2024春节52pj红包解题(WEB、逆向初级题)
本帖最后由 hhcjl 于 2024-2-28 17:02 编辑拼接二维码得到网址:https://2024challenge.52pojie.cn/
## 初级:
flag1{52pj2024} flag2{xHOpRP} flag3{GRsgk2} flag4{YvJZNS} flagA{09dbcd04}
### flag1
在视频出现二维码前边可逐帧查看
### flag2
登陆时抓包跳转包中
### flag3
视频的最前部可播放器设置循环查看(静态看不出来)
### flag4
背景图中
### flagA
登陆时输入UID,burp 抓包
Forward到 get/auth/uid
将flagA 的内容覆盖uid的 send解密获取解密后的flagA
## 中级:
flag5{P3prqF} flag6{20240217} flag7{Djl9NQ} flag8{OaOjIK} flagB{aeae5c68}
### flag5
去掉无用字符得到
### flag6
直接点击计算或者查询MD5的值
### flag7
视频中github的历史提交记录中
https://github.com/ganlvtech/52pojie-2024-challenge
flag7{Djl9NQ}
### flag8
flag8{OaOjIK}
### flagB
64为整数中18446744073709551615为0
erichyx 发表于 2024-2-26 17:00
flagB购买18464037713个也不是消耗0的,一样会提示钱不够。我看其他人说会扣除28个金币,不知道怎么来的 ...
flagB999063388*18464037713=18446744073709551616
这个搞错了18446744073709551616不能被999063388整除
>>> 18446744073709551616/999063388
18464037713.0
>>> 18446744073709551616//999063388
18464037712
>>> 18464037713*999063388
18446744073709551644
>>> 18446744073709551644-18446744073709551616
28
18446744073709551616不能被999063388整除,
18464037713*999063388=18446744073709551644
64位整数
18446744073709551644&0xffffffff = 28
所以会扣除28个金币
同理flag8
>>> 18446744073709551616/10000
1844674407370955.2
18446744073709560000&0xffffffff=8384
当购买1844674407370956个的时候需要8384个金币
flagB{439d07a8}(动态改变得,获取后必须在时间段内提交)
## 高级:
flag9{KHTALK} flag10{6BxMkW} flag11{HPQfVF} flag12{HOXI} flagC{412ce6c8}
### flag9
为了好查看把'_','\','/' 分别替换为 ' ','*','#'
使用下面代码爆破
```python
flag9 = ' *#####*###### *######### *### *###*### *###*############### *######### *### *### *### *###***#****### *###*******### *##### #*### *###**#*### #*### #*******###***** *##############*### #*### *###** *##### *### #*### *######## *### #**### *###***#*###*###** #*### #*### #*### *###*********### #*### #*###*###** #****### *######### #*### *######### *###****####**### *##### #**### #*######**### #*############### #*### #*### #*### #*### #*######**### *### #****###** #*### #********### #**######### #***########*###*###### #*###** #**### #*###*********### #*### #*############### #*### #*###** #**### #**###### #*### #*### *########## #*******### #********#*### #*****### #*### #**### #*### #*### #*### #*###*********### #*### #*### #**### *###*** #*### #*### *###*****### *## ### *## *### *### #*### #**####*### #*### #*### #*### #*### #*### #*### #**### #**### r #*### *######### #**########*## #**######## #**###########* #***##### #*### #**### #*### #*### #*### #*### #*### #*############### #*### #**###*##### #*** #********* #********#** #******** #*********** #*****#*** #***#*** #*** #*** #*** #***#***************#*** #***#***** '
alen = len(flag9)
#flag9 =flag9[::-1]
n=30
with open('2aa1-2.txt','w+') as f:
for n in range(200,300):
for i in range(0,alen,n):
#print(i)
#print(flag9)
f.write(flag9+'\n')
f.write('\n\n\n')
```
### flag10
stegsolve查看
### flag11
根据提示 --var1 --var2在0-100之间,总共有100*100 ,10000中可能
写JS脚本爆破
```js
var x=0;
var y=0;
window.onclick=function(){if(y>100){x=1+x;y=0;}y=y+1;console.log(x,y); document.documentElement.style.setProperty("--var1",x);
document.documentElement.style.setProperty("--var2",y);}
setInterval(function() {
document.head.click();},100);
//x=71,y=20
```
### flag12
爆破脚本,4294967296在i32中位0,1依次4294967296,直到找到能被1103515245整除的数
也就是乘以1103515245为1的数。
```python
a = 1
b = 4294967296
c = 1103515245
while True:
a = a+b
#print(a)
if not a %c:
print(a /c)
break
#4005161829
```
flag12{HOXI}
### flagC
可针对classes爆破。
上传图片抓包,修改classes
#####逆向初级
### 初二
```
"fl@g{H@ppy_N3w_e@r!2o24!Fighting!!!}"
```
```
提示CasearCipher
ioCj~KCss|bQ6zbhCu$5r57$Iljkwlqj$$$
```
```python
eflag = 'ioCj~KCss|bQ6zbhCu$5r57$Iljkwlqj$$$'
for i in range(27):
flag = ''
for a in eflag:
na = ord(a)-i
if na>=33:
flag += chr(na)
else:
flag += chr(na%126+33)
print(flag+'\n')
```
动态调试
### 初三
```
flag{happy_new_year_2024}
```
游戏通关视频最后会出现flag
也可直接查看,在ys.mp4文件最后
### 初四
flag 为
FlagActivity.o = new byte{'V',0xee,'b','g','K',0xb7,'3',0x98,'h','^','I','Q','}','v','p','d',0xe3,'?',0xdf,0x92,'l','s','3',';','7','4','M'};
与apk的signatures亦或
signatures在apk MET-INF目录下的CERT.RSA中
```python
Signature =
#偏移11e-15d
enflag =
n = len(Signature)
n2 = len(enflag)
flag = ''
for i in range(n2):
aa = enflag ^ Signature
#print(aa)
flag += chr(aa)
```
flag9爆破脚本有问题,爆破完查看aa.txt(关闭文本的自动换行)修改后的:
flag9 = r'f.______________________________________________________________________________________________________________________________________________________________________________________________________________.............l..______________________________________________________________________________________________________________________________________________________________________________________________________________............a..________/\\\\\__/\\\\\\_____________________________________/\\\\\\\\\__________________/\\\________/\\\__/\\\________/\\\__/\\\\\\\\\\\\\\\_____/\\\\\\\\\_____/\\\______________/\\\________/\\\_____________...........g...______/\\\///__\////\\\___________________________________/\\\///////\\\________/\\\\\_\/\\\_____/\\\//__\/\\\_______\/\\\_\///////\\\/////____/\\\\\\\\\\\\\__\/\\\_____________\/\\\_____/\\\//___/\\\\\_____..........5...._____/\\\_________\/\\\_____________________/\\\\\\\\____/\\\______\//\\\_____/\\\///__\/\\\__/\\\//_____\/\\\_______\/\\\_______\/\\\________/\\\/////////\\\_\/\\\_____________\/\\\__/\\\//_____\////\\\____.........{.....__/\\\\\\\\\______\/\\\_____/\\\\\\\\\_____/\\\////\\\__\//\\\_____/\\\\\____\//\\\____\/\\\\\\//\\\_____\/\\\\\\\\\\\\\\\_______\/\\\_______\/\\\_______\/\\\_\/\\\_____________\/\\\\\\//\\\________/\\\_____........P......_\////\\\//_______\/\\\____\////////\\\___\//\\\\\\\\\___\///\\\\\\\\/\\\__/\\\\\\_____\/\\\//_\//\\\____\/\\\/////////\\\_______\/\\\_______\/\\\\\\\\\\\\\\\_\/\\\_____________\/\\\//_\//\\\______\//\\\\\\_.......3.......____\/\\\_________\/\\\______/\\\\\\\\\\___\///////\\\_____\////////\/\\\_\/////\\\____\/\\\____\//\\\___\/\\\_______\/\\\_______\/\\\_______\/\\\/////////\\\_\/\\\_____________\/\\\____\//\\\______/\\\///__......p........____\/\\\_________\/\\\_____/\\\/////\\\___/\\_____\\\___/\\________/\\\______/\\\_____\/\\\_____\//\\\__\/\\\_______\/\\\_______\/\\\_______\/\\\_______\/\\\_\/\\\_____________\/\\\_____\//\\\____\//\\\____.....r.........____\/\\\_______/\\\\\\\\\_\//\\\\\\\\/\\_\//\\\\\\\\___\//\\\\\\\\\\\/______\///\\\\\_\/\\\______\//\\\_\/\\\_______\/\\\_______\/\\\_______\/\\\_______\/\\\_\/\\\\\\\\\\\\\\\_\/\\\______\//\\\__/\\\\\_____....q..........____\///_______\/////////___\////////\//___\////////_____\///////////__________\/////__\///________\///__\///________\///________\///________\///________\///__\///////////////__\///________\///__\/////______...F..........._______________________________________________________________________________________________________________________________________________________________________________________________________________..}............_______________________________________________________________________________________________________________________________________________________________________________________________________________.'
alen = len(flag9)
with open('flag.txt','w+') as f:
for n in range(100,300):
for i in range(0,alen,n):
#print(i)
#print(flag9)
f.write(flag9+'\n')
f.write('\n\n\n') flag8中购买18464037713个并不是消耗0,还是会提示钱不够。 本帖最后由 hhcjl 于 2024-2-25 17:07 编辑
erichyx 发表于 2024-2-25 12:10
flag8中购买18464037713个并不是消耗0,还是会提示钱不够。
flag8 就是不行,flag8我是玩够10000金币买的。
flagB999063388*18464037713=18446744073709551616
18446744073709551616 ,64位正好溢出为0。 hhcjl 发表于 2024-2-25 17:01
flag8 就是不行,flag8我是玩够10000金币买的。
flagB999063388*18464037713=18446744073709551616
...
flagB购买18464037713个也不是消耗0的,一样会提示钱不够。我看其他人说会扣除28个金币,不知道怎么来的。 erichyx 发表于 2024-2-26 17:00
flagB购买18464037713个也不是消耗0的,一样会提示钱不够。我看其他人说会扣除28个金币,不知道怎么来的 ...
flagB999063388*18464037713=18446744073709551616
这个搞错了18446744073709551616不能被999063388整除
>>> 18446744073709551616/999063388
18464037713.0
>>> 18446744073709551616//999063388
18464037712
>>> 18464037713*999063388
18446744073709551644
>>> 18446744073709551644-18446744073709551616
28
18446744073709551616不能被999063388整除,
18464037713*999063388=18446744073709551644
64位整数
18446744073709551644&0xffffffff = 28
所以会扣除28个金币
同理flag8
>>> 18446744073709551616/10000
1844674407370955.2
18446744073709560000&0xffffffff=8384
当购买1844674407370956个的时候需要8384个金币 flag5
https://attach.52pojie.cn//forum/202402/25/094634m8gc32l3b2l3lbb3.png?l
@hhcjl 这里有个图片贴丢了,而且这个地址有问题,看起来你是直接拖过来的,不是像其他那种点击过来的,这个是临时地址会失效。
image-20240220175500501
这个也丢了。
另外把其他发布的题目解题也合并到这个帖子一起吧,合并完我删除另外一篇帖子,方便一起合并加分,处理完回复我一声,我来处理加分。 Hmily 发表于 2024-2-27 16:07
@hhcjl 这里有个图片贴丢了,而且这个地址有问题,看起来你是直接拖过来的,不是像其他那种点击过来的, ...
弄好了,已经合并和 修复了图片。
页:
[1]