May 2, 2023

DASCTF2023 X SU REVERSE

easyRE

0x00 Routine Check Shell

非常明显的python打包成的exe，拿github上的脚本嗦了

https://github.com/extremecoders-re/pyinstxtractor

0x01 Decompilation

随后拿到pyc文件发现uncompyl6或是pycdc无法反编译，而现在出现了好用的gpt，直接用pycdas读出字节码丢给gpt翻译即可

easyRE.pyc (Python 3.11)
[Code]
    File Name: easyRE.py
    Object Name: <module>
    Qualified Name: <module>
    Arg Count: 0
    Pos Only Arg Count: 0
    KW Only Arg Count: 0
    Stack Size: 7
    Flags: 0x00000000
    [Names]
        'random'
        'Random'
        'r'
        'input'
        'encode'
        'pt'
        'ct'
        'buf'
        'b'
        'append'
        'randint'
        'bytes'
        'print'
    [Constants]
        0
        None
        322376503
        'Enter your flag: '
        b'\x8b\xcck\xd3\xed\x96\xffFb\x06r\x085\x82\xbc \xb2\xde)p\x88Q`\x1bf\x18\xb6QUSw\x10\xcd\xd9\x13A$\x86\xe5\xcd\xd9\xff'
        255
        'Correct!'
    [Disassembly]
        0       RESUME                        0
        2       LOAD_CONST                    0: 0
        4       LOAD_CONST                    1: None
        6       IMPORT_NAME                   0: random
        8       STORE_NAME                    0: random
        10      PUSH_NULL                     
        12      LOAD_NAME                     0: random
        14      LOAD_ATTR                     1: Random
        24      LOAD_CONST                    2: 322376503
        26      PRECALL                       1
        30      CALL                          1
        40      STORE_NAME                    2: r
        42      PUSH_NULL                     
        44      LOAD_NAME                     3: input
        46      LOAD_CONST                    3: 'Enter your flag: '
        48      PRECALL                       1
        52      CALL                          1
        62      LOAD_METHOD                   4: encode
        84      PRECALL                       0
        88      CALL                          0
        98      STORE_NAME                    5: pt
        100     LOAD_CONST                    4: b'\x8b\xcck\xd3\xed\x96\xffFb\x06r\x085\x82\xbc \xb2\xde)p\x88Q`\x1bf\x18\xb6QUSw\x10\xcd\xd9\x13A$\x86\xe5\xcd\xd9\xff'
        102     STORE_NAME                    6: ct
        104     BUILD_LIST                    0
        106     STORE_NAME                    7: buf
        108     LOAD_NAME                     5: pt
        110     GET_ITER                      
        112     FOR_ITER                      46 (to 206)
        114     STORE_NAME                    8: b
        116     LOAD_NAME                     7: buf
        118     LOAD_METHOD                   9: append
        140     LOAD_NAME                     2: r
        142     LOAD_METHOD                   10: randint
        164     LOAD_CONST                    0: 0
        166     LOAD_CONST                    5: 255
        168     PRECALL                       2
        172     CALL                          2
        182     LOAD_NAME                     8: b
        184     BINARY_OP                     12
        188     PRECALL                       1
        192     CALL                          1
        202     POP_TOP                       
        204     JUMP_BACKWARD                 47
        206     PUSH_NULL                     
        208     LOAD_NAME                     11: bytes
        210     LOAD_NAME                     7: buf
        212     PRECALL                       1
        216     CALL                          1
        226     LOAD_NAME                     6: ct
        228     COMPARE_OP                    2 (==)
        234     POP_JUMP_FORWARD_IF_TRUE      2
        236     LOAD_ASSERTION_ERROR          
        238     RAISE_VARARGS                 1
        240     PUSH_NULL                     
        242     LOAD_NAME                     12: print
        244     LOAD_CONST                    6: 'Correct!'
        246     PRECALL                       1
        250     CALL                          1
        260     POP_TOP                       
        262     LOAD_CONST                    1: None
        264     RETURN_VALUE

丢给gpt即可翻译成

import random

r = random.Random(322376503)

pt = input('Enter your flag: ').encode()

ct = b'\x8b\xcck\xd3\xed\x96\xffFb\x06r\x085\x82\xbc \xb2\xde)p\x88Q`\x1bf\x18\xb6QUSw\x10\xcd\xd9\x13A$\x86\xe5\xcd\xd9\xff'

buf = []

for b in pt:
    buf.append(bytes([r.randint(0, 255) ^ b]))

assert bytes(buf) == ct

print('Correct!')

0x02 Get Flag

所以程序只是将我没的明文异或了个随机数，而种子是已知的，也就是这个随机数我们可以知道的，直接异或回去即可

import random

r = random.Random(322376503)

pt = b'\x8b\xcck\xd3\xed\x96\xffFb\x06r\x085\x82\xbc \xb2\xde)p\x88Q`\x1bf\x18\xb6QUSw\x10\xcd\xd9\x13A$\x86\xe5\xcd\xd9\xff'

for b in pt:
    print(chr(r.randint(0, 255) ^ b), end = "")
# flag{69858b56-4987-438f-a02c-5ab5c09e5138}

gotots

0x00 Routine Check Shell

Go逆向，无壳

0x01 Analysis Main

我7.7不知道为什么抽风识别不出来，所以上了官网8.2的Free版，于是直接拉入ida，测试程序发现会跑出Incorrect字符串，所以直接shift+ F12搜索定位到字符串再交叉引用主函数，于是可以直接在主函数动调找逻辑

调试后不难发现我们输入只是被异或了个值，那么拿到密文和key就可以逆向出我们的flag

0x02 Get Flag

那么通过调试拿到直接异或即可

enc = [ 0x35, 0x8C, 0xEB, 0x85, 0x2C, 0xFA, 0x2D, 0xB1, 0x42, 0x82, 
  0x27, 0xD0, 0x10, 0xED, 0x06, 0x8E, 0x0D, 0xFE, 0xA8, 0x1E, 
  0x81, 0x3C, 0x8A, 0xBB, 0xB7, 0x0B, 0xF4, 0xF0, 0x7C, 0x6B, 
  0x70, 0x26, 0x71, 0x8B, 0x73, 0x7D]
input = [ 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 
  0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 
  0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 
  0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 
  0x31, 0x31]
key = [  0x66, 0x89, 0xBF, 0x8D, 0x78, 0xAA, 0x7D, 0xB6, 0x5E, 0xD2, 
  0x25, 0xD1, 0x17, 0xF1, 0x03, 0x8C, 0x5D, 0xF6, 0xB4, 0x17, 
  0xD3, 0x68, 0xDF, 0xA7, 0xE0, 0x5E, 0xA0, 0xA4, 0x7E, 0x6D, 
  0x79, 0x71, 0x77, 0x89, 0x74, 0x2F, 0x2E, 0x31, 0x98, 0x60, 
  0x5B, 0xD0, 0x00]
for i in range(len(enc)):
    print(chr(input[i] ^ key[i] ^ enc[i]), end = "")
# b4e9eaa6-a306-43a9-8ced-fdee378f736c

multi-universe

0x00 Routine Check Shell

无壳

0x01 Analysis Main

这题如同上题，IDA编译不怎么好看，可以直接下读写断点找到加密函数，或者直接调也可以发现每次经过 main__Cfunc_sub_badcoffee 就会异常然后我们的输入就变了，不难想到有个异常处理函数就是加密我们输入的地方了，于是我在输入上下了个读写断点定位到加密函数

加密完这一段后后还有个循环左移3位再异或0xC，写出加密就是

def Encrypt(inp, key):
  for i in range(0, 10, 2):
    for j in range(16):
      v11 = inp[i] ^ key[j]
      v12 = (inp[i + 1] ^ (key[(v11 & 0xFF) + 0x312] + (key[((v11 >> 8) & 0xFF) + 0x212] ^ (key[((v11 >> 24) & 0xFF) + 0x12] + key[((v11 >> 16) & 0xFF) + 0x112])))) & 0xFFFFFFFF 
      if j == 15:
        inp[i] = v11 ^ key[17] 
        inp[i + 1] = v12 ^ key[16] 
      else:
        inp[i + 1] = v11
        inp[i] = v12

  in1 = b''
  for i in range(10):
   in1 += struct.pack("<I", inp[i])
  in1 = bytearray(in1)

  for i in range(len(in1)):
    in1[i] = rol(in1[i], 3) ^ 0xC
  return in1

0x02 Get Flag

那么加密过程知道了，密文直接后面拿，直接解密即可

import struct

def rol(data, count):
  return ((data << count) | (data >> (8 - count))) & 0xFF


def Encrypt(inp, key):
  for i in range(0, 10, 2):
    for j in range(16):
      v11 = inp[i] ^ key[j]
      v12 = (inp[i + 1] ^ (key[(v11 & 0xFF) + 0x312] + (key[((v11 >> 8) & 0xFF) + 0x212] ^ (key[((v11 >> 24) & 0xFF) + 0x12] + key[((v11 >> 16) & 0xFF) + 0x112])))) & 0xFFFFFFFF 
      if j == 15:
        inp[i] = v11 ^ key[17] 
        inp[i + 1] = v12 ^ key[16] 
      else:
        inp[i + 1] = v11
        inp[i] = v12

  in1 = b''
  for i in range(10):
   in1 += struct.pack("<I", inp[i])
  in1 = bytearray(in1)

  for i in range(len(in1)):
    in1[i] = rol(in1[i], 3) ^ 0xC
  return in1


def decrypt(inp, key):
  for i in range(len(inp)):
    inp[i] = rol(inp[i] ^ 0xC, 5)

  in1 = [0] * 10
  for i in range(0, 40, 4):
    in1[i // 4] = int((struct.unpack("<I", bytes(inp[i:i+4])))[0])

  for i in range(0, 10, 2):
    for j in range(15, -1, -1):
      if j == 15:
        v11 = in1[i] ^ key[17]
        v12 = in1[i + 1] ^ key[16]
      else:
        v11 = in1[i + 1]
        v12 = in1[i]
      in1[i] = v11 ^ key[j]
      in1[i + 1] = (v12 ^ (key[(v11 & 0xFF) + 0x312] + (key[((v11 >> 8) & 0xFF) + 0x212] ^ (key[((v11 >> 24) & 0xFF) + 0x12] + key[((v11 >> 16) & 0xFF) + 0x112])))) & 0xFFFFFFFF  
  
  flag = b''
  for i in range(10):
    flag += struct.pack("<I", in1[i])
  print(flag)

  
inp = [0] * 10
key = [0x2FE994E0, 0xC11E954B, 0xF00E449D, 0xDA7858A1, 0xCEF89B0A, 0xB06F5FD9, 0x32646DF2, 0x3D31F55A, 0xE90EC568, 0xF69C53B7, 0x3F2C9C44, 0x6DD31BC7, 0xF4AF32ED, 0x4381F9C7, 0x26EB634F, 0xE5FBA3CF, 0xAB36B7FB, 0xB295A35B, 0x732F94D5, 0xEEC6C173, 0x572989EB, 0xCB9DDFD9, 0xAF9F559B, 0xFC9A4D99, 0xE14B9327, 0x3A04B794, 0x588C93A9, 0xB75B93DF, 0xFC906662, 0x7043911C, 0x71F1F968, 0xAEC02345, 0x642C0A73, 0xE92FD10A, 0xF749BE48, 0x02C776F8, 0x78D847B6, 0xD9D395EA, 0xC091094D, 0x5ED1A899, 0x8535B464, 0xC9B571E4, 0xD5974F29, 0x69BF7AC2, 0x78862ED1, 0xAEA837DD, 0x4D8BF9B9, 0x358766D5, 0x0194484B, 0xB2C46C77, 0xA5B3F500, 0x21B29753, 0xC8BE07B5, 0x9B982150, 0xAAB0F261, 0xC54587BA, 0x5FE3F7A2, 0xB94325DF, 0x814B1991, 0x05A7CBC5, 0xC01E7032, 0x2D802ED9, 0xF920C022, 0xDC7AAE97, 0x3904A61F, 0x8A725DE7, 0x9E49A196, 0xF7AE5DF0, 0x19EB724A, 0x03FB7CF7, 0x2F9234AF, 0x72006306, 0x9123B54C, 0xB8164574, 0x69438E25, 0xD56F49D2, 0x681CB159, 0x8CDADDF4, 0xFCE82189, 0x50A905D4, 0x9386E52A, 0xCACC2368, 0x38B3A6A3, 0x3CA0DF37, 0xF51D7DD5, 0x24242D86, 0x7F8D441B, 0xD6E5BBA6, 0x263CBCD8, 0xE3ADDED7, 0x6D543F5E, 0x4716D72F, 0x2799B4E3, 0xA80B339E, 0x2A9A3565, 0x812ECA54, 0x58A9D96E, 0xCF3ACC39, 0x2777DC51, 0x520F1EF8, 0xF4A2399E, 0x0BB7A943, 0x9BB2287A, 0x074C750B, 0xE89F260C, 0xF39494C9, 0x62154805, 0x2869BB07, 0x71D3C65F, 0x83F883C6, 0x179A9696, 0xD53E6014, 0x28A45FBB, 0x565C9FD2, 0x4CC74F44, 0x50FD664A, 0x0789A88D, 0x7454AE55, 0x4AD93102, 0xC4C64C97, 0x146A16C5, 0xA6337621, 0x601474DD, 0xD9CCBFA2, 0xD628928F, 0xEC0EF727, 0x4E728F4C, 0x6D394E22, 0x23252BC3, 0x410DB272, 0x60C5467F, 0x28C58C78, 0x45B98E47, 0x2D453756, 0x9FC502FE, 0x2FAAA75C, 0xFECC881C, 0xC98742BD, 0x18FAB5A0, 0x96A2691B, 0x265C4ABE, 0x22E5221D, 0x79F147B5, 0xA4963A5A, 0x38A53CE1, 0xC5899BDF, 0xAFBEDE5A, 0xED2EF97D, 0x212A53AC, 0x2E7141D6, 0x2FCF2D57, 0xEFB9869F, 0xD4665961, 0x231BB16A, 0x12EF4976, 0x7DAF240E, 0x3B96114A, 0xD27BB394, 0x357215CD, 0xA4AAEF55, 0x17E76552, 0x6F57C2DD, 0x83ED82E0, 0xCAABAEA5, 0xE7F5B748, 0xAB0E7982, 0x54435C78, 0x366A7F66, 0x7F94D113, 0x0D96FFBB, 0x2A795FF7, 0x2641EF7A, 0x73C2CB56, 0x701792C4, 0x1CCD9DF5, 0x156882B1, 0x888343F4, 0xE22DB762, 0x9E4CCB4B, 0x21517A50, 0x072F9091, 0x3E06A3DE, 0x311619DD, 0xA0AB192D, 0x5F0D5CF1, 0xF05FCFEA, 0xE36DEA48, 0x3FC54006, 0xBA8849A7, 0xB32DC878, 0xC1FEF774, 0xE34A6EDB, 0x770A2D0D, 0xCDF8D3DC, 0x7EBE066A, 0x603CD5BC, 0x4C6B5E7B, 0x12E80727, 0xFB69C765, 0x87A42B29, 0xE73A641F, 0xD586AB9B, 0x3BB112B3, 0x59AF1110, 0x1F6FACFB, 0x52597DF3, 0x28EF38D8, 0xBA0432C7, 0x958FDEA9, 0x68678326, 0x2161A62B, 0x44C8C4A0, 0xB1D7A078, 0x205CA9E3, 0xD4B8C306, 0x63F9157D, 0x4AEDA561, 0xFB84C9D6, 0xD8988F07, 0xF21A9841, 0xF4E71FB2, 0x63232B2E, 0x6EBA9AFE, 0x2DAFE02C, 0xDCC6655E, 0xFDB3B0DE, 0x044C3EAD, 0x10468B3E, 0xDA71D948, 0x6BACCBE4, 0x9A7844FC, 0xDF7FE345, 0xCB06712C, 0x034AC145, 0x510E9532, 0x71EAFBC2, 0x44433456, 0xCB01159D, 0x4A1957DD, 0x73C8DF17, 0xC8DB9516, 0x1ADB1906, 0x676BCEC1, 0x08DAC3C4, 0x3CAD32A1, 0xD737D4F3, 0x20ACDE94, 0xAB6D02F3, 0x506E5C37, 0xEDF08E37, 0x668C8DD5, 0xEA33C67D, 0x35308BA4, 0x67F0A8BA, 0x166546B5, 0x38D06E3F, 0x68159FEC, 0x1CEC8FA1, 0x9917E8B9, 0x376C0882, 0x9AADF201, 0x42DACD9C, 0x37663273, 0x51639640, 0x3CA96C41, 0xFD7E97CE, 0x174CAD5D, 0xA7A5F995, 0x2C36EB62, 0x7AFCFC30, 0x23DC7E23, 0xD742DA78, 0x03D27CB1, 0x7E9EDC0A, 0x6A0FB256, 0x4FCDB0EF, 0x26CAB2D4, 0x095BA999, 0x839CB8C4, 0x288AE59D, 0x1F033326, 0x5E8761CF, 0x0648ED4C, 0x98C49A53, 0xE3C0390D, 0xAD642407, 0xBD269591, 0x32A2E629, 0xE3122457, 0x5D73ED1C, 0x33A26E04, 0x2E67DE60, 0x6F2B18E3, 0x4558EADB, 0xDBA1D8B3, 0x9CADF7B5, 0x5FFBB4EF, 0x805AD7D1, 0xFF84E641, 0x4D49B28B, 0x2A28EA66, 0x7BC6FA3C, 0x266731FC, 0x3AB4D8DA, 0xB43EB68E, 0x9C4D6F43, 0x1CCE439F, 0xB625A0CE, 0x4B78AF95, 0xD06A3FF7, 0x5C8A2078, 0xFD9FA69D, 0x7BF98A71, 0xEE90B86D, 0xA442A73A, 0xB5A4A212, 0xA8E481F6, 0x4C6FD0BD, 0xA7706FB4, 0x3569127F, 0x59DFADB6, 0x2AB4FB23, 0x3604808A, 0xF3779794, 0xAA5A7EDF, 0x2ECF97BA, 0x969504A5, 0xCD05B77F, 0x5321DB1D, 0xD8BABA9C, 0x7A97EF53, 0x37231A53, 0x366BFEC5, 0x9BD96A49, 0x5A6C7F46, 0xE47BD143, 0x13FD722B, 0xF9A52E09, 0x6420A5BC, 0x8A8BB90C, 0x8234235E, 0x215EC40C, 0x46790597, 0x825EA222, 0xB783D749, 0x24A8815F, 0x2F74A78E, 0xD9E403D4, 0x63E17B10, 0xB6226CEF, 0x0E0F4381, 0xCA7D3369, 0x728C9C6B, 0xB14ECC63, 0x991A0F0E, 0xB0422615, 0x4C2FD823, 0x3302908B, 0xBAAF7739, 0x357EF5BC, 0x4CC6687F, 0xDD2F23B7, 0xA3AC1329, 0xC167B555, 0xE1F9B87B, 0x2B65D3B4, 0x4368817B, 0x03DAF56A, 0x9AE59AB9, 0xF5EAC7EE, 0xB36417A7, 0xF8FC224A, 0xA7E519FE, 0x8637329C, 0xB21461FD, 0xAED97750, 0x8744167F, 0x4669E638, 0x4E1B3B1A, 0xD377B3F7, 0xF514B3B6, 0x707A415C, 0x0AB652F0, 0xBC513A6D, 0x4FCE3F92, 0x96CBEE70, 0x31351026, 0xD37A9F73, 0x4DD00F9E, 0x047C1B22, 0x071DF745, 0x3A7697BE, 0xE24EDC03, 0x37233D96, 0x02373DD2, 0x26396C2B, 0x2229D430, 0x770CE3E3, 0xDE942CD0, 0x3F79B030, 0x5149DB45, 0x67FFE1C5, 0x78F66A56, 0x0E2313EA, 0xE13FE0C7, 0xA0C51FC4, 0xC11D9CA7, 0x709A60B2, 0x32EC174F, 0xC8CA5D05, 0x3351393B, 0x57846D6C, 0x22834834, 0x0FFA5DFE, 0x95DB516A, 0xC61E38F0, 0x15A3EE21, 0x4A587F75, 0x5BE749D7, 0xBBF167D7, 0x7334E07D, 0x09606180, 0x8BB6560E, 0xD35FFC0F, 0x34DCFBCC, 0x3E98BA62, 0x8A33C7EF, 0x19763E8B, 0x01FA474D, 0x529A6743, 0xF65D218C, 0xE0D70194, 0xBC879FCC, 0xE9DB6228, 0x07D566B6, 0x4C1B0D84, 0x945ABD96, 0xD1196C6E, 0x81EE67CC, 0xAD1721AE, 0xC987453F, 0x063CEB9F, 0xB27F0A73, 0xB5997727, 0x69D5B851, 0x02F7D0A1, 0x074F31CB, 0x53088D46, 0xBF2D83C4, 0x6C75BC86, 0x3B888596, 0x2EA614FE, 0x9E16DD01, 0xED1F5D7C, 0x9916A175, 0xD610A890, 0x7DF08F91, 0x435A4D29, 0xB7B5E450, 0x76FA8AAC, 0x050ADB83, 0x9CF8C712, 0xF08E8112, 0x9BAC9884, 0x5568DDC3, 0x4BE91FFE, 0x5B230AA2, 0x6BFDA2E9, 0xD26E1DFB, 0xF24668C7, 0x5464086A, 0xFFBB1CF3, 0x13313B25, 0x04D2D867, 0x5C47617D, 0x33A3150D, 0x007C3A17, 0x87DF6435, 0x8937F0DF, 0x3A707415, 0x3B2CFAE3, 0xC46C894B, 0xA0BE1104, 0xE2BECABC, 0xE42FDEED, 0x21913FA9, 0x1C30A346, 0x12758853, 0x57143736, 0x67E8119A, 0xD49D2036, 0x56AC8659, 0xA2DBB273, 0xFAB5912A, 0x75903A11, 0x9F1CC55A, 0x12554844, 0x658813AD, 0xBA08D453, 0x93AD4948, 0xEDDC0E10, 0xE25B6FD1, 0x9DF9AFCC, 0x2E98B6A2, 0x731A29AB, 0x930F9D67, 0x4771AC8E, 0xDFE58864, 0x4B572200, 0x67C22CE4, 0x1C5CB393, 0x7F18DC62, 0xBAFE6E58, 0x8F157813, 0xEDBB60E4, 0x17CC1A84, 0x5F7D0A2E, 0x64091858, 0x7BAF9420, 0xE1C89AA7, 0x525DF47C, 0x12CDE243, 0x0E25EC45, 0x9B36BC9F, 0x78B1715D, 0x962F9E9F, 0x7C18C853, 0xF1A8E5E3, 0x3C7FA3EE, 0xC119713F, 0x499EBAED, 0x71E46262, 0x9E42E3EF, 0x46C80691, 0xE4B23574, 0xF5BABE2B, 0x5B2C9A33, 0x296DFA2B, 0x9CEC6D11, 0x4B8A27BF, 0xC1C9FAE3, 0xFE7DCB7D, 0x58EBCAFE, 0xAFC4FB8C, 0xC277EB5C, 0x3176F3AC, 0xBC6DD7C1, 0x92E42C52, 0x18381B68, 0xB6ADFC6F, 0x7F477C10, 0xD43CCEDC, 0x1FA5633B, 0x3C8E5DF4, 0x2B48DCD9, 0x8C326067, 0x567DDE4E, 0x135E0F94, 0x765226D0, 0x5E1E4408, 0xEEAE88D4, 0x082C696B, 0x80A41500, 0xF3964793, 0x8589F6BA, 0x52B1E0B9, 0xBDA9EED6, 0x5542F81B, 0xAF48CA37, 0x1D014D51, 0xE38EA0E3, 0x1AA9456C, 0x21F5284A, 0xFB3B912D, 0xFCBCE946, 0xD54DB4A9, 0xE0EB8A10, 0x71B621D0, 0x0926496F, 0x79BBECDF, 0xC2E04AB2, 0x5C3B27A9, 0x20521B1E, 0xF644B47A, 0x918AE499, 0x2A1957E3, 0xA99F9DE2, 0x0CB70521, 0xAA2B2092, 0xC9F228EA, 0x6D683F3E, 0xE3F41AE0, 0x464A1769, 0x9C03F898, 0xDE9509F6, 0x732AEA1F, 0x146E5313, 0x8721E289, 0xAD6C48EF, 0x920B4228, 0x00FB935C, 0x0071D1DE, 0x7677932B, 0xACC60C24, 0x2B2C304C, 0x2E8661EC, 0xC7044B76, 0x64A3E5C6, 0x9684B218, 0x708EE6E2, 0x5DC74CA9, 0xE4BC1927, 0x22418B42, 0xE8E3D9C2, 0x5466078D, 0xBD66ED30, 0xDDE518BC, 0x6A6C32B9, 0x5BD25D34, 0xF7AA086E, 0xB8B683D5, 0x6EDD605B, 0xDA373814, 0xC26A335E, 0xA1077DB1, 0xEE9B3078, 0x2B2A915D, 0xCEED5305, 0x78E15F73, 0x1F9CFEBC, 0xF25A97FF, 0xFD36081E, 0xF60AC26D, 0xFE0C1AD0, 0x130FF5E5, 0xE1B8485A, 0x2A6200A2, 0xE71DDBAF, 0x157EE174, 0x8AC40711, 0xDAD02A4F, 0xA6AF6F7C, 0x9AB6D314, 0xF51E249C, 0xB18B878B, 0xE0547C50, 0x2202349F, 0x0F007C35, 0xF96A3AC7, 0x070EC924, 0x8CAFD12E, 0x93AAD3F8, 0x76CC52D8, 0x9C255CE4, 0x34F401D0, 0x6B479EAF, 0x7D45F765, 0xEBD846DB, 0xB4660D11, 0x66675434, 0xEE4E8855, 0x3C9898DA, 0xCCC78B80, 0x49E7F697, 0x8C8C25E1, 0xD8CBDCD6, 0xEE8D2953, 0x3F0F1EAA, 0xB3974DB4, 0xEEE04672, 0xCF3BEB72, 0x7322BCAD, 0x2052FEE1, 0x02961CC1, 0x5EBF91D2, 0x84B3B0CD, 0xECD5CC47, 0x6B72E6FD, 0x5FB337CB, 0xDC046235, 0xB3554069, 0x62E8D358, 0x2DBDEB7E, 0x736553EC, 0x0E465ED1, 0x009754A7, 0x9AD76638, 0x186AE66A, 0x8F34832E, 0xF4C54676, 0x4F5AC24D, 0x83734B08, 0x3E01D7ED, 0x31F830B6, 0x0B71C039, 0xF062BAFC, 0xC19CB1CA, 0x81A94E9B, 0x43F753CC, 0xAE467CB1, 0x3A24425D, 0x993840C2, 0x029E3F23, 0x189CEBD6, 0x30AE5F1F, 0x31C18967, 0x33009CD8, 0xF70963CF, 0x71B25C85, 0x9776E649, 0x1DC69634, 0x67C5F945, 0xDD8C3FC1, 0xA6B267CF, 0x67828F15, 0x258CCEAA, 0xDE7E40B0, 0x3FE203DB, 0x7F841970, 0x6F60AD42, 0x155E8ED0, 0x36CC984E, 0xB358111D, 0x82C7A44C, 0xF7D1361A, 0x4D0DD4EC, 0x9267C5FA, 0x5E0A7558, 0xCBED3CF6, 0xE43E5AE1, 0x7C3B1BB5, 0xE635509E, 0xA4B279FC, 0x1BFDA0F9, 0x9C3A46F9, 0xBF0A3982, 0x18999CE5, 0xFBB9999B, 0x5626E83B, 0xEC72FC45, 0xCF4EAB7E, 0xAB05621A, 0xA86466F0, 0x926F02E5, 0x0EA172C2, 0x882777AB, 0x490AE628, 0xDD8A4DA2, 0x2C934F7B, 0x88797186, 0x56D82195, 0x627D7C88, 0x045AF90D, 0x655118F9, 0x42F76C99, 0xF2122134, 0x022396CD, 0x25120833, 0xC6CD6F93, 0xAF7C08DF, 0x2DA99B63, 0x8EF8CF03, 0xB8098054, 0x4E9B2F5A, 0x022B0AEC, 0x1459055E, 0x02A0033F, 0xED67B9C8, 0x758057A5, 0xC7D8BA2A, 0xD4CC7CC6, 0x5F0B2597, 0x5AB84FFA, 0x496D1EE7, 0x8550FDA1, 0xDBBBDC70, 0x63149847, 0xC7CA2496, 0x96DBDCB7, 0xE2D4954A, 0xB9EC57F9, 0x6C70642C, 0x3D7B39F4, 0xF6161271, 0xE73A4943, 0x0EAA2FD6, 0xAB22A4BF, 0x134902F9, 0x1C4BA4DD, 0x558D617A, 0x8863374E, 0xC2EC82B0, 0x031A8ADE, 0x1741E8B1, 0x8F00A1CC, 0xF452F18F, 0x3A6E18D3, 0x6956DC4D, 0xDFA8EC1F, 0x69C52F20, 0x1ED99E2B, 0xEF7BAE7D, 0x7AF77378, 0x0B290733, 0x8C274A3E, 0x1F951C6C, 0xA3DDCEAC, 0x56F44ACB, 0x2270CE33, 0x9D874A9C, 0xF3A0F33E, 0xAFD74932, 0x2478581C, 0x551C9D3C, 0xAD063AA2, 0x31D17C9C, 0x88F7D6A0, 0x6DDD4F10, 0xDA0E114D, 0x8C2ABC96, 0x6FA83A7A, 0xE2452395, 0xA8219761, 0x620D783E, 0xAC489654, 0x3C1ACE7E, 0xC9C2A9BE, 0x7145AE6D, 0x4EF2ADDF, 0x53CA37A2, 0xA0A8A218, 0x67FD8F21, 0xBEAD8745, 0xB7711AD9, 0xD52B427F, 0x67ABBF1E, 0x0F66B464, 0xEB331E94, 0xADAAB204, 0x87756C23, 0x67F375BF, 0x54753FD8, 0x33ABC12D, 0x8F401EA1, 0x3C88D6FE, 0x615451C9, 0x87C32614, 0x268D494B, 0xF2AD7423, 0xCB949DA5, 0x25B4196E, 0xB2C5DF95, 0x8409721F, 0x0F7B5C12, 0x5E25EEEA, 0xC0F401B7, 0xA2DAEE3E, 0xF3AEAE52, 0x2A464F0D, 0x9CFB83EC, 0xF6E0EE51, 0x4774C554, 0x22DDFDE9, 0x5B599A74, 0x80EDBDE4, 0x2CC61BBD, 0xD824B10E, 0x2D0C3300, 0x99845362, 0xDEA64CE6, 0x575771AA, 0x961A3F14, 0x1432BEA6, 0x7D4FFF90, 0xF583772A, 0x4EE7C522, 0x07E4DEE6, 0x2C128C64, 0xD7D50924, 0x8223F310, 0x40BE7E09, 0x74DBC2E0, 0xBE3CDE01, 0x3E608447, 0xBD6A380E, 0xE5961202, 0xD34E32A0, 0x2539B5C0, 0x873A67C2, 0x239775F8, 0x1F9F60E1, 0xB63D3CF1, 0x30A5AF81, 0x8FD564FB, 0xA569DC35, 0x0D615EF8, 0xC49C2E07, 0xFBF7F35C, 0x9EDFEFF3, 0x148314D8, 0x8181CDF7, 0x7FA7653C, 0x5F40A6D5, 0xA994DB03, 0xBCCB55CC, 0x5D52D879, 0x65117BDD, 0x7D7F51D8, 0xB1BC1D10, 0x1F00F42E, 0x5C9957B7, 0x48C37C3B, 0x6F3D7E80, 0xC5158369, 0xF405690D, 0x49DACE68, 0xD2AC0D1D, 0xB399102A, 0x69F65B83, 0x324344F5, 0xA5D875EE, 0xBF2BD3F3, 0x2BB0CCCB, 0x7D6A05CF, 0x21AF29EB, 0x6367765B, 0xAD469391, 0xB1BCC75E, 0xC0518872, 0x94C52623, 0x1FB253E8, 0xAA314EB5, 0xCF2F792C, 0x00B08FF5, 0x90575FED, 0x16C1CF89, 0x2331EE19, 0x52590B8C, 0x06B4B6EC, 0xA46464C8, 0x955218F8, 0x6A75EFF8, 0xEEF53D04, 0x44650DB6, 0x03498691, 0xFF27365F, 0x4BAB9F2C, 0x97607DF2, 0xF831B2F7, 0x779EE348, 0xCF0D1F54, 0x6BA70606, 0x32C0B10C, 0xF33943ED, 0x31988090, 0x84B21458, 0x8701CC78, 0x632CF196, 0x0993A1D0, 0x55662BF3, 0x568FBC94, 0x76AE6160, 0x5FF57B9C, 0xE326F5C6, 0x161B30B8, 0x8132A32A, 0xAD3831C3, 0x032DDBA5, 0xFB836CDC, 0x2EC6CBF8, 0x6C831855, 0xEE8C0010, 0x5A64B2E3, 0xB3E9EC1B, 0xE6EAFBD0, 0xC1F2591A, 0x8E587584, 0x56398F78, 0x92DDB0C1, 0x1F76C224, 0x805FCD53, 0x74FF5EE9, 0xDC2FCEDA, 0x3E90D994, 0x15617A80, 0x4F1E077E, 0xB5DF16BF, 0x2854C143, 0x694E02C3, 0x4C3588AC, 0xCC7758A2, 0xA23959C6, 0x612647FF, 0xF2B95082, 0x1031E285, 0x42EFF0B4, 0xEFBCBD1F, 0x3499362D, 0xAD421535, 0x02911B94, 0x01CB816F, 0x0E274A1A, 0x7EDF8280, 0xADBD72AE, 0xDB20BBB3, 0x66CB4B73, 0xDE18190C, 0x6FEB4BA5, 0xEB719056, 0xEFAA7CFE, 0x100F8A13, 0x4E4AFD17, 0xD66DF5F1, 0xFB06B85D, 0x445AAFC0, 0x3B9F8385, 0x1B5330AF, 0xED70B42D, 0x2F2D81BC, 0x11873849, 0x5E65E5AB, 0xADF9C568, 0xACB45611, 0x59583575, 0xEB1C07F7, 0xB9E9BDF1, 0x65EB1D3D, 0xFA5FE526, 0x93C100A5, 0x2E414BC7, 0x7B0F062E, 0xCE77979B, 0x334965BB, 0x50BD7300, 0xE4273979, 0xC0EB2C14, 0x6E278874, 0x30523462, 0xF5D59CB2, 0xCA284788, 0xB84443BF, 0x1B7BDE26]
input = [  0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 
  0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, 0x34, 
  0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 
  0x37, 0x38, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38]

for i in range(0, 40, 4):
  inp[i // 4] = int((struct.unpack("<I", bytes(input[i:i+4])))[0])

inp = Encrypt(inp, key)
decrypt(inp, key)

enc = [ 0x9E, 0x35, 0xDC, 0x9D, 0xBF, 0x8A, 0x28, 0xF8, 0xCA, 0x89, 
  0x19, 0x9E, 0xDB, 0x4A, 0x22, 0x59, 0x66, 0xF8, 0xDE, 0xEF, 
  0xEB, 0xB7, 0x0B, 0xFC, 0x8A, 0xC6, 0xD5, 0x02, 0xF3, 0x36, 
  0xAC, 0xB3, 0x75, 0xAC, 0xBD, 0xDF, 0xF0, 0x4D, 0x41, 0x5F]
decrypt(enc, key)

# flag{W3lc0me_t0_Th3_Mu1lt1_Un1v3rs3!!!!}

About this Post

This post is written by P.Z, licensed under CC BY-NC 4.0.