[WUSTCTF2020]level3题解
解题思路
1.找到主函数反编译
int __cdecl main(int argc, const char **argv, const char **envp) { char *v3; // rax char v5; // [rsp+Fh] [rbp-41h] char v6; // [rsp+10h] [rbp-40h] unsigned __int64 v7; // [rsp+48h] [rbp-8h] v7 = __readfsqword(0x28u); printf("Try my base64 program?.....\n>", argv, envp); __isoc99_scanf("%20s", &v6); //输入字符串 v5 = time(0LL); srand(v5); if ( rand() & 1 ) { v3 = base64_encode(&v6); //对输入的字符串进行base64编码 puts(v3); puts("Is there something wrong?"); } else { puts("Sorry I think it's not prepared yet...."); puts("And I get a strange string from my program which is different from the standard base64:"); //得到了一段奇怪的字符串与标准base64编码表不同,可知应该不是标准的base64编码表 puts("d2G0ZjLwHjS7DmOzZAY0X2lzX3CoZV9zdNOydO9vZl9yZXZlcnGlfD=="); //一段base64编码 puts("What's wrong??"); } return 0; }
根据文字提示和一段应该是base64加密后的算法确定,应该是一道base64的题目
2.想寻找这道题目的base64编码表,打开string窗口
发现了一个疑似base64编码表的字符串
发现少一个字符
3.跟进查看
将这一段按快捷键A,转化为字符串
得到一个通用base64编码表
'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
分析
1.与主函数的输出信息"And I get a strange string from my program which is different from the standard base64:"("得到了一段奇怪的字符串与标准base64编码表不同")。
2.并不能正确解码。
结论
这个编码表应该经过了修改
4.选中base64_table按快捷键X,交叉引用,查看引用这个字符串的函数
为函数O_OLookAtYou 和 base64_encode,查看这两个函数的代码
5.发现O_OLookAtYou函数对编码表做了修改
根据这个函数,解出改变后的编码表,脚本如下
#include<iostream> using namespace std; int main(){ string base64_table = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; for ( int i = 0; i <= 9; ++i ){ int v1 = base64_table[i]; base64_table[i] = base64_table[19 - i]; int result = 19 - i; base64_table[result] = v1; } cout <<base64_table<<endl; }
运行结果为TSRQPONMLKJIHGFEDCBAUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
6.将主函数中找到的base64加密后的字符串解码
import base64 str_1 = "d2G0ZjLwHjS7DmOzZAY0X2lzX3CoZV9zdNOydO9vZl9yZXZlcnGlfD==" str_base = "TSRQPONMLKJIHGFEDCBAUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" #自定义的编码表 str_zh_base = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" #通用编码表 flag = base64.b64decode(str_1.translate(str.maketrans(str_base,str_zh_base))) print(flag)
运行结果wctf2020{Base64_is_the_start_of_reverse}
![每日一题---剑指 Offer 32 - II. 从上到下打印二叉树 II[力扣][Go]](https://ucc.alicdn.com/images/user-upload-01/eefbdc6f73de4731a21c5bb16fdf5338.png?x-oss-process=image/resize,h_160,m_lfit)
![每日一题---剑指 Offer 32 - III. 从上到下打印二叉树 III[力扣][Go]](https://ucc.alicdn.com/images/user-upload-01/2c643ca7834a4d2a92126a9894fd0fb6.png?x-oss-process=image/resize,h_160,m_lfit)
![[WUSTCTF2020]level2题解](https://ucc.alicdn.com/images/user-upload-01/0a23b6685a344187b53b81c3b83c87e0.png?x-oss-process=image/resize,h_160,m_lfit)
![[WUSTCTF2020]level4题解](https://ucc.alicdn.com/images/user-upload-01/aca00ee697fa4b70915085c989ceeda4.png?x-oss-process=image/resize,h_160,m_lfit)
