View solve.py
const = 0xc6a4a7935bd1e995 | |
#simplified mangle algorith form the binary | |
def mangle(a, i): | |
b = 1 | |
c = 0x1337 | |
temp = c ^ (b * const) |
View gist:9e94a863d089c0d6687d48d0e43cb9e5
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
# This exploit template was generated via: | |
# $ pwn template --host crypto.2021.chall.actf.co --port 21603 | |
from pwn import * | |
# Set up pwntools for the correct architecture | |
exe = context.binary = ELF('./chall') | |
# Many built-in settings can be controlled on the command-line and show up |
View fix vmwp.bat
REM open cmd.exe as admin to run this | |
REM Creates a patched vmwp.exe replacing these bytes: | |
REM 0F B6 43 64 41 89 47 64 0F B6 43 65 41 89 47 68 0F B6 43 66 41 89 47 6C 0F B6 43 67 41 89 47 70 | |
REM 41 C7 47 64 01 00 00 00 41 C7 47 68 01 00 00 00 41 C7 47 6C 01 00 00 00 41 C7 47 70 01 00 00 00 | |
REM Enables PMU, LBR, PEBS, IPT | |
cd %TEMP% | |
copy %windir%\system32\vmwp.exe . |
View xrefs.py
#script for https://www.youtube.com/watch?v=FvH7b_qLmbU | |
import struct | |
from ghidra.program.model.symbol import * | |
xrefs = currentProgram.getReferenceManager() | |
startAddr = currentAddress | |
currAddr = currentAddress | |
while True: |
View check.py
interesting_data = [0x8b,0x84,0x9a,0x9b,0x9a,0xb1,0xd6,0xaf,0x93,0xb2,0x81,0x8c,0x84,0xab,0x9d,0x9c,0x8e,0xb9,0xb0,0xd9,0xa8,0xa4,0x9c,0x81,0x85,0xa0,0xa6,0xb4,0x87,0x9a,0xbb,0x92,0x96,0xad,0x8c,0xd7,0xb0,0x8d,0x97] | |
shuffle = [0x16,0x0c,0x24,0x17,0x13,0x19,0x07,0x09,0x0e,0x23,0x05,0x01,0x18,0x21,0x0d,0x10,0x12,0x1f,0x1a,0x1e,0x22,0x00,0x0f,0x0b,0x08,0x15,0x11,0x02,0x1d,0x1c,0x26,0x03,0x04,0x25,0x14,0x20,0x06,0x1b,0x0a] | |
interesting_data = interesting_data[:0x27] | |
m = 38 | |
j = 0 | |
for k in range(len(interesting_data)//2): | |
i = shuffle.index(m) | |
uVar1 = shuffle[i] | |
uVar2 = interesting_data[i] |
View solve3.py
This file has been truncated, but you can view the full file.
View solve2.py
F_L = "9655B040B64667238524D15D6201.B95D4E01C55CC562C7557405A532D768C55FA12DD074DC697A06E172992CAF3F8A5C7306B7476B38.C555AC40A7469C234424.853FA85C470699477D3851249A4B9C4E.A855AF40B84695239D24895D2101D05CCA62BE5578055232D568C05F902DDC74D2697406D7724C2CA83FCF5C2606B547A73898246B4BC14E941F9121D464D263B947EB77D36E7F1B8254.853FA85C470699477D3851249A4B9C4E.9A55B240B84692239624.CC55A940B44690238B24CA5D7501CF5C9C62B15561056032C468D15F9C2DE374DD696206B572752C8C3FB25C3806.A8558540924668236724B15D2101AA5CC362C2556A055232AE68B15F7C2DC17489695D06DB729A2C723F8E5C65069747AA389324AE4BB34E921F9421.CB55A240B5469B23.AC559340A94695238D24CD5D75018A5CB062BA557905A932D768D15F982D.D074B6696F06D5729E2CAE3FCF5C7506AD47AC388024C14B7C4E8F1F8F21CB64" | |
onzo = F_L.split(".") | |
#rigmarole(onzo(7)) | |
def rigmarole(es): | |
furphy = "" | |
c = 0 | |
s = "" |
View solv.py
d = open('report2.xls', 'rb').read() | |
data_chunk = -1 | |
start_address = [0xace1, | |
0xcc88, | |
0xecac, | |
0x10cd0, |
View solve.py
def decrypt(text, alphabet): | |
l = 0x66 | |
cnt = len(text) | |
i = 0 | |
res = [] | |
while i < cnt: | |
res.append(chr(text[i] ^ ord(alphabet[i%l]))) | |
i += 1 |
View solve.py
def decode_flag(frob): | |
last_value = frob | |
encoded_flag = [1135, 1038, 1126, 1028, 1117, 1071, 1094, 1077, 1121, 1087, 1110, 1092, 1072, 1095, 1090, 1027, | |
1127, 1040, 1137, 1030, 1127, 1099, 1062, 1101, 1123, 1027, 1136, 1054] | |
decoded_flag = [] | |
for i in range(len(encoded_flag)): | |
c = encoded_flag[i] | |
val = (c - ((i%2)*1 + (i%3)*2)) ^ last_value | |
decoded_flag.append(val) |
NewerOlder