normal21

重命名

string_hex是字符串转16进制数,

然后进行rc4加密。

最后的值在encode2内进行比较匹配

先动调找出rc4异或的八个值

[0x7C,0xAB,0x2D,0x91,0x2F,0x98,0xED,0xA9]

因为encode2有switch结构

用c会快一点

py用if重构太慢了

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
#include<stdio.h>
#include<string.h>

bool check(int*a1)
{
    int i = 0;
	int b1 = 0x12A;
	int b2 = 0x39F;
	int b3 = 0x269;
	int b4 = 0x1A1;
	int b5 = 0x68;
	int b6 = 0x209;
	int b7 = 0x2C8;
	int b8 = 0x8A;

    int result = 0;
    do
    {
        switch (*a1)
        {
        case 0:
            b1 &= b2;
            b3 *= b1;
            break;
        case 1:
            if (!b3)
                return 0;
            b1 /= b3;
            b4 += b5;
            break;
        case 2:
            b6 ^= b5;
            b7 += b8;
            break;
        case 3:
            b7 -= b6;
            b6 &= b4;
            break;
        case 4:
            b5 *= b8;
            b3 -= b2;
            break;
        case 5:
            b8 ^= b3;
            b2 -= b7;
            break;
        case 6:
            if (!b7)
                return 0;
            b5 |= b4 / b7;
            b4 /= b7;
            break;
        case 7:
            b2 += b1;
            b5 |= b4;
            break;
        case 8:
            b8 *= b3;
            b6 -= b7;
            break;
        case 9:
            b1 += b5;
            b3 ^= b6;
            break;
        default:
            return 0;
        }
        ++a1;
        ++i;
    }
    while (i<8);
    result =(((b2 == 0xE7)
        + (b5 == 0x3878)
        + (b6 == 0x3A71)
        + (b3 == 0xFFFFCC30)
        + (b1 == 0x10)
        + (b4 == 0x68)
        + (b8 == 0xFFFFFC49)) == 7);
    if (b7 != 0xFFFFFF11)
        return 0;
    return result;
	
}
int main()
{
    int a, b, c, d, e, f, g, h ;
    int test[8] = {};
    for (a=0; a < 10; a++)
    {
        for (b = 0; b < 10; b++)
        {
            for (c = 0; c < 10; c++)
            {
                for (d = 0; d < 10; d++)
                {
                    for (e = 0; e < 10; e++)
                    {
                        for (f = 0; f < 10; f++)
                        {
                            for (g = 0; g < 10; g++)
                            {
                                for (h = 0; h < 10; h++)
                                {
                                    test[0] = h;
                                    test[1] = g;
                                    test[2] = f;
                                    test[3] = e;
                                    test[4] = d;
                                    test[5] = c;
                                    test[6] = b;
                                    test[7] = a;
                                    if (check(test))
                                    {
                                        printf("好耶,%d%d%d%d%d%d%d%d",h,g,f,e,d,c,b,a);
                                    }
                                    

                                }
                            }
                        }
                    }
                }
            }
        }
       
    }
    return 0;
}

多重for 循环有点笨重

1
2
3
4
5
6
7
8
s_box8=[0x7C,0xAB,0x2D,0x91,0x2F,0x98,0xED,0xA9]
data=[6,1,4,9,5,0,7,2]
flag=''
for i in range(len(data)):
    data[i]^=s_box8[i]
    flag+='%x'%data[i]
print(flag)
#7aaa29982a98eaab

输入调试