当前位置:网站首页>2022 National Games RE1 baby_ tree
2022 National Games RE1 baby_ tree
2022-07-06 12:57:00 【Hofiy】
2022 National Games Re1 baby_tree
Preface
Open questions , It was found to be a large string of non code text .( Cute new panic )
First step
Combined with file suffix and title baby_tree, It can be understood that this is ast Syntax tree . It can be found at the beginning of the file that this is caused by swift Written program , namely "re.swift".
After searching relevant information, I learned ,
Swift compiler has an interesting mode: -dump-ast which outputs the abstract syntax tree of a swift source code. AST is used to represent the source code in form of a tree containing syntactic information.
From this, we can know the test site of this question , analysis swift Of ast grammar , Judge the encryption process , obtain flag, To analyze .(tips: It should also be able to deploy locally swift Environmental comparative analysis )
The second step
1. Find the ciphertext
Because of the AST share 635 That's ok , Reading efficiency is too low , So I plan to find the ciphertext first , Find a breakthrough . In the file 528 OK, let's start , Found the ciphertext , And found traces of comparison .
Here is a point to understand that ast How logic works , And apply it to the subsequent analysis .
Through analysis , It was found that decl In the call Swift.(file).Array extension.==, It is similar to declaring operators first , And then in type Declare the operation result of this operator at typerepr='ArrayUInt8>, Finally, load the operand , The question is b And the encrypted array 88,35,88,225,7,201,57,94,77,56,75,168,72,218,64,91,16,101,32,207,73,130,74,128,76,201,16,248,41,205,103,84,91,99,79,202,22,131,63,255,20,16
2. line-by-line analysis
Start from scratch based on the logic just , Can save a lot of time .
You can see ,check Function has 2 individual string Parameters encoded and keyvalue, Then convert them into b and k.( In the picture is b Of ,k Of is below )
Then is r0,r1,r2,r3 Generation
Then enter the key for loop
Refer to the logic of ciphertext comparison , It is not difficult to find that this is the declaration for i in range(0,len(b)-4+1)
And then into the circulatory body
Sort out the logic , Namely r0 = b[i],r1 = b[i+1],r2=b[i+2],r3=b[i+3]
( In the picture is r0 and r1 Assignment )
Keep looking down
Found to be b[i]=r2^((k[0]+(r0>>4))&0xff)
( The picture is not complete , The whole process is very long , But logic is not difficult , It's from 207-288 That's ok )
And then you just keep looking down , Discovery is constant assignment , Get new value
Finally found for The cycle is return Stop before , The next step is to compare ciphertext , It means that check The function ends here .
3. Write the encryption process
def check(data,key):
b=data
k=key
for i in range(len(b)-4+1):
r0,r1,r2,r3=b[i],b[i+1],b[i+2],b[i+3]
b[i]=r2^((k[0]+(r0>>4))&0xff)
b[i+1]=r3^((k[1]+(r1>>2))&0xff)
b[i+2]=r0^k[2]
b[i+3]=r1^k[3]
k[0] = k[1]
k[1] = k[2]
k[2] = k[3]
k[3] = k[0]
return b==res
4. Go back and decrypt
def decode(data,key):
b=data
k=key
k[0] = k[2]
k[1] = k[3]
k[2] = k[0]
k[3] = k[1]
r1 = b[38 + 3] ^ k[3]
r0 = b[38 + 2] ^ k[2]
r3 = b[38 + 1] ^ ((k[1] + (r1 >> 2)) & 0xff)
r2 = b[38] ^ ((k[0] + (r0 >> 4)) & 0xff)
b[38], b[38 + 1], b[38 + 2], b[38 + 3] = r0, r1, r2, r3
for i in range(37,-1,-1):
k[1] = k[0]
k[2] = k[1]
k[3] = k[2]
k[0] = k[3]
r1=b[i+3]^k[3]
r0=b[i+2]^k[2]
r3=b[i+1]^((k[1]+(r1>>2))&0xff)
r2=b[i]^((k[0]+(r0>>4))&0xff)
b[i], b[i + 1], b[i + 2], b[i + 3] = r0, r1, r2, r3
print("".join(chr(i) for i in b))
summary
Hard look
边栏推荐
- Teach you to release a DeNO module hand in hand
- 【干货】提升RTK模糊度固定率的建议之周跳探测
- Novatel board oem617d configuration step record
- C programming exercise
- KF UD decomposition pseudo code implementation advanced [2]
- Fairygui character status Popup
- GNSS positioning accuracy index calculation
- The service robots that have been hyped by capital and the Winter Olympics are not just a flash in the pan
- FairyGUI复选框与进度条的组合使用
- Database table splitting strategy
猜你喜欢
[算法] 剑指offer2 golang 面试题5:单词长度的最大乘积
KF UD分解之UD分解基础篇【1】
Detailed explanation of balanced binary tree is easy to understand
Fairygui gain buff value change display
Mixed use of fairygui button dynamics
Excel导入,导出功能实现
[算法] 剑指offer2 golang 面试题13:二维子矩阵的数字之和
Fairygui loop list
堆排序【手写小根堆】
Fairygui character status Popup
随机推荐
【GNSS数据处理】赫尔默特(helmert)方差分量估计解析及代码实现
Theoretical derivation of support vector machine
Problems and solutions of robust estimation in rtklib single point location spp
[algorithm] sword finger offer2 golang interview question 9: subarray with product less than k
Fundamentals of UD decomposition of KF UD decomposition [1]
[rtklib 2.4.3 B34] version update introduction I
(the first set of course design) 1-4 message passing interface (100 points) (simulation: thread)
[algorithm] sword finger offer2 golang interview question 6: sum of two numbers in the sorting array
[dry goods] cycle slip detection of suggestions to improve the fixed rate of RTK ambiguity
What are the functions and features of helm or terrain
rtklib单点定位spp使用抗差估计遇到的问题及解决
RTKLIB: demo5 b34f. 1 vs b33
Easy to use shortcut keys in idea
Derivation of logistic regression theory
FairyGUI简单背包的制作
Meanings and differences of PV, UV, IP, VV, CV
Usage differences between isempty and isblank
异常:IOException:Stream Closed
Mysql database index
堆排序【手写小根堆】