Parkchanjin
TUCTF2017 - future 본문
이 문제는 소스코드도 첨부해줘서 그나마 수월하게 풀었습니다.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 | #include <stdio.h> #include <string.h> #include <stdlib.h> void genMatrix(char mat[5][5], char str[]) { for (int i = 0; i < 25; i++) { int m = (i * 2) % 25; int f = (i * 7) % 25; mat[m/5][m%5] = str[f]; } } void genAuthString(char mat[5][5], char auth[]) { auth[0] = mat[0][0] + mat[4][4]; auth[1] = mat[2][1] + mat[0][2]; auth[2] = mat[4][2] + mat[4][1]; auth[3] = mat[1][3] + mat[3][1]; auth[4] = mat[3][4] + mat[1][2]; auth[5] = mat[1][0] + mat[2][3]; auth[6] = mat[2][4] + mat[2][0]; auth[7] = mat[3][3] + mat[3][2] + mat[0][3]; auth[8] = mat[0][4] + mat[4][0] + mat[0][1]; auth[9] = mat[3][3] + mat[2][0]; auth[10] = mat[4][0] + mat[1][2]; auth[11] = mat[0][4] + mat[4][1]; auth[12] = mat[0][3] + mat[0][2]; auth[13] = mat[3][0] + mat[2][0]; auth[14] = mat[1][4] + mat[1][2]; auth[15] = mat[4][3] + mat[2][3]; auth[16] = mat[2][2] + mat[0][2]; auth[17] = mat[1][1] + mat[4][1]; } int main() { char flag[26]; printf("What's the flag: "); scanf("%25s", flag); flag[25] = 0; if (strlen(flag) != 25) { puts("Try harder."); return 0; } // Setup matrix char mat[5][5];// Matrix for a jumbled string genMatrix(mat, flag); // Generate auth string char auth[19]; // The auth string they generate auth[18] = 0; // null byte genAuthString(mat, auth); char pass[19] = "\x8b\xce\xb0\x89\x7b\xb0\xb0\xee\xbf\x92\x65\x9d\x9a\x99\x99\x94\xad\xe4\x00"; // Check the input if (!strcmp(pass, auth)) { puts("Yup thats the flag!"); } else { puts("Nope. Try again."); } return 0; } | cs |
그리고 문제에 소스코드도 첨부되있으므로 따로 셜명은 생략하겠습니다.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 | from z3 import * key = "\x8b\xce\xb0\x89\x7b\xb0\xb0\xee\xbf\x92\x65\x9d\x9a\x99\x99\x94\xad\xe4" s = Solver() flag = [] for i in range(25): flag.append(BitVec("%s" % i, 8)) mat=[[0 for col in range(5)] for row in range(5)] for i in range(25): m = (i * 2) % 25 f = (i * 7) % 25 mat[m/5][m%5] = flag[f] auth = [0] * 19 auth[0] = mat[0][0] + mat[4][4] auth[1] = mat[2][1] + mat[0][2] auth[2] = mat[4][2] + mat[4][1] auth[3] = mat[1][3] + mat[3][1] auth[4] = mat[3][4] + mat[1][2] auth[5] = mat[1][0] + mat[2][3] auth[6] = mat[2][4] + mat[2][0] auth[7] = mat[3][3] + mat[3][2] + mat[0][3] auth[8] = mat[0][4] + mat[4][0] + mat[0][1] auth[9] = mat[3][3] + mat[2][0] auth[10] = mat[4][0] + mat[1][2] auth[11] = mat[0][4] + mat[4][1] auth[12] = mat[0][3] + mat[0][2] auth[13] = mat[3][0] + mat[2][0] auth[14] = mat[1][4] + mat[1][2] auth[15] = mat[4][3] + mat[2][3] auth[16] = mat[2][2] + mat[0][2] auth[17] = mat[1][1] + mat[4][1] s.add(flag[0] == ord('T')) s.add(flag[1] == ord('U')) s.add(flag[2] == ord('C')) s.add(flag[3] == ord('T')) s.add(flag[4] == ord('F')) s.add(flag[5] == ord('{')) s.add(flag[24] == ord('}')) for i in range(len(key)): s.add(auth[i] == ord(key[i])) text = [] if s.check() == sat: print "GoodJob" result = s.model() for i in range(25): text.append(chr(int(repr(result[flag[i]])))) print bytearray(text) | cs |
'Rev' 카테고리의 다른 글
picoCTF2019 - Reverse Cipher (0) | 2019.12.12 |
---|---|
picoCTF2019 - Need for Speed (0) | 2019.12.12 |
picoCTF2019 - B1ll_Gat35 (0) | 2019.12.12 |
TUCTF 2019 - core (0) | 2019.12.09 |
TUCTF 2019 - Faker (0) | 2019.12.09 |
Comments