Decompiling Pyc is Easy
题目
那个人很懒。。。什么也没留下
解题报告
下载所给.pyc,用uncompyle2/在线工具(http://tool.lu/pyc/)进行反编译,反编译获得结果
def encrypt(key, seed, string):
rst = []
for i, v in enumerate(string):
rst.append(ord(v) + seed ^ ord(key[seed]))
seed = (seed + i) % len(key)
return rst
if __name__ == '__main__':
print 'Hey! Python is very powerful! Input the flag and I will tell you how powerfull it is.'
flag = raw_input('Enter the Flag: ')
Hint = 'Please read the tutorial to get the flag!'
tutorial = #此处省略一个1724个元素的数组
if tutorial == encrypt(Hint, 6, flag):
print 'You have read the tutorial!'
else:
print 'Read Again!'
写出反函数,解出原文
import re
def decrypt(key, seed, KEY2):
answer = ""
for (j, c) in enumerate(KEY2):
for i in range(256):
if (c == (i + seed ^ ord(key[seed]))):
answer += chr(i)
break
seed = (seed + j) % len(key)
return answer
if __name__ == '__main__':
KEY1 = 'Please read the tutorial to get the flag!'
KEY2 = [111, 84, 20, 23, 241, 27, 236, 173, 226, 27, 23, 241, 180, 16, 78, 245, 7, 234, 235, 21, 224, 84, 250, 28, 229, 232, 25, 244, 94, 17, 168, 7, 18, 24, 43, 90, 20, 247, 27, 28, 31, 161, 116, 36, 75, 31, 29, 237, 176, 228, 9, 23, 10, 173, 76, 163, 25, 20, 23, 227, 25, 11, 95, 252, 26, 229, 232, 25, 244, 94, 17, 168, 7, 18, 12, 13, 164, 234, 0, 31, 29, 4, 83, 75, 20, 40, 253, 27, 55, 98, 253, 10, 13, 5, 174, 29, 84, 234, 9, 24, 229, 39, 21, 126, 28, 81, 229, 12, 9, 56, 72, 17, 171, 1, 15, 3, 227, 90, 12, 11, 247, 15, 11, 121, 78, 30, 20, 12, 27, 60, 170, 240, 8, 24, 15, 175, 19, 88, 238, 11, 80, 229, 37, 225, 76, 250, 25, 229, 27, 14, 233, 93, 12, 127, 41, 13, 25, 239, 160, 29, 243, 25, 227, 65, 69, 93, 30, 9, 26, 36, 19, 176, 238, 1, 26, 1, 174, 18, 161, 56, 22, 29, 245, 236, 250, 74, 250, 26, 254, 60, 49, 241, 94, 17, 170, 1, 30, 28, 241, 175, 29, 247, 27, 11, 7, 84, 102, 30, 15, 10, 27, 227, 174, 238, 3, 21, 38, 96, 4, 127, 231, 20, 60, 10, 17, 58, 74, 28, 26, 240, 23, 3, 241, 84, 4, 182, 15, 46, 56, 235, 167, 29, 6, 5, 17, 2, 84, 69, 1, 25, 15, 36, 49, 166, 238, 3, 21, 1, 160, 19, 111, 20, 3, 232, 234, 26, 11, 88, 251, 232, 254, 29, 27, 227, 83, 2, 171, 38, 52, 22, 228, 176, 225, 1, 4, 9, 8, 73, 88, 2, 24, 244, 13, 234, 162, 228, 1, 15, 240, 127, 24, 86, 247, 5, 21, 239, 4, 242, 90, 230, 4, 234, 27, 7, 237, 84, 17, 178, 50, 13, 61, 254, 175, 20, 11, 14, 40, 34, 102, 69, 71, 56, 241, 240, 20, 123, 230, 45, 19, 38, 94, 20, 93, 25, 10, 27, 241, 4, 231, 90, 20, 233, 247, 23, 3, 227, 92, 23, 174, 244, 26, 14, 245, 175, 29, 2, 5, 11, 9, 91, 88, 30, 29, 31, 240, 20, 92, 243, 12, 19, 7, 170, 2, 78, 227, 22, 29, 242, 6, 20, 83, 230, 233, 235, 25, 25, 236, 80, 17, 171, 255, 13, 26, 240, 160, 18, 241, 12, 9, 31, 85, 102, 30, 40, 31, 246, 29, 163, 230, 8, 17, 15, 173, 12, 27, 25, 4, 231, 254, 4, 228, 93, 251, 7, 227, 26, 14, 243, 78, 10, 174, 245, 26, 12, 238, 168, 236, 11, 10, 28, 53, 88, 71, 7, 28, 12, 253, 40, 90, 238, 25, 13, 14, 160, 16, 78, 245, 19, 239, 239, 4, 228, 93, 241, 82, 224, 231, 13, 236, 163, 39, 168, 1, 18, 6, 225, 173, 31, 246, 1, 15, 8, 69, 90, 29, 11, 244, 27, 236, 173, 244, 27, 23, 10, 164, 4, 162, 233, 17, 23, 229, 21, 251, 107, 243, 236, 239, 234, 8, 247, 91, 4, 165, 251, 28, 8, 243, 164, 237, 10, 25, 20, 2, 90, 95, 71, 9, 40, 253, 224, 163, 244, 3, 13, 245, 167, 14, 95, 245, 3, 229, 2, 29, 253, 95, 252, 4, 245, 230, 9, 234, 78, 86, 107, 54, 94, 93, 228, 168, 237, 0, 245, 20, 30, 89, 69, 26, 22, 4, 27, 235, 92, 245, 22, 13, 243, 174, 17, 111, 244, 34, 29, 239, 4, 245, 93, 241, 4, 227, 230, 5, 227, 91, 6, 161, 242, 11, 12, 238, 169, 29, 242, 25, 26, 2, 85, 91, 8, 9, 15, 240, 20, 160, 241, 12, 24, 11, 175, 20, 162, 227, 22, 237, 240, 30, 241, 94, 58, 4, 30, 60, 8, 224, 88, 16, 94, 15, 25, 3, 44, 175, 29, 240, 15, 9, 8, 71, 95, 20, 28, 0, 5, 224, 90, 240, 8, 24, 15, 175, 19, 88, 238, 11, 29, 246, 6, 250, 82, 225, 6, 237, 60, 14, 231, 162, 4, 171, 15, 17, 10, 228, 125, 63, 23, 32, 84, 20, 118, 75, 11, 20, 76, 27, 31, 169, 227, 12, 56, 251, 161, 30, 78, 229, 5, 238, 45, 233, 11, 79, 251, 4, 2, 27, 22, 224, 84, 4, 178, 7, 19, 10, 228, 175, 20, 13, 14, 17, 8, 69, 71, 8, 9, 40, 253, 224, 163, 244, 3, 82, 1, 161, 18, 163, 25, 4, 231, 235, 17, 240, 84, 250, 28, 229, 232, 10, 233, 162, 2, 94, 5, 15, 29, 230, 93, 23, 8, 1, 28, 2, 75, 89, 20, 11, 10, 1, 29, 168, 242, 8, 22, 1, 164, 6, 162, 227, 9, 234, 229, 234, 231, 84, 250, 28, 229, 12, 29, 244, 87, 20, 173, 48, 47, 9, 227, 164, 234, 3, 31, 56, 242, 90, 78, 4, 22, 31, 41, 237, 95, 242, 1, 11, 245, 109, 51, 87, 231, 3, 12, 251, 233, 252, 90, 250, 4, 241, 232, 5, 238, 83, 6, 177, 10, 13, 1, 238, 93, 238, 5, 10, 227, 20, 71, 84, 25, 9, 13, 11, 16, 176, 235, 10, 25, 1, 175, 17, 94, 246, 13, 24, 239, 4, 245, 89, 11, 26, 250, 232, 9, 238, 162, 14, 181, 11, 13, 31, 230, 169, 21, 1, 31, 25, 31, 69, 73, 26, 24, 25, 6, 23, 167, 238, 25, 23, 11, 178, 4, 88, 238, 34, 21, 225, 17, 225, 79, 253, 19, 237, 29, 4, 247, 88, 11, 179, 51, 23, 3, 228, 95, 31, 240, 25, 9, 9, 95, 86, 30, 29, 76, 27, 19, 179, 224, 10, 30, 250, 168, 20, 93, 25, 10, 27, 244, 25, 248, 84, 250, 28, 54, 29, 16, 247, 92, 2, 177, 15, 9, 12, 230, 169, 16, 27, 13, 11, 9, 78, 69, 6, 25, 4, 241, 232, 160, 240, 65, 13, 8, 168, 11, 84, 25, 34, 255, 234, 6, 250, 79, 248, 30, 244, 21, 78, 25, 82, 17, 184, 246, 26, 28, 236, 173, 31, 244, 0, 19, 24, 69, 89, 30, 26, 246, 13, 17, 160, 240, 65, 13, 47, 173, 19, 84, 234, 16, 23, 254, 4, 240, 76, 224, 6, 229, 20, 5, 238, 83, 11, 168, 240, 21, 65, 228, 92, 234, 0, 31, 19, 7, 90, 75, 11, 11, 27, 240, 23, 170, 245, 12, 229, 15, 179, 15, 78, 3, 16, 232, 239, 23, 250, 80, 224, 4, 242, 234, 19, 244, 94, 0, 174, 242, 25, 12, 47, 68, 12, 247, 65, 86, 57, 75, 89, 5, 19, 244, 1, 29, 92, 235, 1, 13, 241, 165, 4, 163, 224, 9, 29, 242, 20, 227, 80, 230, 4, 245, 22, 8, 231, 161, 2, 163, 1, 8, 22, 228, 175, 20, 1, 11, 15, 20, 89, 90, 26, 22, 4, 5, 238, 95, 228, 1, 23, 4, 177, 6, 161, 227, 9, 233, 229, 6, 250, 79, 11, 18, 245, 24, 25, 236, 84, 16, 107, 1, 229, 10, 228, 168, 31, 253, 31, 22, 30, 75, 74, 20, 25, 10, 27, 229, 92, 245, 25, 13, 7, 163, 3, 88, 244, 13, 237, 244, 6, 248, 74, 224, 29, 235, 234, 6, 47, 95, 6, 177, 250, 231, 12, 234, 170, 16, 241, 12, 15, 8, 20, 69, 41, 16, 5, 27, 224, 163, 238, 31, 10, 51, 175, 6, 161, 244, 29, 29, 247, 20, 240, 160, 248, 26, 241, 29, 5, 246, 80, 14, 171, 7, 8, 1, 226, 90, 18, 11, 10, 9, 37, 95, 90, 29, 25, 14, 27, 31, 173, 226, 12, 11, 254, 179, 2, 93, 245, 13, 230, 239, 4, 245, 89, 240, 4, 235, 233, 3, 232, 161, 20, 161, 7, 8, 1, 254, 90, 224, 12, 5, 9, 11, 75, 71, 8, 25, 14, 27, 235, 170, 240, 25, 13, 14, 160, 0, 90, 231, 20, 233, 229, 21, 230, 80, 242, 26, 240, 29, 50, 243, 163, 15, 174, 240, 13, 11, 244, 173, 29, 247, 27, 26, 2, 86, 90, 2, 22, 7, 74, 29, 84, 244, 26, 13, 5, 160, 21, 78, 230, 13, 238, 238, 4, 245, 74, 247, 20, 247, 236, 20, 231, 87, 2, 173, 245, 23, 27, 226, 90, 232, 13, 11, 28, 20, 85, 76, 20, 28, 0, 13, 238, 95, 42, 29, 15, 244, 179, 30, 78, 239, 19, 24, 255, 17, 241, 94, 11, 6, 254, 29, 50, 243, 127, 46, 121, 1, 58, 5, 226, 90, 12, 253, 244, 16, 4, 84, 69, 37, 11, 27, 15, 31, 162, 226, 12, 55, 240, 163, 2, 167, 46, 45, 22, 229, 236, 241, 74, 250, 26, 239, 24, 3, 244, 94, 4, 168, 240, 25, 25, 230, 167, 232, 27, 25, 9, 9, 78, 79, 11, 12, 77, 244, 31, 173, 243, 22, 13, 243, 174, 3, 164, 236, 9, 80, 229, 236, 241, 74, 247, 6, 244, 29, 23, 227, 92, 23, 171, 255, 13, 26, 240, 160, 29, 243, 7, 15, 9, 69, 90, 4, 9, 4, 11, 229, 169, 235, 28, 15, 10, 94, 14, 163, 25, 8, 234, 245, 18, 11, 95, 252, 26, 229, 234, 9, 232, 94, 16, 168, 250, 29, 31, 254, 103, 29, 241, 14, 13, 4, 83, 86, 11, 15, 11, 247, 29, 175, 239, 10, 13, 243, 174, 3, 164, 236, 9, 80, 229, 233, 252, 80, 250, 4, 240, 231, 16, 25, 163, 15, 164, 1, 30, 22, 243, 163, 237, 10, 31, 29, 30, 90, 91, 5, 86, 8, 253, 29, 164, 245, 24, 26, 7, 171, 11, 78, 229, 19, 239, 247, 6, 250, 79, 58, 4, 3, 233, 3, 27, 93, 4, 164, 254, 15, 2, 247, 167, 19, 72, 31, 20, 30, 90, 13, 8, 9, 4, 11, 229, 169, 235, 28, 15, 10, 94, 6, 93, 228, 3, 19, 244, 232, 224, 76, 248, 17, 229, 232, 10, 231, 78, 53, 172, 7, 30, 12, 247, 180, 224, 12, 15, 22, 20, 83, 85, 25, 31, 12, 1, 29, 161, 241, 28, 19, 1, 160, 4, 162, 239, 5, 16, 246, 4, 230, 80, 228, 20, 241, 19, 22, 233, 161, 30, 94, 7, 26, 12, 255, 92, 19, 8, 78, 25, 11, 77, 20]
answer = decrypt(KEY1, 6, KEY2)
p = re.compile('(?<=@)[\w, {, }]')
print answer
matches = p.findall(answer)
print matches
print ''.join(matches)
得到原文
In_my_previous_scripting_tutorials,hsctf{NO!You_didn't_read_the_tutorial_Find_some@}I've_covered_BASH,Pe@Yrl_and_PowerShell@oscripting,@uand_along@G_the_way,we_b@euilt_our@t_own_net@Mwork_port_scann@eer_using@[email protected]_we_wi@Sll_begin_loo@Cking_at@T_the_most_widel@Fy_used_scripting_lan@{guage_for_hackers,Python@[email protected]@a@m@on_has_so@tme_important_features_that_make_it_pa@hrticularly_useful_fo@e@r_hacking,but_probably_most_import@rantly,it_has_some_prebuilt@i_libraries_that_provide_some_po@gwerful_functionality.Python_ships_w@hith_over1,000modules_and_many_mor@t@e_are_available_in_various_other_repositories.T@fhis_isn't_to_say_that_scripting_languag@les_like_BASH,Perl,and_Ruby_can't_do@athe_same_things_as_Python,but_building_those_capabilities_are_much_easier_using_Python.Adding_Python_Modules.The_Python_standard_library_and_modules_provide_an_extensive_range_of_capabilities_in@gcluding_builtin_data_types,exception_handling,numeric_and_math_modules,file@}handling,cryptographic_services,Internet_data_handling,and_interaction_with_Internet_protocols(IPs).Despite_all_of_the_power_offered_by_these_standard_libraries_and_modules,we_may_need_or_want_addition al_third-party_modules.The_thirdparty_modules_available_for_Python_are_extensive_and_is_probably_the_reason_most_hackers_prefer_Python_for_scripting.You_can_find_acomprehensive_list_of_thirdparty_modules_at_PyPI:The_Python_Package_Index.If_we_need_to_install_athirdparty_module,we_can_simply_use_wget_to_download_it_from_the_repository,uncompress_the_module,then_run_the_python_setup.py_install_command.As_an_example,let's_download_and_install_the_Nmap_python_module_from_a_small_repository_at_xael.org.
Flag就藏在每个 @ 符号的后边
YouGetMe!HSCTF{I_am_the_right_flag}
Flag
HSCTF{I_am_the_right_flag}