DAS2022 11

发表于2022-11-27更新于2023-01-13

DASCTF NOV X 2022 11月

babysmc

32位无壳,ida打开

image-20221127210009134

image-20221127210446960

image-20221127210510262

34位输入,第一位和末位分别对两段进行smc

因为两个smc存在交叉,因此从地址较低的地方开始分析

image-20221127210827376

很明显这个某个函数的开头。

在32位的程序中,函数一般以push ebp 开头,对于的16进制是0x55,而这里是0x74,推导得到smc异或的值为0x55 ^ 0x74 = 0x21,用idc脚本进行解密

1
2
3
4
5
6
7
8
static main(){
    auto addr = 0x004017C0;
    auto n = 256;
    auto i;
    for(i = 0; i < n; i++){
        PatchByte(addr+i,Byte(addr+i)^0x21);
    }
}

image-20221127211304645

得到第一个函数

同理可得

image-20221127211412288

0x76 ^ 0x55 = 0x23

1
2
3
4
5
6
7
8
static main(){
    auto addr = 0x00401850;
    auto n = 256;
    auto i;
    for(i = 0; i < n; i++){
        PatchByte(addr+i,Byte(addr+i)^0x23);
    }
}

image-20221127211610215

第二个函数也有了

回到main函数

image-20221127212021344

后两个是校验

image-20221127212048122

image-20221127212100023

用python跑z3,这个比较坑的点在于这两个是多解的

前半

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
from z3 import *

x = [BitVec('x[%d]' % i, 8) for i in range(16)]
flag = [0x0002A81A, 0x00028D44, 0x00022653, 0x0002E993, 0x000249B5, 0x00024265, 0x0003253D, 0x0002D77B,
        0x000282C8, 0x00022892, 0x0002BD54, 0x0002482E, 0x00024C1F, 0x00028127, 0x0001E62E, 0x0001F009]

s = Solver()

s.add(flag[12] == 199 * x[9] + 98 * x[7] + 192 * x[8] + 23 * x[12] + 79 * x[14] + 77 * x[10] + 185 * x[13] + 135 * x[
    15] + 119 * x[4] + 54 * x[0] + 41 * x[1] + 124 * x[6] + 18 * x[2] + 181 * x[11] + 191 * x[5] + 7 * x[3])

s.add(
    flag[3] == 210 * x[11] + 26 * x[15] + 169 * x[0] + 177 * x[13] + x[6] + 205 * x[8] + 223 * x[10] + 32 * x[5] + 225 *
    x[3] + 61 * x[14] + 72 * x[1] + 186 * x[9] + 253 * x[12] + 205 * x[2] + 49 * x[4] + 232 * x[7])
s.add(flag[13] == 192 * x[3] + 22 * x[10] + 175 * x[1] + 184 * x[7] + 116 * x[15] + 70 * x[13] + 153 * x[14] + 119 * x[
    0] + 217 * x[6] + 123 * x[5] + 17 * x[2] + 244 * x[12] + 116 * x[8] + 46 * x[4] + 19 * x[9] + 130 * x[11])
s.add(flag[7] == 41 * x[12] + 71 * x[7] + 185 * x[1] + 69 * x[11] + 142 * x[8] + 221 * x[5] + 24 * x[3] + 208 * x[
    6] + 41 * x[9] + 159 * x[2] + 231 * x[14] + 235 * x[13] + 225 * x[0] + (x[4] << 6) + 162 * x[10] + 134 * x[15])
s.add(flag[11] == 36 * x[12] + 220 * x[4] + 110 * x[13] + 45 * x[7] + 123 * x[9] + 133 * x[1] + 101 * x[5] + 137 * x[
    10] + 102 * x[0] + 227 * x[14] + 94 * x[15] + 18 * x[2] + 22 * x[6] + 189 * x[11] + 218 * x[8])
s.add(
    flag[15] == 86 * x[11] + 31 * x[9] + 229 * x[6] + 27 * x[3] + 6 * x[12] + 13 * x[10] + 158 * x[1] + 89 * x[7] + 35 *
    x[15] + 126 * x[8] + 165 * x[13] + 220 * x[0] + 138 * x[5] + 100 * x[4] + 84 * x[14] + 175 * x[2])
s.add(flag[8] == 7 * x[1] + 28 * x[8] + 131 * x[10] + 6 * x[6] + 254 * x[0] + 130 * x[13] + 124 * x[3] + 55 * x[
    12] + 157 * x[14] + 175 * x[5] + 140 * x[4] + 241 * x[9] + 11 * x[11] + 211 * x[2] + 121 * x[7] + 200 * x[15])
s.add(flag[6] == 195 * x[14] + 197 * x[13] + 218 * x[7] + 83 * x[1] + 98 * x[2] + 70 * x[10] + 229 * x[15] + 148 * x[
    11] + 195 * x[0] + 94 * x[6] + 211 * x[12] + 220 * x[9] + 81 * x[5] + 253 * x[8] + 78 * x[4] + 4 * x[3])
s.add(flag[14] == 3 * x[4] + 136 * x[7] + 156 * x[3] + 189 * x[1] + 244 * x[12] + 157 * x[15] + 83 * x[9] + 6 * x[
    0] + 113 * x[6] + 63 * x[14] + 35 * x[2] + 22 * x[8] + 26 * x[10] + 62 * x[11] + 98 * x[5] + 110 * x[13])
s.add(flag[4] == 96 * x[4] + 248 * x[8] + 191 * x[9] + 194 * x[2] + 154 * x[1] + 31 * x[6] + 157 * x[7] + 248 * x[
    13] + 81 * x[15] + 56 * x[10] + 52 * x[0] + 94 * x[12] + 212 * x[5] + 83 * x[3] + 83 * x[14] + 158 * x[11])
s.add(flag[1] == 67 * x[4] + 220 * x[2] + 123 * x[11] + 168 * x[5] + 23 * x[12] + 148 * x[7] + 127 * x[10] + 194 * x[
    1] + 132 * x[8] + 44 * x[0] + 60 * x[13] + 98 * x[15] + 38 * x[14] + 245 * x[9] + 159 * x[6] + 146 * x[3])
s.add(
    flag[5] == 132 * x[3] + 10 * x[7] + 95 * x[0] + 83 * x[10] + 99 * x[1] + 77 * x[12] + 195 * x[2] + 47 * x[6] + 38 *
    x[13] + 178 * x[8] + 74 * x[4] + 86 * x[11] + 208 * x[9] + 240 * x[14] + 120 * x[5] + 43 * x[15])
s.add(flag[9] == 172 * x[1] + 110 * x[2] + 92 * x[7] + 126 * x[15] + 91 * x[0] + 77 * x[6] + 207 * x[5] + 249 * x[
    11] + 240 * x[12] + 129 * x[10] + 6 * x[13] + 100 * x[3] + x[14] + 76 * x[9] + 127 * x[4] + 4 * x[8])
s.add(flag[10] == 46 * x[15] + 37 * x[0] + 3 * x[3] + 72 * x[6] + 116 * x[7] + 186 * x[1] + 221 * x[14] + 236 * x[
    4] + 79 * x[2] + 175 * x[10] + 184 * x[9] + 160 * x[11] + 227 * x[12] + 99 * x[8] + 71 * x[13] + 4 * x[5])
s.add(flag[0] == 203 * x[3] + 31 * x[0] + 11 * x[14] + 149 * x[7] + 215 * x[5] + 206 * x[1] + 245 * x[6] + 9 * x[
    11] + 16 * x[10] + 241 * x[13] + 110 * x[8] + 175 * x[2] + 38 * x[4] + 227 * x[9] + 208 * x[12] + 8 * x[15])
s.add(flag[2] == 132 * x[3] + 119 * x[14] + 26 * x[8] + 24 * x[6] + 121 * x[11] + 235 * x[2] + 228 * x[12] + 34 * x[
    5] + 37 * x[15] + 24 * x[9] + 145 * x[13] + 199 * x[4] + 173 * x[10] + 58 * x[0] + 246 * x[7] + 199 * x[1])

k = 0
while(s.check() == sat):
      condition = []
      m = s.model()
      print("[%d]"%k)
      print(m)
      k += 1
      for i in range(16):
            condition.append(x[i] != int("%s" % (m[x[i]])))

      s.add(Or(condition))
1
2
3
4
5
[0]
[x[9] = 179,x[14] = 114,x[8] = 72,x[7] = 51,x[2] = 1,x[6] = 186,x[1] = 45,x[12] = 113,
 x[13] = 43,x[4] = 43,x[11] = 51,x[5] = 42,x[3] = 51,x[10] = 186,x[15] = 72,x[0] = 90]
[1]
[x[9] = 51,x[14] = 242,x[8] = 200,x[2] = 1,x[7] = 51,x[12] = 113,x[1] = 45,x[5] = 170,x[4] = 43,x[11] = 51,x[6] = 186,x[3] = 51,x[13] = 43,x[10] = 58,x[15] = 72,x[0] =  218]

后半

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
from z3 import *

flag = [
    0x27FC8, 0x29049, 0x3336C, 0x2C6A7,
    0x36CB0, 0x1F2BB, 0x35262, 0x2AEDF,
    0x2955E, 0x2EE10, 0x2B057, 0x2FDE8,
    0x29B92, 0x35842, 0x294D2, 0x2B984,
]

x = [BitVec('x[%d]' % i, 8) for i in range(16)]
s = Solver()

s.add(flag[0] == 159 * x[8] + 109 * x[12] + 14 * x[0] + 92 * x[14] + 211 * x[4] + 178 * x[7] + 57 * x[2] + 175 * x[
    5] + 170 * x[11] + 59 * x[6] + 200 * x[9] + 5 * x[15] + 48 * x[13] + 28 * x[3] + 18 * x[10] + 228 * x[1])

s.add(flag[6] == 173 * x[11] + 34 * x[5] + 69 * x[4] + 216 * x[14] + 225 * x[9] + 160 * x[1] + 207 * x[10] + 175 * x[
    7] + 121 * x[0] + 122 * x[2] + 179 * x[12] + 91 * x[13] + 181 * x[8] + 93 * x[3] + 121 * x[6] + 12 * x[15])

s.add(flag[8] == 215 * x[11] + 164 * x[5] + 97 * x[2] + 99 * x[3] + 188 * x[4] + (x[9] << 7) + 214 * x[6] + 106 * x[
    8] + 169 * x[0] + 28 * x[14] + 18 * x[12] + x[1] + 177 * x[10] + 114 * x[7] + 176 * x[15] + 25 * x[13])

s.add(flag[9] == 175 * x[14] + 42 * x[4] + 214 * x[12] + 43 * x[13] + 147 * x[6] + 53 * x[10] + 12 * x[1] + 213 * x[
    7] + 241 * x[9] + 223 * x[5] + 65 * x[3] + 42 * x[15] + 131 * x[2] + 81 * x[0] + 92 * x[11] + 110 * x[8])

s.add(flag[13] == 57 * x[0] + 109 * x[7] + 60 * x[2] + 228 * x[13] + 166 * x[4] + 236 * x[9] + 100 * x[6] + 179 * x[
    11] + 20 * x[12] + 45 * x[8] + 204 * x[3] + 182 * x[14] + 84 * x[10] + 170 * x[15] + 199 * x[5] + 138 * x[1])

s.add(flag[10] == 98 * x[11] + 122 * x[9] + 237 * x[12] + 117 * x[0] + 34 * x[3] + 168 * x[8] + 135 * x[10] + 119 * x[
    6] + 91 * x[2] + 161 * x[15] + 152 * x[7] + 186 * x[4] + 187 * x[13] + 72 * x[14] + 36 * x[5] + 171 * x[1])

s.add(flag[7] == 184 * x[9] + 112 * x[0] + 107 * x[11] + 170 * x[13] + 55 * x[8] + 85 * x[14] + 212 * x[10] + 173 * x[
    15] + 166 * x[12] + 142 * x[4] + 202 * x[5] + 63 * x[2] + 30 * x[7] + 175 * x[3] + 217 * x[6] + 63 * x[1])
s.add(flag[15] == (x[7] << 6) + 228 * x[4] + 90 * x[11] + 85 * x[3] + 196 * x[6] + 219 * x[0] + 93 * x[14] + 183 * x[
    15] + 156 * x[12] + 197 * x[8] + 119 * x[13] + 36 * x[10] + 205 * x[2] + 94 * x[9] + 153 * x[5])

s.add(flag[5] == 9 * x[4] + (x[5] << 6) + 62 * x[1] + 58 * x[7] + 100 * x[13] + 137 * x[11] + 6 * x[0] + 119 * x[
    9] + 180 * x[6] + 228 * x[8] + 88 * x[12] + 107 * x[15] + 56 * x[14] + 207 * x[2] + 248 * x[10] + 150 * x[3])

s.add(
    flag[3] == 38 * x[7] + 194 * x[4] + 105 * x[0] + 150 * x[6] + 75 * x[1] + 89 * x[15] + 99 * x[14] + 98 * x[3] + 91 *
    x[8] + 178 * x[12] + 117 * x[2] + 48 * x[13] + 239 * x[10] + 233 * x[11] + 63 * x[5] + 250 * x[9])

s.add(flag[11] == 30 * x[8] + 13 * x[5] + 206 * x[3] + 234 * x[15] + 71 * x[7] + 239 * x[12] + 141 * x[10] + 179 * x[
    13] + 113 * x[14] + 181 * x[9] + 52 * x[6] + 74 * x[11] + 168 * x[4] + 239 * x[1] + 164 * x[0] + 179 * x[2])

s.add(flag[14] == 211 * x[1] + 74 * x[5] + 144 * x[8] + 234 * x[0] + 241 * x[2] + 157 * x[11] + 25 * x[15] + 6 * x[
    10] + 243 * x[6] + 107 * x[9] + 77 * x[12] + 127 * x[4] + 67 * x[7] + 13 * x[14] + 151 * x[3] + 127 * x[13])

s.add(flag[2] == 209 * x[9] + 110 * x[7] + 22 * x[10] + 102 * x[11] + 187 * x[1] + 58 * x[8] + 236 * x[6] + 146 * x[
    13] + 205 * x[15] + 63 * x[2] + 211 * x[4] + 152 * x[3] + 82 * x[14] + 14 * x[5] + 49 * x[12] + 251 * x[0])

s.add(flag[12] == 230 * x[0] + 27 * x[3] + 186 * x[10] + 58 * x[7] + 121 * x[1] + 59 * x[14] + 90 * x[12] + 40 * x[
    2] + 230 * x[11] + 25 * x[6] + 198 * x[5] + 81 * x[4] + 71 * x[13] + 180 * x[8] + 149 * x[9] + 73 * x[15])

s.add(flag[4] == 188 * x[5] + 80 * x[1] + 221 * x[6] + (x[12] << 6) + 230 * x[3] + 123 * x[8] + 124 * x[11] + 253 * x[
    0] + 202 * x[10] + 63 * x[2] + 40 * x[7] + 109 * x[9] + 195 * x[15] + 199 * x[13] + 82 * x[4] + 225 * x[14])

s.add(flag[1] == 236 * x[15] + 44 * x[14] + 214 * x[13] + 52 * x[8] + 37 * x[6] + 101 * x[9] + 244 * x[10] + 238 * x[
    11] + 109 * x[0] + 188 * x[1] + 20 * x[3] + 87 * x[7] + 93 * x[4] + 158 * x[5] + 105 * x[12] + 3 * x[2])

k = 0
while (s.check() == sat):
    condition = []
    m = s.model()
    print("[%d]" % k)
    print(m)
    k += 1
    for i in range(16):
        condition.append(x[i] != int("%s" % (m[x[i]])))

    s.add(Or(condition))
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[0]                                                                                   
[x[9] = 58,x[14] = 145,x[8] = 153,x[7] = 186,x[2] = 51,x[6] = 106,x[11] = 50,x[5] = 115,x[4] = 71,x[13] = 188,x[12] = 75,x[3] = 45,x[1] = 170,x[10] = 170,x[15] = 115,x[0] = 58]

[1]                                                                                    
[x[9] = 186,x[14] = 209,x[8] = 25,x[2] = 179,x[7] = 58,x[12] = 11,x[1] = 170,x[5] = 51,x[4] = 199,x[11] = 114,x[6] = 42,x[3] = 45,x[13] = 124,x[10] = 170,x[15] = 51,x[0] = 58] 

[2]                                                                                     
[x[9] = 58,x[14] = 145,x[8] = 153,x[2] = 179,x[7] = 58,x[12] = 75,x[1] = 42,x[5] = 115,x[4] = 199,x[11] = 50,x[6] = 106,x[3] = 45,x[13] = 188,x[10] = 42,x[15] = 115,x[0] = 186]

[3]
[x[9] = 58,x[14] = 17,x[8] = 153,x[2] = 51,x[7] = 186,x[12] = 203,x[1] = 170,x[5] = 243,x[4] = 71,x[11] = 178,x[6] = 234,x[3] = 45,x[13] = 60,x[10] = 170,x[15] = 243,x[0] = 58]

[4]                                                                                     
[x[9] = 58,x[14] = 17,x[8] = 153,x[2] = 179,x[7] = 58,x[12] = 203,x[1] = 42,x[5] = 243,x[4] = 199,x[11] = 178,x[6] = 234,x[3] = 45,x[13] = 60,x[10] = 42,x[15] = 243,x[0] = 186]

[5]                                                                                       [x[9] = 186,x[14] = 81,x[8] = 25,x[2] = 179,x[7] = 58,x[12] = 139,x[1] = 170,x[5] = 179,x[4] = 199,x[11] = 242,x[6] = 170,x[3] = 45,x[13] = 252,x[10] = 170,x[15] = 179,x[0] = 5

[6]                                                                                       [x[9] = 186,x[14] = 81,x[8] = 25,x[2] = 51,x[7] = 186,x[12] = 139,x[1] = 42,x[5] = 179,x[4] = 71,x[11] = 242,x[6] = 170,x[3] = 45,x[13] = 252,x[10] = 42,x[15] = 179,x[0] = 186]

[7]                                                                                       [x[9] = 186,x[14] = 209,x[8] = 25,x[2] = 51,x[7] = 186,x[12] = 11,x[1] = 42,x[5] = 51,x[4] = 71,x[11] = 114,x[6] = 42,x[3] = 45,x[13] = 124,x[10] = 42,x[15] = 51,x[0] = 186]

最后是sub_401850

image-20221127212926335

将输入a1,及其长度a2输入到函数里面

首先跳转到一张索引表

image-20221127213140494

每个索引表都对应一个映射函数

image-20221127213239440

这个换表的过程重复10次

image-20221127213445721

根据v4的值换表,首先把v4的值求出来,得出换表的顺序,然后再把z3求出来的解一个一个丢进去试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#include <cstdio>
#include <cstdint>

using namespace std;

char __cdecl sub_401780(unsigned int a1)
{
  unsigned int i; // [esp+0h] [ebp-4h]

  for ( i = 2; i <= a1 >> 1; ++i )
  {
    if ( !(a1 % i) )
      return 0;
  }
  return 1;
}


int main()
{
    int a1[10];
    int i, v3, result;
   *a1 = 2;
  a1[1] = 3;
  result = 2;
  v3 = 2;
  for ( i = 4; i <= 30 && v3 < 10; ++i )
  {
    result = sub_401780(i);
    if ( result )
    {
      a1[v3] = i;
      result = ++v3;
    }
  }
  for(int i = 0; i < 10; i++) {
    printf("%d, ", a1[i]);
  }
};
1
int a1[] = {2, 3, 5, 7, 11, 13, 17, 19, 23, 29};

脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
box2 = [0x7A, 0x91, 0x9F, 0x23, 0x71, 0xD1, 0x63, 0xDB, 0x59, 0x0A, 0xEC, 0x69, 0xEE, 0x76, 0x5D, 0x64, 0x37, 0x42,
        0x8C, 0x0B, 0x3C, 0x5C, 0x80, 0xAD, 0x6A, 0x03, 0x43, 0x93, 0xBC, 0xBF, 0xE3, 0xAF, 0x5A, 0x8A, 0x65, 0x0D,
        0x31, 0xDF, 0x3E, 0xA7, 0xE4, 0xDD, 0xB4, 0xB0, 0x56, 0x1C, 0x12, 0xA4, 0x9E, 0xD8, 0x3D, 0x81, 0x60, 0x9A,
        0xCB, 0xFA, 0xB1, 0xE0, 0xD3, 0xF4, 0xA2, 0x26, 0x68, 0x90, 0x4B, 0x45, 0x85, 0x20, 0x16, 0xDE, 0xED, 0x4C,
        0x6F, 0x34, 0xDC, 0xBE, 0xD2, 0x46, 0x33, 0x14, 0x77, 0xC6, 0xCD, 0xF0, 0xC5, 0xAC, 0x1F, 0xD0, 0x95, 0x97,
        0x3F, 0xD7, 0x52, 0xAE, 0xB9, 0xC9, 0x0C, 0xCA, 0x4E, 0xF1, 0xB7, 0x39, 0x7F, 0x27, 0x2B, 0x40, 0x4A, 0x51,
        0xA1, 0xCC, 0xCE, 0x6E, 0x70, 0xFF, 0x0E, 0xEF, 0x8E, 0x25, 0xB3, 0x5E, 0x6C, 0xAB, 0x02, 0x49, 0xE9, 0x9B,
        0x36, 0x13, 0x9C, 0x04, 0x35, 0xC0, 0xFB, 0x3A, 0x67, 0xB6, 0x9D, 0xC2, 0x73, 0xB5, 0x6D, 0xCF, 0x83, 0x2C,
        0x01, 0xC1, 0x10, 0x6B, 0x79, 0x87, 0x5B, 0x57, 0x47, 0xE5, 0x15, 0xF7, 0xA5, 0x74, 0xAA, 0x53, 0x7D, 0x2E,
        0xD5, 0xA3, 0x19, 0xF5, 0x2D, 0xFD, 0x61, 0x8D, 0xC8, 0x1B, 0xC3, 0xDA, 0xF6, 0x72, 0x54, 0x5F, 0x1E, 0xE8,
        0x17, 0x50, 0xB2, 0xE7, 0x0F, 0x7E, 0x55, 0xBD, 0x86, 0x00, 0x78, 0x94, 0x92, 0x09, 0x2F, 0xD6, 0xD9, 0xF3,
        0x29, 0xE6, 0x24, 0x32, 0x66, 0x22, 0x41, 0xC4, 0x7C, 0x05, 0x98, 0x44, 0x4F, 0x99, 0xA9, 0xE1, 0x8F, 0x08,
        0x1A, 0x2A, 0x11, 0xEA, 0x3B, 0xE2, 0x38, 0xB8, 0x18, 0xF9, 0xD4, 0xC7, 0x62, 0x7B, 0x75, 0x58, 0x96, 0x28,
        0xEB, 0x06, 0x84, 0x89, 0x48, 0x82, 0x88, 0xA6, 0xFE, 0xA0, 0xF2, 0xF8, 0x1D, 0x8B, 0xFC, 0xA8, 0x21, 0x30,
        0xBB, 0x07, 0xBA, 0x4D]
box3 = [0x45, 0x1F, 0x63, 0x81, 0xE6, 0xAD, 0x4F, 0xD3, 0xC0, 0x15, 0x69, 0x8F, 0x0D, 0x31, 0x0C, 0xB0, 0xF1, 0x2E,
        0x98, 0xC1, 0xC2, 0x96, 0xB2, 0xEB, 0xBF, 0xDF, 0x17, 0xF4, 0x7F, 0xE5, 0x66, 0x73, 0xD8, 0x56, 0x46, 0x20,
        0x9C, 0x77, 0x3D, 0x72, 0xA3, 0x91, 0x49, 0x68, 0x4C, 0x1E, 0xAE, 0x06, 0x7A, 0x94, 0xDD, 0x52, 0x55, 0x2C,
        0xB8, 0x42, 0x79, 0xFE, 0x38, 0xEF, 0x8B, 0xF7, 0xAC, 0xDC, 0xFF, 0x78, 0x34, 0x70, 0xA9, 0xCE, 0x3F, 0x0E,
        0x11, 0x43, 0x5B, 0xF8, 0xAF, 0xD0, 0xFA, 0x33, 0xBA, 0xCF, 0x4A, 0xC9, 0x88, 0x4E, 0x80, 0x10, 0x85, 0x37,
        0x12, 0xAB, 0xE1, 0x61, 0xB7, 0x3E, 0x4D, 0x19, 0x3A, 0x04, 0x8C, 0x92, 0x0B, 0xE7, 0x3C, 0xEA, 0xC7, 0x16,
        0x35, 0xB1, 0xA7, 0x8E, 0x40, 0x9F, 0xB6, 0xB5, 0x25, 0xA0, 0x5A, 0x30, 0x7D, 0xA2, 0x1A, 0x64, 0xC5, 0x6D,
        0x74, 0x82, 0x08, 0x7E, 0xD2, 0xF6, 0xAA, 0xDA, 0xED, 0x4B, 0x6E, 0xE8, 0xE9, 0xE2, 0xD4, 0x71, 0xB9, 0x09,
        0x84, 0x3B, 0xC4, 0x1C, 0x60, 0xFD, 0x22, 0x99, 0x39, 0x97, 0x18, 0x89, 0x7C, 0xA4, 0x27, 0xBD, 0x0F, 0xCC,
        0x95, 0xF5, 0xB3, 0x65, 0x6B, 0x8A, 0x58, 0x36, 0xBB, 0x9E, 0x75, 0xD1, 0x03, 0x9D, 0x6A, 0x6C, 0x53, 0x05,
        0xB4, 0xE4, 0xEE, 0x67, 0x87, 0x7B, 0x32, 0x2D, 0x24, 0x2A, 0x59, 0xEC, 0x0A, 0xDB, 0x21, 0x07, 0x23, 0x50,
        0x02, 0x41, 0xF2, 0x83, 0xD9, 0x26, 0xBC, 0x6F, 0x86, 0xA6, 0x93, 0xF9, 0xC8, 0xD6, 0xA5, 0x1D, 0xE3, 0xE0,
        0xFC, 0xCA, 0x1B, 0x5E, 0x8D, 0x2F, 0x5C, 0xBE, 0x47, 0xA8, 0x44, 0x57, 0x54, 0x48, 0xC3, 0x00, 0x62, 0x5D,
        0xCB, 0xD7, 0x76, 0xCD, 0x28, 0xD5, 0x14, 0x90, 0x13, 0xDE, 0x5F, 0xF0, 0x01, 0x2B, 0xC6, 0x29, 0x9A, 0x9B,
        0x51, 0xF3, 0xFB, 0xA1]
box5 = [0x00, 0x74, 0x59, 0xC6, 0xAC, 0xD3, 0xC1, 0xA0, 0x88, 0x3F, 0x1C, 0x28, 0x17, 0x22, 0xC5, 0x38, 0xF9, 0x1B,
        0x21, 0x49, 0x99, 0xAF, 0xD6, 0x95, 0xA4, 0x9D, 0x5D, 0x5B, 0x73, 0xFE, 0xC9, 0x9A, 0x4C, 0xB4, 0x27, 0x5E,
        0x71, 0x25, 0xE2, 0x90, 0xC0, 0x62, 0x5F, 0x48, 0x77, 0xE0, 0xF2, 0x8E, 0x40, 0xC7, 0x79, 0x1A, 0xDC, 0xF3,
        0x01, 0xB6, 0xD8, 0xB5, 0x67, 0x1E, 0x85, 0x12, 0x68, 0x87, 0xD0, 0x30, 0xEB, 0x2F, 0x50, 0xCF, 0xEE, 0xDD,
        0xFB, 0xE6, 0xA5, 0x69, 0x05, 0x75, 0xB7, 0xEF, 0x70, 0x53, 0xFF, 0xBA, 0x80, 0x41, 0x9B, 0xA1, 0x39, 0xF8,
        0x65, 0x1F, 0x7A, 0x51, 0x98, 0xAD, 0x02, 0x13, 0x18, 0xC3, 0x31, 0x89, 0xCD, 0xCA, 0x91, 0xD1, 0x78, 0x57,
        0x47, 0xB8, 0x54, 0x9F, 0x96, 0x04, 0x23, 0x2B, 0xE5, 0x46, 0x29, 0x7C, 0x76, 0x82, 0xBC, 0xFC, 0x6E, 0xEC,
        0xED, 0x64, 0x4A, 0x26, 0x34, 0x5C, 0x19, 0x55, 0xFD, 0x6D, 0xFA, 0x7E, 0xB2, 0xD4, 0xF1, 0xF6, 0xE4, 0x60,
        0xB0, 0x52, 0x9E, 0x8F, 0xBB, 0x08, 0x3B, 0x97, 0xE8, 0x10, 0x6C, 0x44, 0x3A, 0x36, 0x35, 0x03, 0xC4, 0x81,
        0x9C, 0xAB, 0xCB, 0x66, 0xAA, 0x37, 0xA2, 0xD2, 0xE1, 0xE9, 0x7B, 0x14, 0x8D, 0xD9, 0xF5, 0x0B, 0xC2, 0x07,
        0xA8, 0x0D, 0xA3, 0x0A, 0x84, 0x6B, 0x2C, 0xEA, 0x0C, 0xAE, 0x7D, 0x6F, 0xD7, 0xE7, 0xC8, 0x3C, 0x45, 0xCC,
        0x58, 0xB9, 0x3D, 0x33, 0x4E, 0x4B, 0x8C, 0xCE, 0x72, 0x6A, 0x8B, 0x2D, 0x24, 0x11, 0xDF, 0x5A, 0x2E, 0x92,
        0xDA, 0x86, 0x94, 0xA7, 0xD5, 0x4F, 0x2A, 0xB3, 0x63, 0x61, 0xE3, 0xDE, 0x43, 0x1D, 0xBF, 0x15, 0x32, 0xBE,
        0x16, 0x3E, 0x93, 0x7F, 0x83, 0x56, 0x06, 0xF7, 0x8A, 0x20, 0xBD, 0x0E, 0xA6, 0xDB, 0x0F, 0xB1, 0x42, 0xF0,
        0x09, 0x4D, 0xA9, 0xF4]
box7 = [0x0F, 0xA5, 0xBA, 0x03, 0xF9, 0x69, 0x2A, 0xD7, 0xEA, 0xB5, 0xFC, 0xA1, 0x39, 0x20, 0x68, 0x72, 0x25, 0xB2,
        0x6C, 0xAD, 0x88, 0x51, 0x73, 0xEB, 0xCF, 0x13, 0xDE, 0x7C, 0x6D, 0x38, 0x05, 0x09, 0xC2, 0x96, 0x1F, 0x7F,
        0x37, 0x4A, 0xC9, 0xE7, 0x6A, 0xB0, 0x59, 0xF7, 0xD2, 0xB9, 0x16, 0xC8, 0xEE, 0xA9, 0x18, 0x80, 0xAC, 0xE3,
        0x9E, 0x6F, 0x3C, 0x2F, 0x3E, 0x9A, 0xBE, 0x1D, 0xB4, 0x7B, 0x7D, 0x32, 0x6B, 0x74, 0xC5, 0xC0, 0xC7, 0xD1,
        0x29, 0x98, 0xDD, 0xB6, 0x0E, 0x4D, 0xBF, 0x79, 0x0D, 0xDA, 0x7A, 0x17, 0x71, 0x43, 0x87, 0xFF, 0xDC, 0xC6,
        0x12, 0xE9, 0x67, 0x2D, 0x70, 0x9F, 0x95, 0x30, 0x26, 0x24, 0x2B, 0xA8, 0xA2, 0xD8, 0x3B, 0x31, 0xA0, 0x3D,
        0x4B, 0x90, 0x60, 0x34, 0x75, 0xE8, 0x5D, 0xF4, 0x85, 0xF3, 0xFE, 0x35, 0xCB, 0xB8, 0x02, 0x50, 0xB1, 0xF1,
        0x1A, 0x1B, 0x21, 0xCD, 0xC4, 0x7E, 0xED, 0x07, 0xD9, 0xD6, 0x44, 0x15, 0x8E, 0x49, 0xB3, 0x97, 0xE6, 0x63,
        0xB7, 0xEF, 0x3A, 0x8F, 0xF2, 0x53, 0x10, 0x77, 0x86, 0xF8, 0x8A, 0x28, 0x3F, 0xD4, 0x4C, 0xE5, 0x82, 0x83,
        0xEC, 0x62, 0x89, 0xDF, 0xC3, 0x14, 0xCA, 0xA3, 0x5F, 0x64, 0x47, 0xFD, 0x00, 0x84, 0x66, 0xA7, 0x5A, 0x0C,
        0x01, 0xD5, 0x5B, 0x0A, 0x4F, 0x27, 0x78, 0x0B, 0x2E, 0x48, 0x36, 0xFA, 0x08, 0x56, 0xE0, 0xA6, 0xC1, 0x5C,
        0x8B, 0x41, 0x06, 0xBB, 0x52, 0x93, 0xAF, 0x2C, 0x5E, 0xF6, 0x61, 0xF0, 0xAB, 0x91, 0x45, 0x04, 0xBD, 0xCC,
        0xE4, 0x65, 0x9D, 0x92, 0xCE, 0x40, 0xAE, 0x76, 0x9B, 0x9C, 0xAA, 0x54, 0xD0, 0x1C, 0x81, 0x4E, 0x57, 0x55,
        0x23, 0x6E, 0x1E, 0x99, 0xDB, 0xFB, 0xA4, 0x22, 0x19, 0x58, 0x11, 0x8D, 0x94, 0xD3, 0xE2, 0x8C, 0xF5, 0x42,
        0x46, 0xBC, 0x33, 0xE1]
box11 = [0x38, 0xD9, 0xDA, 0xE6, 0xB5, 0xF1, 0x0B, 0x93, 0x0C, 0x58, 0x0D, 0xAE, 0x0A, 0x85, 0x2A, 0x50, 0xC2, 0xBF,
         0xD4, 0x28, 0x52, 0xC4, 0x4F, 0xE1, 0x44, 0xE0, 0xA2, 0x70, 0x36, 0x65, 0x4B, 0x41, 0x9D, 0x5F, 0x05, 0x7C,
         0xF7, 0xD7, 0x99, 0x8B, 0xCC, 0xCE, 0x16, 0xBE, 0xB6, 0xC5, 0x8F, 0x79, 0xC7, 0x20, 0x7E, 0xF4, 0xF3, 0x2E,
         0x4A, 0x89, 0xD6, 0x0F, 0x6E, 0xB0, 0x61, 0xB1, 0x6D, 0x19, 0x73, 0x03, 0x74, 0xA1, 0x40, 0xEC, 0xC0, 0x57,
         0x94, 0x7A, 0x66, 0xD5, 0xEA, 0x17, 0x6A, 0x84, 0x37, 0xED, 0xF6, 0x13, 0x31, 0x5B, 0x82, 0x1E, 0xFC, 0x92,
         0xE2, 0x42, 0x86, 0xBA, 0xE3, 0x91, 0x7F, 0x67, 0x5C, 0x98, 0x15, 0x22, 0x8D, 0x80, 0x04, 0xE4, 0x25, 0x09,
         0xA0, 0xAD, 0x63, 0xE5, 0xB4, 0x9A, 0x3C, 0xA3, 0x3A, 0x69, 0xF8, 0xCD, 0xBC, 0x88, 0x55, 0xB2, 0xBD, 0x6B,
         0x77, 0x71, 0xB3, 0xD3, 0x90, 0x75, 0x06, 0x49, 0xC3, 0x32, 0x4D, 0x1D, 0xA8, 0xAA, 0xFB, 0x7B, 0x7D, 0x2B,
         0xA6, 0x34, 0x72, 0x47, 0xF0, 0x2F, 0x9C, 0x08, 0x00, 0x14, 0x8C, 0x26, 0x5E, 0x87, 0xD1, 0xCF, 0xC9, 0x18,
         0x51, 0x23, 0xCB, 0xF5, 0x1C, 0x9F, 0x97, 0xF9, 0xBB, 0xA7, 0x39, 0x45, 0x02, 0xFD, 0x46, 0x8A, 0x54, 0xA4,
         0x8E, 0x9E, 0x68, 0x96, 0x0E, 0x78, 0xB8, 0x3D, 0x11, 0x64, 0xAF, 0x10, 0xDE, 0x6C, 0x60, 0x5A, 0x76, 0x1A,
         0xE9, 0xC1, 0x3E, 0xCA, 0x9B, 0x27, 0x30, 0xEF, 0xFF, 0x07, 0xD2, 0xB9, 0x2D, 0xD0, 0xEE, 0x83, 0xAB, 0xF2,
         0x4C, 0xA5, 0x21, 0x62, 0x81, 0x33, 0x1B, 0xD8, 0x6F, 0xAC, 0x3B, 0x5D, 0xE8, 0xFA, 0x3F, 0xDB, 0x95, 0xE7,
         0x59, 0x12, 0x48, 0x35, 0xC6, 0x2C, 0x4E, 0x01, 0xDD, 0x43, 0x29, 0xDC, 0x24, 0x1F, 0xB7, 0xA9, 0xEB, 0xC8,
         0xFE, 0x56, 0xDF, 0x53]
box13 = [0xB0, 0x28, 0x0B, 0x89, 0x4B, 0xA4, 0xBE, 0x1A, 0x8F, 0x6C, 0xCF, 0xB2, 0xB5, 0xFE, 0xFB, 0x59, 0x2D, 0x29,
         0x39, 0x62, 0x97, 0xAA, 0xD7, 0x7D, 0x94, 0x2C, 0xFC, 0x5D, 0xB4, 0x7C, 0x8A, 0x82, 0xD3, 0xA7, 0xBA, 0xDF,
         0x21, 0xE6, 0xA2, 0xD0, 0xE8, 0xF0, 0x67, 0x3A, 0xB9, 0x98, 0xF9, 0xAE, 0xD1, 0x56, 0xD8, 0xCA, 0x10, 0xEA,
         0x92, 0xA8, 0x75, 0x7E, 0x65, 0xA9, 0xAF, 0x51, 0xC9, 0x8E, 0xD4, 0x77, 0xE4, 0x49, 0x06, 0x61, 0x9E, 0x24,
         0xD9, 0x9B, 0x11, 0x05, 0x1D, 0x96, 0x9A, 0xB1, 0xE0, 0x83, 0xE1, 0x1C, 0xCD, 0xF3, 0x38, 0xB3, 0x57, 0x50,
         0xF4, 0xAC, 0xEB, 0x14, 0xA5, 0x46, 0xF6, 0x93, 0xAD, 0x7B, 0x30, 0xEF, 0x79, 0x17, 0x47, 0xDA, 0xC0, 0xDD,
         0xDE, 0xDC, 0x5A, 0x76, 0x3B, 0x31, 0x0D, 0x0E, 0x86, 0xF1, 0x71, 0xFA, 0x0C, 0x00, 0xA3, 0xBF, 0x64, 0x37,
         0x22, 0xD2, 0x69, 0x5C, 0xC6, 0x16, 0x9F, 0x5E, 0x7A, 0x1E, 0x27, 0x60, 0x6E, 0xF8, 0x8C, 0xEE, 0xC2, 0x74,
         0x81, 0x8B, 0x33, 0x03, 0xBD, 0x2A, 0x0A, 0x68, 0x6B, 0x3F, 0x4C, 0xC3, 0x15, 0x04, 0x3D, 0x63, 0xF5, 0xAB,
         0xCC, 0x3C, 0x53, 0x20, 0x66, 0xC4, 0xC1, 0x23, 0xE7, 0x25, 0x55, 0xC7, 0xED, 0xB7, 0xBC, 0xCB, 0x8D, 0x09,
         0xCE, 0x52, 0xBB, 0xE2, 0xC5, 0xB6, 0x26, 0x12, 0x2F, 0x99, 0x58, 0x40, 0x6D, 0xA1, 0x3E, 0x48, 0x85, 0xA6,
         0xF2, 0x0F, 0x43, 0x78, 0xB8, 0x01, 0xE5, 0xD5, 0x6F, 0x4E, 0xF7, 0x13, 0x42, 0xEC, 0x45, 0x2B, 0x4F, 0x36,
         0xDB, 0x9C, 0xE3, 0x44, 0x34, 0x84, 0x73, 0x2E, 0x7F, 0xFD, 0x91, 0x41, 0xD6, 0x95, 0x18, 0xFF, 0x70, 0xC8,
         0x02, 0x5F, 0x08, 0x1B, 0x6A, 0x5B, 0x19, 0xA0, 0x4D, 0x35, 0x54, 0xE9, 0x32, 0x88, 0x72, 0x07, 0x87, 0x90,
         0x4A, 0x80, 0x1F, 0x9D]
box17 = [0xE8, 0x22, 0x64, 0x9F, 0xC5, 0xD5, 0x25, 0xC9, 0x5D, 0xDF, 0xA1, 0x74, 0xCB, 0x57, 0xF7, 0xF0, 0xBD, 0x56,
         0xFF, 0x33, 0x79, 0xFE, 0x87, 0xB6, 0xB1, 0x54, 0x10, 0x95, 0x8A, 0xEC, 0x7B, 0x48, 0x84, 0x3D, 0x30, 0xEF,
         0x86, 0xFA, 0x97, 0x1C, 0xDC, 0xA9, 0x5A, 0xF3, 0x67, 0x18, 0x83, 0x72, 0x06, 0xB9, 0xF5, 0x05, 0x68, 0x59,
         0xF2, 0xE4, 0x88, 0x5E, 0x14, 0x17, 0x11, 0x9C, 0xAB, 0xDE, 0xEB, 0x7D, 0x62, 0x9B, 0xD6, 0xF4, 0x01, 0x29,
         0xBC, 0xC0, 0x69, 0xA2, 0x2B, 0x0D, 0x1D, 0x98, 0x6A, 0xBE, 0x65, 0x09, 0xF8, 0x96, 0xB4, 0x6E, 0x63, 0xE3,
         0x34, 0x2D, 0xCE, 0x0A, 0xCD, 0xAA, 0x21, 0xCC, 0xE7, 0xA5, 0xDB, 0xD8, 0x03, 0xDD, 0xB2, 0x1F, 0x9D, 0x9E,
         0x0E, 0x8F, 0x8B, 0xCA, 0x92, 0x0B, 0xA7, 0x5B, 0xD2, 0xCF, 0x47, 0x07, 0x04, 0xAE, 0x3B, 0xA8, 0x7C, 0x73,
         0xF9, 0x35, 0xEE, 0x7A, 0xB0, 0xBA, 0x85, 0x46, 0x3E, 0x81, 0xC7, 0x40, 0x37, 0x15, 0x3A, 0x19, 0xE0, 0x1E,
         0x28, 0x4A, 0x4F, 0x8C, 0xD4, 0x51, 0x2E, 0x94, 0x89, 0x2A, 0x0F, 0x7E, 0xE1, 0xC8, 0x5F, 0x4E, 0x6D, 0xF6,
         0x49, 0xB8, 0x55, 0x60, 0x82, 0x20, 0x36, 0xC1, 0x0C, 0x1B, 0xC4, 0x00, 0xE5, 0xA3, 0x2C, 0xE9, 0xC2, 0xF1,
         0x23, 0x3F, 0xC3, 0xB5, 0x8D, 0xD7, 0x42, 0xFC, 0x50, 0x13, 0xBB, 0x61, 0x9A, 0x44, 0xE6, 0x91, 0x2F, 0x70,
         0xC6, 0x6F, 0xD1, 0x27, 0x43, 0x08, 0xDA, 0xFD, 0x52, 0x71, 0x77, 0xED, 0xE2, 0xAD, 0x16, 0x8E, 0x12, 0x4C,
         0x31, 0x3C, 0x39, 0x78, 0x90, 0xBF, 0x1A, 0x76, 0x75, 0x41, 0x99, 0xD0, 0x80, 0xB7, 0x66, 0x24, 0xD3, 0x7F,
         0x4B, 0x45, 0x5C, 0x53, 0x4D, 0x26, 0x32, 0xA0, 0xFB, 0xB3, 0x38, 0x6B, 0xAF, 0xA6, 0xD9, 0x02, 0xA4, 0xEA,
         0x6C, 0xAC, 0x58, 0x93]
box19 = [0x91, 0x67, 0x1A, 0xBE, 0xAB, 0xC2, 0x85, 0xD5, 0xDA, 0xCC, 0xF7, 0x5B, 0x54, 0x61, 0x05, 0xDF, 0x02, 0x70,
         0x65, 0x69, 0x9A, 0x7A, 0x09, 0x92, 0x5D, 0x2A, 0xA7, 0x37, 0xFF, 0x19, 0xE6, 0x99, 0xF3, 0x1E, 0xBD, 0x82,
         0x48, 0x3C, 0xE8, 0xC8, 0x66, 0x17, 0xB7, 0xA9, 0xC5, 0x4E, 0x33, 0x84, 0x45, 0xD3, 0x8B, 0x49, 0x50, 0x43,
         0x8F, 0xCD, 0x73, 0x29, 0x04, 0xDC, 0x01, 0x0C, 0xDD, 0x2E, 0xFB, 0x6E, 0x0F, 0x24, 0x57, 0xE9, 0xC9, 0x7D,
         0xB3, 0x40, 0x4B, 0x56, 0x6C, 0x68, 0xE2, 0x22, 0xF6, 0x80, 0xAA, 0x95, 0xD4, 0x97, 0x94, 0x21, 0x53, 0xD1,
         0xE3, 0x59, 0xD2, 0xED, 0x41, 0x4D, 0x74, 0xA3, 0xA0, 0x32, 0x0D, 0xFC, 0x46, 0x34, 0xFA, 0xB1, 0x5E, 0xC6,
         0x71, 0xC0, 0xE0, 0x3F, 0x13, 0x12, 0xD7, 0xEE, 0xF8, 0x26, 0xE1, 0x25, 0x88, 0x77, 0xB0, 0x8D, 0x6A, 0xEA,
         0x0E, 0xD6, 0x3E, 0x03, 0x64, 0xBF, 0x8C, 0x96, 0xD9, 0xA4, 0x42, 0xAD, 0xFD, 0x16, 0x5A, 0xE4, 0x06, 0x9D,
         0x07, 0x87, 0x5F, 0xAF, 0xDB, 0xC1, 0x93, 0x1C, 0xF1, 0xDE, 0xA6, 0x3A, 0xF4, 0x2C, 0x1B, 0x39, 0xE7, 0x4A,
         0xC7, 0x35, 0xFE, 0x0A, 0x62, 0xF0, 0xCA, 0xEC, 0x27, 0x52, 0x23, 0x7F, 0xA5, 0x79, 0x7C, 0x75, 0x86, 0xEB,
         0x60, 0xA8, 0xF5, 0x1F, 0x20, 0xC3, 0x63, 0x5C, 0x72, 0x18, 0xE5, 0x51, 0xAC, 0xB9, 0x90, 0x9F, 0x4C, 0xB2,
         0xCB, 0x00, 0x6F, 0x28, 0xA1, 0xB6, 0x9B, 0xD0, 0x7B, 0x36, 0x4F, 0x9C, 0xCF, 0x98, 0x8A, 0x0B, 0x78, 0xB4,
         0x7E, 0x2B, 0xEF, 0x58, 0xB5, 0xBA, 0x55, 0xB8, 0x10, 0x2F, 0x44, 0xAE, 0x89, 0x08, 0xC4, 0x3B, 0x9E, 0xF9,
         0x6D, 0xF2, 0x15, 0x1D, 0x30, 0x47, 0x8E, 0x31, 0x2D, 0xD8, 0x6B, 0x3D, 0x11, 0x14, 0xA2, 0x83, 0xCE, 0xBB,
         0x81, 0xBC, 0x76, 0x38]
box23 = [0x38, 0x5A, 0xC7, 0x98, 0x15, 0x6A, 0xC9, 0x28, 0x33, 0xEA, 0xF4, 0xD9, 0xDB, 0x77, 0xB8, 0x49, 0x1B, 0x79,
         0xF5, 0xFD, 0x3E, 0xA2, 0xDE, 0x17, 0xC4, 0x5E, 0xE5, 0x11, 0xB6, 0x1D, 0x86, 0xF9, 0x90, 0x78, 0x8A, 0x14,
         0x12, 0xB1, 0xC2, 0x21, 0xF1, 0x02, 0x58, 0xA1, 0x23, 0x0C, 0xAD, 0xA5, 0x50, 0x48, 0x1E, 0x6D, 0xF8, 0x96,
         0x9D, 0x19, 0x00, 0xBD, 0x26, 0xCE, 0xA7, 0x24, 0x2E, 0x39, 0x7B, 0xFA, 0x5F, 0xCC, 0x1A, 0x0B, 0x40, 0x0F,
         0x4B, 0x82, 0xE2, 0x97, 0x10, 0x2A, 0xFC, 0x3B, 0xB2, 0x66, 0x27, 0x54, 0x07, 0xE3, 0x08, 0xA3, 0xA6, 0xED,
         0x62, 0x13, 0x9C, 0x20, 0x01, 0x92, 0xE8, 0xAE, 0xBE, 0xE1, 0x0A, 0x41, 0x94, 0x80, 0xA9, 0x2F, 0x29, 0x70,
         0x35, 0x16, 0xF7, 0x6B, 0xFE, 0x9E, 0x0D, 0xD3, 0x7F, 0x1F, 0xA0, 0x32, 0xD2, 0x52, 0x05, 0x76, 0x89, 0x9B,
         0x7A, 0x8F, 0x99, 0xEF, 0xCF, 0x51, 0x0E, 0xEC, 0x59, 0x5C, 0x37, 0xD5, 0x8E, 0x31, 0x34, 0x2D, 0x93, 0x25,
         0x1C, 0xC8, 0x5B, 0x47, 0x9F, 0x03, 0x67, 0x7E, 0x42, 0x7D, 0x3A, 0xAA, 0x57, 0xDA, 0x9A, 0xAB, 0x74, 0x72,
         0xE4, 0xB7, 0x5D, 0xCD, 0x87, 0x46, 0x2B, 0x43, 0xF3, 0xD0, 0x85, 0x55, 0xBB, 0xD4, 0xC6, 0x61, 0x56, 0x04,
         0x65, 0x7C, 0x88, 0xC3, 0x73, 0xBC, 0xEB, 0xDD, 0x4D, 0xE0, 0xE6, 0xC0, 0x63, 0x8D, 0xF2, 0x81, 0xF6, 0xA8,
         0x3D, 0x3F, 0xA4, 0xE9, 0x4A, 0xB5, 0xF0, 0xCA, 0x8B, 0x2C, 0xD7, 0xAC, 0xC5, 0xC1, 0xBF, 0x53, 0xD1, 0x6F,
         0x06, 0xE7, 0xD6, 0x09, 0x95, 0x44, 0x71, 0xB9, 0x83, 0x4C, 0x22, 0xAF, 0xB4, 0x75, 0x36, 0x30, 0xCB, 0xEE,
         0x91, 0x45, 0x8C, 0x4E, 0x6E, 0x6C, 0x4F, 0x84, 0xBA, 0xFF, 0x64, 0xB3, 0x60, 0xFB, 0xB0, 0x18, 0xD8, 0xDF,
         0x3C, 0x68, 0xDC, 0x69]
box29 = [0xD1, 0x9C, 0x68, 0xC0, 0x13, 0xAC, 0x48, 0x32, 0xA3, 0xBA, 0x4C, 0xE7, 0x6D, 0xC8, 0x1C, 0xAB, 0xE2, 0x7A,
         0x42, 0xE1, 0x7B, 0x16, 0x67, 0x03, 0xAE, 0x7E, 0xAA, 0x38, 0x22, 0x02, 0x39, 0x51, 0xC7, 0x79, 0xD7, 0xCB,
         0xEF, 0x62, 0x98, 0xDC, 0x53, 0x72, 0x89, 0xA5, 0x4B, 0xC6, 0x86, 0xF6, 0xFC, 0x77, 0x5A, 0xF5, 0x2E, 0x3D,
         0xB2, 0xFE, 0x59, 0x27, 0x80, 0x63, 0xDD, 0x1A, 0x12, 0x5E, 0xED, 0xB0, 0xBC, 0xC4, 0x5F, 0x11, 0xC9, 0x09,
         0xC5, 0x75, 0x96, 0x0A, 0x2F, 0x00, 0x17, 0x81, 0x14, 0x47, 0xBB, 0x9D, 0x8E, 0x3C, 0xD6, 0xA1, 0xE0, 0xA2,
         0x26, 0x5D, 0x08, 0x6E, 0x4E, 0xF1, 0xCF, 0x73, 0x8A, 0x90, 0x0B, 0xB3, 0x3E, 0xB6, 0x1F, 0xC3, 0xB7, 0xDA,
         0x8D, 0x05, 0xEE, 0x18, 0x93, 0x3A, 0x6A, 0x8C, 0x43, 0x8F, 0xEB, 0xE9, 0x5B, 0x29, 0x37, 0x1E, 0x46, 0x33,
         0x31, 0xFB, 0x35, 0x34, 0x61, 0x04, 0x0E, 0x2B, 0x74, 0xF9, 0x8B, 0x2C, 0x20, 0x0C, 0x7C, 0x28, 0x5C, 0xCA,
         0xE6, 0x6B, 0xD8, 0x30, 0xE4, 0x21, 0x44, 0x70, 0x06, 0xA6, 0x60, 0x41, 0x84, 0x10, 0x95, 0x4F, 0x64, 0x83,
         0xD2, 0x9A, 0xBE, 0xAF, 0x9F, 0x07, 0xC1, 0xB8, 0x3B, 0x65, 0xCC, 0x57, 0xB5, 0xD9, 0x92, 0xDE, 0x0D, 0xE3,
         0xF3, 0xA4, 0xBD, 0x6F, 0xD3, 0x25, 0x88, 0x71, 0xFF, 0xA9, 0x36, 0xB1, 0x78, 0x24, 0x69, 0xAD, 0x19, 0xBF,
         0xFD, 0xCD, 0x4A, 0xEA, 0x87, 0x91, 0xA8, 0x66, 0x82, 0x50, 0x0F, 0x99, 0x45, 0xF2, 0xD5, 0x9B, 0x94, 0x7D,
         0xCE, 0xDB, 0xB9, 0x52, 0xE5, 0xF4, 0x01, 0x7F, 0xD4, 0x15, 0x2D, 0x3F, 0x1D, 0xA7, 0xC2, 0xFA, 0x40, 0xE8,
         0xA0, 0x55, 0x6C, 0xF7, 0x1B, 0x58, 0x85, 0x56, 0x9E, 0xEC, 0x97, 0x23, 0xF0, 0x4D, 0xD0, 0xF8, 0x2A, 0x49,
         0xB4, 0x76, 0x54, 0xDF]

key = [ 90, 45,  1, 51, 43, 42, 186, 51, 72, 179, 186, 51, 113, 43, 114, 72,
       186, 42, 51, 45, 71, 51, 42, 186, 25, 186, 42, 114, 11, 124, 209, 51]

for i in range(32):
    x = box2.index(box3.index(
        box5.index(box7.index(box11.index(box13.index(box17.index(box19.index(box23.index(box29.index(key[i]))))))))))
    print(chr(x & 0xff), end="")

记得补上之前smc异或的两个

1
DASCTF{!y0u_4r3_7h3_m4573r_0f_r3v3r51n6_#}

babytea

32位无壳,ida打开

image-20221127202337794

32位输入,然后加密,最后比较

打开加密函数

image-20221127202519318

很明显是tea加密,但估计没那么简单。

tea魔改主要在于修改delta以及对输入输出附加额外的加密

以防万一检查汇编

image-20230112174827683

发现有try-except异常处理。这道题总共有三个

第一个是对sum进行修改

image-20221127203012268

内存中的delta恒为0x0x9E3779B1,。

每次循环sum += delta之后进入try块,ecx = sum >> 31

若ecx = 0,idiv ecx 则会引发除零异常,进入except

image-20221127203346422

在except中, sum ^= 0x1234567,在逆向中我我们需要每一轮sum和delta的值,于是写脚本进行计算

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#include <cstdio>

using namespace std;

int main()
{
    unsigned long sum = 0;
    unsigned long a = 0x9E3779B1;
    for(int i = 0; i <= 32; i++) {
        printf("0x%llx\n, ", sum);
        sum += a;
        if((sum >> 31) == 0) {
            sum ^= 0x1234567;
        }
    }
    return 0;
}

// unsigned long sumx[] = {
//     0x9e3779b1, 0x3d4db605, 0xdb852fb6, 0x789fec00, 
//     0x17f420d6, 0xb62b9a87, 0x5540515f, 0xf377cb10,
//     0x91af44c1, 0x2ec5fb15, 0xccfd74c6, 0x6a17ab10,
//     0x96c61a6, 0xa7a3db57, 0x44f8106f, 0xe32f8a20,
//     0x816703d1, 0x1ebd38e5, 0xbcf4b296, 0x5a0f6920,
//     0xf846e2d1, 0x967e5c82, 0x35969354, 0xd3ce0d05, 
//     0x7326c3d1, 0x107d78e5, 0xaeb4f296, 0x4dcf2920, 
//     0xec06a2d1, 0x8a3e1c82, 0x2956d354, 0xc78e4d05
// };

第二个是对输入的修改

image-20221127204013121

xor ecx ecx 后接idivi ecx,一定会引发除零异常

然后用key1和输入的前半段异或,key2和输入的后半段异或后再进入32轮的tea循环

最后一个是对key1和key2的修改

image-20221127204344862

在32轮的tea后,将加密后的数据作为新的key

至此整个加密就结束

写脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#include <cstdio>
#include <cstring>
#include <iostream>


using namespace std;

unsigned long sumx[] = {
    0x9e3779b1, 0x3d4db605, 0xdb852fb6, 0x789fec00, 
    0x17f420d6, 0xb62b9a87, 0x5540515f, 0xf377cb10,
    0x91af44c1, 0x2ec5fb15, 0xccfd74c6, 0x6a17ab10,
    0x96c61a6, 0xa7a3db57, 0x44f8106f, 0xe32f8a20,
    0x816703d1, 0x1ebd38e5, 0xbcf4b296, 0x5a0f6920,
    0xf846e2d1, 0x967e5c82, 0x35969354, 0xd3ce0d05, 
    0x7326c3d1, 0x107d78e5, 0xaeb4f296, 0x4dcf2920, 
    0xec06a2d1, 0x8a3e1c82, 0x2956d354, 0xc78e4d05
};

void decrypt(unsigned long* EntryData, unsigned long* Key, unsigned long* k)
{
    unsigned long Mup = EntryData[0];
    unsigned long Mdown = EntryData[1];

    unsigned long sum = 0;
    int n = 32;

    for(int i=0;i<n;i++){
        sum = sumx[32-i-1];
        Mdown -= ((Mup << 4) + Key[2]) ^ (Mup + sum) ^ ((Mup >> 5) + Key[3]);
        Mup -= ((Mdown << 4) + Key[0]) ^ (Mdown + sum) ^ ((Mdown >> 5) + Key[1]);
    }
    
    EntryData[0] = Mup ^ k[0];
    EntryData[1] = Mdown ^ k[1];
}

int main()
{
    unsigned int flag[8] = {
        0x5E27B530, 0xBDBEF7F3, 0xE3516A8F, 0x5D836CFE,
        0xD83DFA09, 0x8EFC737A, 0x55A853A3, 0x7A564EC5
    };
    unsigned long key[] = {0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476};
    unsigned long k[] = {0x1234567, 0x89ABCDEF};
    for(int i = 0; i < 4; i++) {
        unsigned long tmp[2];
        tmp[0] = flag[2*i];
        tmp[1] = flag[2*i + 1];
        decrypt(tmp, key, k);
        k[0] = flag[2*i];
        k[1] = flag[2*i + 1];
        for (int j = 0; j < 2; j++) {                 
            for (int k = 0; k < 4; k++) {
                printf("%c", tmp[j] & 0xff);
                tmp[j] >>= 8;
            }
        }
    }
    return 0;
}
1
DASCTF{600d_y0u_r34lly_kn0w_734_4nd_53h}