re刷题第九天

re刷题第九天

---

0x00 tt3441810

知识点：汇编硬编码

题目给出了一堆十六进制，转换为汇编看下，发现第一句是push 0x666c，之后进行了一些异或，加操作，emmm。。。看不太懂。想起来push在这里的十六进制是0x68，所以把0x68后两个字节的内容提取出来就是flag

0x01 gametime

额。。。这个题说实话我不明白在考察什么东西，我tcl。题目是一个小游戏，定义了我们必须要根据规则来输入字符.

s-->' '
x-->'x'
m-->'m'

全部输入正确就会给出flag

0x02 APK-逆向2

知识点：.net逆向、socket

用ILSpy反编译一下，监听了下本机的31337端口拿到flag。

namespace Rev_100
{
	internal class Program
	{
		private static void Main(string[] args)
		{
			string hostname = "127.0.0.1";
			int port = 31337;
			TcpClient tcpClient = new TcpClient();
			try
			{
				Console.WriteLine("Connecting...");
				tcpClient.Connect(hostname, port);
			}
			catch (Exception)
			{
				Console.WriteLine("Cannot connect!\nFail!");
				return;
			}
			Socket client = tcpClient.Client;
			string text = "Super Secret Key";
			string text2 = Program.read();
			client.Send(Encoding.ASCII.GetBytes("CTF{"));
			string text3 = text;
			for (int i = 0; i < text3.Length; i++)
			{
				char x = text3[i];
				client.Send(Encoding.ASCII.GetBytes(Program.search(x, text2)));
			}
			client.Send(Encoding.ASCII.GetBytes("}"));
			client.Close();
			tcpClient.Close();
			Console.WriteLine("Success!");
		}
		private static string read()
		{
			string fileName = Process.GetCurrentProcess().MainModule.FileName;
			string[] array = fileName.Split(new char[]
			{
				'\\'
			});
			string path = array[array.Length - 1];
			string result = "";
			using (StreamReader streamReader = new StreamReader(path))
			{
				result = streamReader.ReadToEnd();
			}
			return result;
		}
		private static string search(char x, string text)
		{
			int length = text.Length;
			for (int i = 0; i < length; i++)
			{
				if (x == text[i])
				{
					int value = i * 1337 % 256;
					return Convert.ToString(value, 16).PadLeft(2, '0');
				}
			}
			return "??";
		}
	}
}