题目地址:http://ctf.idf.cn/index.php?g=game&m=article&a=index&id=45
下载来发现是crackme.pyc
可以用uncompyle2反编译。也可以直接http://tool.lu/pyc/在这个网站反编译。
得到源代码:
#!/usr/bin/env python # encoding: utf-8 # 如果觉得不错,可以推荐给你的朋友!http://tool.lu/pyc def encrypt(key, seed, string): rst = [] for v in string: rst.append((ord(v) + seed ^ ord(key[seed])) % 255) seed = (seed + 1) % len(key) return rst if __name__ == '__main__': print "Welcome to idf's python crackme" flag = input('Enter the Flag: ') KEY1 = 'Maybe you are good at decryptint Byte Code, have a try!' KEY2 = [ 124, 48, 52, 59, 164, 50, 37, 62, 67, 52, 48, 6, 1, 122, 3, 22, 72, 1, 1, 14, 46, 27, 232] en_out = encrypt(KEY1, 5, flag) if KEY2 == en_out: print 'You Win' else: print 'Try Again !'
程序加密函数:
def encrypt(key, seed, string): rst = [] for v in string: rst.append((ord(v) + seed ^ ord(key[seed])) % 255) seed = (seed + 1) % len(key)
flag加密后与KEY2比较 一样的话输出You Win
本来想逆向,但弄不来,就直接爆破了。
a-z A-Z 0-9 加上符号 可以有AscII码遍历,然后编码转换回来,加入数组。
然后加密,与KEY数组的值比较。
代码如下:
#!/usr/bin/env python # encoding: utf-8 def encrypt(key, seed, string): for v in string: a = (ord(v) + seed ^ ord(key[seed]) % 255) return a KEY1 = 'Maybe you are good at decryptint Byte Code, have a try!' KEY2 = [ 124, 48, 52, 59, 164, 50, 37, 62, 67, 52, 48, 6, 1, 122, 3, 22, 72, 1, 1, 14, 46, 27, 232] s=[] seed=5; key= 'Maybe you are good at decryptint Byte Code, have a try!' for i in range(33,127): j = chr(i) s.append(j) for i in range(23): for j in s: aa = encrypt(key,seed,j) if aa == KEY2[i]: print j seed = (seed + 1) % len(key)
要注意的是seed 的改变要在flag与KEY2比较后。