知识点:动调,伪随机数
伪随机数
发现::str少一部分动调
动调注意的点,F5后,fn+F8动调,动调一两步,点点想要的函数 
找到加密后的密文
把加码转化为自己能看懂的
已知Str=yunzh1junTCL,tracKYYDS scanf("%s", flag ); v5 = strlen(flag ); for ( i = 0; i < v5; ++i ) flag [i] ^= Str[i % v6]; for ( j = 0; j < v5; ++j ) flag [j] += rand() % 10; printf(flag) //flag =0x15, 0x21, 0x0F, 0x19, 0x25, 0x5B, 0x19, 0x39, 0x5F, 0x3A, 0x3B, 0x30, 0x74, 0x07, 0x43, 0x3F, 0x09, 0x5A, 0x34, 0x0C, 0x74, 0x3F, 0x1E, 0x2D, 0x27, 0x21, 0x12, 0x16, 0x1F
exp:
# 已知的加密数据 encrypted_str = [0x15, 0x21, 0x0F, 0x19, 0x25, 0x5B, 0x19, 0x39, 0x5F, 0x3A, 0x3B, 0x30, 0x74, 0x07, 0x43, 0x3F, 0x09, 0x5A, 0x34, 0x0C, 0x74, 0x3F, 0x1E, 0x2D, 0x27, 0x21, 0x12, 0x16, 0x1F] # 密钥 Str = [ord(c) for c in "yunzh1junTCL,tracKYYDS"] # 密钥字符转换为整数 key_length = len(Str) # 伪随机数序列 random_numbers = [1, 7, 4, 0, 9, 4, 8, 8, 2, 4, 5, 5, 1, 7, 1, 1, 5, 2, 7, 6, 1, 4, 2, 3, 2, 2, 1, 6, 8] # 逆向处理加密数据 def reverse_random_addition(encrypted_data, random_numbers): if len(random_numbers) != len(encrypted_data): raise ValueError("随机数序列长度与加密数据长度不匹配") intermediate = [encrypted_data[i] - random_numbers[i] for i in range(len(encrypted_data))] return intermediate def reverse_xor(data, key): return [x ^ key[i % len(key)] for i, x in enumerate(data)] # 解密步骤 intermediate_data = reverse_random_addition(encrypted_str, random_numbers) decrypted_flag = reverse_xor(intermediate_data, Str) # 打印结果 decrypted_str = ''.join(chr(c) if 32 <= c <= 126 else '.' for c in decrypted_flag) print("Decrypted flag:", decrypted_str) //moectf{D3bug_t0_g3t_7he_Key!}
