practice-3之pyo学习

reverse practice

第三题:

下载下来是个这个名字的题目,也不像之前遇到的后缀里虽然杂乱也存在正确后缀的,于是想到一个格式分析工具,拖进去看看是一个pyo格式文件,回想一下以前也没见过这种格式的题目,百度一下知道这种格式其实与pyc一样,都是将py程序编译成可执行程序。

知道格式之后先改后缀,然后转换格式
再用python2.7下的反编译工具unompyle把这个题目的源代码弄出来

#!usr/bin/python
#-*- coding:utf-8 -*-
import sys
lookup = [196,
 153,
 149,
 206,
 17,
 221,
 10,
 217,
 167,
 18,
 36,
 135,
 103,
 61,
 111,
 31,
 92,
 152,
 21,
 228,
 105,
 191,
 173,
 41,
 2,
 245,
 23,
 144,
 1,
 246,
 89,
 178,
 182,
 119,
 38,
 85,
 48,
 226,
 165,
 241,
 166,
 214,
 71,
 90,
 151,
 3,
 109,
 169,
 150,
 224,
 69,
 156,
 158,
 57,
 181,
 29,
 200,
 37,
 51,
 252,
 227,
 93,
 65,
 82,
 66,
 80,
 170,
 77,
 49,
 177,
 81,
 94,
 202,
 107,
 25,
 73,
 148,
 98,
 129,
 231,
 212,
 14,
 84,
 121,
 174,
 171,
 64,
 180,
 233,
 74,
 140,
 242,
 75,
 104,
 253,
 44,
 39,
 87,
 86,
 27,
 68,
 22,
 55,
 76,
 35,
 248,
 96,
 5,
 56,
 20,
 161,
 213,
 238,
 220,
 72,
 100,
 247,
 8,
 63,
 249,
 145,
 243,
 155,
 222,
 122,
 32,
 43,
 186,
 0,
 102,
 216,
 126,
 15,
 42,
 115,
 138,
 240,
 147,
 229,
 204,
 117,
 223,
 141,
 159,
 131,
 232,
 124,
 254,
 60,
 116,
 46,
 113,
 79,
 16,
 128,
 6,
 251,
 40,
 205,
 137,
 199,
 83,
 54,
 188,
 19,
 184,
 201,
 110,
 255,
 26,
 91,
 211,
 132,
 160,
 168,
 154,
 185,
 183,
 244,
 78,
 33,
 123,
 28,
 59,
 12,
 210,
 218,
 47,
 163,
 215,
 209,
 108,
 235,
 237,
 118,
 101,
 24,
 234,
 106,
 143,
 88,
 9,
 136,
 95,
 30,
 193,
 176,
 225,
 198,
 197,
 194,
 239,
 134,
 162,
 192,
 11,
 70,
 58,
 187,
 50,
 67,
 236,
 230,
 13,
 99,
 190,
 208,
 207,
 7,
 53,
 219,
 203,
 62,
 114,
 127,
 125,
 164,
 179,
 175,
 112,
 172,
 250,
 133,
 130,
 52,
 189,
 97,
 146,
 34,
 157,
 120,
 195,
 45,
 4,
 142,
 139]
pwda = [188,
 155,
 11,
 58,
 251,
 208,
 204,
 202,
 150,
 120,
 206,
 237,
 114,
 92,
 126,
 6,
 42]
pwdb = [53,
 222,
 230,
 35,
 67,
 248,
 226,
 216,
 17,
 209,
 32,
 2,
 181,
 200,
 171,
 60,
 108]
flag = raw_input('Input your Key:').strip()
if len(flag) != 17:
print 'Wrong Key!!'
sys.exit(1)
flag = flag[::-1]
for i in range(0, len(flag)):
if ord(flag[i]) + pwda[i] & 255 != lookup[i + pwdb[i]]:
print 'Wrong Key!!'
sys.exit(1)

print 'Congratulations!!'

虽然长关键是最后哪儿的处理,在最后做一个修改就可以了,第一次想的方法是根据以前做题的经验进行爆破的,有碰巧的嫌疑:
前面关键数据不变把最后的数据进行改变如下图

最后跑出来的结果:

其实这样子添加abcde等字符的方法有凑巧之嫌。万一有#之类的问题该如何,第一次改就漏掉了‘’不是猜测真的得不出17位把‘’给落掉了,随意中途也突然想了一个方法,直接一个
for循环在0到128之间进行爆破并用组进行保存,最后直接通过ord()函数进行转换就能得到最后的flag

Title:practice-3之pyo学习

Author:M1s5p

Created:2017-02-10, 10:50:39

Updated:2017-12-13, 10:21:27

Full URL:http://xq.dropsec.xyz/2017/02/10/practice-3之pyo学习/

License: "CC BY-NC-SA 4.0" Keep Link & Author if Distribute.

Contents
|