\u5f00\u59cb\u7684\u65f6\u5019\u9898\u76ee\u4e2d\u5b58\u5728\u68c0\u6d4b,\u4f46\u662f\u901a\u8fc7\u8f93\u51650\u53ef\u4ee5\u901a\u8fc7\u68c0\u6d4b<\/p>\n
seed = time(0LL);\n srand(seed);\n v23 = rand() % 255 + 1;\n printf("input your number(1-255): ");\n if ( (unsigned int)__isoc99_scanf("%d", &v21) == 1 && v23 == v21 )\n {\n while ( getchar() != 10 )\n ;\n<\/code><\/pre>\n\u63a5\u4e0b\u6765\u5206\u6790\u4e3b\u903b\u8f91,\u8fd8\u539f\u4e3b\u4f53\u4e2d\u7684\u51fd\u6570\u8fd8\u539f\u5c31\u53ef\u4ee5\u5206\u6790\u51fa\u7b97\u6cd5,\u8fdb\u884c\u89e3\u5bc6\u5373\u53ef.<\/p>\n
\u89e3\u5bc6\u811a\u672c<\/h2>\n"""\nDecryptor for the given scheme.\n\nFill SBOX (byte_555555556020) and TARGET (byte_555555556120) below.\n- SBOX must be a list or bytes-like of 256 distinct values (0..255).\n- TARGET is the byte sequence that the program compares against (same length as the flag).\n\nOnce filled, run:\n python3 decrypt_flag.py\n\nIf SBOX is a true permutation and TARGET was produced by the binary, you'll get the plaintext flag.\n"""\n\nfrom typing import List\n\n# === Paste your tables here ===================================================\n# Example format (replace with real data):\n# SBOX = [0x00, 0x01, 0x02, ... 0xFF] # <-- REPLACE with byte_555555556020\n# TARGET = [0x12, 0x34, 0x56, ...] # <-- REPLACE with byte_555555556120\n\nSBOX: List[int] = [0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x1, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, 0x4, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x5, 0x9A, 0x7, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75, 0x9, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, 0x53, 0xD1, 0x0, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x2, 0x7F, 0x50, 0x3C, 0x9F, 0xA8, 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, 0xCD, 0xC, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73, 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0xB, 0xDB, 0xE0, 0x32, 0x3A, 0xA, 0x49, 0x6, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x8, 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A, 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x3, 0xF6, 0xE, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, 0x8C, 0xA1, 0x89, 0xD, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0xF, 0xB0, 0x54, 0xBB, 0x16] # TODO: fill with 256 ints in 0..255\n\nTARGET: List[int] = [0x97,0xD5,0x60,0x43,0xB4,0x10,0x43,0x73,0xF,0xDA,0x43,0xCD,0xD3,0xE8,0x73,0x4A,0x94,0xC3,0xCD,0x71,0xBD,0xDC,0x97,0x1A] # TODO: fill with the expected bytes (length = flag length)\n\n# =============================================================================\n\ndef rol8(x: int, n: int) -> int:\n x &= 0xFF\n n &= 7\n return ((x << n) | (x >> (8 - n))) & 0xFF\n\ndef ror8(x: int, n: int) -> int:\n x &= 0xFF\n n &= 7\n return ((x >> n) | (x << (8 - n))) & 0xFF\n\ndef inv257(a: int) -> int:\n """Multiplicative inverse in Z_257 for a in [1..255], 0 -> 0; returns 0..255 (mod 257, truncated to 8 bits)."""\n a &= 0xFF\n if a == 0:\n return 0\n inv = pow(a, 255, 257) # Fermat: a^255 \u2261 a^{-1} (mod 257)\n return inv & 0xFF\n\ndef mulmod16(x: int, k: int) -> int:\n return (x * k) & 0xF\n\ndef encrypt_byte(x: int, j: int, sbox: List[int]) -> int:\n """One-byte forward transform (as in the binary)."""\n r = (j % 7) + 1\n y = rol8(x, r)\n z = rol8(y ^ 0x5A, 3)\n t = (mulmod16((z >> 4) & 0xF, 3) << 4) | mulmod16(z & 0xF, 5)\n u = inv257(t)\n w = ror8(u, 2)\n return sbox[w]\n\ndef decrypt_byte(e: int, j: int, sbox: List[int]) -> int:\n """Inverse transform to recover plaintext byte from expected byte e at position j."""\n # Invert SBOX: find index w s.t. sbox[w] == e\n # Prefer building once and reusing; do it inline here for clarity.\n # Create inverse mapping\n inv_sbox = [0] * 256\n seen = set()\n if len(sbox) != 256:\n raise ValueError("SBOX must have 256 entries.")\n for idx, val in enumerate(sbox):\n if not (0 <= val <= 255):\n raise ValueError("SBOX values must be 0..255.")\n if val in seen:\n raise ValueError("SBOX is not a permutation (duplicate value %d)." % val)\n seen.add(val)\n inv_sbox[val] = idx\n\n w = inv_sbox[e & 0xFF]\n u = rol8(w, 2) # inverse of ror8(u,2)\n t = inv257(u) # inverse of inv257(t) is itself\n # Invert nibble mapping: high uses *3 mod16 => inverse 11; low uses *5 mod16 => inverse 13\n z_hi = (11 * ((t >> 4) & 0xF)) & 0xF\n z_lo = (13 * (t & 0xF)) & 0xF\n z = (z_hi << 4) | z_lo\n y = ror8(z, 3) ^ 0x5A\n r = (j % 7) + 1\n x = ror8(y, r)\n return x & 0xFF\n\ndef build_inv_sbox(sbox: List[int]) -> List[int]:\n inv = [0] * 256\n seen = set()\n if len(sbox) != 256:\n raise ValueError("SBOX must have 256 entries.")\n for i, v in enumerate(sbox):\n if not (0 <= v <= 255):\n raise ValueError("SBOX values must be 0..255.")\n if v in seen:\n raise ValueError("SBOX is not a permutation (duplicate %d)" % v)\n seen.add(v)\n inv[v] = i\n return inv\n\ndef decrypt_all(target: List[int], sbox: List[int]) -> bytes:\n inv_sbox = build_inv_sbox(sbox)\n out = bytearray()\n for j, e in enumerate(target):\n w = inv_sbox[e & 0xFF]\n u = rol8(w, 2)\n t = inv257(u)\n z_hi = (11 * ((t >> 4) & 0xF)) & 0xF\n z_lo = (13 * (t & 0xF)) & 0xF\n z = (z_hi << 4) | z_lo\n y = ror8(z, 3) ^ 0x5A\n r = (j % 7) + 1\n x = ror8(y, r)\n out.append(x & 0xFF)\n return bytes(out)\n\ndef selftest():\n if not SBOX or not TARGET:\n print("[!] Please fill SBOX and TARGET first.")\n return\n # quick permutation check\n _ = build_inv_sbox(SBOX)\n # roundtrip check on a sample of bytes\n for j in range(64):\n for x in (0, 1, 2, 3, 0x10, 0x5A, 0x7F, 0x80, 0xFE, 0xFF):\n e = encrypt_byte(x, j, SBOX)\n xr = decrypt_byte(e, j, SBOX)\n assert xr == x, f"Roundtrip failed at j={j}, x=0x{x:02X}, got 0x{xr:02X}"\n print("[+] Roundtrip OK on sample set.")\n # try decrypt TARGET\n pt = decrypt_all(TARGET, SBOX)\n try:\n s = pt.decode('utf-8')\n except UnicodeDecodeError:\n s = pt.decode('latin-1')\n print("[+] Decrypted bytes:", pt)\n print("[+] As string:", s)\n\nif __name__ == '__main__':\n selftest()\n\n<\/code><\/pre>\nminigame<\/h1>\n\u7a0b\u5e8f\u5206\u6790<\/h2>\n
.wasm\u9006\u5411\u9898\u76ee,\u53ef\u4ee5\u53c2\u8003\u7f51\u4e0a\u7684\u4e00\u7bc7\u535a\u5ba2
\n.wat\u76f8\u5173\u9898\u76ee,\u53ef\u4ee5\u4f7f\u7528wbat\u5de5\u5177\u8fdb\u884c\u53cd\u7f16\u8bd1<\/p>\n
\u63d0\u793a\u662f\u5fae\u4fe1\u5c0f\u7a0b\u5e8f,\u7528Unpakemin\u89e3\u5bc6\u540e\u89c2\u5bdf\u91cc\u9762\u7684.wasm\u6587\u4ef6
\n\u62d6\u5165ida\u4e2d\u5206\u6790,\u53d1\u73b0c,b\u4e24\u4e2a\u51fd\u6570,\u7406\u89e3\u540e\u53d1\u73b0\u5c31\u662f\u7b80\u5355\u7684xor\u5f02\u6216
\ndump\u51fadata\u89e3\u5bc6\u5373\u53ef<\/p>\n
\u89e3\u5bc6\u4ee3\u7801<\/h2>\ndata = [\n 0xFF, 0xF5, 0xF8, 0xFE, 0xE2, 0xFF, 0xF8, 0xFC, 0xA9,\n 0xFB, 0xAB, 0xAE, 0xFA, 0xAD, 0xAC, 0xA8, 0xFA, 0xAE,\n 0xAB, 0xA1, 0xA1, 0xAF, 0xAE, 0xF8, 0xAC, 0xAF, 0xAE,\n 0xFC, 0xA1, 0xFA, 0xA8, 0xFB, 0xFB, 0xAD, 0xFC, 0xAC,\n 0xAA, 0xE4\n]\n\nflag = ''.join(chr(b ^ 0x99) for b in data)\nprint(flag)\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"hardtest \u7a0b\u5e8f\u5206\u6790 \u5f00\u59cb\u7684\u65f6\u5019\u9898\u76ee\u4e2d\u5b58\u5728\u68c0\u6d4b,\u4f46\u662f\u901a\u8fc7\u8f93\u51650\u53ef\u4ee5\u901a\u8fc7\u68c0\u6d4b seed = time(0L […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-32","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.seekinthevortex.cn\/index.php\/wp-json\/wp\/v2\/posts\/32","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.seekinthevortex.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.seekinthevortex.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.seekinthevortex.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.seekinthevortex.cn\/index.php\/wp-json\/wp\/v2\/comments?post=32"}],"version-history":[{"count":1,"href":"https:\/\/www.seekinthevortex.cn\/index.php\/wp-json\/wp\/v2\/posts\/32\/revisions"}],"predecessor-version":[{"id":33,"href":"https:\/\/www.seekinthevortex.cn\/index.php\/wp-json\/wp\/v2\/posts\/32\/revisions\/33"}],"wp:attachment":[{"href":"https:\/\/www.seekinthevortex.cn\/index.php\/wp-json\/wp\/v2\/media?parent=32"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.seekinthevortex.cn\/index.php\/wp-json\/wp\/v2\/categories?post=32"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.seekinthevortex.cn\/index.php\/wp-json\/wp\/v2\/tags?post=32"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}