拟态强网杯2021
fastjs
通过搜索字符串找到切入点位quickjs。
通过更改源码dump出字节码的汇编。
function sdfsfsdf(str,key){
var v,k,n,z,y,delta,mx,e,q,sum,p;
if(str==""){
return("");
}
v=str2long(str,true);
k=str2long(key,false);
n=v.length()-1;
z=v[n];
y=v[0];
delta=2654435769;
q=Math.floor(6+52/(n+1));
sum=0;
while(q-->0){
sum=(sum+delta)&4294967295;//&0xffffffff
e=(sum>>>2)&3;
for(p=0;p<n;p++){
y=v[p+1];
mx=(((z>>>5)^(y<<2))+((y>>>3)^(z<<4)))^((sum^y)+(k[p&3^e]^z));
z=v[p]=(v[p]+mx)&4294967295;
}
y=v[0];
mx=(((z>>>5)^(y<<2))+((y>>>3)^(z<<4)))^((sum^y)+(k[p&3^e]^z));
z=v[n]=(v[n]+mx)&4294967295;
}
return(str2Hex(long2str(v,false)));
}
function xxxfss(){
function temp(input){
var output,chr1,chr2,chr3,enc1,enc2,enc3,enc4,i;
output="";
chr3="";
enc4="";
i=0;
chr1=input.charCodeAt(i++);
chr2=input.charCodeAt(i++);
chr3=input.charCodeAt(i++);
enc1=chr1>>2;
enc2=((chr1&3)<<4)|(chr2>>4);
enc3=((chr2&15)<<2)|(chr3>>6);
enc4=chr3&63;
if(isNaN(chr2)){
enc4,enc3=64;
if(isNaN(chr3)){
enc4=64;
}
}
output=output+xxxfss._keyStr.charAt(enc1)+xxxfss._keyStr.charAt(enc2)+xxxfss._keyStr.charAt(enc3)+xxxfss._keyStr.charAt(enc4);
chr3="",chr2="",chr1="";
enc4,enc3,enc2,enc1="";
if(i<input.length()){
return output;
}
}
}
function main(args){
var input,dfsfdsfsd,fwderf,target;
if(args.length<1){
print("error");
return;
}
print("your input:"+args[0]);
input=args[0];
dfsfdsfsd=xxxfss.dfsfs(input);
dfdfwf3="no_thing_is_true";
fwderf=sdfsfsdf(dfsfdsfsd,dfdfwf3);
if(fwderf.length!=112){
print("error");
return;
}
else{
target="05aed0ce441f80b5bc36af4c698509fc6cc3c97146353de5a95c6abea07fd4a7070932d86ac32d628672a59123e5972331db5dffe7057362";
if(fwderf==target){
print("yes");
return;
}
else{
print("error");
return;
}
}
}
var args;
xxxfss._keyStr="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
xxxfss.dfsfs=tem;
if(typeof scriptArgs != "undefined"){
args = scriptArgs;
args.shift();
}else if(typeof arguments != "undefined"){
args = arguments;
}else{
args="error";
}
main(args);
quickjs汇编码和字节码
source: >>> asm: shr source: z=v[n]=(v[n]+mx)&4294967295; asm: get_loc0 0: v get_loc2 2: n to_propkey2 get_loc0 0: v get_loc2 2: n get_array_el get_loc8 6: mx add push_const8 3: 4294967295 and insert3 put_array_el put_loc3 3: z
浙公网安备 33010602011771号