re刷題第九天

re刷題第九天

---

0x00 tt3441810

知識點：彙編硬編碼

題目給出了一堆十六進制，轉換爲彙編看下，發現第一句是push 0x666c，之後進行了一些異或，加操作，emmm。。。看不太懂。想起來push在這裏的十六進制是0x68，所以把0x68後兩個字節的內容提取出來就是flag

0x01 gametime

額。。。這個題說實話我不明白在考察什麼東西，我tcl。題目是一個小遊戲，定義了我們必須要根據規則來輸入字符.

s-->' '
x-->'x'
m-->'m'

全部輸入正確就會給出flag

0x02 APK-逆向2

知識點：.net逆向、socket

用ILSpy反編譯一下，監聽了下本機的31337端口拿到flag。

namespace Rev_100
{
	internal class Program
	{
		private static void Main(string[] args)
		{
			string hostname = "127.0.0.1";
			int port = 31337;
			TcpClient tcpClient = new TcpClient();
			try
			{
				Console.WriteLine("Connecting...");
				tcpClient.Connect(hostname, port);
			}
			catch (Exception)
			{
				Console.WriteLine("Cannot connect!\nFail!");
				return;
			}
			Socket client = tcpClient.Client;
			string text = "Super Secret Key";
			string text2 = Program.read();
			client.Send(Encoding.ASCII.GetBytes("CTF{"));
			string text3 = text;
			for (int i = 0; i < text3.Length; i++)
			{
				char x = text3[i];
				client.Send(Encoding.ASCII.GetBytes(Program.search(x, text2)));
			}
			client.Send(Encoding.ASCII.GetBytes("}"));
			client.Close();
			tcpClient.Close();
			Console.WriteLine("Success!");
		}
		private static string read()
		{
			string fileName = Process.GetCurrentProcess().MainModule.FileName;
			string[] array = fileName.Split(new char[]
			{
				'\\'
			});
			string path = array[array.Length - 1];
			string result = "";
			using (StreamReader streamReader = new StreamReader(path))
			{
				result = streamReader.ReadToEnd();
			}
			return result;
		}
		private static string search(char x, string text)
		{
			int length = text.Length;
			for (int i = 0; i < length; i++)
			{
				if (x == text[i])
				{
					int value = i * 1337 % 256;
					return Convert.ToString(value, 16).PadLeft(2, '0');
				}
			}
			return "??";
		}
	}
}