picoCTF 2021 Reverse Write-up

keygenme-py [30 points] 從 source code 中看到已經有一部分 flag,看起來是要找出 key_part_dynamic1_trial key_part_static1_trial = "picoCTF{1n_7h3_|<3y_of_"; key_part_dynamic1_trial = "xxxxxxxx"; key_part_static2_trial = "}"; key_full_template_trial = key_part_static1_trial + key_part_dynamic1_trial + key_part_static2_trial; 把 username 拿去 sha256 後取 4,5,3,6,2,7,1,8 import hashlib flag_part1 = "picoCTF{1n_7h3_|<3y_of_" flag_part2 = "".join([hashlib.sha256(b"GOUGH").hexdigest()[x] for x in [4,5,3,6,2,7,1,8]]) flag_part3 = "}" flag = flag_part1 + flag_part2 + flag_part3 print(flag) Flag: picoCTF{1n_7h3_|<3y_of_f911a486} crackme-py [30 points] 這題看完 source code 後發現他已經有寫好的 function 只是沒有使用 def decode_secret(secret): """ROT47 decode NOTE: encode and decode are the same operation in the ROT cipher family. """ # Encryption key rotate_const = 47 # Storage for decoded secret decoded = "" # decode loop for c in secret: index = alphabet.find(c) original_index = (index + rotate_const) % len(alphabet) decoded = decoded + alphabet[original_index] print(decoded) ┌──(luyee㉿DESKTOP-KADOGNG)-[~/picoCTF] └─$ /bin/python3 /home/luyee/picoCTF/2021/reverse/crackme-py/crackme.py What's your first number? 123 What's your second number? 123 The number with largest positive magnitude is 123 picoCTF{1|\/|_4_p34|\|ut_4593da8a} 所以直接拿來用,Flag 就出來了@@ ...