春秋杯 re_wp & 离散傅里叶变换

总榜22，太卷了

godeep

喜提二血

Go语言编写的exe程序，main_convert函数把输入的字符串按ASC码转换为了大端序的二进制字符串，之后通过二进制值的来遍历二叉树

解题思路:

有好几种解题思路，可以手动交叉引用慢慢算，也可以用IDAPython脚本算

我这里，打印出来所有伪代码后，通过正则匹配的方式拿到的flag

exp

# import idaapi
# import idautils
# def Ida_Decode(fp,begin,end):
#     All_Fun = list(idautils.Functions(begin,end))           
#     for i in range(len(All_Fun)):
#         func = idaapi.get_func(All_Fun[i])  # 获取函数
#         cfunc = idaapi.decompile(func.start_ea)  # 反编译   
#         fp.write((str(cfunc)))

# begin = 0x000000000C8B820
# end = 0x000000000D72EE6
# addr = begin
# with open(r"C:\Users\Administrator\Desktop\Get_Code","w") as fp:
#     Ida_Decode(fp,begin,end)

# import re
# patternn = re.compile("__fastcall (godeep_tree_[a-zA-Z0-9]+)\(")
# fp = open(r"C:\Users\Administrator\Desktop\Get_Code","r")
# All_data = fp.readlines()
# find_str = "godeep_tree_VSWEwsr_successssssssssssssssssssss"
# idx = 0
# flag_2 = ""
# while 1:
#     if find_str == "godeep_tree_ApSzXJOjiFA" :
#         break;

#     for i in range(len(All_data)):
#         if find_str in All_data[i] and "__fastcall" not in All_data[i]:
#             idx = i
#             if "else" in All_data[i+1]:
#                 flag_2 += "1"
#             else:
#                 flag_2 += "0"    
#             # print(flag_2)
#     ans = 0
#     for i in range(idx-1,-1,-1):
#         if "__fastcall" in All_data[i] :
#             fun_name = patternn.search(All_data[i]).group(1)
#             ans = 1
#             break
#     if ans == 0:
#         assert 0
#     find_str = fun_name[:]
    
# print(flag_2)


re_flag = "100001100000110001000110110011000010011010101100001011001110110011000110010001100001110011101100101101001110110000011100100111000001110010110100011001101001110010001100001011001011010001000110111011000110011001100110101101001110110010011100001001100100011011001100000011001100011001100110"
flag = hex(int((re_flag[::-1]),2))[2:]
print(bytes.fromhex(flag))

flag为:

fc03bd97-ff7b-419f-8987-78bc745d3b0a

 

baby_transform

离散傅里叶变换

Exp如下

import struct
fp = open(r"C:\Users\Administrator\Desktop\春秋杯冬季赛\baby_transform_566a4f87c687b0c077804d89282566ca\flag.enc","rb")

data = fp.read()
val = []
def hex_to_float(I):
    f = struct.unpack('<d',I)
    return f[0]

for i in range(0,84,2):
    t1 = hex_to_float(data[i*8:i*8+8])
    t2 = hex_to_float(data[i*8+8:i*8+16])
    val.append((t1,t2))

import math
from struct import *
PAI = 3.141592653589793

N = 42

bbb = b""
for n in range(42):
    an = bn = 0
    for x in range(42):
        an += val[x][1] * math.cos(-2*PAI*x*n / N)
        bn += val[x][0] * math.sin(-2*PAI*x*n / N)
    an *= (1 / N)
    bn *= (1 / N)
    
    print(chr(int(an-bn+0.5)),end = "")
    

得到 :

f}c3a26829fa7f-080b-1ab4-0fb7-aa3d023e{gal

取反，得到flag为:

flag{e320d3aa-7bf0-4ba1-b080-f7af92862a3c}

 

 

easy_python

喜提一血

直接询问chatgpt

flag = [204, 141, 44, 236, 111, 140, 140, 76, 44, 172, 7, 7, 39, 165, 70, 7, 39, 166, 165, 134, 134, 140, 204, 165, 7, 39, 230, 140, 165, 70, 44, 172, 102, 6, 140, 204, 230, 230, 76, 198, 38, 175]

for i in range(42):
  flag[i] = (flag[i] >> 5) | ((flag[i] << 3) & 255)
  print(chr(flag[i]),end = "")

flag为：

flag{ddbae889-2895-44df-897d-2ae30df77b61}