week1

Hello_Reverse

明文存储:

1
flag{h3llo_r3vers1ng_w0rld}

Baby_Re

简单异或,有一点小坑,在libc_csu_init的时候调用了Function_name函数

exp

1
2
3
4
5
6
7
8
str = [0x66, 0x6D, 0x63, 0x64, 0x7F, 0x56, 54, 0x6A, 0x6D, 0x7D, 0x62, 58, 0x62, 0x6A, 0x51, 0x7D, 0x65, 0x7F, 0x4D, 0x71, 0x71, 0x73, 38, 0x65, 0x7D, 0x46, 0x77, 0x7A, 0x75, 0x73, 63]
n = len(str)
for i in range(n):
    str[i] = str[i] ^ i
print(n)
for i in range(n):
    print(chr(str[i]),end = '')
##flag{S0meth1ng_run_bef0re_main!}

Pyre

一道py打包成exe的逆向,先利用工具https://link.csdn.net/?target=https%3A%2F%2Fgithub.com%2Fextremecoders-re%2Fpyinstxtractor,解出字节码,然后利用字节码反编译,搞出py文件,随后就比较简单了

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
##flag{PYRE_1S_S0_FUN!!!}
flag = ''
encode = 'REla{PSF!!fg}!Y_SN_1_0U'
table = [
    7,
    8,
    1,
    2,
    4,
    5,
    13,
    16,
    20,
    21,
    0,
    3,
    22,
    19,
    6,
    12,
    11,
    18,
    9,
    10,
    15,
    14,
    17]

## 正确的flag 经过这个加密 成为encode
def dec(encode):
    tmp = list(encode)
    for i in range(len(encode)):
        tmp[table[i]] = encode[i]
    return tmp
tmp = str(dec(encode))
print(tmp)

EasyRe

dll里有个加密函数 base64+异或

1
2
3
4
5
6
7
8
9
10
str2 = [0x08, 0x08, 0x0E, 0x0D, 0x28, 0x40, 0x11, 0x11, 0x3C, 0x2E, 0x2B, 0x1E, 0x3D, 0x0F, 0x00, 0x03, 0x3B, 0x3D, 0x3C, 0x15, 0x28, 0x05, 0x50, 0x46, 0x3F, 0x2A, 0x39, 0x09, 0x31, 0x56, 0x24, 0x1C, 0x3F, 0x24, 0x50, 0x3C, 0x2C, 0x25, 0x23, 0x4B]
str1 = ['R','e','v','e','r','s','e']
print(len(str2))
for i in range(len(str2)):
    str2[i] ^= ord(str1[i%len(str1)])
tmp = ''
for i in range(len(str2)):
    tmp += chr(str2[i])
print(tmp)
##flag{Base64_1s_1nterestr1ng!!}

艾克体悟题

安卓逆向?我直接开摆