136006540, 4191056815, 3248881376]
# generateRes()
flag=input('Please input flag:')
res=check(flag,ans)
if res:
print("Congratulations, you've got the flag!")
print("Flag is *ctf{your_input}!")
exit(0)
else:
print('Nope,try again!')
是一个魔改XXTEA,大佬的解密脚本
#include <stdio.h>
#include <stdint.h>
#define DELTA 0x87654321
#define MX (((z>>6^y<<4) + (y>>2^z<<5)) ^ ((sum^y) + (key[(p&3)^e] ^ z)))
void btea(uint32_t* v, int n, uint32_t const key[4])
{
uint32_t y, z, sum;
unsigned p, rounds, e;
if (n > 1) /* Coding Part */
{
rounds = 6 + 52 / n;
sum = 0;
z = v[n - 1];
do
{
sum += DELTA;
e = (sum >> 2) & 3;
for (p = 0; p < n - 1; p++)
{
y = v[p + 1];
z = v[p] += MX;
}
y = v[0];
z = v[n - 1] += MX;
} while (--rounds);
}
else if (n < -1) /* Decoding Part */
{
n = -n;
rounds = 6 + 52 / n;
sum = rounds * DELTA;
y = v[0];
do
{
e = (sum >> 2) & 3;
for (p = n - 1; p > 0; p--)
{
z = v[p - 1];
y = v[p] -= MX;
}
z = v[n - 1];
y = v[0] -= MX;
sum -= DELTA;
} while (--rounds);
}
}
int main() {
uint32_t v[4] = {
(unsigned int)1374278842, (unsigned int)2136006540,
(unsigned int)4191056815,(unsigned int)3248881376, };
uint32_t const k[4] = {
(unsigned int)0x67452301, (unsigned int)0xefcdab89,
(unsigned int)0x98badcfe, (unsigned int)0x10325476 };
int n = 4;
btea(v, -n, k);
for (int i = 0; i < n; i++) {
for (int j = 0; j < sizeof(uint32_t) / sizeof(uint8_t); j++) {
printf("%c", (v[i] >> (j * 8)) & 0xFF);
}
}
}
得到flag
