[Week 1] BabyBase
- IDA打开查看主函数发现没有线索
- 看见check_flag函数进去后发现一串编码
- MHhHYW1le04wd195MHVfa24wd19CNHNlNjRfRW5jMGQxbmdfdzNsbCF9
- 注意到(惊人的注意力)这是Base64编码,解密得到flag
- 0xGame{N0w_y0u_kn0w_B4se64_Enc0d1ng_w3ll!}
- 或者注意不到可以继续查看encode函数
- 能注意到他是Base64加密的脚本,从而得到flag
[Week 1] BinaryMaster
- IDA打开查看主函数发现flag
- 0xGame{114514cc-a3a7-4e36-8db1-5f224b776271}
[Week 1] SignSign
- IDA打开查看主函数得到后半段flag
- 视图查看字符串或者shift+F12
- 可以找到前半个字符串
- 0xGame{S1gn1n_h3r3_4nd_b3g1n_Reversing_n0w}
[Week 1] Xor-Beginning
- IDA查看原函数
- 分析函数了解到是输入v4
- 通过遍历与78-v7异或(XOR)
- 结果要与v5一直
- 编写脚本
v5 = [0]*30
v4 = [0]*30
for n,i in enumerate("~5\v*',3"):
v5[n] = ord(i)
v5[7] = 31 ;v5[8] = 118; v5[9] = 55 ;v5[10] = 27 ;v5[11] = 114 ;v5[12] = 49 ;v5[13] = 30 ;v5[14] = 54 ;v5[15] = 12
v5[16] = 76 ;v5[17] = 68; v5[18] = 99 ;v5[19] = 114 ;v5[20] = 87 ;v5[21] = 73 ;v5[22] = 8 ;v5[23] = 69 ;v5[24] = 66
v5[25] = 1 ;v5[26] = 90; v5[27] = 4 ;v5[28] = 19 ;v5[29] = 76
print(v5)
for i in range(30):
v4[i] = (78-i) ^ v5[i]
print(v4)
print(''.join(chr(i) for i in v4))
- 输出0xGame{X0r_1s_v3ry_Imp0rt4n7!}
[Week 1] Xor-Endian
- 分析main函数发现有encrypt函数用来加密
- 分析可知加密算法是对输入的每个字符用密钥循环去异或值
- 在main函数中与已给变量进行比较,最后输出right
- 所以可以根据异或的性质编写代码
v6 = "{\x1D>Q\x15\"\x1A\x0FV\nQV\0(]T\aKt\x05@QT\bT\x19rV\x1D\x04UvV\vTW\a\vUs\x01O\b\x05"
key = 'Key0xGame2024'
ans = ''
print(len(v6))
for i in range(len(v6)):
ans += chr(ord(v6[i]) ^ ord(key[i%13]))
print(ans)
- 输出0xGame{b38ad4c8-733d-4f8f-93d4-17f1e79a8d68}