0x00 大致思路:
用jadx.gui打开zip可以看到,通过a.simplecheck即可。
分析一下a的代码不难看出,我们输入的字符串只是经过了一个简单的加法和乘法变化然后判断和a数组的值是否相等,以此写exp。
但是跑出来发现少了一点东西,比赛的时候着急也没管那么多直接补了个右括号提交,赛后又看了一下发现每次比较两个字符,也就是说到最后还有一个字符被我漏了。。。
### 0x01 Exp:
#!/usr/bin/python
# -*- coding: utf-8 -*-
__Author__ = "[email protected]"
from string import printable
a = [0, 146527998, 205327308, 94243885, 138810487, 408218567, 77866117, 71548549, 563255818, 559010506, 449018203, 576200653, 307283021, 467607947, 314806739, 341420795, 341420795, 469998524, 417733494, 342206934, 392460324, 382290309, 185532945, 364788505, 210058699, 198137551, 360748557, 440064477, 319861317, 676258995, 389214123, 829768461, 534844356, 427514172, 864054312]
b = [13710, 46393, 49151, 36900, 59564, 35883, 3517, 52957, 1509, 61207, 63274, 27694, 20932, 37997, 22069, 8438, 33995, 53298, 16908, 30902, 64602, 64028, 29629, 26537, 12026, 31610, 48639, 19968, 45654, 51972, 64956, 45293, 64752, 37108]
c = [38129, 57355, 22538, 47767, 8940, 4975, 27050, 56102, 21796, 41174, 63445, 53454, 28762, 59215, 16407, 64340, 37644, 59896, 41276, 25896, 27501, 38944, 37039, 38213, 61842, 43497, 9221, 9879, 14436, 60468, 19926, 47198, 8406, 64666]
d = [0, -341994984, -370404060, -257581614, -494024809, -135267265, 54930974, -155841406, 540422378, -107286502, -128056922, 265261633, 275964257, 119059597, 202392013, 283676377, 126284124, -68971076, 261217574, 197555158, -12893337, -10293675, 93868075, 121661845, 167461231, 123220255, 221507, 258914772, 180963987, 107841171, 41609001, 276531381, 169983906, 276158562]
flag = ''
for i2 in range(len(c)):
for i in printable:
if (a[i2] == (((b[i2] * ord(i)) * ord(i)) + (c[i2] * ord(i))) + d[i2] ):
flag += i
break
#这一段是赛后加的,因为比赛的时候忽略了一个细节
for i in printable:
temp = len(c)
if a[temp] == (((b[temp-1] * ord(i)) * ord(i)) + (c[temp-1] * ord(i))) + d[temp-1]:
flag += i
break
print flag