baby_python
hnctf.yuanshen.life:33276
网页打不开,只能 nc 连接远程服务器。
运行没有回显
利用pickletools库进行反编译为字节码(不知道为什么)
# Python 3.10.12
from pickle import loads
import pickletools
main = b"\x80\x04ctypes\nFunctionType\n(ctypes\nCodeType\n(I1\nI0\nI0\nI4\nI8\nI67\nCbt\x00\xa0\x01|\x00d\x01\xa1\x02}\x01t\x02|\x01\x83\x01d\x00d\x00d\x02\x85\x03\x19\x00d\x00d\x03\x85\x02\x19\x00}\x00d\x04}\x02t\x03d\x05t\x04|\x00\x83\x01d\x06\x83\x03D\x00]\x11}\x03|\x02t\x05t\x00|\x00|\x03|\x03d\x06\x17\x00\x85\x02\x19\x00d\x07\x83\x02\x83\x017\x00}\x02q\x1d|\x02S\x00(NVbig\nI-1\nI-3\nV\nI0\nI8\nI2\nt(Vint\nVfrom_bytes\nVbin\nVrange\nVlen\nVchr\nt(\x8c\x04\xf0\x9f\x94\xa5\x8c\x04\xf0\x9f\xa4\xab\x8c\x04\xf0\x9f\xa7\x8f\x8c\x04\xf0\x9f\x8e\xb5tVH&NCTF\n\x8c\x04\xf0\x9f\x93\xaeI0\nC\x0c\x00\x01\x0c\x01\x1a\x01\x04\x01\x14\x01 \x01))t\x81cbuiltins\nglobals\n)R\x8c\x04\xf0\x9f\x93\xaet\x81\x940g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x05\x01.\xce\x966\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x0b\x01\xa6&\xf6\xc6v\xa6tN.\xce\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x06\x01.v\x96N\x0e\x85R\x93VDo you know what's the flag??? \n\x85R0g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x06\x01.\xae\x0ev\x96\x85R\x93V> \n\x85R\x85R\x85R\x940g0\nC\x07\x01\xb6\xf6&v\x86N\x85Rg0\nC\x05\x01&\xa6\xa6\xce\x85R\x93Vwelcome to H&NCTF\n\x85R0g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x05\x01.\xce\x966\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x0b\x01\xa6&\xf6\xc6v\xa6tN.\xce\x85R\x93VH&NCTF\n\x85R\x85R\x940g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x05\x01.\xce\x966\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x04\x01\x0e\x86\xb6\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x0c\x01\xfa\xfaN\xf6\x1e\xfa\xfat.v\x96\x85R\x93g0\nC\n\x01\xce6\xf6\xf6.N\xa6.\x96\x85Rg0\nC\x06\x01\xa66\xc6\x9e\xc6\x85R\x93g2\n\x85Rg1\n\x87R\x85R\x940]\x94I2024\nag0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x05\x01.\xce\x966\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x04\x01\x0e\x86\xb6\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x0c\x01\xfa\xfa&&\x86\xfa\xfat.v\x96\x85R\x93g0\nC\n\x01\xce6\xf6\xf6.N\xa6.\x96\x85Rg0\nC\x06\x01\xa66\xc6\x9e\xc6\x85R\x93g4\n\x85Rg3\n\x87R\x85R\x940g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x04\x01\x9ev\x86\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x04\x01\x0e\x86\xb6\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x0c\x01\xfa\xfaN\xf6\x1e\xfa\xfat.v\x96\x85R\x93(I2024\nI2024\nI2024\nI2024\nI2024\nI2024\nI2075\nI2099\nI2071\nI2082\nI2078\nI2059\nI2047\nI2119\nI2057\nI2078\nI2035\nI2064\nI2069\nI2091\nI2066\nI2052\nI2077\nI2049\nI2067\nI2098\nI2057\nI2072\nI2073\nI2076\nI2047\nI2091\nI2078\nI2058\nI2081\nI2071\nI2062\nI2095\nI2082\nI2066\nI2083\nI2064\nI2077\nlg5\n\x87R\x85R\x940g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x0b\x01\xfa\xfaN\xf6\xfa\xfat.v\x96\x85R\x93g6\ng0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x0b\x01\xfa\xfa\xa6\xe6\xfa\xfat.v\x96\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x04\x01v\xa66\x85R\x93g5\n\x85RI50\n\x86R\x86R\x940g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x11\x01\xfa\xfa\xb6\xa6.\x96.\xa6\xe6\xfa\xfat.\xce\x966\x85R\x93(VOkay,maybe you need a closer examination!\nV \nlg7\n\x86R.g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x05\x01.\xce\x966\x85R\x93g0\nC\x07\x01\xb6\xf6&v\x86N\x85Rg0\nC\n\x01\xce\xa6.\x9eF&v\x86N\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x04\x01v\xa66\x85R\x93g1\n\x85R\x85R\x85R\x940g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x05\x01.\xce\x966\x85R\x93g0\nC\x07\x01\xb6\xf6&v\x86N\x85Rg0\nC\n\x01\xce\xa6.\x9eF&v\x86N\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x04\x01v\xa66\x85R\x93g2\n\x85R\x85R\x85R\x940g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x05\x01.\xce\x966\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x04\x01\x0e\x86\xb6\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x0c\x01\xfa\xfaN\xf6\x1e\xfa\xfat.v\x96\x85R\x93g0\nC\n\x01\xce6\xf6\xf6.N\xa6.\x96\x85Rg0\nC\x06\x01\xa66\xc6\x9e\xc6\x85R\x93g9\n\x85Rg1\n\x87R\x85R\x940g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x05\x01.\xce\x966\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x04\x01\x0e\x86\xb6\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x0c\x01\xfa\xfaN\xf6\x1e\xfa\xfat.v\x96\x85R\x93g0\nC\n\x01\xce6\xf6\xf6.N\xa6.\x96\x85Rg0\nC\x06\x01\xa66\xc6\x9e\xc6\x85R\x93g2\n\x85Rg8\n\x87R\x85R\x940g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x05\x01.\xce\x966\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x04\x01\x0e\x86\xb6\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x0c\x01\xfa\xfaN\xf6\x1e\xfa\xfat.v\x96\x85R\x93g10\ng11\n\x87R\x85R\x940g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x04\x01\x9ev\x86\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x04\x01\x0e\x86\xb6\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x0c\x01\xfa\xfaN\xf6\x1e\xfa\xfat.v\x96\x85R\x93(I72\nI24\nI7\nI107\nI142\nI150\nI112\nI158\nI174\nI172\nI155\nI126\nI69\nI235\nI64\nI229\nI102\nI158\nI118\nI61\nI36\nI12\nI234\nI194\nI71\nI51\nI47\nI82\nI41\nI122\nI121\nI221\nI7\nI119\nI96\nI104\nI246\nI3\nI103\nI153\nI232\nI210\nI7\nI188\nlg12\n\x87R\x85R\x940g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x0c\x01\xfa\xfaN\xf6\x1e\xfa\xfat.v\x96\x85R\x93g13\ng0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x0b\x01\xfa\xfa\xa6\xe6\xfa\xfat.v\x96\x85R\x93g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x04\x01v\xa66\x85R\x93g12\n\x85RI50\n\x86R\x86R\x940g0\nC\t\x01\xcev\x96.6\x96\xaeF\x85Rg0\nC\x11\x01\xfa\xfa\xb6\xa6.\x96.\xa6\xe6\xfa\xfat.\xce\x966\x85R\x93(VOkay,you get the flag!\nVOh no,maybe you should try again~\nlg14\n\x86R."
# print(loads(main))
print(pickletools.dis(main))
0: \x80 PROTO 42: c GLOBAL 'types FunctionType'22: ( MARK23: c GLOBAL 'types CodeType'39: ( MARK40: I INT 143: I INT 046: I INT 049: I INT 452: I INT 855: I INT 6759: C SHORT_BINBYTES b't\x00\xa0\x01|\x00d\x01\xa1\x02}\x01t\x02|\x01\x83\x01d\x00d\x00d\x02\x85\x03\x19\x00d\x00d\x03\x85\x02\x19\x00}\x00d\x04}\x02t\x03d\x05t\x04|\x00\x83\x01d\x06\x83\x03D\x00]\x11}\x03|\x02t\x05t\x00|\x00|\x03|\x03d\x06\x17\x00\x85\x02\x19\x00d\x07\x83\x02\x83\x017\x00}\x02q\x1d|\x02S\x00'159: ( MARK160: N NONE161: V UNICODE 'big'166: I INT -1170: I INT -3174: V UNICODE ''176: I INT 0179: I INT 8182: I INT 2185: t TUPLE (MARK at 159)186: ( MARK187: V UNICODE 'int'192: V UNICODE 'from_bytes'204: V UNICODE 'bin'209: V UNICODE 'range'216: V UNICODE 'len'221: V UNICODE 'chr'226: t TUPLE (MARK at 186)227: ( MARK228: \x8c SHORT_BINUNICODE '🔥'234: \x8c SHORT_BINUNICODE '🤫'240: \x8c SHORT_BINUNICODE '🧏'246: \x8c SHORT_BINUNICODE '🎵'252: t TUPLE (MARK at 227)253: V UNICODE 'H&NCTF'261: \x8c SHORT_BINUNICODE '📮'267: I INT 0270: C SHORT_BINBYTES b'\x00\x01\x0c\x01\x1a\x01\x04\x01\x14\x01 \x01'284: ) EMPTY_TUPLE285: ) EMPTY_TUPLE286: t TUPLE (MARK at 39)287: \x81 NEWOBJ288: c GLOBAL 'builtins globals'306: ) EMPTY_TUPLE307: R REDUCE308: \x8c SHORT_BINUNICODE '📮'314: t TUPLE (MARK at 22)315: \x81 NEWOBJ316: \x94 MEMOIZE (as 0)317: 0 POP318: g GET 0321: C SHORT_BINBYTES b'\x01\xcev\x96.6\x96\xaeF'332: \x85 TUPLE1333: R REDUCE334: g GET 0337: C SHORT_BINBYTES b'\x01.\xce\x966'344: \x85 TUPLE1345: R REDUCE346: \x93 STACK_GLOBAL347: g GET 0350: C SHORT_BINBYTES b'\x01\xcev\x96.6\x96\xaeF'361: \x85 TUPLE1362: R REDUCE363: g GET 0366: C SHORT_BINBYTES b'\x01\xa6&\xf6\xc6v\xa6tN.\xce'379: \x85 TUPLE1380: R REDUCE381: \x93 STACK_GLOBAL382: g GET 0385: C SHORT_BINBYTES b'\x01\xcev\x96.6\x96\xaeF'396: \x85 TUPLE1397: R REDUCE398: g GET 0401: C SHORT_BINBYTES b'\x01.v\x96N\x0e'409: \x85 TUPLE1410: R REDUCE411: \x93 STACK_GLOBAL412: V UNICODE "Do you know what's the flag??? "445: \x85 TUPLE1446: R REDUCE447: 0 POP448: g GET 0451: C SHORT_BINBYTES b'\x01\xcev\x96.6\x96\xaeF'462: \x85 TUPLE1463: R REDUCE464: g GET 0467: C SHORT_BINBYTES b'\x01.\xae\x0ev\x96'475: \x85 TUPLE1476: R REDUCE477: \x93 STACK_GLOBAL478: V UNICODE '> '482: \x85 TUPLE1483: R REDUCE484: \x85 TUPLE1485: R REDUCE486: \x85 TUPLE1487: R REDUCE488: \x94 MEMOIZE (as 1)489: 0 POP490: g GET 0493: C SHORT_BINBYTES b'\x01\xb6\xf6&v\x86N'502: \x85 TUPLE1503: R REDUCE504: g GET 0507: C SHORT_BINBYTES b'\x01&\xa6\xa6\xce'514: \x85 TUPLE1515: R REDUCE516: \x93 STACK_GLOBAL517: V UNICODE 'welcome to H&NCTF'536: \x85 TUPLE1537: R REDUCE538: 0 POP539: g GET 0542: C SHORT_BINBYTES b'\x01\xcev\x96.6\x96\xaeF'553: \x85 TUPLE1554: R REDUCE555: g GET 0558: C SHORT_BINBYTES b'\x01.\xce\x966'565: \x85 TUPLE1566: R REDUCE567: \x93 STACK_GLOBAL568: g GET 0571: C SHORT_BINBYTES b'\x01\xcev\x96.6\x96\xaeF'582: \x85 TUPLE1583: R REDUCE584: g GET 0587: C SHORT_BINBYTES b'\x01\xa6&\xf6\xc6v\xa6tN.\xce'600: \x85 TUPLE1601: R REDUCE602: \x93 STACK_GLOBAL603: V UNICODE 'H&NCTF'611: \x85 TUPLE1612: R REDUCE613: \x85 TUPLE1614: R REDUCE615: \x94 MEMOIZE (as 2)616: 0 POP617: g GET 0620: C SHORT_BINBYTES b'\x01\xcev\x96.6\x96\xaeF'631: \x85 TUPLE1632: R REDUCE633: g GET 0636: C SHORT_BINBYTES b'\x01.\xce\x966'643: \x85 TUPLE1644: R REDUCE645: \x93 STACK_GLOBAL646: g GET 0649: C SHORT_BINBYTES b'\x01\xcev\x96.6\x96\xaeF'660: \x85 TUPLE1661: R REDUCE662: g GET 0665: C SHORT_BINBYTES b'\x01\x0e\x86\xb6'671: \x85 TUPLE1672: R REDUCE673: \x93 STACK_GLOBAL674: g GET 0677: C SHORT_BINBYTES b'\x01\xcev\x96.6\x96\xaeF'688: \x85 TUPLE1689: R REDUCE690: g GET 0693: C SHORT_BINBYTES b'\x01\xfa\xfaN\xf6\x1e\xfa\xfat.v\x96'707: \x85 TUPLE1708: R REDUCE709: \x93 STACK_GLOBAL710: g GET 0713: C SHORT_BINBYTES b'\x01\xce6\xf6\xf6.N\xa6.\x96'725: \x85 TUPLE1726: R REDUCE727: g GET 0730: C SHORT_BINBYTES b'\x01\xa66\xc6\x9e\xc6'738: \x85 TUPLE1739: R REDUCE740: \x93 STACK_GLOBAL741: g GET 2744: \x85 TUPLE1745: R REDUCE746: g GET 1749: \x87 TUPLE3750: R REDUCE751: \x85 TUPLE1752: R REDUCE753: \x94 MEMOIZE (as 3)754: 0 POP755: ] EMPTY_LIST756: \x94 MEMOIZE (as 4)757: I INT 2024763: a APPEND764: g GET 0767: C SHORT_BINBYTES b'\x01\xcev\x96.6\x96\xaeF'778: \x85 TUPLE1779: R REDUCE780: g GET 0783: C SHORT_BINBYTES b'\x01.\xce\x966'790: \x85 TUPLE1791: R REDUCE792: \x93 STACK_GLOBAL793: g GET 0796: C SHORT_BINBYTES b'\x01\xcev\x96.6\x96\xaeF'807: \x85 TUPLE1808: R REDUCE809: g GET 0812: C SHORT_BINBYTES b'\x01\x0e\x86\xb6'818: \x85 TUPLE1819: R REDUCE820: \x93 STACK_GLOBAL821: g GET 0824: C SHORT_BINBYTES b'\x01\xcev\x96.6\x96\xaeF'835: \x85 TUPLE1836: R REDUCE837: g GET 0840: C SHORT_BINBYTES b'\x01\xfa\xfa&&\x86\xfa\xfat.v\x96'854: \x85 TUPLE1855: R REDUCE856: \x93 STACK_GLOBAL857: g GET 0860: C SHORT_BINBYTES b'\x01\xce6\xf6\xf6.N\xa6.\x96'872: \x85 TUPLE1873: R REDUCE874: g GET 0877: C SHORT_BINBYTES b'\x01\xa66\xc6\x9e\xc6'885: \x85 TUPLE1886: R REDUCE887: \x93 STACK_GLOBAL888: g GET 4891: \x85 TUPLE1892: R REDUCE893: g GET 3896: \x87 TUPLE3897: R REDUCE898: \x85 TUPLE1899: R REDUCE900: \x94 MEMOIZE (as 5)901: 0 POP902: g GET 0905: C SHORT_BINBYTES b'\x01\xcev\x96.6\x96\xaeF'916: \x85 TUPLE1917: R REDUCE918: g GET 0921: C SHORT_BINBYTES b'\x01\x9ev\x86'927: \x85 TUPLE1928: R REDUCE929: \x93 STACK_GLOBAL930: g GET 0933: C SHORT_BINBYTES b'\x01\xcev\x96.6\x96\xaeF'944: \x85 TUPLE1945: R REDUCE946: g GET 0949: C SHORT_BINBYTES b'\x01\x0e\x86\xb6'955: \x85 TUPLE1956: R REDUCE957: \x93 STACK_GLOBAL958: g GET 0961: C SHORT_BINBYTES b'\x01\xcev\x96.6\x96\xaeF'972: \x85 TUPLE1973: R REDUCE974: g GET 0977: C SHORT_BINBYTES b'\x01\xfa\xfaN\xf6\x1e\xfa\xfat.v\x96'991: \x85 TUPLE1992: R REDUCE993: \x93 STACK_GLOBAL994: ( MARK995: I INT 20241001: I INT 20241007: I INT 20241013: I INT 20241019: I INT 20241025: I INT 20241031: I INT 20751037: I INT 20991043: I INT 20711049: I INT 20821055: I INT 20781061: I INT 20591067: I INT 20471073: I INT 21191079: I INT 20571085: I INT 20781091: I INT 20351097: I INT 20641103: I INT 20691109: I INT 20911115: I INT 20661121: I INT 20521127: I INT 20771133: I INT 20491139: I INT 20671145: I INT 20981151: I INT 20571157: I INT 20721163: I INT 20731169: I INT 20761175: I INT 20471181: I INT 20911187: I INT 20781193: I INT 20581199: I INT 20811205: I INT 20711211: I INT 20621217: I INT 20951223: I INT 20821229: I INT 20661235: I INT 20831241: I INT 20641247: I INT 20771253: l LIST (MARK at 994)1254: g GET 51257: \x87 TUPLE31258: R REDUCE1259: \x85 TUPLE11260: R REDUCE1261: \x94 MEMOIZE (as 6)1262: 0 POP1263: g GET 01266: C SHORT_BINBYTES b'\x01\xcev\x96.6\x96\xaeF'1277: \x85 TUPLE11278: R REDUCE1279: g GET 01282: C SHORT_BINBYTES b'\x01\xfa\xfaN\xf6\xfa\xfat.v\x96'1295: \x85 TUPLE11296: R REDUCE1297: \x93 STACK_GLOBAL1298: g GET 61301: g GET 01304: C SHORT_BINBYTES b'\x01\xcev\x96.6\x96\xaeF'1315: \x85 TUPLE11316: R REDUCE1317: g GET 01320: C SHORT_BINBYTES b'\x01\xfa\xfa\xa6\xe6\xfa\xfat.v\x96'1333: \x85 TUPLE11334: R REDUCE1335: \x93 STACK_GLOBAL1336: g GET 01339: C SHORT_BINBYTES b'\x01\xcev\x96.6\x96\xaeF'1350: \x85 TUPLE11351: R REDUCE1352: g GET 01355: C SHORT_BINBYTES b'\x01v\xa66'1361: \x85 TUPLE11362: R REDUCE1363: \x93 STACK_GLOBAL1364: g GET 51367: \x85 TUPLE11368: R REDUCE1369: I INT 501373: \x86 TUPLE21374: R REDUCE1375: \x86 TUPLE21376: R REDUCE1377: \x94 MEMOIZE (as 7)1378: 0 POP1379: g GET 01382: C SHORT_BINBYTES b'\x01\xcev\x96.6\x96\xaeF'1393: \x85 TUPLE11394: R REDUCE1395: g GET 01398: C SHORT_BINBYTES b'\x01\xfa\xfa\xb6\xa6.\x96.\xa6\xe6\xfa\xfat.\xce\x966'1417: \x85 TUPLE11418: R REDUCE1419: \x93 STACK_GLOBAL1420: ( MARK1421: V UNICODE 'Okay,maybe you need a closer examination!'1464: V UNICODE ' '1467: l LIST (MARK at 1420)1468: g GET 71471: \x86 TUPLE21472: R REDUCE1473: . STOP
highest protocol among opcodes = 4没有技巧,全靠手撕,对着opcode文档直接开撕
整理一下就可以得到
之前NSS上也是有一道给python字节码的题目,只能手撕了。
[原创]死磕python字节码-手工还原python源码-软件逆向-看雪-安全社区|安全招聘|kanxue.com
Python的pyc字节码反编译反汇编相关知识_pycdc-CSDN博客
官方文档:
dis --- Python 字节码反汇编器 — Python 3.12.3 文档
是个大工程,先贴一下别人的复原
import randomrandom.seed('welcome to H&NCTF')print("Do you know what's the flag???")
flag = input('> ')
flag = list(flag.encode())
print(flag)a = [] #加密字符
b = [2024, 2024, 2024, 2024, 2024, 2024, 2075, 2099, 2071, 2082, 2078, 2059, 2047, 2119, 2057, 2078, 2035, 2064, 2069, 2091, 2066, 2052, 2077, 2049, 2067, 2098, 2057, 2072, 2073, 2076, 2047, 2091, 2078, 2058, 2081, 2071, 2062, 2095, 2082, 2066, 2083, 2064, 2077]list1 = list(random.randbytes(len(flag)))key1 = 'H&NCTF'
key1 = list(str.encode(key1))key2 = list(random.randbytes(len(key1)))enc_flag = []
for i in range(len(flag)):enc_flag.append((flag[i] ^ key1[i % len(key1)]) + 2024)if enc_flag == b:print('Okay,maybe you need a closer examination!')
else:print('')enc_flag = []
for i in range(len(flag)):enc_flag.append((flag[i] ^ key2[i % len(key2)]) ^ (list1[i] ^ key1[i % len(key1)]))if enc_flag == a:print('Okay,you get the flag!')
else:print('Oh no,maybe you should try again~')
pickle的调试器
GitHub - Legoclones/pickledbg: A GDB+GEF-style debugger for unloading Python pickles
import random
# 给定的加密过程中的列表 'b'
b = [2024, 2024, 2024, 2024, 2024, 2024, 2075, 2099, 2071,2082, 2078, 2059, 2047, 2119, 2057, 2078, 2035, 2064,2069, 2091, 2066, 2052, 2077, 2049, 2067, 2098, 2057,2072, 2073, 2076, 2047, 2091, 2078, 2058, 2081, 2071,2062, 2095, 2082, 2066, 2083, 2064, 2077]
# 加密过程中使用的密钥
key1 = b'H&NCTF'
# 解密过程
flag = []
for i in range(len(b)):decrypted_byte = (b[i] - 2024) ^ key1[i % len(key1)]flag.append(decrypted_byte)
# 将字节列表转换回字符串
flag_str = bytes(flag).decode()
print("解密后的 flag:", flag_str)
flag = list(flag.encode())
# 作用是将输入的 flag 字符串转换成一个字节值的列表
'example'-->b'example'-->[101, 120, 97, 109, 112, 108, 101]
flag_str = bytes(flag).decode()
#逆操作
