HWS Summer 2023 Rewp

发表于2023-07-27更新于2023-07-27

HWS Summer 2023

Android

直接运行,发现有两个字符串

1
159762dr7vh438sa
1
1313131313131313

jadx打开,看起来不是很对劲

直接dump

image-20230720234129004

加载了库jniex并且有个decrypt函数

image-20230720235551458

发现只是sm4

image-20230721000732984

flag{just!_enjoy!_the_match!_zyc_2022}

Animal

去除花指令和不透明谓词后

image-20230721000912191

9位输入,输入为0-5

主要加密是md5,不过似乎魔改过

image-20230721001233186

直接爆破

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
def dfs(s):
    if len(s) == 9:
        p = subprocess.Popen('/home/mrfifsh/debug/main',
                             stdin=subprocess.PIPE, stdout=subprocess.PIPE, shell=True)
        str = ''
        for t in s:
            str = str + t + '\r\n'
        out = p.communicate(bytes(str.encode()))[0]
        out = out.decode()
        print(s)
        if 'flag' in out:
            with open("flag.txt", 'w') as f:
                f.write('flag' + s)
            print('flag' + s)
            exit(0)
        return
    tmp = s
    for i in range(6):
        x = ord('0') + i
        dfs(tmp + chr(x))
    return


if __name__ == "__main__":
    s = ''
    dfs(s)

最后跑出来 051410233