tyre
一个签到题目
ida64位打开
可以看到有base64变表,然后后面发现了一个异或
最后解码
import base64
import string
tmp="M@ASL3MF`uL3ICT2IhUgKSD2IeDsICH7Hd26HhQgKSQhNCX7TVL3UFMeHi2?"
enc=""
for i in tmp:enc+=chr(ord(i)^2)outtab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
intab = "ZYXABCDEFGHIJKLMNOPQRSTUVWzyxabcdefghijklmnopqrstuvw0123456789+/"
print(base64.b64decode(enc.translate(enc.maketrans(intab,outtab)).encode()))黑客不许哭
开始有一个反调试函数
输入的字符串长度为44
jz改成jmp
这里有一个for循环关注一下
进去观察像是浮点数,转换为浮点数的形式
选择floaing,这里把db按d改成dp
记录一下数据
encflag=[4358.58716, 6122.2983, 2158.74574, 5973.017537, 9173.840881, 6164.67827, 12293.528276, 4091.327439, 3360.696562, 2403.667017, 3199.455077, 4962.117508, 8266.407604, 2863.062918, 1044.626306, 1067.5308730000002, 3217.476319, 6260.942959, 3278.952568, 160.724197, 596.797742, 3277.973032, 6368.757598, 842.858109, 5925.142209, 3046.937162, 12752.384458, 2442.54747, 1827.164764, 4903.961921, 5619.869598, 3851.247916, 4472.987644, 13135.636855, 1640.630636, 975.429551, 2174.379531, 2289.845471, 2605.707441, 1488.586824, 12216.019619, 4588.270425, 4803.36317, 13035.30263]
key_float=[60.51846366284686,89.4737043286176,24.031047113523933,84.68873702464015,104.66953644646323,83.75627693648984,96.41044018110416,75.27071882034213,60.33140727998576,46.10475987767577,56.28563000222285,86.68936481373537,80.87786332435297,55.29894355978243,9.261748448423328,20.6272127322797,31.189741971747896,116.18656005122571,30.859918262868042,1.0633446004217317,10.591447767777225,55.64965261721374,122.95044769452201,7.140637105592679,55.44977106531295,62.827038867512506,125.30574894504994,45.94487116254584,32.57185367060958,92.37291765689986,117.68050783530462,63.422414786033976,84.08593452538155,125.30354189600813,26.504600725852114,15.6085145259943,35.687075116213585,37.67352051379848,24.32434117146088,25.692484908155073,116.46382825728031,86.30264794289376,79.51984419851664,100.65174601005425,]
key1=1.020123456789进去4120函数发现加密函数
可以看到是一个Cuba相关
尝试使用cuobjdump进行分析
cuda指令反汇编
cuobjdump 黑客不许哭.exe -xelf all
取得cubin文件
使用命令进行反汇编
cuobjdump 黑客不许哭.1.sm_52.cubin -sass
encflag=[4358.58716, 6122.2983, 2158.74574, 5973.017537, 9173.840881, 6164.67827, 12293.528276, 4091.327439, 3360.696562, 2403.667017, 3199.455077, 4962.117508, 8266.407604, 2863.062918, 1044.626306, 1067.5308730000002, 3217.476319, 6260.942959, 3278.952568, 160.724197, 596.797742, 3277.973032, 6368.757598, 842.858109, 5925.142209, 3046.937162, 12752.384458, 2442.54747, 1827.164764, 4903.961921, 5619.869598, 3851.247916, 4472.987644, 13135.636855, 1640.630636, 975.429551, 2174.379531, 2289.845471, 2605.707441, 1488.586824, 12216.019619, 4588.270425, 4803.36317, 13035.30263]
key_float=[60.51846366284686,89.4737043286176,24.031047113523933,84.68873702464015,104.66953644646323,83.75627693648984,96.41044018110416,75.27071882034213,60.33140727998576,46.10475987767577,56.28563000222285,86.68936481373537,80.87786332435297,55.29894355978243,9.261748448423328,20.6272127322797,31.189741971747896,116.18656005122571,30.859918262868042,1.0633446004217317,10.591447767777225,55.64965261721374,122.95044769452201,7.140637105592679,55.44977106531295,62.827038867512506,125.30574894504994,45.94487116254584,32.57185367060958,92.37291765689986,117.68050783530462,63.422414786033976,84.08593452538155,125.30354189600813,26.504600725852114,15.6085145259943,35.687075116213585,37.67352051379848,24.32434117146088,25.692484908155073,116.46382825728031,86.30264794289376,79.51984419851664,100.65174601005425,]
key1=1.020123456789
print(4358.58716-60.51846366284686*70.36839)
for i in range(len(encflag)):print(chr(round(((encflag[i] - 100) / key_float[i] - 1)/ key1) ), end="")解密脚本