UCSC-WP&复现reverse

王海鱼 · 2025-4-30 04:02:09

马上注册，结交更多好友，享用更多功能，让你轻松玩转社区。

您需要登录才可以下载或查看，没有账号？立即注册

x

UCSC-WP&复现reverse

easy_re-ucsc

main函数

v7 = 10;
strcpy(Str, "n=<;:h2<'?8:?'9hl9'h:l>'2>>2>hk=>;:?");
for ( i = 0; i < strlen(Str); ++i )
Str1[i] = xor(v7, Str[i]);
Str1[strlen(Str)] = 0;
printf(Format);
scanf("%s", Str2);
if ( !strcmp(Str1, Str2) )
puts("win,TQLLLLLLL!!!");
else
puts("sorry,this is not flag");
return 0;

复制代码

脚本

Str = "n=<;:h2<'?8:?'9hl9'h:l>'2>>2>hk=>;:?"
v7 = 10
Str1 = ''.join([chr(ord(c) ^ v7) for c in Str])
print(Str1)

复制代码

EZ_debug-ucsc

mian函数：

strcpy(Str, "UCSC");//key
v5[0] = 0x89B83EC0E7A3CF8i64;
v5[1] = 0x3F0EA83858C85F6Ai64;
v5[2] = 0xAB8A1E39811B5F22ui64;
v5[3] = 0x649F307A6475E9B1i64;
v6 = 0xAB7BBD90;//v5和v6是密文
v8 = 36;
v3 = strlen(Str);
rc4_init(Str, v3);
rc4_crypt(v5, v8);
return 0;

复制代码

脚本
[code]import structdef rc4_decrypt(ciphertext_hex, key): ciphertext = bytes.fromhex(ciphertext_hex) s = list(range(256)) j = 0 key_bytes = key.encode('ascii') # KSA for i in range(256): j = (j + s + key_bytes[i % len(key_bytes)]) % 256 s, s[j] = s[j], s # PRGA i = j = 0 plaintext = [] for byte in ciphertext: i = (i + 1) % 256 j = (j + s) % 256 s, s[j] = s[j], s k = s[(s + s[j]) % 256] plaintext.append(byte ^ k) return bytes(plaintext)# 构造密文cipher_qwords = [ 0x089B83EC0E7A3CF8, 0x3F0EA83858C85F6A, 0xAB8A1E39811B5F22, 0x649F307A6475E9B1, 0xAB7BBD90]cipher_bytes = b''.join(struct.pack("

		自动登录	找回密码
密码			立即注册

UCSC-WP&复现reverse

马上注册，结交更多好友，享用更多功能，让你轻松玩转社区。

0 个回复

快速回复

楼主热帖

标签云

浏览过的版块