ADworld reverse wp - SignIn
作者:互联网
执行sub_96A(v8, v9), 处理输入之后存储到v6中, 执行v6 = pow(v6, v5, v4)然后比较v6 == v7 == ad939ff59f6e70bcbfad406f2494993757eee98b91bc244184a377520d06fc35
c复现代码
#include<stdio.h>
#include<string.h>
#include<stdlib.h>
char byte_202010[] = {0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66};
int sub_96A(const char *a1, char* a2)
{
int result; // rax
int v3; // [rsp+0x18] [rbp-0x18]
int i; // [rsp+0x1C] [rbp-0x14]
v3 = 0;
for ( i = 0; ; i += 2 )
{
result = strlen(a1);
if ( v3 >= result )
break;
*(a2 + i) = byte_202010[a1[v3] >> 4];
*(a2 + i + 1) = byte_202010[a1[v3++] & 0xF];
}
return result;
}
int main(){
char* T = (char*)malloc(sizeof(char) * 100);
char* R = (char*)malloc(sizeof(char) * 100);
while(1){
scanf("%s", T);
sub_96A(T, R);
printf("%s\n", R);
}
}
尝试几个参数, 可以发现是将输入的数转换成16进制的形式输出
所以整个程序就是做一个RSA加密, 分解大数即可找到解密参数, 解出ad939ff59f6e70bcbfad406f2494993757eee98b91bc244184a377520d06fc35再转换成ascii码字符形式就是flag
factordb
p = 282164587459512124844245113950593348271
q = 366669102002966856876605669837014229419
e = 65537
N = 103461035900816914121390101299049044413950405173712170434161686539878160984549
c = 0xad939ff59f6e70bcbfad406f2494993757eee98b91bc244184a377520d06fc35
p = 282164587459512124844245113950593348271
q = 366669102002966856876605669837014229419
phi = (p - 1) * (q - 1)
# calculate solution of x, y for ax + by = 1
def extend_gcd(a, b):
if b == 0:
x1, y1 = 1, 0
x, y = x1, y1
r = a
return r, x, y
else:
r, x1, y1 = extend_gcd(b, a % b)
x, y = y1, x1 - a // b * y1
return r, x, y
def main():
ret, x, y = extend_gcd(e, phi)
# a = e, b = phi
# x, y = d, coefficient
# print(x, y)
d = x # y
m = pow(c, d, N) # m = c ^ d mod N
m = hex(m)[2:]
print(m)
flag = ''
for i in range(0, len(m), 2):
flag += chr(int(m[i:i+2], 16))
print(flag)
if __name__=='__main__':
main()
suctf{Pwn_@_hundred_years}
标签:__,char,reverse,ADworld,int,SignIn,v3,result,y1 来源: https://blog.csdn.net/qq_33976344/article/details/117461332