[Python知识库]攻防世界 Crypto easychallenge

1.题目下载地址

点击下载

2.分析题目

• 可以看到文件夹中有一个.pyc文件
• 这里可以先去了解一下.pyc文件

pyc 是一种二进制文件，是由 py 文件经过编译后，生成的文件，是一种 byte code，py 文 件变成 pyc 文件后，运行加载的速度会有所提高;另一反面，把 py 文件编译为 pyc 文件， 从而可以实现部分的源码隐藏，保证了 python 做商业化软件时的安全性

• pyc的反编译可以使用uncompyle6这个工具

pip install uncompyle6
uncompyle6 test.pyc

• 得到的结果如下

Last login: Tue Dec 21 20:39:23 on ttys001
liweijun@liweijun crypto % uncompyle6 test.pyc
# uncompyle6 version 3.8.0
# Python bytecode 2.7 (62211)
# Decompiled from: Python 3.9.7 (default, Oct 12 2021, 22:38:23) 
# [Clang 13.0.0 (clang-1300.0.29.3)]
# Embedded file name: ans.py
# Compiled at: 2018-08-09 11:29:44
import base64

def encode1(ans):
    s = ''
    for i in ans:
        x = ord(i) ^ 36
        x = x + 25
        s += chr(x)

    return s


def encode2(ans):
    s = ''
    for i in ans:
        x = ord(i) + 36
        x = x ^ 36
        s += chr(x)

    return s


def encode3(ans):
    return base64.b32encode(ans)


flag = ' '
print 'Please Input your flag:'
flag = raw_input()
final = 'UC7KOWVXWVNKNIC2XCXKHKK2W5NLBKNOUOSK3LNNVWW3E==='
if encode3(encode2(encode1(flag))) == final:
    print 'correct'
else:
    print 'wrong'
# okay decompiling test.pyc
liweijun@liweijun crypto % 

• 我们把反编译后的程序放到.py文件中
• 经过分析发现这个程序的流程是flag->encode1->encode2->encode3
• 那么我们把它反过来就可得到flag了
• final->encode3->encode2->encode1

3.exp

import base64
s="UC7KOWVXWVNKNIC2XCXKHKK2W5NLBKNOUOSK3LNNVWW3E==="
s=base64.b32decode(s)
m = ''
for i in s:
   x = ord(i) ^ 36
   x = x - 36
   m+= chr(x)
h = ''
for i in m:
   x = ord(i) - 25
   x = x ^ 36
   h+= chr(x)
print (h)

# uncompyle6 version 3.8.0
# Python bytecode 2.7 (62211)
# Decompiled from: Python 3.9.7 (default, Oct 12 2021, 22:38:23) 
# [Clang 13.0.0 (clang-1300.0.29.3)]
# Embedded file name: ans.py
# Compiled at: 2018-08-09 11:29:44
import base64
# from typing import final

def encode1(ans):
    s = ''
    for i in ans:
        x = ord(i) ^ 36
        x = x + 25
        s += chr(x)

    return s


def encode2(ans):
    s = ''
    for i in ans:
        x = ord(i) + 36
        x = x ^ 36
        s += chr(x)

    return s


def encode3(ans):
    return base64.b32encode(ans)


# flag = ' '
# print ('Please Input your flag:')
# flag = eval(input())
final = 'UC7KOWVXWVNKNIC2XCXKHKK2W5NLBKNOUOSK3LNNVWW3E==='
# if encode3(encode2(encode1(flag))) == final:
#     print ('correct')
# else:
#     print ('wrong')

flag = encode1(encode2(encode3(final)))
print(flag)
# okay decompiling test.pyc

• 运行结果

liweijun@liweijun crypto % python2 test1.py
cyberpeace{interestinghhhhh}
liweijun@liweijun crypto %