[Rev賽題復現]DASCTF Apr X FATE 2022

語言: CN / TW / HK

本文為看雪論壇精華文章
看雪論壇作者ID:t0hka1

總共4題,貼了3題,還有一道go逆向的直接看這位師傅的吧。( https://bbs.pediy.com/thread-273162.htm

Crackme

幾個關鍵點:mfc逆向,win32 加密api的識別, ZwSetInformationThread 反除錯。

看程式圖示是個mfc的程式,先開啟看看,隨便輸入一點東西,看到彈窗彈出:

直接拖進ida搜尋Wrong!!!字串,藉此通過檢視引用跳轉到主函式。

先簡單的修復一下變數名:

大概可以看到key的前4位經過一次sub_403510,後4位也經過一次sub_403510,整個key8位又經過一次sub_403510。

隨後進入sub_403510函式看一看,看到有一堆為win32 加密api的函式。

那就對照著MSDN一個個函式查閱一下:

CryptAcquireContext 函式用於獲取特定加密服務提供程式 (CSP) 中特定金鑰容器的控制代碼。此返回的控制代碼用於呼叫使用所選 CSP 的 CryptoAPI 函式。

BOOL CryptAcquireContextA(
[out] HCRYPTPROV *phProv,
[in] LPCSTR szContainer,
[in] LPCSTR szProvider,
[in] DWORD dwProvType,
[in] DWORD dwFlags
);

CryptCreateHash 函式啟動資料流的雜湊。它建立加密服務提供程式 (CSP) 雜湊物件的控制代碼並將其返回給呼叫應用程式。此控制代碼用於對 CryptHashData 和 CryptHashSessionKey 的後續呼叫,以雜湊會話金鑰和其他資料流。

BOOL CryptCreateHash(
[in] HCRYPTPROV hProv,
[in] ALG_ID Algid,
[in] HCRYPTKEY hKey,
[in] DWORD dwFlags,
[out] HCRYPTHASH *phHash
);

注意這裡Algid是標識要使用的雜湊演算法的引數,通過不同的值的傳入選擇不同的hash演算法,可查下面的連結: ALG_ID (Wincrypt.h) - Win32 apps | Microsoft Docs https://docs.microsoft.com/en-us/windows/win32/seccrypto/alg-id

CryptHashData 函式將資料新增到指定的雜湊物件。此函式和CryptHashSessionKey 可以多次呼叫,以計算長資料流或不連續資料流的雜湊值。

BOOL CryptHashData(
[in] HCRYPTHASH hHash,
[in] const BYTE *pbData,
[in] DWORD dwDataLen,
[in] DWORD dwFlags
);

CryptGetHashParam 函式檢索控制雜湊物件操作的資料。可以使用此函式檢索實際的雜湊值。

BOOL CryptGetHashParam(
[in] HCRYPTHASH hHash,
[in] DWORD dwParam,
[out] BYTE *pbData,
[in, out] DWORD *pdwDataLen,
[in] DWORD dwFlags
);

CryptEncrypt 函式對資料進行加密。用於加密資料的演算法由 CSP 模組持有的金鑰指定,並由 hKey 引數引用。

BOOL CryptEncrypt(
[in] HCRYPTKEY hKey,
[in] HCRYPTHASH hHash,
[in] BOOL Final,
[in] DWORD dwFlags,
[in, out] BYTE *pbData,
[in, out] DWORD *pdwDataLen,
[in] DWORD dwBufLen
);

程式大概的邏輯就是這樣:

然後我們就通過動調去拿資料,這裡有兩種方式,一種是通過ida patch反除錯函式的方式,一種是通過od 的sharp od外掛直接繞過。

繞反除錯方法一:先用ida繞過反除錯

對比各種反除錯和去IAT表找匯入函式沒有找到,後面在strings介面可以發現ZwSetInformationThread反除錯的特徵ZwSetInformationThread - CTF Wiki (ctf-wiki.org)( https://ctf-wiki.org/reverse/windows/anti-debug/zwsetinformationthread/

ZwSetInformationThread通過為執行緒設定 ThreadHideFromDebugger,可以禁止執行緒產生除錯事件。

繞過: ZwSetInformationThread 函式的第 2 個引數為 ThreadHideFromDebugger,其值為 0x11。除錯執行到該函式時,若發現第 2 個引數值為 0x11,跳過或者將 0x11 修改為其他值即可。

看來是自己實現呼叫dll匯入的。

類似於這種寫法:

我們可以先在呼叫處下一個斷點,跑起來之後再修改patch 0x11 改掉,我這裡patch成了0x9。

然後繼續下斷點拿密文。

然後再扔到md5解密網站解密。

類似的拿到sha1解密後的key後四位 https://crackstation.net/

key:NocTuRne

md5(key):C0804C74E05B4C7440AC4D7480954C74

繞反除錯方法二:OD odsharp外掛直接繞

之後就是模擬呼叫win32 的aes解密api來解密的過程了。

#include <Windows.h>
#include <stdio.h>
#include <wincrypt.h>


int main(){
BYTE pbData[] = {0x5c,0x53,0xa4,0xa4,0x1d,0x52,0x43,0x7a,0x9f,0xa1,0xe9,0xc2,0x6c,0xa5,0x90,0x90,0x0}; //key_buf
BYTE flag_encrypt[] = {0x5B, 0x9C, 0xEE, 0xB2, 0x3B, 0xB7, 0xD7, 0x34, 0xF3, 0x1B, 0x75, 0x14, 0xC6, 0xB2, 0x1F, 0xE8, 0xDE, 0x33, 0x44, 0x74, 0x75, 0x1B, 0x47, 0x6A, 0xD4, 0x37, 0x51, 0x88, 0xFC, 0x67, 0xE6, 0x60, 0xDA, 0x0D, 0x58, 0x07, 0x81, 0x43, 0x53, 0xEA, 0x7B, 0x52, 0x85, 0x6C, 0x86, 0x65, 0xAF, 0xB4,0x0};
DWORD dwDataLen = 0x10;
DWORD ddwDataLen;
DWORD* pdwDataLen = &ddwDataLen;
*pdwDataLen = 0x20;




BOOL v6; // [esp+4h] [ebp-18h]
HCRYPTKEY phKey; // [esp+Ch] [ebp-10h] BYREF
HCRYPTPROV phProv; // [esp+10h] [ebp-Ch] BYREF
HCRYPTHASH phHash; // [esp+14h] [ebp-8h] BYREF


phProv = 0;
phHash = 0;
phKey = 0;
v6 = CryptAcquireContextA(&phProv, 0, 0, 0x18u, 0xF0000000);
if (v6)
{
v6 = CryptCreateHash(phProv, 0x8003u, 0, 0, &phHash);
if (v6)
{
v6 = CryptHashData(phHash, pbData, dwDataLen, 0);
if (v6)
{
v6 = CryptDeriveKey(phProv, 0x660Eu, phHash, 1u, &phKey);// key的md5值再生成aes金鑰
if (v6)
v6 = CryptDecrypt(phKey, 0, 1, 0, flag_encrypt, pdwDataLen);
printf("%s", flag_encrypt);
}
}
}
if (phKey)
CryptDestroyKey(phKey);
if (phHash)
CryptDestroyHash(phHash);
if (phProv)
CryptReleaseContext(phProv, 0);
return v6;
}

拿到flag!

補充方法:Hook Windows API 求解

另外經mas0n師傅補充,附上frida來hook求解的方法。

  var baseAddr = Process.findModuleByName('Crackme_1.exe');


// input 32 length flag, e.g. 11111111111111111111111111111111
// key: NocTuRne
// frida attach -p 48964 -l agent\hook_win.js




// memcmp
var hookAddr = ptr(0x0109D4BC);
Interceptor.attach(hookAddr, {
onEnter: function(args) {
let Buf1 = args[0];
let Buf2 = args[1];
let Size = args[2];
console.log("-----\n[Size]\n", Size);
let size = Size.toInt32();
console.log("-----\n[Buf1]\n", Buf1.readByteArray(size));
console.log("-----\n[Buf2]\n", Buf2.readByteArray(size));
console.log("---------------------------");
},
onLeave: function(arg) {
return arg;
}
})


var libAddr = Process.findModuleByName('ADVAPI32.dll');
var fn_CryptEncrypt = libAddr.getExportByName("CryptEncrypt");
var fn_CryptDecrypt = libAddr.getExportByName("CryptDecrypt");


var flag = null;
Interceptor.replace(fn_CryptEncrypt, fn_CryptDecrypt);
Interceptor.attach(fn_CryptDecrypt, {
onEnter: function(args) {
args[4].writeByteArray([0x5b,0x9c,0xee,0xb2,0x3b,0xb7,0xd7,0x34,0xf3,0x1b,0x75,0x14,0xc6,0xb2,0x1f,0xe8,0xde,0x33,0x44,0x74,0x75,0x1b,0x47,0x6a,0xd4,0x37,0x51,0x88,0xfc,0x67,0xe6,0x60,0xda,0x0d,0x58,0x07,0x81,0x43,0x53,0xea,0x7b,0x52,0x85,0x6c,0x86,0x65,0xaf,0xb4]);
args[5].writeInt(0x40);
flag = args[4];
console.log("hook fn_CryptDecrypt");
return args;
},
onLeave: function(arg) {
console.log(flag.readCString());
return arg;
}
})

奇怪的交易

拖進ida裡發現經過upx加殼, 直接upx -d脫殼。

接著再使用pyinstxtractor解包得到一堆檔案(比較坑的地方是本地python環境必須與源程式的python環境相同才能解包PYZ-00.pyz),下面是徹底解包後的幾個關鍵的檔案。

奇怪的交易.pyc檔案內容如下:

python反編譯 - 線上工具 (tool.lu)( https://tool.lu/pyc/

樣其實邏輯很明顯還是有問題的,題目特意用的Python3.10版本,導致反編譯結果會不正確。

通過pycdump可以dump出opcode,對比進行變數名和程式碼邏輯的修復。

可以參考下面的文章:

Python位元組碼文件 Python位元組碼詳解(介紹了Python的特有型別以及遍歷等操作)( https://blog.csdn.net/weixin_46263782/article/details/120930191

修復後的 奇怪的交易.py

from cup import *
from libnum import *


if __name__ == '__main__':
flag = input('請輸入flag')
pub_key = [
0x649EE967E7916A825CC9FD3320BEABF263BEAC68C080F52824A0F521EDB6B78577EC52BF1C9E78F4BB71192F9A23F1A17AA76E5979E4D953329D3CA65FB4A71DA57412B59DFD6AEDF0191C5555D3E5F582B81B5E6B23163E9889204A81AFFDF119FE25C92F4ED59BD3285BCD7AAE14824240D2E33C5A97848F4EB7AAC203DE6330D2B4D8FF61691544FBECD120F99A157B3D2F58FA51B2887A9D06CA383C44D071314A12B17928B96F03A06E959A5AFEFA0183664F52CD32B9FC72A04B45913FCB2D5D2D3A415A14F611CF1EAC2D6C785142A8E9CC41B67A6CD85001B06EDB8CA767D367E56E0AE651491BF8A8C17A38A1835DB9E4A9292B1D86D5776C98CC25,
0x647327833ACFEF1F9C83E74E171FC300FA347D4A6769476C33DA82C95120ACB38B62B33D429206FE6E9BB0BB7AB748A1036971BEA36EC47130B749C1C9FF6FE03D0F7D9FC5346EB0E575BDFA6C530AA57CD676894FC080D2DD049AB59625F4B9C78BCFD95CDCD2793E440E26E189D251121CB6EB177FEDB596409034E8B0C5BBD9BD9342235DBB226C9170EFE347FF0FD2CFF9A1F7B647CC83E4D8F005FD7125A89251C768AFE70BDD54B88116814D5030F499BCAC4673CCCC342FB4B6AC58EA5A64546DC25912B6C430529F6A7F449FD96536DE269D1A1B015A4AC6B6E46EE19DCE8143726A6503E290E4BAE6BD78319B5878981F6CFFDB3B818209341FD68B]
m = libnum.s2n(flag)
c = str(pow(m, pub_key[1], pub_key[0])) # 極長的一串東西
store = []
cipher = [3532577106, 1472742623, 3642468664, 4193500461, 2398676029, 617653972, 1474514999, 1471783658, 1012864704,
3615627536, 993855884, 438456717, 3358938551, 3906991208, 198959101, 3317190635, 3656923078, 613157871,
2398768861, 97286225, 2336972940, 1471645170, 3233163154, 583597118, 2863776301, 3183067750, 1384330715,
2929694742, 3522431804, 2181488067, 3303062236, 3825712422, 145643141, 2148976293, 2940910035, 506798154,
994590281, 2231904779, 3389770074, 2814269052, 1105937096, 1789727804, 3757028753, 2469686072, 1162286478,
680814033, 2934024098, 2162521262, 4048876895, 2121620700, 4240287315, 2391811140, 3396611602, 3091349617,
3031523010, 2486958601, 3164065171, 1285603712, 798920280, 2337813135, 4186055520, 3523024366, 1077514121,
1436444106, 2731983230, 1507202797, 500756149, 198754565, 2382448647, 880454148, 1970517398, 3217485349,
1161840191, 560498076, 1782600856, 2643721918, 1285196205, 788797746, 1195724574, 4061612551, 103427523,
2502688387, 4147162188, 617564657, 978211984, 1781482121, 2205798970, 3939973102, 3826603515, 659557668,
2582884932, 1561884856, 2217488804, 1189296962, 169145316, 2781742156, 1323893433, 824667876, 408202876,
3759637634, 4094868412, 1508996065, 162419237, 3732146944, 3083560189, 3955940127, 2393776934, 2470191468,
3620861513, 481927014, 2756226070, 3154651143, 1261069441, 2063238535, 2222237213, 101459755, 3159774417,
1721190841, 1078395785, 176506553, 3552913423, 1566142515, 1938949000, 1499289517, 3315102456, 829714860,
3843359394, 952932374, 1283577465, 2045007203, 3957761944, 3767891405, 2917089623, 3296133521, 482297421,
1734231412, 3670478932, 2575334979, 2827842737, 3413631016, 1533519803, 4008428470, 3890643173, 272960248,
317508587, 3299937500, 2440520601, 27470488, 1666674386, 1737927609, 750987808, 2385923471, 2694339191,
562925334, 2206035395]


i = 0
# rsa 生成的密文遍歷加密
while i < len(c): # i<155
index = 0
for ii in c[i:i + 4]:
index = (index << 8) + ord(ii)
store.append(index)


i += 4
if not i < len(c):
key = [54, 54, 54, 54]
store_len = len(store)
res = encrypt(store_len, store, key)
if store == cipher:
print('You are right!')
input('')
quit()
else:
print('Why not drink a cup of tea and have a rest?')


continue

發現從cup包匯入了一個encrypt函式。

以下是對經key加密後的cup.pyc.encrypted的解密指令碼

[原創]Python逆向——Pyinstaller逆向-軟體逆向-看雪論壇-安全社群|安全招聘|bbs.pediy.com

https://bbs.pediy.com/thread-271253.htm

      #!/usr/bin/env python3
import tinyaes
import zlib


CRYPT_BLOCK_SIZE = 16


# 從crypt_key.pyc獲取key,也可自行反編譯獲取
key = bytes('0000000000000tea', 'utf-8')


inf = open('cup.pyc.encrypted', 'rb') # 開啟加密檔案
outf = open('output.pyc', 'wb') # 輸出檔案


# 按加密塊大小進行讀取
iv = inf.read(CRYPT_BLOCK_SIZE)


cipher = tinyaes.AES(key, iv)


# 解密
plaintext = zlib.decompress(cipher.CTR_xcrypt_buffer(inf.read()))


# 補pyc頭(最後自己補也行)
outf.write(b'\x6f\x0d\x0d\x0a\0\0\0\0\0\0\0\0\0\0\0\0')


# 寫入解密資料
outf.write(plaintext)


inf.close()
outf.close()

解密得到發現是一個python實現的xxtea加密,最基礎的版本,甚至連key都沒變。

python實現xxtea加解密參考連結

https://www.icode9.com/content-1-1126418.html

#!/usr/bin/env python
# visit https://tool.lu/pyc/ for more information
import libnum
from ctypes import *


def MX(z, y, total, key, p, e):
temp1 = (z.value >> 5 ^ y.value << 2) + (y.value >> 3 ^ z.value << 4)
temp2 = (total.value ^ y.value) + (key[p & 3 ^ e.value] ^ z.value)
return c_uint32(temp1 ^ temp2)




def encrypt(ᘗ, ᘖ, ᘘ):
ᘜ = 0x9E3779B9L
ᘛ = 6 + 52 // ᘗ
total = c_uint32(0)
ᘔ = c_uint32(ᘖ[ᘗ - 1])
ᘕ = c_uint32(0)
if ᘛ > 0:
total.value += ᘜ
ᘕ.value = total.value >> 2 & 3
ᘚ = c_uint32(ᘖ[0])
ᘖ[ᘗ - 1] = c_uint32(ᘖ[ᘗ - 1] + MX(ᘔ, ᘚ, total, ᘘ, ᘗ - 1, ᘕ).value).value
ᘔ.value = ᘖ[ᘗ - 1]
ᘛ -= 1
if not ᘛ > 0:
return ᘖ

先解密xxtea得到結果rsa加密的密文c。

from ctypes import *




def MX(z, y, total, key, p, e):
temp1 = (z.value>>5 ^ y.value<<2) + (y.value>>3 ^ z.value<<4)
temp2 = (total.value ^ y.value) + (key[(p&3) ^ e.value] ^ z.value)


return c_uint32(temp1 ^ temp2)




def encrypt(n, v, key):
delta = 0x9e3779b9
rounds = 6 + 52//n


total = c_uint32(0)
z = c_uint32(v[n-1])
e = c_uint32(0)


while rounds > 0:
total.value += delta
e.value = (total.value >> 2) & 3
for p in range(n-1):
y = c_uint32(v[p+1])
v[p] = c_uint32(v[p] + MX(z,y,total,key,p,e).value).value
z.value = v[p]
y = c_uint32(v[0])
v[n-1] = c_uint32(v[n-1] + MX(z,y,total,key,n-1,e).value).value
z.value = v[n-1]
rounds -= 1


return v




def decrypt(n, v, key):
delta = 0x9E3779B9
rounds = 6 + 52//n


total = c_uint32(rounds * delta)
y = c_uint32(v[0])
e = c_uint32(0)


while rounds > 0:
e.value = (total.value >> 2) & 3
for p in range(n-1, 0, -1):
z = c_uint32(v[p-1])
v[p] = c_uint32((v[p] - MX(z,y,total,key,p,e).value)).value
y.value = v[p]
z = c_uint32(v[n-1])
v[0] = c_uint32(v[0] - MX(z,y,total,key,0,e).value).value
y.value = v[0]
total.value -= delta
rounds -= 1


return v




# test
if __name__ == "__main__":
# 該演算法中每次可加密不只64bit的資料,並且加密的輪數由加密資料長度決定


k = [54, 54, 54, 54]
n = 155


res=[3532577106, 1472742623, 3642468664, 4193500461, 2398676029, 617653972, 1474514999, 1471783658, 1012864704, 3615627536, 993855884, 438456717, 3358938551, 3906991208, 198959101, 3317190635, 3656923078, 613157871, 2398768861, 97286225, 2336972940, 1471645170, 3233163154, 583597118, 2863776301, 3183067750, 1384330715, 2929694742, 3522431804, 2181488067, 3303062236, 3825712422, 145643141, 2148976293, 2940910035, 506798154, 994590281, 2231904779, 3389770074, 2814269052, 1105937096, 1789727804, 3757028753, 2469686072, 1162286478, 680814033, 2934024098, 2162521262, 4048876895, 2121620700, 4240287315, 2391811140, 3396611602, 3091349617, 3031523010, 2486958601, 3164065171, 1285603712, 798920280, 2337813135, 4186055520, 3523024366, 1077514121, 1436444106, 2731983230, 1507202797, 500756149, 198754565, 2382448647, 880454148, 1970517398, 3217485349, 1161840191, 560498076, 1782600856, 2643721918, 1285196205, 788797746, 1195724574, 4061612551, 103427523, 2502688387, 4147162188, 617564657, 978211984, 1781482121, 2205798970, 3939973102, 3826603515, 659557668, 2582884932, 1561884856, 2217488804, 1189296962, 169145316, 2781742156, 1323893433, 824667876, 408202876, 3759637634, 4094868412, 1508996065, 162419237, 3732146944, 3083560189, 3955940127, 2393776934, 2470191468, 3620861513, 481927014, 2756226070, 3154651143, 1261069441, 2063238535, 2222237213, 101459755, 3159774417, 1721190841, 1078395785, 176506553, 3552913423, 1566142515, 1938949000, 1499289517, 3315102456, 829714860, 3843359394, 952932374, 1283577465, 2045007203, 3957761944, 3767891405, 2917089623, 3296133521, 482297421, 1734231412, 3670478932, 2575334979, 2827842737, 3413631016, 1533519803, 4008428470, 3890643173, 272960248, 317508587, 3299937500, 2440520601, 27470488, 1666674386, 1737927609, 750987808, 2385923471, 2694339191, 562925334, 2206035395]


res = decrypt(n, res, k)


# print(res)
for i in res:
print(chr(i>>24),end="")
print(chr((i&0x00ff0000)>>16),end="")
print(chr((i&0x0000ff00)>>8),end="")
print(chr(i&0x000000ff),end="")


#c= 10610336534759505889607399322387179316771488492347274741918862678692508953185876570981227584004676580623553664818853686933004290078153620168054665086468417541382824708104480882577200529822968531743002301934310349005341104696887943182074473298650903541494918266823037984054778903666406545980557074219162536057146090758158128189406073809226361445046225524917089434897957301396534515964547462425719205819342172669899546965221084098690893672595962129879041507903210851706793788311452973769358455761907303633956322972510500253009083922781934406731633755418753858930476576720874219359466503538931371444470303193503733920039

接下來是一個低解密指數 rsa 就可以得到flag了。

import gmpy2
from Crypto.PublicKey import RSA
import ContinuedFractions, Arithmetic
from Crypto.Util.number import long_to_bytes




def wiener_hack(e, n):
# firstly git clone https://github.com/pablocelayes/rsa-wiener-attack.git !
frac = ContinuedFractions.rational_to_contfrac(e, n)
convergents = ContinuedFractions.convergents_from_contfrac(frac)
for (k, d) in convergents:
if k != 0 and (e * d - 1) % k == 0:
phi = (e * d - 1) // k
s = n - phi + 1
discr = s * s - 4 * n
if (discr >= 0):
t = Arithmetic.is_perfect_square(discr)
if t != -1 and (s + t) % 2 == 0:
return d
return False




def main():
pub_key = [
0x649EE967E7916A825CC9FD3320BEABF263BEAC68C080F52824A0F521EDB6B78577EC52BF1C9E78F4BB71192F9A23F1A17AA76E5979E4D953329D3CA65FB4A71DA57412B59DFD6AEDF0191C5555D3E5F582B81B5E6B23163E9889204A81AFFDF119FE25C92F4ED59BD3285BCD7AAE14824240D2E33C5A97848F4EB7AAC203DE6330D2B4D8FF61691544FBECD120F99A157B3D2F58FA51B2887A9D06CA383C44D071314A12B17928B96F03A06E959A5AFEFA0183664F52CD32B9FC72A04B45913FCB2D5D2D3A415A14F611CF1EAC2D6C785142A8E9CC41B67A6CD85001B06EDB8CA767D367E56E0AE651491BF8A8C17A38A1835DB9E4A9292B1D86D5776C98CC25,
0x647327833ACFEF1F9C83E74E171FC300FA347D4A6769476C33DA82C95120ACB38B62B33D429206FE6E9BB0BB7AB748A1036971BEA36EC47130B749C1C9FF6FE03D0F7D9FC5346EB0E575BDFA6C530AA57CD676894FC080D2DD049AB59625F4B9C78BCFD95CDCD2793E440E26E189D251121CB6EB177FEDB596409034E8B0C5BBD9BD9342235DBB226C9170EFE347FF0FD2CFF9A1F7B647CC83E4D8F005FD7125A89251C768AFE70BDD54B88116814D5030F499BCAC4673CCCC342FB4B6AC58EA5A64546DC25912B6C430529F6A7F449FD96536DE269D1A1B015A4AC6B6E46EE19DCE8143726A6503E290E4BAE6BD78319B5878981F6CFFDB3B818209341FD68B]
# 0->n,1->e


n = pub_key[0]
e = pub_key[1]
c = 10610336534759505889607399322387179316771488492347274741918862678692508953185876570981227584004676580623553664818853686933004290078153620168054665086468417541382824708104480882577200529822968531743002301934310349005341104696887943182074473298650903541494918266823037984054778903666406545980557074219162536057146090758158128189406073809226361445046225524917089434897957301396534515964547462425719205819342172669899546965221084098690893672595962129879041507903210851706793788311452973769358455761907303633956322972510500253009083922781934406731633755418753858930476576720874219359466503538931371444470303193503733920039
d = wiener_hack(e, n)
m = pow(c, d, n)
print(long_to_bytes(m)) # flag{You_Need_Some_Tea}




if __name__ == "__main__":
main()

FakePica

先用BlackDex脫個殼,然後把解密後的dex檔案pull到自己的電腦上後拖進jadx。

看到主要是一個登入邏輯:

題目邏輯非常簡單,可以直接Aes解密,但由於主類裡有了解密的方法,肯定是要選擇更加有意思的方法來玩玩,我這裡的做法是直接採用frida來hook。

先hook繞過認證:

console.log("Script loaded successfully");
Java.perform(function x(){
console.log("inside java perform function");
//定位類
var my_class = Java.use("com.pica.picapica.MainActivity");
console.log("Java.use Successfully");
my_class.check.implementation = function(x,y){
return true;
}
})

返回頁面如下:

看到有兩個解密相關的方法,果斷繼續hook。

console.log("Script loaded successfully");
Java.perform(function x(){
console.log("inside java perform function");
//定位類
var my_class = Java.use("com.pica.picapica.MainActivity");
console.log("Java.use Successfully");
my_class.check.implementation = function(x,y){
var email=this.decryptByHexString(this.bytesConvertHexString(this.content0.value),this.key.value);
var password=this.decryptByHexString(this.bytesConvertHexString(this.content1.value),this.key.value);
console.log("flag{"+email+password+"}");
return true;
}
})

直接拿到flag。

奇怪的交易這題附件過大,這裡就直接貼我的連結了:

奇怪的交易

http://49.235.65.44:8888/down/QOUeSq0RV5tS

看雪ID:t0hka1

https://bbs.pediy.com/user-home-860779.htm

*本文由看雪論壇 t0hka1 原創,轉載請註明來自看雪社群

#

往期推薦

1. 從2021年西湖論劍一道題看高版本libc解題思路

2. 向Typora學習electron安全攻防

3. 遊戲安全之借坡下驢

4. EXP編寫學習之繞過SafeSEH

5. CVE-2016-0165提權漏洞學習筆記

6. CVE-2015-0057提權漏洞學習筆記

球分享

球點贊

球在看

點選“閱讀原文”,瞭解更多!