Preface

Open questions , It was found to be a large string of non code text .（ Cute new panic ）

First step

Combined with file suffix and title baby_tree, It can be understood that this is ast Syntax tree . It can be found at the beginning of the file that this is caused by swift Written program , namely "re.swift".
After searching relevant information, I learned ,
Swift compiler has an interesting mode: -dump-ast which outputs the abstract syntax tree of a swift source code. AST is used to represent the source code in form of a tree containing syntactic information.

From this, we can know the test site of this question , analysis swift Of ast grammar , Judge the encryption process , obtain flag, To analyze .（tips: It should also be able to deploy locally swift Environmental comparative analysis ）

The second step

1. Find the ciphertext

Because of the AST share 635 That's ok , Reading efficiency is too low , So I plan to find the ciphertext first , Find a breakthrough . In the file 528 OK, let's start , Found the ciphertext , And found traces of comparison .

Here is a point to understand that ast How logic works , And apply it to the subsequent analysis .
Through analysis , It was found that decl In the call Swift.(file).Array extension.==, It is similar to declaring operators first , And then in type Declare the operation result of this operator at typerepr='ArrayUInt8>, Finally, load the operand , The question is b And the encrypted array 88,35,88,225,7,201,57,94,77,56,75,168,72,218,64,91,16,101,32,207,73,130,74,128,76,201,16,248,41,205,103,84,91,99,79,202,22,131,63,255,20,16

2. line-by-line analysis

Start from scratch based on the logic just , Can save a lot of time .

You can see ,check Function has 2 individual string Parameters encoded and keyvalue, Then convert them into b and k.（ In the picture is b Of ,k Of is below ）

Then is r0,r1,r2,r3 Generation

Then enter the key for loop

Refer to the logic of ciphertext comparison , It is not difficult to find that this is the declaration for i in range(0,len(b)-4+1)
And then into the circulatory body

Sort out the logic , Namely r0 = b[i],r1 = b[i+1],r2=b[i+2],r3=b[i+3]（ In the picture is r0 and r1 Assignment ）
Keep looking down

Found to be b[i]=r2^((k[0]+(r0>>4))&0xff) （ The picture is not complete , The whole process is very long , But logic is not difficult , It's from 207-288 That's ok ）
And then you just keep looking down , Discovery is constant assignment , Get new value
Finally found for The cycle is return Stop before , The next step is to compare ciphertext , It means that check The function ends here .

3. Write the encryption process

def check(data,key):
    b=data
    k=key
    for i in range(len(b)-4+1):
        r0,r1,r2,r3=b[i],b[i+1],b[i+2],b[i+3]
        b[i]=r2^((k[0]+(r0>>4))&0xff)
        b[i+1]=r3^((k[1]+(r1>>2))&0xff)
        b[i+2]=r0^k[2]
        b[i+3]=r1^k[3]
        k[0] = k[1]
        k[1] = k[2]
        k[2] = k[3]
        k[3] = k[0]
    return b==res

4. Go back and decrypt

def decode(data,key):
    b=data
    k=key
    k[0] = k[2]
    k[1] = k[3]
    k[2] = k[0]
    k[3] = k[1]
    r1 = b[38 + 3] ^ k[3]
    r0 = b[38 + 2] ^ k[2]
    r3 = b[38 + 1] ^ ((k[1] + (r1 >> 2)) & 0xff)
    r2 = b[38] ^ ((k[0] + (r0 >> 4)) & 0xff)
    b[38], b[38 + 1], b[38 + 2], b[38 + 3] = r0, r1, r2, r3
    for i in range(37,-1,-1):
        k[1] = k[0]
        k[2] = k[1]
        k[3] = k[2]
        k[0] = k[3]
        r1=b[i+3]^k[3]
        r0=b[i+2]^k[2]
        r3=b[i+1]^((k[1]+(r1>>2))&0xff)
        r2=b[i]^((k[0]+(r0>>4))&0xff)
        b[i], b[i + 1], b[i + 2], b[i + 3] = r0, r1, r2, r3
    print("".join(chr(i) for i in b))

summary

Hard look