#!/usr/bin/env python

# visit https://tool.lu/pyc/ for more information

import base64

def encode(message):

??? s = ''

??? for i in message:

??????? x = ord(i) ^ 32

??????? x = x + 16

??????? s += chr(x)

???

??? return base64.b64encode(s)

def decode(message):

?????? messages =? base64.b64decode(message)

?????? s = ''

?????? for i in messages:

????????????? x = ord(i) - 16

????????????? x = x ^ 32

????????????? s += chr(x)

?????? return s

correct = 'XlNkVmtUI1MgXWBZXCFeKY+AaXNt'

print(decode(correct))

v6 = [0]*56

v3 = [0]*54

v4 = [0]*33

v6[0] = 18

v6[1] = 64

v6[2] = 98

v6[3] = 5

v6[4] = 2

v6[5] = 4

v6[6] = 6

v6[7] = 3

v6[8] = 6

v6[9] = 48

v6[10] = 49

v6[11] = 65

v6[12] = 32

v6[13] = 12

v6[14] = 48

v6[15] = 65

v6[16] = 31

v6[17] = 78

v6[18] = 62

v6[19] = 32

v6[20] = 49

v6[21] = 32

v6[22] = 1

v6[23] = 57

v6[24] = 96

v6[25] = 3

v6[26] = 21

v6[27] = 9

v6[28] = 4

v6[29] = 62

v6[30] = 3

v6[31] = 5

v6[32] = 4

v6[33] = 1

v6[34] = 2

v6[35] = 3

v6[36] = 44

v6[37] = 65

v6[38] = 78

v6[39] = 32

v6[40] = 16

v6[41] = 97

v6[42] = 54

v6[43] = 16

v6[44] = 44

v6[45] = 52

v6[46] = 32

v6[47] = 64

v6[48] = 89

v6[49] = 45

v6[50] = 32

v6[51] = 65

v6[52] = 15

v6[53] = 34

v6[54] = 18

v6[55] = 16

v3[0] = ord('{')

v3[1] = ord(' ')

v3[2] = 18

v3[3] = 98

v3[4] = 119

v3[5] = 108

v3[6] = 65

v3[7] = 41

v3[8] = 124

v3[9] = 80

v3[10] = 125

v3[11] = 38

v3[12] = 124

v3[13] = 111

v3[14] = 74

v3[15] = 49

v3[16] = 83

v3[17] = 108

v3[18] = 94

v3[19] = 108

v3[20] = 84

v3[21] = 6

for i in range(12):

?????? v4[i] = ord("`S,yhn _uec{"[i])

v4[12] = 127

v4[13] = 119

v4[14] = 96

v4[15] = 48

v4[16] = 107

v4[17] = 71

v4[18] = 92

v4[19] = 29

v4[20] = 81

v4[21] = 107

v4[22] = 90

v4[23] = 85

v4[24] = 64

v4[25] = 12

v4[26] = 43

v4[27] = 76

v4[28] = 86

v4[29] = 13

v4[30] = 114

v4[31] = 1

for i in range(32):

?????? v3[22+i] = v4[i]

v3.append(ord("u"))

v3.append(ord("~"))

s = ""

for i in range(56):

?????? v3[i] ^= v6[i]

?????? v3[i] ^= 0x13

?????? s += chr(v3[i])

print(s)

#!/usr/bin python2

#-*-coding=utf-8-*-open

import binascii

v8 = ":\"AL_RT^L*.?+6/46"

v7 = "65626D61726168"

v7=binascii.unhexlify(v7)

v7.decode('utf-8')

#print(v7[-1::-1])

v7 = v7[-1::-1]

v6 = 7

flag = ""

for i in range(0,len(v8)):

?????? flag += chr( ord(v7[i % v6]) ^ ord(v8[i]) )

print(flag)

#!/usr/bin python3

#-*-coding=utf-8-*-open

a2 = [1,2,3,4,5]

s = [58,54,55,59,128,122,113,120,99,102,115,103,98,101,115,96,107,113,120,106,115,112,100,120,110,112,112,100,112,100,110,123,118,120,106,115,123,128]

flag =''

for i in range(len(s)):

?????? flag += chr(s[i] - a2[i%5])

print(flag)

1. gdb 調試

??? gdb 554e0986d6db4c19b56cfdb22f13c834

2. 打斷點 decrypt

??? b decrypt

3. 執行，單步執行

??? r

??? n

4. 查看地址內容（根據代碼分析，數據在 eax）

??? 數值查看???? x/200wd $eax

字符串查看?? x/sw $eax? s -> 字符串 w -> 4字節

b 表示下斷點，gdb 中可以直接用已知函數名下斷點，也可通過*指定地址下斷點。

r 表示程序運行，n 表示單步步過，s 表示單步步入

x 指令表示查看寄存器內容

??? x/<n/f/u>? <addr>

??????? <n>:是正整數，表示需要顯示的內存單元的個數，即從當前地址向后顯示n個內存單元的內

容，

??????? 一個內存單元的大小由第三個參數u定義。

??????? <f>:表示addr指向的內存內容的輸出格式，s對應輸出字符串，此處需特別注意輸出整型數據的格式：

????????? x 按十六進制格式顯示變量.

????????? d 按十進制格式顯示變量。

????????? u 按十進制格式顯示無符號整型。

????????? o 按八進制格式顯示變量。

????????? t 按二進制格式顯示變量。

????????? a 按十六進制格式顯示變量。

????????? c 按字符格式顯示變量。

????????? f 按浮點數格式顯示變量。

??????? <u>:就是指以多少個字節作為一個內存單元-unit,默認為4。u還可以用被一些字符表示:

????????? 如b=1 byte, h=2 bytes, w=4 bytes, g=8 bytes.

??????? <addr>:表示內存地址。

#!/usr/bin python3

#-*-coding=utf-8-*-open

s = "c61b68366edeb7bdce3c6820314b7498"

t = "SharifCTF{????????????????????????????????}"

T=list(t)

for i in range(len(s)):

?????? if ( (i & 1) != 0 ):

????????????? v3 = 1

?????? else:

????????????? v3 = -1

?????? T[i+10]=str(chr(ord(s[i])+v3))

flag = "".join(T)

print(flag)