长城杯第三场-逆向

Last updated on April 2, 2024 am

ze baby_math

ze

z3一把梭

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
from z3 import *

flag = [BitVec('enc__%d'% i,8) for i in range(42)]
# print(enc_)
enc_ = [0x4f17,0x9cf6,0x8ddb,0x8ea6,0x6929,0x9911,0x40a2,0x2f3e,0x62b6,0x4b82,0x486c,0x4002,0x52d7,0x2def,0x28dc,0x640d,0x528f,0x613b,0x4781,0x6b17,0x3237,0x2a93,0x615f,0x50be,0x598e,0x4656,0x5b31,0x313a,0x3010,0x67fe,0x4d5f,0x58db,0x3799,0x60a0,0x2750,0x3759,0x8953,0x7122,0x81f9,0x5524,0x8971,0x3a1d,]
s = Solver()
s.add(enc_[0] == 34 * flag[3] + 12 * flag[0] + 53 * flag[1] + 6 * flag[2] + 58 * flag[4] + 36 * flag[5] + flag[6])
s.add(enc_[1] == 27 * flag[4] + 73 * flag[3] + 12 * flag[2] + 83 * flag[0] + 85 * flag[1] + 96 * flag[5] + 52 * flag[6])
s.add(enc_[2] == 24 * flag[2] + 78 * flag[0] + 53 * flag[1] + 36 * flag[3] + 86 * flag[4] + 25 * flag[5] + 46 * flag[6])
s.add(enc_[3] == 78 * flag[1] + 39 * flag[0] + 52 * flag[2] + 9 * flag[3] + 62 * flag[4] + 37 * flag[5] + 84 * flag[6])
s.add(enc_[4] == 48 * flag[4] + 14 * flag[2] + 23 * flag[0] + 6 * flag[1] + 74 * flag[3] + 12 * flag[5] + 83 * flag[6])
s.add(enc_[5] == 15 * flag[5] + 48 * flag[4] + 92 * flag[2] + 85 * flag[1] + 27 * flag[0] + 42 * flag[3] + 72 * flag[6])
s.add(enc_[6] == 26 * flag[5] + 67 * flag[3] + 6 * flag[1] + 4 * flag[0] + 3 * flag[2] + 68 * flag[6])
s.add(enc_[7] == 34 * flag[10] + 12 * flag[7] + 53 * flag[8] + 6 * flag[9] + 58 * flag[11] + 36 * flag[12] + flag[13])
s.add(enc_[8] == 27 * flag[11] + 73 * flag[10] + 12 * flag[9] + 83 * flag[7] + 85 * flag[8] + 96 * flag[12] + 52 * flag[13])
s.add(enc_[9] == 24 * flag[9] + 78 * flag[7] + 53 * flag[8] + 36 * flag[10] + 86 * flag[11] + 25 * flag[12] + 46 * flag[13])
s.add(enc_[10] == 78 * flag[8] + 39 * flag[7] + 52 * flag[9] + 9 * flag[10] + 62 * flag[11] + 37 * flag[12] + 84 * flag[13])
s.add(enc_[11] == 48 * flag[11] + 14 * flag[9] + 23 * flag[7] + 6 * flag[8] + 74 * flag[10] + 12 * flag[12] + 83 * flag[13])
s.add(enc_[12] == 15 * flag[12] + 48 * flag[11] + 92 * flag[9] + 85 * flag[8] + 27 * flag[7] + 42 * flag[10] + 72 * flag[13])
s.add(enc_[13] == 26 * flag[12] + 67 * flag[10] + 6 * flag[8] + 4 * flag[7] + 3 * flag[9] + 68 * flag[13])
s.add(enc_[14] == 34 * flag[17] + 12 * flag[14] + 53 * flag[15] + 6 * flag[16] + 58 * flag[18] + 36 * flag[19] + flag[20])
s.add(enc_[15] == 27 * flag[18] + 73 * flag[17] + 12 * flag[16] + 83 * flag[14] + 85 * flag[15] + 96 * flag[19] + 52 * flag[20])
s.add(enc_[16] == 24 * flag[16] + 78 * flag[14] + 53 * flag[15] + 36 * flag[17] + 86 * flag[18] + 25 * flag[19] + 46 * flag[20])
s.add(enc_[17] == 78 * flag[15] + 39 * flag[14] + 52 * flag[16] + 9 * flag[17] + 62 * flag[18] + 37 * flag[19] + 84 * flag[20])
s.add(enc_[18] == 48 * flag[18] + 14 * flag[16] + 23 * flag[14] + 6 * flag[15] + 74 * flag[17] + 12 * flag[19] + 83 * flag[20])
s.add(enc_[19] == 15 * flag[19] + 48 * flag[18] + 92 * flag[16] + 85 * flag[15] + 27 * flag[14] + 42 * flag[17] + 72 * flag[20])
s.add(enc_[20] == 26 * flag[19] + 67 * flag[17] + 6 * flag[15] + 4 * flag[14] + 3 * flag[16] + 68 * flag[20])
s.add(enc_[21] == 34 * flag[24] + 12 * flag[21] + 53 * flag[22] + 6 * flag[23] + 58 * flag[25] + 36 * flag[26] + flag[27])
s.add(enc_[22] == 27 * flag[25] + 73 * flag[24] + 12 * flag[23] + 83 * flag[21] + 85 * flag[22] + 96 * flag[26] + 52 * flag[27])
s.add(enc_[23] == 24 * flag[23] + 78 * flag[21] + 53 * flag[22] + 36 * flag[24] + 86 * flag[25] + 25 * flag[26] + 46 * flag[27])
s.add(enc_[24] == 78 * flag[22] + 39 * flag[21] + 52 * flag[23] + 9 * flag[24] + 62 * flag[25] + 37 * flag[26] + 84 * flag[27])
s.add(enc_[25] == 48 * flag[25] + 14 * flag[23] + 23 * flag[21] + 6 * flag[22] + 74 * flag[24] + 12 * flag[26] + 83 * flag[27])
s.add(enc_[26] == 15 * flag[26] + 48 * flag[25] + 92 * flag[23] + 85 * flag[22] + 27 * flag[21] + 42 * flag[24] + 72 * flag[27])
s.add(enc_[27] == 26 * flag[26] + 67 * flag[24] + 6 * flag[22] + 4 * flag[21] + 3 * flag[23] + 68 * flag[27])
s.add(enc_[28] == 34 * flag[31] + 12 * flag[28] + 53 * flag[29] + 6 * flag[30] + 58 * flag[32] + 36 * flag[33] + flag[34])
s.add(enc_[29] == 27 * flag[32] + 73 * flag[31] + 12 * flag[30] + 83 * flag[28] + 85 * flag[29] + 96 * flag[33] + 52 * flag[34])
s.add(enc_[30] == 24 * flag[30] + 78 * flag[28] + 53 * flag[29] + 36 * flag[31] + 86 * flag[32] + 25 * flag[33] + 46 * flag[34])
s.add(enc_[31] == 78 * flag[29] + 39 * flag[28] + 52 * flag[30] + 9 * flag[31] + 62 * flag[32] + 37 * flag[33] + 84 * flag[34])
s.add(enc_[32] == 48 * flag[32] + 14 * flag[30] + 23 * flag[28] + 6 * flag[29] + 74 * flag[31] + 12 * flag[33] + 83 * flag[34])
s.add(enc_[33] == 15 * flag[33] + 48 * flag[32] + 92 * flag[30] + 85 * flag[29] + 27 * flag[28] + 42 * flag[31] + 72 * flag[34])
s.add(enc_[34] == 26 * flag[33] + 67 * flag[31] + 6 * flag[29] + 4 * flag[28] + 3 * flag[30] + 68 * flag[34])
s.add(enc_[35] == 34 * flag[38] + 12 * flag[35] + 53 * flag[36] + 6 * flag[37] + 58 * flag[39] + 36 * flag[40] + flag[41])
s.add(enc_[36] == 27 * flag[39] + 73 * flag[38] + 12 * flag[37] + 83 * flag[35] + 85 * flag[36] + 96 * flag[40] + 52 * flag[41])
s.add(enc_[37] == 24 * flag[37] + 78 * flag[35] + 53 * flag[36] + 36 * flag[38] + 86 * flag[39] + 25 * flag[40] + 46 * flag[41])
s.add(enc_[38] == 78 * flag[36] + 39 * flag[35] + 52 * flag[37] + 9 * flag[38] + 62 * flag[39] + 37 * flag[40] + 84 * flag[41])
s.add(enc_[39] == 48 * flag[39] + 14 * flag[37] + 23 * flag[35] + 6 * flag[36] + 74 * flag[38] + 12 * flag[40] + 83 * flag[41])
s.add(enc_[40] == 15 * flag[40] + 48 * flag[39] + 92 * flag[37] + 85 * flag[36] + 27 * flag[35] + 42 * flag[38] + 72 * flag[41])
s.add(enc_[41] == 26 * flag[40] + 67 * flag[38] + 6 * flag[36] + 4 * flag[35] + 3 * flag[37] + 68 * flag[41])

s.check()
m = s.model()

for i in flag:
    print(chr(m[i].as_long()),end='')
 # flag{7e171d43-63b9-4e18-990e-6e14c2afe648}

baby_math

输入25个字符,大体分为两部分,前8个和后8个一个部分,中间9个一部分。

中间9个稍微往后看一点,有一个冒泡排序,会发现输入一定是字符123456789这九个字符,然后还需要满足前面一些整除条件,这里直接排列爆破

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
ss = ['1','2','3','4','5','6','7','8','9']

import itertools
for i in itertools.permutations(ss):
    s = str("".join(i))

    c1 = int(s[0:1])
    c2 = int(s[0:2])
    c3 = int(s[0:3])
    c4 = int(s[0:4])
    c5 = int(s[0:5])
    c6 = int(s[0:6])
    c7 = int(s[0:7])
    c8 = int(s[0:8])
    c9 = int(s[0:9])
    if c2 % 2 == 0 and c3 % 3 == 0 and c4 % 4 == 0 and c5 % 5 == 0:
        # print(c9)
        if c6 % 6 == 0 and c7 % 7 ==0 and c8 % 8 ==0 and c9 % 9 == 0:
            # print(c2)
            print(s)
            break
# 381654729

后面就一个很奇怪的方程

就是前8个字符和后8个字符异或,然后需要解v8**2 - 7 * v9 ** 2 ==8,这里感谢队友大佬 weyung 持续的帮助!

wolfram 求的通解,然后py脚本如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
from sympy import symbols, sqrt

# Define symbols
n = symbols('n', integer=True)
D = 7

# Expressions for x and y
x = -3*(8 - 3*sqrt(D))**n - sqrt(D)*(8 - 3*sqrt(D))**n - 3*(8 + 3*sqrt(D))**n + sqrt(D)*(8 + 3*sqrt(D))**n
y = 1/7*(7*(8 - 3*sqrt(D))**n + 3*sqrt(D)*(8 - 3*sqrt(D))**n + 7*(8 + 3*sqrt(D))**n - 3*sqrt(D)*(8 + 3*sqrt(D))**n)

# Calculate the values for the first few values of n (0 through 5)
results = [(x.subs(n, i).evalf(30), y.subs(n, i).evalf(30)) for i in range(20)]

for i in results:
    x, y = i
    x = int(round(x))
    y = int(round(y))
    if not x**2 - 7*y**2 == 8:
        y = int(sqrt((x**2 - 8)//7))
    print(x.bit_length(),y.bit_length(),x,y,x**2 - 7*y**2)

会解出很多解,位数是58 59位的一组解是正确的

3 2 -6 2 8
3 2 -6 -2 8
7 6 -90 -34 8
11 10 -1434 -542 8
15 14 -22854 -8638 8
19 18 -364230 -137666 8
23 22 -5804826 -2194018 8
27 26 -92512986 -34966622 8
31 30 -1474402950 -557271934 8
35 34 -23497934214 -8881384322 8
39 38 -374492544474 -141544877218 8
43 42 -5968382777370 -2255836651166 8
47 46 -95119631893446 -35951841541438 8
51 50 -1515945727517766 -572973628011842 8
55 54 -24160012008390810 9131626206648034 8
59 58 -385044246406735194 145533045678356702 8
63 62 -6136547930499372294 2319397104647059198 8
67 66 -97799722641583221510 36964820628674590466 8
71 69 -1558659014334832171866 589117732954146388258 8
75 73 -24840744506715731528346 9388918906637667621662 8

最终脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
v8 = 0x653448CF81D84AA7 ^ 145533045678356702
v9 = 0x4316C1DB8C98C06B ^ 385044246406735194

s = ''
t = ''
for i in range(8):
    s += chr((v8 >> (8 * i)) & 0xff)
    t += chr((v9 >> (8 * i)) & 0xff)

print(t[::-1],end='')
print('381654729',end='')
print(s[::-1])

# FA2h5ye1381654729g1AG3ery

CTF > Reverse > wp
#reverse #z3
长城杯第三场-逆向
http://example.com/2024/03/31/CCB/
Author
yring
Posted on
March 31, 2024
Licensed under