首页 > 代码库 > IDF实验室-python ByteCode writeup

IDF实验室-python ByteCode writeup

题目地址:http://ctf.idf.cn/index.php?g=game&m=article&a=index&id=45

下载来发现是crackme.pyc 

可以用uncompyle2反编译。也可以直接http://tool.lu/pyc/在这个网站反编译。

得到源代码:

 1 #!/usr/bin/env python
 2 # encoding: utf-8
 3 # 如果觉得不错,可以推荐给你的朋友!http://tool.lu/pyc
 4 
 5 def encrypt(key, seed, string):
 6     rst = []
 7     for v in string:
 8         rst.append((ord(v) + seed ^ ord(key[seed])) % 255)
 9         seed = (seed + 1) % len(key)
10     
11     return rst
12 
13 if __name__ == __main__:
14     print "Welcome to idf‘s python crackme"
15     flag = input(Enter the Flag: )
16     KEY1 = Maybe you are good at decryptint Byte Code, have a try!
17     KEY2 = [
18         124,
19         48,
20         52,
21         59,
22         164,
23         50,
24         37,
25         62,
26         67,
27         52,
28         48,
29         6,
30         1,
31         122,
32         3,
33         22,
34         72,
35         1,
36         1,
37         14,
38         46,
39         27,
40         232]
41     en_out = encrypt(KEY1, 5, flag)
42     if KEY2 == en_out:
43         print You Win
44     else:
45         print Try Again !

程序加密函数:

1 def encrypt(key, seed, string):
2     rst = []
3     for v in string:
4         rst.append((ord(v) + seed ^ ord(key[seed])) % 255)
5         seed = (seed + 1) % len(key)

flag加密后与KEY2比较 一样的话输出You Win

本来想逆向,但弄不来,就直接爆破了。

a-z A-Z 0-9 加上符号 可以有AscII码遍历,然后编码转换回来,加入数组。

然后加密,与KEY数组的值比较。

代码如下:

#!/usr/bin/env python
# encoding: utf-8

def encrypt(key, seed, string):
    for v in string:
        a = (ord(v) + seed ^ ord(key[seed]) % 255)
        return a

KEY1 = Maybe you are good at decryptint Byte Code, have a try!
KEY2 = [
    124,
    48,
    52,
    59,
    164,
    50,
    37,
    62,
    67,
    52,
    48,
    6,
    1,
    122,
    3,
    22,
    72,
    1,
    1,
    14,
    46,
    27,
    232]
s=[]
seed=5;
key= Maybe you are good at decryptint Byte Code, have a try!
for i in range(33,127):
    j = chr(i)
    s.append(j)
for i in range(23):
    for j in s:
        aa = encrypt(key,seed,j)
        if aa == KEY2[i]:
            print j
    seed = (seed + 1) % len(key)

要注意的是seed 的改变要在flag与KEY2比较后。

IDF实验室-python ByteCode writeup