2021-i春秋秋季赛部分misc+re wp

两道re比较简单，没有什么好说的，misc的符号执行那题还有点意思，总的来说题目不难

CTFMakesMeAngr

给出了符号执行的中间语言，对着文档把汇编逻辑逆一下，发现是个凯撒加密，位移为14，注意小端序，这个还应有意思的，以后可以深究一下

snake

src='7G5d5bAy+TMdLWlu5CdkMTlcJnwkNUgb2AQL3CcmPpVf6DAp72scOSlb'

table1='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='
table2='ABCDEFGHIJKLMNOPQRST0123456789+/UVWXYZabcdefghijklmnopqrstuvwxyz='
f=''
for i in range(len(src)):
    f+=table1[table2.index(src[i])]
print(f)
import base64
tmp=base64.b64decode(f)
for i in range(len(tmp)):
    print(tmp[i],end=',')
print()
cc=[108,102,105,102,112,62,121,51,41,46,44,122,100,42,112,49,60,104,39,63,48,54,11,39,88,4,11,92,42,50,63,88,107,104,48,53,109,110,40,57,44,103]
for i in range(1,11):
    for j in range(len(cc)):
        if len(cc)%i:
            cc[j]^=i+j
        else:
            cc[j]^=(j%i)+j
print(''.join(chr(i) for i in cc))

babyre

def encryptBlock(data, key, a_0x22, idx):
    delta=1
    key_tmp = key 
    data1 = data[idx %len(data)] 
    data2 = data[(idx + 0x1) % len(data)] 
    sum = 34
    key1 = key_tmp[0x0] 
    key2 = key_tmp[0x1] 
    key3 = key_tmp[0x2] 
    key4 = key_tmp[0x3]
    for i in range(0x22) :
        data2 -= ((data1 << 0x4) + key3 ^ data1 + sum ^ (data1 >> 0x5) + key4)
        data2&=0xffffffff
        data1 -=  ((data2 << 0x4) + key1 ^ data2 + sum ^ (data2 >> 0x5) + key2)
        data1&=0xffffffff
        
        
        sum-=delta
    data[idx % len(data)] = data1
    data[(idx + 0x1) % len(data)] = data2
    

result=[3256077785,2046034498,844956517,1700913016,1464334280,3644773429]

for i in range(5,-1,-1):
    aaa=[result[(i+2)%6],result[(i+3)%6],result[(i+4)%6],result[(i+5)%6]]
    encryptBlock(result,aaa,0x22,i)
form=[8,4,4,4,12]
print("flag{"+"-".join(hex(result[i])[2:].rjust(form[i],"0") for i in range(5) )+"}")