BUUCTF-writeup


Reverse

RSA

使用openssl模塊 rsa -pubin -text -modulus -in pub.key得到n值,在 factordb.com上分解大素數得到p,q值,腳本生成private.pem。

# coding=utf-8
import math
import sys
from Crypto.PublicKey import RSA
keypair = RSA.generate(1024)
keypair.p = 2859604688904516379356294403726392834xx
keypair.q = 3040087416046019244943281559752724184xx
keypair.e = 65537
keypair.n = keypair.p
Qn = long((keypair.p - 1) * (keypair.q - 1))
i = 1
while (True):
    x = (Qn * i) + 1
    if (x % keypair.e == 0):
        keypair.d = x / keypair.e
        break
    i += 1
private = open('private.pem', 'w')
private.write(keypair.exportKey())
private.close()

再使用openssl模塊 rsautl -decrypt -in flag.enc -inkey private.pem得到flag。

 

Youngter-drive

多線程題目,首先有upx加殼,脫殼后發現堆棧不平衡,調整平衡后發現主要有兩個線程函數,StartAddress函數和sub_41119F函數

CreateThread(0, 0, (LPTHREAD_START_ROUTINE)StartAddress, 0, 0, 0);
hObject = (HANDLE)sub_41116D();
CreateThread(0, 0, sub_41119F, 0, 0, 0);

StartAddress函數主要是對輸入逐位加密,將字符串進行了替換,當字符是大寫字母時,替換為off_418000處-38,小寫則替換后-96

    if ( dword_418008 > -1 )
    {
      sub_41112C(&Source, dword_418008);
      --dword_418008;
      Sleep(0x64u);
      sub_41116D();
    }

sub_41119F函數是使StartAddress函數的dword_418008再減一位

  while ( 1 )
  {
    WaitForSingleObject(hObject, 0xFFFFFFFF);
    sub_41116D();
    if ( dword_418008 > -1 )
    {
      Sleep(0x64u);
      sub_41116D();
      --dword_418008;
    }
    ReleaseMutex(hObject);
    sub_41116D();
  }

這就導致了源程序的間隔加密,奇數位加密,偶數位不變,腳本解密得到flag

off_418000 = "QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklzxcvbnm"

off_418004 = "TOiZiZtOrYaToUwPnToBsOaOapsyS"

flag=''

for i in range(len(off_418004)):
    if i %2 == 0:
        flag += off_418004[i]
        continue
    for j,k in enumerate(off_418000):
        if off_418004[i] == k:
            if chr(j+38).isupper():
                flag += chr(j+38)
            else:
                flag += chr(j+96)

print flag

 

相冊

使用apktool box反編譯apk,使用ida加載里面的.so文件搜索字符串,其中幾串base64值分別是郵箱用戶名密碼,郵箱即為flag。

 

CrackMe

首先依據你的用戶名創建一個xor表,然后用這個表和密碼經過異或計算,得到一個長度為8的checksum(unsigned char checksum[8]),最后檢查checksum是否滿足一些條件。滿足則通過注冊,不滿足不通過。checksum進入check2進行驗證,最終得到check_num == 43924則成功。

分析check2:

_DWORD *__usercall check2@<eax>(int a1@<ebx>, _BYTE *key, _DWORD *a3)
{
  int v3; // ST28_4
  int v4; // ecx
  int v6; // edx
  int v8; // ST20_4
  int v9; // eax
  int v10; // edi
  int v11; // ST1C_4
  int v12; // edx
  char v13; // di
  int v14; // ST18_4
  int v15; // eax
  int v16; // ST14_4
  int v17; // edx
  char v18; // al
  int v19; // ST10_4
  int v20; // ecx
  int v23; // ST0C_4
  int v24; // eax
  _DWORD *result; // eax
  int v26; // edx

  if ( *key == 100 )
  {
    *a3 |= 4u;
    v4 = *a3;
  }
  else
  {
    *a3 ^= 3u;
  }
  v3 = *a3;
  if ( key[1] == 98 )
  {
    _EAX = a3;
    *a3 |= 0x14u;
    v6 = *a3;
  }
  else
  {
    *a3 &= 0x61u;
    _EAX = (_DWORD *)*a3;
  }
  __asm { aam }
  if ( key[2] == 97 )
  {
    *a3 |= 0x84u;
    v9 = *a3;
  }
  else
  {
    *a3 &= 0xAu;
  }
  v8 = *a3;
  v10 = ~(a1 >> -91);
  if ( key[3] == 112 )
  {
    *a3 |= 0x114u;
    v12 = *a3;
  }
  else
  {
    *a3 >>= 7;
  }
  v11 = *a3;
  v13 = v10 - 1;
  if ( key[4] == 112 )
  {
    *a3 |= 0x380u;
    v15 = *a3;
  }
  else
  {
    *a3 *= 2;
  }
  v14 = *a3;
  if ( *(_DWORD *)(*(_DWORD *)(__readfsdword(0x30u) + 24) + 12) != 2 )
  {
    if ( key[5] == 102 )
    {
      *a3 |= 0x2DCu;
      v17 = *a3;
    }
    else
    {
      *a3 |= 0x21u;
    }
    v16 = *a3;
  }
  if ( key[5] == 115 )
  {
    *a3 |= 0xA04u;
    v18 = (char)a3;
    v20 = *a3;
  }
  else
  {
    v18 = (char)a3;
    *a3 ^= 0x1ADu;
  }
  v19 = *a3;
  _AL = v18 - v13;
  __asm { daa }
  if ( key[6] == 101 )
  {
    *a3 |= 0x2310u;
    v24 = *a3;
  }
  else
  {
    *a3 |= 0x4Au;
  }
  v23 = *a3;
  if ( key[7] == 99 )
  {
    result = a3;
    *a3 |= 0x8A10u;
    v26 = *a3;
  }
  else
  {
    *a3 &= 0x3A3u;
    result = (_DWORD *)*a3;
  }
  return result;
}

發現滿足條件的key值只有[100, 98, 97, 112, 112, 115, 101, 99],即"dbappsec"

xor函數是將key和user每位對應異或。在013b1b3e處下斷點動態調試扣出和密碼異或計算的值

需要主要的是,動態調試和執行得到的異或值是不一樣的,需要把類似反調試的代碼nop掉,

    if ( *(_DWORD *)(__readfsdword(48) + 104) & 0x70 )
      v13 = v11 + v12;
    *(&v17 + v6) = byte_13C6050[(unsigned __int8)(v8 + v13)] ^ *(&v15 + v5);
    if ( *(_DWORD *)(__readfsdword(48) + 2) & 0xFF )
    {
      v11 = -83;
      v12 = 43;
    }

 然后得到box是[0x2a,0xd7,0x92,0xe9,0x53,0xe2,0xc4,xx],寫腳本得到flag。

a=[0x2a,0xd7,0x92,0xe9,0x53,0xe2,0xc4,xx]
b=[0x64,0x62,0x61,0x70,0x70,0x73,0x65,0x63] #dbappsec
for i in range(8):
    print hex(a[i]^b[i])

 

equation

jsfuck代碼,發現代碼中存在很多l,懷疑l后面是混淆的下標整數,腳本處理,得到多元線性方程組

<script>
function deEquation(str) {
  for (let i = 0; i <= 1; i++) { str = str.replace(/l\[(\D*?)](\+l|-l|==)/g, (m, a, b) => 'l[' + eval(a) + ']' + b); } str = str.replace(/==(\D*?)&&/g, (m, a) => '==' + eval(a) + '&&'); return str; } s="jsfuck"; ss=deEquation(s); document.write(ss); </script>

整理成numpy解方程格式,求出flag數組

 
        
from scipy.integrate import odeint
import numpy as np
import matplotlib.pyplot as plt
from scipy.optimize import root,fsolve
def f3(l):
    return np.array([l[40]+l[35]+l[34]-l[0]-l[15]-l[37]+l[7]+l[6]-l[26]+l[20]+l[19]+l[8]-l[17]-l[14]-l[38]+l[1]-l[9]+l[22]+l[41]+l[3]-l[29]-l[36]-l[25]+l[5]+l[32]-l[16]+l[12]-l[24]+l[30]+l[39]+l[10]+l[2]+l[27]+l[28]+l[21]+l[33]-l[18]+l[4]-861,
    ……,
    ……,
    ……]
)
sol3_root = root(f3,[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0])
sol3_fsolve = fsolve(f3,[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0])
print sol3_fsolve
 
        

數組轉化即為flag。

 

firmware

固件分析,首先在ubuntu中安裝工具firmware-mod-kit

1 #安裝依賴
2 sudo apt-get install git build-essential zlib1g-dev liblzma-dev python-magic
3 #安裝firmware-mod-kit
4 git clone https://github.com/mirror/firmware-mod-kit.git
5 cd firmware-mod-kit/src
6 ./configure
7 make

使用binwalk提取出固件內容:

1 binwalk -e "firmware.bin"

使用firmware-mod-kit解包固件提取內核和文件系統:

1 cd firmware-mod-kit
2 ./unsquashfs_all.sh '/home/vicen/Desktop/_firmware.bin.extracted/120200.squashfs'
3 cd squashfs-root/tmp/
4 ls

發現tmp目錄下有后門文件backdoor

存在upx3.94加殼,脫殼后載入ida,查看字符串發現遠程服務器網址,對網址交叉引用查看代碼段發現端口值,將md5值提交flag。

 

Crypto

達芬奇密碼

斐波拉契數列亂序,求出密文對應的正確映射次序即為flag。

a=[0,233,3,2584,1346269,144,5,196418,21,1597,610,377,10946,89,514229,987,8,55,6765,2178309,121393,317811,46368,4181,1,832040,2,28657,75025,34,13,17711]
b=[0,1,2,3,5,8,13,21,34,55,89,144,233,377,610,987,1597,2584,4181,6765,10946,17711,28657,46368,75025,121393,196418,317811,514229,832040,1346269,2178309]
c=[0 for i in range(len(a))]
for i in range(len(a)):
    for j in range(len(a)):
        if a[i]==b[j]:
            c[j]=i
s="36968853882116725547342176952286"
d=''
for i in range(len(s)):
    d+=s[c[i]]
print d

 

救世捷徑

有向圖最短路問題,根據各向量的權值,使用Dijkstra算法求出最短路徑,然后對照字符串得到flag。

import networkx as nx
def Dijkstra(G, start, end):
    RG = G.reverse();
    dist = {};
    previous = {}
    for v in RG.nodes():
        dist[v] = float('inf')
        previous[v] = 'none'
    dist[end] = 0
    u = end
    while u != start:
        u = min(dist, key=dist.get)
        distu = dist[u]
        del dist[u]
        for u, v in RG.edges(u):
            if v in dist:
                alt = distu + RG[u][v]['weight']
                if alt < dist[v]:
                    dist[v] = alt
                    previous[v] = u
    path = (start,)
    last = start
    while last != end:
        nxt = previous[last]
        path += (nxt,)
        last = nxt
    return path

G = nx.DiGraph()
G.add_edge(1,2,weight=100)
G.add_edge(2,3,weight=87)
G.add_edge(2,4,weight=57)
G.add_edge(2,5,weight=50)
G.add_edge(2,6,weight=51)
G.add_edge(3,7,weight=94)
G.add_edge(3,8,weight=78)
G.add_edge(3,9,weight=85)
G.add_edge(4,13,weight=54)
G.add_edge(4,14,weight=47)
G.add_edge(4,15,weight=98)
G.add_edge(5,10,weight=43)
G.add_edge(5,11,weight=32)
G.add_edge(5,12,weight=44)
G.add_edge(6,16,weight=59)
G.add_edge(6,17,weight=92)
G.add_edge(6,18,weight=39)
G.add_edge(6,23,weight=99)
G.add_edge(7,19,weight=99)
G.add_edge(8,20,weight=96)
G.add_edge(9,20,weight=86)
G.add_edge(10,21,weight=60)
G.add_edge(11,21,weight=57)
G.add_edge(12,22,weight=47)
G.add_edge(14,10,weight=55)
G.add_edge(16,17,weight=59)
G.add_edge(18,12,weight=53)
G.add_edge(18,24,weight=93)
G.add_edge(21,22,weight=33)
G.add_edge(19,25,weight=88)
G.add_edge(20,25,weight=96)
G.add_edge(22,25,weight=23)
G.add_edge(25,26,weight=75)
rs = Dijkstra(G, 1, 26)
print(rs)

 

EasyProgram

 1 #include<stdio.h>
 2 #include<string.h>
 3 int main()
 4 {
 5     FILE *fp = NULL;
 6     char flag[255];
 7     fp = fopen("file.txt", "r");
 8     fscanf(fp, "%s", flag);
 9     int i,j,s[256],t[256],p,x;
10     char key[]="whoami";
11     for (i=0;i<256;i++)
12         s[i]=i;
13     for (i=0;i<256;i++)
14         t[i]=key[i%(strlen(key))];
15     j=0;
16     for (i=0;i<256;i++){
17         j=(j+s[i]+t[i])%256;
18         p=s[i];s[i]=s[j];s[j]=p;
19     }
20     i=0;j=0;
21     for (int m=0;m<38;m++){
22         i=(i+1)%256;
23         j=(j+s[i])%256;
24         p=s[i];s[i]=s[j];s[j]=p;
25         x=(s[i] + s[j]%256)%256;
26         flag[m]=flag[m]^s[x];
27     }
28     printf("%s\n", flag );    
29     return 0;
30  } 

 

浪里淘沙

分析單詞出現頻率,然后按次數排序,找出其中第4,8,11,15,16位單詞拼接為flag。

a="tonightsuccessnoticenoticewewesuccesstonightweexamplecryptoshouldwebackspacetonightbackspace......"
def d(s): print s,a.count(s) g=a.replace(s,'') return g a=d("tonight") a=d("success") a=d("notice") a=d("example") a=d("should") a=d("crypto") a=d("backspace") a=d("learn") a=d("found") a=d("morning") a=d("we") a=d("system") a=d("sublim") a=d("the") a=d("user") a=d("enter")

 

SameMod

發現n相同,很明顯的RSA共模攻擊,隨便找個共模攻擊腳本得到m=10210897103123119104101110119101116104.....

發現像ascii碼拼接在一起,分開為 102,108,97,103......得到flag。

 

RSA系列

  • 已知p、q、e、c系列:RSA、rsarsa、RSAROLL
  • 已知p、q、dq、dp、c系列:RSA1
  • 已知e、n、dp、c系列:RSA2
  • 共模攻擊:RSA3、SameMod
  • 低解密指數攻擊:rsa2
  • 低加密指數攻擊:Dangerous RSA
  • 相同的e與m,gcd(n1,n2)找存在公約數的兩個n值得到p,q:RSA5

套路參考https://err0rzz.github.io/2017/11/14/CTF%E4%B8%ADRSA%E5%A5%97%E8%B7%AF/index.html

writeup參考https://beiyuouo.github.io/2019/05/30/ctf-buuctf/

 

RSA & what

發現相同的明文使用不同e加密,且n相同,想到是共模攻擊,攻擊得到一堆base64字符串,解密得到這樣一段話:

THIS FLAG IS HIDDEN. CAN YOU FIND IT OUT? DO YOU KNOW BASE64? YoungC THINK YOU ARE NOT THAT FAMILIAR WITH BASE64. Base64 is a group of similar binary-to-text encoding schemes that represent binary data in an ASCII string format by translating it into a radix-64 representation. The term Base64 originates from a specific MIME content transfer encoding. The particular set of 64 characters chosen to represent the 64 place-values for the base varies between implementations. The general strategy is to choose 64 characters that are both members of a subset common to most encodings, and also printable. This combination leaves the data unlikely to be modified in transit through information systems, such as E-mail, that were traditionally not 8-bit clean.[1] For example, MIME's Base64 implementation uses A�CZ, a�Cz, and 0�C9 for the first 62 values. Other variations share this property but differ in the symbols chosen for the last two values; an example is UTF-7.

根據這段話給出的提示懷疑是base64加密,驗證發現每個base64串解密后再加密果然與原base串不同,於是解密得到一串數值,即為flag。這里給出流程的完整腳本。

 1 from libnum import n2s,s2n
 2 import base64
 3 import codecs
 4 from gmpy2 import invert
 5 def egcd(a, b):
 6     if a == 0:
 7         return (b, 0, 1)
 8     else:
 9         g, y, x = egcd(b % a, a)
10     return (g, x - (b // a) * y, y)
11 
12 def bb(c1,c2):
13     n =
14     e1 =
15     e2 =
16     s = egcd(e1, e2)
17     s1 = s[1]
18     s2 = s[2]
19     if s1<0:
20         s1 = - s1
21         c1 = invert(c1, n)
22     elif s2<0:
23         s2 = - s2
24         c2 = invert(c2, n)
25     m = pow(c1,s1,n)*pow(c2,s2,n) % n
26     return hex(m)[2:]
27     #print (n2s(m))
28 
29 def get_base64_diff_value(s1, s2):
30     base64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
31     res = 0
32     for i in xrange(len(s1)):
33         if s1[i] != s2[i]:
34             return abs(base64chars.index(s1[i]) - base64chars.index(s2[i]))
35     return res
36 
37 def main():
38     c1=[,,,,]
39     c2=[,,,,]
40     ss=''
41     for i in range(6):
42         ss+=bb(c1[i],c2[i])
43     bases=codecs.decode(ss, 'hex')
44     m=bases.split("\n")
45     bin_str = ''
46     for i in m:
47         steg_line=i
48         norm_line = steg_line.decode('base64').encode('base64')
49         diff = get_base64_diff_value(steg_line, norm_line)
50         pads_num = steg_line.count('=')
51         if diff:
52             bin_str += bin(diff)[2:].zfill(pads_num * 2)
53         else:
54             bin_str += '0' * pads_num * 2
55     res_str = ''
56 
57     for i in xrange(0, len(bin_str), 8):
58         res_str += chr(int(bin_str[i:i + 8], 2))
59     print 'flag{'+res_str+'}'
60 if __name__ == '__main__':
61     main()

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM