羊城杯2020_Bytecode

[羊城杯 2020]Bytecode

发现是个py字节码文件，手撕

大概就长这样

from past.builtins import raw_input

en = [3, 37, 72, 9, 6, 132]
output = [101, 96, 23, 68, 112, 42, 107, 62,
          96, 53, 176, 179, 98, 53, 67, 29,
          41, 120, 60, 106, 51, 101, 178, 189,
          101, 48]
print("welcome to GWHT2020")

flag = raw_input('please input your flag')
str = flag
a = len(str)

if a >= 38:
    if ((((ord(str[0]) * 2020 + ord(str[1])) + ord(str[2])) * 2020 + ord(str[3])) * 2020) + ord(
            str[4]) == 1182843538814603:
        x = []
        k = 5
        for i in range(13):
            b = ord(str[k])
            c = ord(str[k + 1])
            a11 = c ^ en[i % 6]
            a22 = b ^ en[i % 6]
            x.append(a11)
            x.append(a22)
            k += 2

        for i in range(len(output)):
            if output[i] != x[i]:
                exit(0)

        l = len(str)
        a1 = ord(str[l - 7])
        a2 = ord(str[l - 6])
        a3 = ord(str[l - 5])
        a4 = ord(str[l - 4])
        a5 = ord(str[l - 3])
        a6 = ord(str[l - 2])

        if ((a1 * 3 + a2 * 2 + a3 * 5) == 1003 and (a1 * 4 + a2 * 7 + a3 * 9) == 2013 and
            (a1 * 1 + a2 * 8 + a3 * 2) == 1109 and (a4 * 3 + a5 * 2 + a6 * 5) == 671 and
            (a4 * 4 + a5 * 7 + a6 * 9) == 1252 and (a4 * 1 + a5 * 8 + a6 * 2) == 644):
            print('Congraduation!you get the right flag!')
    else:
        exit(0)
else:
    print("wrong")

z3

写脚本

from z3 import *

a1 = Int("a1")
a2 = Int("a2")
a3 = Int("a3")
a4 = Int("a4")
a5 = Int("a5")
a6 = Int("a6")

s = Solver()

s.add((a1 * 3 + a2 * 2 + a3 * 5) == 1003)
s.add((a1 * 4 + a2 * 7 + a3 * 9) == 2013)
s.add((a1 * 1 + a2 * 8 + a3 * 2) == 1109)
s.add((a4 * 3 + a5 * 2 + a6 * 5) == 671)
s.add((a4 * 4 + a5 * 7 + a6 * 9) == 1252)
s.add((a4 * 1 + a5 * 8 + a6 * 2) == 644)

if s.check():
    result = s.model()
    print(result)

# a1 = 97, a2 = 101, a3 = 102

en = [3, 37, 72, 9, 6, 132]
output = [101, 96, 23, 68, 112, 42, 107, 62,
          96, 53, 176, 179, 98, 53, 67, 29,
          41, 120, 60, 106, 51, 101, 178, 189,
          101, 48]

print("flag{", end="")
for i in range(0, 26, 2):
    x = output[i] ^ en[(i//2) % 6]
    y = output[i+1] ^ en[(i//2) % 6]
    print(chr(y & 0xff), end="")
    print(chr(x & 0xff), end="")

print(chr(97)+chr(101)+chr(102)+chr(102)+chr(55)+chr(51), end="}")

flag{cfa2b87b3f746a8f0ac5c5963faeff73}