easyre

每一位和下一位异或

data=[ 0x0A, 0x0D, 0x06, 0x1C, 0x1D, 0x05, 0x05, 0x5F, 0x0D, 0x03,
  0x04, 0x0A, 0x14, 0x49, 0x05, 0x57, 0x00, 0x1B, 0x19, 0x02,
  0x01, 0x54, 0x4E, 0x4C, 0x56, 0x00, 0x51, 0x4B, 0x4F, 0x57,
  0x05, 0x54, 0x55, 0x03, 0x53, 0x57, 0x01, 0x03, 0x07, 0x04, 
  0x4A, 0x77]
for i in range(len(data)-1,-1,-1):
    data[i]^=data[(i+1)%len(data)]
print("".join(map(chr,data)))

flag{fcf94739-da66-467c-a77f-b50d12a67437}

tmaze

迷宫，应该是个图

找到起点和终点

然后直接idapython递归爆破就行

from ida_bytes import *
start=0x01E140BA1110
end=0x01E140BA14D0
def crack(addr,path,level,temp):
    if level>43:
        return
    if addr==end:
        print("found:",path)
        return
    next=get_qword(addr + 16)
    if next!=0 and get_byte(addr + 26)!=1 and temp!=next:
        crack(next,path+"z",level+1,addr)
    next = get_qword(addr + 8)
    if next!=0 and get_byte(addr + 25)!=1 and temp!=next:
        crack(next,path+"y",level+1,addr)
    next = get_qword(addr)
    if next != 0 and get_byte(addr + 24) != 1 and temp!=next:
        crack(next, path + "x", level + 1,addr)
crack(start,"",0,0)

flag{4bb5dac3-c578-66a2-d97a-664be7965820}

第四届“长城杯”网络安全大赛暨京津冀网络安全技能竞赛（初赛）WP

easyre

tmaze