【re1】字符串对比:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| #include <stdio.h>
#include <string.h>
int main() {
char input[100];
printf("hello welcome to RE! \n");
printf("please input you flag:\n ");
scanf("%s", input);
if (strcmp(input, "QLNU{he11ow_re!}") == 0) {
printf("yes!\n");
} else {
printf("no\n");
}
return 0;
}
|
flag:QLNU{he11ow_re!}
【re2】ascll码表对比:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
| #include<stdio.h>
main()
{
int flag[100]={81,76,78,85,123,119,51,49,99,48,109,101,95,116,48,95,114,51,125};
int i,j=0;
char input[100];
printf("hellow!\n");
printf("welcome to ctf re\n");
printf("please in put your flag:\n");
scanf("%s",input);
for(i=0;i<19;i++)
{
j++;
if(input[i]!=flag[i])
break;
}
if(j==19)
printf("yes!you are right!");
else
printf("sorry !");
getchar();
}
|
【re3】爱变的1:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
void replaceOneWithI(char* str) {
int i;
for (i = 0; i < strlen(str); i++) {
if (str[i] == 'I')
str[i] = '1';
if (str[i] == 'e')
str[i] = '3';
if (str[i] == 'a')
str[i] = '@';
if (str[i] == 'l')
str[i] = '1';
}
}
int main() {
char input[99];
char flag[] = "QLNU{Am_I_the_flag?}";
replaceOneWithI(flag);
printf("请输入您的flag:");
scanf("%s", input);
if (!strcmp(input, flag)) {
printf("Yes! 您是正确的!");
} else {
printf("不对不对不对!");
}
return 0;
}
flag:QLNU{Am_1_th3_f1@g?}
|
base64加密:
【ez_base64】一般的加密脚本:(便于直接观察)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
| #include<stdio.h>
#include<string.h>
int main(){
char x[1000]="";
char y[1000]="",z[1000]="";
char base[]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
int i,sum=0,len=0,j;
printf("请输入字符串:");
gets(x);
len=strlen(x);
for(i=0;i<len;i++){
sum=sum+x[i];
}
for(i=0,j=0;j<len;i+=4,j+=3){
y[i]=base[x[j]>>2];
y[i+1]=base[(x[j]&0x3)<<4|(x[j+1]>>4)];
y[i+2]=base[(x[j+1]&0xf)<<2|(x[j+2]>>6)];
y[i+3]=base[(x[j+2]&0x3f)];
}
switch(len%3){
case 1:{
y[i-2]='=';
y[i-1]='=';
break;
}
case 2:{
y[i-1]='=';
break;
}
}
if(sum>1000){
printf("字符串的ASCII值为%d\n",sum);
printf("输入的字符串ASCII值大于1000\n");
printf("base64加密:");
puts(y);
}
else{
printf("输入的字符串ASCII值小于1000,将与base64编码表进行异或运算\n");
printf("异或运算后的结果为:");
for(i=0;i<len;i++){
z[i]=x[i]^base[i];
}
puts(z);
}
}
|
题目脚本:
上面的是一个输入输出的加密代码,下面补一个base64的题目脚本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
| #include<stdio.h>
#include<string.h>
int main()
{
char x[1000]="";
char y[1000]="",z[1000]="";
char flag[100]="UUxOVXtiQFMzNjRfaXNfdjNyeV8zQHN5IX0=";
char base[100]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
int i,sum=0,len=0,j,m;
printf("欢迎来到QLNU!!\n请输入您的flag吧!!:");
gets(x);
len=strlen(x);
for(i=0;i<len;i++){
sum=sum+x[i];
}
for(i=0,j=0;j<len;i+=4,j+=3){
y[i]=base[x[j]>>2];
y[i+1]=base[(x[j]&0x3)<<4|(x[j+1]>>4)];
y[i+2]=base[(x[j+1]&0xf)<<2|(x[j+2]>>6)];
y[i+3]=base[(x[j+2]&0x3f)];
}
switch(len%3){
case 1:{
y[i-2]='=';
y[i-1]='=';
break;
}
case 2:{
y[i-1]='=';
break;
}
}
if(sum>1000){
m=strcmp(y,flag);
}
else{
for(i=0;i<len;i++){
z[i]=x[i]^base[i];
}
m=strcmp(y,flag);
}
if(!m)
printf("yes!you are right!你很棒啊!!");
else
printf("no!不对哦,请再尝试一下吧!");
return 0;
}
|
密文:UUxOVXtiQFMzNjRfaXNfdjNyeV8zQHN5IX0=
flag:QLNU{b@S364_is_v3ry_3@sy!}
码表:ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
base64变表加密:
【ze_baes46】主动直接换码表:
把上面的那个脚本定义编码表的时候打乱顺序就好,这里放一个随便打的码表:
把第八行的代码换成下面的这一行代码即可,其他的可以根据自己的需求自己改改
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
| char base[100]="+/9876543210zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA";
#include<stdio.h>
#include<string.h>
int main()
{
char x[1000]="";
char y[1000]="",z[1000]="";
char flag[100]="rrOxqoSIkKCVloqgjJeWoJKeoJ2WnpCgkKmQ3oL=";
char base[100]="+/9876543210zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA";
int i,sum=0,len=0,j,m;
printf("QLNU欢迎您,来试试这个base64换表吧!!\n请输入您的flag吧!!:");
gets(x);
len=strlen(x);
for(i=0;i<len;i++){
sum=sum+x[i];
}
for(i=0,j=0;j<len;i+=4,j+=3){
y[i]=base[x[j]>>2];
y[i+1]=base[(x[j]&0x3)<<4|(x[j+1]>>4)];
y[i+2]=base[(x[j+1]&0xf)<<2|(x[j+2]>>6)];
y[i+3]=base[(x[j+2]&0x3f)];
}
switch(len%3){
case 1:{
y[i-2]='=';
y[i-1]='=';
break;
}
case 2:{
y[i-1]='=';
break;
}
}
if(sum>1000){
m=strcmp(y,flag);
}
else{
for(i=0;i<len;i++){
z[i]=x[i]^base[i];
}
m=strcmp(y,flag);
}
if(!m)
printf("猜对了,你好厉害!!");
else
printf("你还是继续去找码表吧!!");
return 0;
}
|
密文:rrOxqoSIkKCVloqgjJeWoJKeoJ2WnpCgkKmQ3oL=
flag:QLNU{wo_jiu_shi_ma_biao_oVo!}
码表:+/9876543210zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA
【babybase64】自加密修改码表:
还有的base64就是在函数本身对base64的码表进行一些修改和计算·
比如新建一个新的new_base[]的码表,然后对新的码表进行赋值,比如new_base[0]=base[52];就是把原来码表的第52个元素,也就是‘0’赋值给了新码表的第一个元素,就这样实现了乱序的码表,还在程序中进行修改,这样看不到修改后的码表,需要动调或者自行跑脚本求码表
贴一个实现这个功能的python脚本,用来实现以上功能:
1
2
3
4
5
6
| aaaa = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
bbbb = "0+AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz192837465/"
for i in range(len(bbbb)):
num=aaaa.index(bbbb[i])
print('new_base['+str(i)+']=base[',end='')
print(str(num)+'];')
|
其中aaaa是原来的码表,bbbb是修改之后的,输出如下:
下面是c语言的形式,可以直接加在base64的加密代码中
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
| new_base[0]=base[52];
new_base[1]=base[62];
new_base[2]=base[0];
new_base[3]=base[26];
new_base[4]=base[1];
new_base[5]=base[27];
new_base[6]=base[2];
new_base[7]=base[28];
new_base[8]=base[3];
new_base[9]=base[29];
new_base[10]=base[4];
new_base[11]=base[30];
new_base[12]=base[5];
new_base[13]=base[31];
new_base[14]=base[6];
new_base[15]=base[32];
new_base[16]=base[7];
new_base[17]=base[33];
new_base[18]=base[8];
new_base[19]=base[34];
new_base[20]=base[9];
new_base[21]=base[35];
new_base[22]=base[10];
new_base[23]=base[36];
new_base[24]=base[11];
new_base[25]=base[37];
new_base[26]=base[12];
new_base[27]=base[38];
new_base[28]=base[13];
new_base[29]=base[39];
new_base[30]=base[14];
new_base[31]=base[40];
new_base[32]=base[15];
new_base[33]=base[41];
new_base[34]=base[16];
new_base[35]=base[42];
new_base[36]=base[17];
new_base[37]=base[43];
new_base[38]=base[18];
new_base[39]=base[44];
new_base[40]=base[19];
new_base[41]=base[45];
new_base[42]=base[20];
new_base[43]=base[46];
new_base[44]=base[21];
new_base[45]=base[47];
new_base[46]=base[22];
new_base[47]=base[48];
new_base[48]=base[23];
new_base[49]=base[49];
new_base[50]=base[24];
new_base[51]=base[50];
new_base[52]=base[25];
new_base[53]=base[51];
new_base[54]=base[53];
new_base[55]=base[61];
new_base[56]=base[54];
new_base[57]=base[60];
new_base[58]=base[55];
new_base[59]=base[59];
new_base[60]=base[56];
new_base[61]=base[58];
new_base[62]=base[57];
new_base[63]=base[63];
|
一个完整的题目脚本:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
| #include<stdio.h>
#include<string.h>
int main()
{
char x[1000]="";
char y[1000]="",z[1000]="";
char flag[100]="JJxGjkvALRdALSbpJ9frfqhohJjblKjrHkt8DIBpoH==";
char base[100]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
int i,sum=0,len=0,j,m;
char new_base[100];
new_base[0]=base[52];
new_base[1]=base[62];
new_base[2]=base[0];
new_base[3]=base[26];
new_base[4]=base[1];
new_base[5]=base[27];
new_base[6]=base[2];
new_base[7]=base[28];
new_base[8]=base[3];
new_base[9]=base[29];
new_base[10]=base[4];
new_base[11]=base[30];
new_base[12]=base[5];
new_base[13]=base[31];
new_base[14]=base[6];
new_base[15]=base[32];
new_base[16]=base[7];
new_base[17]=base[33];
new_base[18]=base[8];
new_base[19]=base[34];
new_base[20]=base[9];
new_base[21]=base[35];
new_base[22]=base[10];
new_base[23]=base[36];
new_base[24]=base[11];
new_base[25]=base[37];
new_base[26]=base[12];
new_base[27]=base[38];
new_base[28]=base[13];
new_base[29]=base[39];
new_base[30]=base[14];
new_base[31]=base[40];
new_base[32]=base[15];
new_base[33]=base[41];
new_base[34]=base[16];
new_base[35]=base[42];
new_base[36]=base[17];
new_base[37]=base[43];
new_base[38]=base[18];
new_base[39]=base[44];
new_base[40]=base[19];
new_base[41]=base[45];
new_base[42]=base[20];
new_base[43]=base[46];
new_base[44]=base[21];
new_base[45]=base[47];
new_base[46]=base[22];
new_base[47]=base[48];
new_base[48]=base[23];
new_base[49]=base[49];
new_base[50]=base[24];
new_base[51]=base[50];
new_base[52]=base[25];
new_base[53]=base[51];
new_base[54]=base[53];
new_base[55]=base[61];
new_base[56]=base[54];
new_base[57]=base[60];
new_base[58]=base[55];
new_base[59]=base[59];
new_base[60]=base[56];
new_base[61]=base[58];
new_base[62]=base[57];
new_base[63]=base[63];
printf("已经学到了base64比较难的部分了!尝试去读一下代码吧!\n请输入您的flag吧!!:");
gets(x);
len=strlen(x);
for(i=0;i<len;i++){
sum=sum+x[i];
}
for(i=0,j=0;j<len;i+=4,j+=3){
y[i]=new_base[x[j]>>2];
y[i+1]=new_base[(x[j]&0x3)<<4|(x[j+1]>>4)];
y[i+2]=new_base[(x[j+1]&0xf)<<2|(x[j+2]>>6)];
y[i+3]=new_base[(x[j+2]&0x3f)];
}
switch(len%3){
case 1:{
y[i-2]='=';
y[i-1]='=';
break;
}
case 2:{
y[i-1]='=';
break;
}
}
if(sum>1000){
m=strcmp(y,flag);
}
else{
for(i=0;i<len;i++){
z[i]=x[i]^new_base[i];
}
m=strcmp(y,flag);
}
if(!m)
printf("恭喜你答对啦!!!!!");
else
printf("no!不对哦,请再尝试一下吧!");
return 0;
}
|
另外,这里给了另一个版本(不直观版本):
【babybase64】自加密修改码表pro版本:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
| #include<stdio.h>
#include<string.h>
void generateNewBase(char new_base[]) {
char base[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
int index[] = {52, 62, 0, 26, 1, 27, 2, 28, 3, 29, 4, 30, 5, 31, 6, 32, 7, 33, 8, 34, 9, 35, 10, 36, 11, 37,
12, 38, 13, 39, 14, 40, 15, 41, 16, 42, 17, 43, 18, 44, 19, 45, 20, 46, 21, 47, 22, 48, 23, 49,
24, 50, 25, 51, 53, 61, 54, 60, 55, 59, 56, 58, 57, 63};
for (int i = 0; i < 64; i++) {
new_base[i] = base[index[i]];
}
}
int main()
{
char x[1000]="";
char y[1000]="",z[1000]="";
char flag[100]="JJxGjkvALRdALSbpJ9frfqhohJjblKjrHkt8DIBpoH==";
char base[100]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
int i,sum=0,len=0,j,m;
char new_base[100];
generateNewBase(new_base);
printf("已经学到了base64比较难的部分了!尝试去读一下代码吧!\n请输入您的flag吧!!:"); 输入字符串
gets(x);
len=strlen(x);
for(i=0;i<len;i++){
sum=sum+x[i];
}
for(i=0,j=0;j<len;i+=4,j+=3){
y[i]=new_base[x[j]>>2];
y[i+1]=new_base[(x[j]&0x3)<<4|(x[j+1]>>4)];
y[i+2]=new_base[(x[j+1]&0xf)<<2|(x[j+2]>>6)];
y[i+3]=new_base[(x[j+2]&0x3f)];
}
switch(len%3){
case 1:{
y[i-2]='=';
y[i-1]='=';
break;
}
case 2:{
y[i-1]='=';
break;
}
}
if(sum>1000){
m=strcmp(y,flag);
}
else{
for(i=0;i<len;i++){
z[i]=x[i]^new_base[i];
}
m=strcmp(y,flag);
}
if(!m)
printf("恭喜你答对啦!!!!!");
else
printf("不对哦,请再尝试一下吧!");
return 0;
}
|
原加密脚本中的base[]换成新定义的new_base[]就可以了
密文:JJxGjkvALRdALSbpJ9frfqhohJjblKjrHkt8DIBpoH==
flag:QLNU{BbBBbaaSse64_EEEeeeAzy!!!}
码表:0+AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz192837465/
【ez_xor】异或xor单个字符
疑惑一个数字
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| #include<stdio.h>
main()
{
int i,j;
char flag[100]="WJHS}^itY~iTY~6tY^6TY~itY^iTY~It{";
char input[100];
printf("hellow!您已经开始接触最简单的加密算法异或辣!要加油喔!\n");
printf("请输入您的flag:\n");
scanf("%s",input);
for(i=0;i<strlen(input);i++)
input[i]=6^input[i];
j=strcmp(input,flag);
if(!j)
printf("很好,您已经成功掌握了xor!");
else
printf("还是再练练吧!");
printf("%s",input);
}
|
密文:WJHS}^itYiTY6tY^6TYitY^iTYIt{
flag:QLNU{Xor_xoR_x0r_X0R_xor_XoR_xOr}
【ezezezez_xor】异或xor遍历数组异或
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| #include<stdio.h>
#include<string.h>
main()
{
int i,j;
char flag[100]="XDISrp7tQ8U~FzXozWsg`WlsVdf{";
char input[100];
int key[4]={9,8,7,6} ;
printf("hellow!这里是第二种异或算法,看看是怎么异或的吧!\n");
printf("请输入您的flag:\n");
scanf("%s",input);
for(i=0;i<strlen(input);i++)
input[i]=key[i%4]^input[i];
j=strcmp(input,flag);
if(!j)
printf("很好,您已经成功学会了循环xor!");
else
printf("还是再练练吧!\n");
}
|
密文:XDISrp7tQ8U~FzXozWsg`WlsVdf{
flag:QLNU{x0rX0RxOr_is_tai_ku_la}
我tm挂挂挂【xor】
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
char* sub10086(const int* key) {
static char secret1[100] = “YKH]|_}iWaX_mTna”;
char* output = (char*)malloc(strlen(secret1) + 1); // Dynamically allocate memory
int i;
for (i = 0; i < strlen(secret1); i++) {
output[i] = key[i % 3] ^ secret1[i];
}
output[i] = ‘\0’; // Add string termination character
return output;
}
char* sub10087() {
char flag[] = “,W=%%6W]:B0+73#GO}”;
int i;
for(i=0;i<18;i++)
if(flag[i]>=60&&flag[i]<=100)
flag[i]-=60; int length = strlen(flag);
char* encrypted_flag = (char*)malloc(length + 1); // 分配足够的内存
strcpy(encrypted_flag, flag); // 将 flag 复制到 encrypted_flag
for (int i = length - 2; i >= 0; i–) {
encrypted_flag[i] = encrypted_flag[i] ^ encrypted_flag[i+1];
}
return encrypted_flag;
}
int main() {
int i, j;
int num, mum;
char msy;
// Set seed for random number generation
srand(time(NULL));
int money = 20;
while (money > 0) {
printf(“\n目前余额:%d\n”, money);
printf(“欢迎来到QLNU刮刮乐,来试试你的运气吧!\n”);
printf(“\n请按回车键继续……..\n”);
printf(“来选择您要购买的刮刮乐彩票套餐数:\n”);
____________ printf(“套餐1 1次抽奖机会 ¥1 1\n\n”);____________
____________ printf(“套餐2 2次抽奖机会 ¥2 2\n\n”);____________
____________ printf(“套餐3 5次抽奖机会 ¥5 3\n\n”);____________
____________ printf(“套餐4 10次抽奖机会 ¥10 4\n\n”);____________
____________ printf(“________________________________________________________________________________________________________________________\n”);
int k;
int cs;
printf(“您的选择是套餐”);
scanf(“%d”, &k);
system(“cls”);
switch (k) {
case 1:
cs = 1;
break;
case 2:
cs = 2;
break;
case 3:
cs = 5;
break;
case 4:
cs = 10;
break;
default:
printf(“no!,please input 1~5 shuzi!\n”);
continue;
}
if (money < cs) {
printf(“\nyour money is bugoule\n”);
continue;
}
for (i = 0; i < cs; i++) {
scanf(“%c”, &msy);
num = rand() % 1000; // Generate a random number between 0 and 999
if (num == 678)
{
printf(“\n\n\n\n\nyes!ni zhong jiang le!here is your FLAG:\n\n\n”);
int arr[3];
for (i = 0; i < 3; i++) {
arr[i] = num % 10;
num /= 10;
}
char* flgg = sub10087();
char* flag = sub10086(arr);
printf(“%s%s\n”, flag,flgg);
xxxxxxxxxx import base64secret = “GQW]r\TpmCQK?5WNH[nTnLnHROqPif}?Rgn3CSPhg`T7ZG?ROn3CS1PSO”enc = []for i in range(0, len(secret), 4): for j in range(3, -1, -1): enc.append(secret[i+j])key = [2, 4, 6, 8]data = [ord(char) for char in enc]flag = []for i in range(len(data)): data[i] = data[i] ^ key[i % 4] flag.append(chr(data[i]))decoded_flag = base64.b64decode(“”.join(flag)).decode()print(decoded_flag)C
break;
} else {
printf(“\n您的第%d次抽奖结果为:%d\n谢谢参与\n”, i + 1, num);
if (i == cs - 1)
printf(“\n\n\n\n\n\n no!很可惜你没中奖!\n”);
}
}
money -= cs;
}
printf(“\nyou don not have money,qv zheng qian ba!\n”);
return 0;
}
【ez_upx】Upx 壳
源码没什么参考意义,upx 【文件】即可加壳
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
| #include<stdio.h>
#include<string.h>
main()
{
int n=1,m=1,i;
int fack_flag[46]={81,76,78,85,123,119,111,119,95,121,111,117,95,99,97,110,95,107,105,108,108,95,116,104,101,95,117,112,120,95,105,115,95,118,101,114,121,95,99,111,111,108,33,33,33,125};
int flag[46]={81,76,78,85,123,87,48,87,33,95,121,48,117,95,99,64,110,95,75,105,49,49,95,84,104,101,95,117,112,88,95,49,115,95,118,51,114,121,95,99,111,111,108,33,33,125};
char key[100]="upx -d",input[46];
char jingxi[100]={99,104,97,110,103,121,101,100,101,119,101,105,120,105,110,104,97,111,65306,83,49,57,54,55,49,49,50,53};
char iinput[46];
printf("hellow!这里是最简单的upx壳,请务必收集关于upx壳的秘密并且使用一段神奇的口令获得flag\n");
printf("请输入您查到的指令:");
gets(input);
for(i=0;i<6;i++)
if(key[i]!=input[i])
n=0;
if(n)
{
for(i=0;i<46;i++)
printf("%c",flag[i]);
printf("\nokay!你已经学会了最最最最基本的脱壳指令了,不过还是建议去尝试一下,里面有我的惊喜哦!");
}
else
{
for(i=0;i<46;i++)
printf("%c",fack_flag[i]);
printf("\nnonono,flag好像有点问题耶");
}
}
|
flag:QLNU{W0W!_y0u_c@n_Ki11_The_upX_1s_v3ry_cool!!}
rc4加密与解密代码:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
| 下面是加了注释的代码:
```c
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
typedef unsigned long ULONG;
void init(unsigned char *s, unsigned char *key, unsigned long Len)
{
int i =0, j = 0;
char k[256] = {0};
unsigned char tmp = 0;
for (i=0;i<256;i++) {
s[i] = i;
k[i] = key[i%Len];
}
for (i=0; i<256; i++) {
j=(j+s[i]+k[i])%256;
tmp = s[i];
s[i] = s[j];
s[j] = tmp;
}
}
void crypt(unsigned char *s, unsigned char *Data, unsigned long Len)
{
int i = 0, j = 0, t = 0;
unsigned long k = 0;
unsigned char tmp;
for(k=0;k<Len;k++) {
i=(i+1)%256;
j=(j+s[i])%256;
tmp = s[i];
s[i] = s[j];
s[j] = tmp;
t=(s[i]+s[j])%256;
Data[k] ^= s[t];
}
}
int main()
{
char i;
int a = 0;
unsigned char s[256] = {0};
char key[256] = {"12345678"};
char pData[512] = {-17,-64,87,-117,125,-39,-18,-46,-59,114,100,-85,-7,8,105,-63,45,-22,-12,36,-84,27};
char input[512] = {};
ULONG len = strlen(pData);
printf("please input your flag:\n");
while((i = getchar())!='\n')
{
input[a] = i;
a++;
}
init(s,(unsigned char *)key,strlen(key));
crypt(s,(unsigned char *)pData,len);
if(!strcmp(input,pData))
printf("Good!");
else
printf("ERROR!");
return 0;
}
```
这段代码实现了一个简单的加密和解密过程。主要包括以下几个函数和变量:
1. `init` 函数用于初始化 S-box,根据提供的密钥 `key` 和密钥长度 `Len` 进行初始化
2. `crypt` 函数用于加密和解密数据。根据提供的 S-box `s` 和数据 `Data`,以及数据长度 `Len` 进行加密和解密操作
3. `main` 函数是程序的入口。在函数中定义了 S-box `s`、密钥 `key`、待加密的数据 `pData` 和用户输入的数据 `input`。然后通过调用 `init` 函数完成 S-box 的初始化,再调用 `crypt` 函数对
|
【eazy_keypatch】rc4算法:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
| #include <stdio.h>
#include <string.h>
#include <stdlib.h>
typedef unsigned long ULONG;
void init(unsigned char *s, unsigned char *key, unsigned long Len)
{
int i =0, j = 0;
char k[256] = {0};
unsigned char tmp = 0;
for (i=0;i<256;i++) {
s[i] = i;
k[i] = key[i%Len];
}
for (i=0; i<256; i++) {
j=(j+s[i]+k[i])%256;
tmp = s[i];
s[i] = s[j];
s[j] = tmp;
}
}
void crypt(unsigned char *s, unsigned char *Data, unsigned long Len)
{
int i = 0, j = 0, t = 0;
unsigned long k = 0;
unsigned char tmp;
for(k=0;k<Len;k++) {
i=(i+1)%256;
j=(j+s[i])%256;
tmp = s[i];
s[i] = s[j];
s[j] = tmp;
t=(s[i]+s[j])%256;
Data[k] ^= s[t];
}
}
int main()
{
char i;
int a = 0;
int b,c;
unsigned char s[256] = {0};
char key[256] = {"qlnuctf"};
char pData[512] = {84,34,-95,-40,104,-11,-112,3,20,-105,-51,-89,-27,-98,-74,-70,50,124,104,-81,89,-88,23,-30,86,26,-113};
char input[512] = {};
ULONG len = strlen(pData);
printf("请输入两个0~9的数字,尝试让这两个数的和等于20:\n");
scanf("%d %d",&b,&c);
init(s,(unsigned char *)key,strlen(key));
crypt(s,(unsigned char *)pData,len);
if(b>=0&&b<=9&&c>=0&&c<=9)
{
if(b+c==20)
printf("yes!you are right!\nthe flag is:%s",pData);
else
printf("no try again!");
}
else printf("输入错误,请正确输入!");
}
|
密文:84,34,-95,-40,104,-11,-112,3,20,-105,-51,-89,-27,-98,-74,-70,50,124,104,-81,89,-88,23,-30,86,26,-113
秘钥:qlnuctf
flag:QLNU{ha1_y0u_y1_Ge_j1e_f@!}
python解题脚本:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
def rc4_decrypt(ciphertext, key):
S = list(range(256))
j = 0
out = []
for i in range(256):
j = (j + S[i] + key[i % len(key)]) % 256
S[i], S[j] = S[j], S[i]
i = j = 0
for char in ciphertext:
i = (i + 1) % 256
j = (j + S[i]) % 256
S[i], S[j] = S[j], S[i]
k = S[(S[i] + S[j]) % 256]
out.append(char ^ k)
return bytes(out).decode('utf-8')
ciphertext = [0x54, 0x22, 0xA1, 0xD8, 0x68, 0xF5, 0x90, 0x03, 0x14, 0x97,
0xCD, 0xA7, 0xE5, 0x9E, 0xB6, 0xBA, 0x32, 0x7C, 0x68, 0xAF,
0x59, 0xA8, 0x17, 0xE2, 0x56, 0x1A, 0x8F]
key = b'qlnuctf'
plaintext = rc4_decrypt(ciphertext, key)
print(plaintext)
|
【ez_maze】迷宫基础题
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
| #include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include <conio.h>
#define ROWS 10
#define COLS 17
void convertToCharArray(const char* str, char a[][COLS]) {
int k = 0;
for (int i = 0; i < ROWS; i++) {
for (int j = 0; j < COLS-1; j++) {
a[i][j] = str[k++];
}
a[i][COLS-1] = '\0';
}
}
void playMazeGame() {
printf("使用adsw控制上下左右移动,入口在左上角,出口在右下角\n\n\n");
printf("您可以直接输入全部路径验证或者一个一个来,直到提示成功则走出迷宫!~\n\n\n");
char str[] = "1111111111111111100100010000001111011101011010111100010001001011111101110110001111000001000011111111101101100111110000000001001111000000001010011111111111111111";
char a[ROWS][COLS];
convertToCharArray(str, a);
int i, x = 1, y = 1;
char ch;
int count = 0;
while (x != 1 || y != 9) {
ch = _getch();
count++;
if (ch == 's') {
if (a[x + 1][y] != '1') {
a[x][y] = '0';
x++;
a[x][y] = '#';
}
}
if (ch == 'w') {
if (a[x - 1][y] != '1') {
a[x][y] = '0';
x--;
a[x][y] = '#';
}
}
if (ch == 'a') {
if (a[x][y - 1] != '1') {
a[x][y] = '0';
y--;
a[x][y] = '#';
}
}
if (ch == 'd') {
if (a[x][y + 1] != '1') {
a[x][y] = '0';
y++;
a[x][y] = '#';
}
}
system("cls");
if (x == 8 && y == 14) {
printf("\n\n\n成功过关\n\n\n");
if (count == 24)
printf("恭喜你找到了最短路径\n\n你一共走了%d步\n\n\nflag:QLNU{最短路径经过base64加密之后然后大小写互换之后的数值!}\n\n\n ", count);
else
printf("nonononnonononono\n你一共走了%d步\n\n但还不是最少路径步数哟!\n\n\n", count);
}
}
}
int main() {
printf(" 欢迎来到QLNUCTF 请走出迷宫获得flag! \n\n");
printf("______________________________________________________________________________________________________________________\n");
printf(" 开始游戏 1\n\n");
printf(" 游戏音乐 2\n\n");
printf(" 游戏设置 3\n\n");
printf(" 关闭游戏 4\n\n");
int k;
scanf("%d", &k);
system("cls");
switch (k) {
case 1:
playMazeGame();
break;
case 2:
printf(" 听不了一点,但是有提示!\n\n\n");
break;
case 3:
printf("这题挺难打哟,但是你都点到这里了,那我就偷偷告诉你,迷宫地图有10行哟!有几列自己猜喽\n\n\n");
break;
case 4:
printf("游戏结束,但是结束不一点,加把劲就出了!\n1是硬邦邦的墙壁,0是软弱弱的路,说的是什么?你懂滴!\n\n");
break;
default:
printf("无效的选择\n\n");
break;
}
system("pause");
return 0;
}
|
