PwnyCTF 2025 re

地址:https://ctf.sigpwny.com/challenges

Reverse Engineering I

Flag Generator

这是一道python题目,其实是算法优化

我是ai出的

题目为:

点击查看代码 
import sys

def magic(n):
    return 1 if n == 0 else sum([
        magic(i) * magic(n - i - 1) for i in range(n)
    ])

offsets = [-114, -104, -101, -107, -105, -68, 11, 306, 1331, 4765, 16680, 58689, 207896, 742789, 2674330, 9694740, 35357571, 129644693, 477638592, 1767263082, 6564120299, 24466266925, 91482563525, 343059613542, 1289904147213, 4861946401333, 18367353072057, 69533550915905, 263747951750263, 1002242216651260, 3814986502092205, 14544636039226792, 55534064877048090, 212336130412243013, 812944042149730648, 3116285494907301157, 11959798385860453381, 45950804324621742254, 176733862787006701275]

def main():
    print('The flag is: ', end="")
    for i in range(len(offsets)):
        print(chr(magic(i) - offsets[i]), end="")
        # flush stdout
        sys.stdout.flush()

if __name__ == '__main__':
    main()

如果直接运行的话可以直接出flag,但是会越来越慢,因为一直在重复计算magic这个递归函数

优化为:

点击查看代码 
cache = {}
def magic(n):
    if n in cache:
        return cache[n]
    if n == 0:
        return 1
    result = sum([magic(i) * magic(n - i - 1) for i in range(n)])
    cache[n] = result
    return result

优化之后运行非常快

basic64

嵌套的base64编码

解码之后以exec(b(b'开头

').decode('ascii'))结尾

点击查看代码 
import base64
def recursive_b64_decode(encoded_str):
    while True:
            decoded_bytes = base64.b64decode(encoded_str)
            decoded_str = decoded_bytes.decode('ascii')
            if decoded_str.startswith("exec(b(b'") and decoded_str.endswith("').decode('ascii'))"):
                inner_b64 = decoded_str[9:-18]
                encoded_str = inner_b64
            else:
                return decoded_str
encoded_string = 'base64字符串'
result = recursive_b64_decode(encoded_string)
print(result)

Reverse Engineering II

SUPERMEGACORP - Day 3


这一步的运算就是在通过执行程序算出flag,与输入的flag对比,那么flag就是运行即得,但是我没有运行上,所以就找出数据

最主要的就是seq3里面的dup()

dup()

dup(n) 的含义:
表示重复定义某个值 n 次。
例如,2 dup(3) 表示两个值为 3 的数据。

所以seq3为
4, 2, 1, 4,4,1,1,2,2,3,3,1,4,2,3,3,2,2,1,4,3,4,4,1,4,4,3,1,2,1,3,4,3,3,0,0,0,0,0,0

点击查看代码 
#include<stdio.h>
#include<string.h>
int main(){
	int seq1[]={16,3, 82,  89,  168, 95,   182,  229,  33,   84,  242,6, 233,  30,104,  
  231,  247,  18, 210,    55, 
   78,  126,  5, 231, 215,  
   58,   51,  12,    8, 131,  
  202,   216,  128,   136};
  int seq3[]={4, 2, 1, 4,4,1,1,2,2,3,3,1,4,2,3,3,2,2,1,4,3,4,4,1,4,4,3,1,2,1,3,4,3,3,0,0,0,0,0,0};
  int seq4[]={792, 384, 3344, 288, 316, 548, 342, 40, 3600, 976, 500,
  3440, 896, 464, 1232, 212, 68, 448, 344, 1072, 372,
  3520, 468, 848, 1744, 528, 692, 212, 316, 1344, 1760,
  190, 496, 2640};
  for (int i = 0; i <= 33; ++i )
    {
      int a=seq1[3 * i % 34] ^ (seq4[i] >> seq3[33 - i]);
        printf("%c",a);
    }
}
//sigpwny{610_jellybean_jira_ticket}
posted @ 2025-04-17 17:20  zzz222666  阅读(41)  评论(0)    收藏  举报