攻防世界misc——test.pyc

下载得到pyc文件&＃xff0c;尝试反编译&＃xff0c;未能完全成功&＃xff0c;问题出在flag3

str &＃61; &＃39;jYygTOy&＃39; &＃43; &＃39;cmNycWNyYmM1Ujf&＃39;
import base64def flag1():code &＃61; str[::-3]result &＃61; &＃39;&＃39;for i in code:ss &＃61; ord(i) - 1result &＃43;&＃61; chr(ss)print result[::-1]def flag2():code &＃61; str[::-2]result &＃61; &＃39;&＃39;for i in code:ss &＃61; ord(i) - 1result &＃43;&＃61; chr(ss)print result[::-2]def flag3():pass
# WARNING: Decompyle incompleteflag1()


尝试用uncompyle6

比对上面的代码&＃xff0c;推测第一段显示的字符串均为有效字符串&＃xff0c;提取出来&＃xff0c;发现是个逆序的base64编码结果

&＃61;cWbihGfyMzNllzZ0cjZzMWN5cTM4YjYygTOycmNycWNyYmM1Ujf


上java&＃xff0c;翻转一下

/**
* 翻转字符串
*
* &＃64;param str
* &＃64;return
*/
static String rev(String str) {String str_r &＃61; (new StringBuilder(str)).reverse().toString();return str_r;
}


结果&＃xff1a;

fjU1MmYyNWcyNmcyOTgyYjY4MTc5NWMzZjc0ZzllNzMyfGhibWc&＃61;


base64解密

/**
* base64解密
*
* &＃64;param str
* &＃64;return
*/
static String bas64(String str) {Base64.Decoder de &＃61; Base64.getDecoder();String str_bas &＃61; new String((de.decode(str)));return str_bas;
}


结果&＃xff1a;

~552f25g26g2982b681795c3f74g9e732|hbmg


又是一个逆序&＃xff0c;再次翻转
结果&＃xff1a;

gmbh|237e9g47f3c597186b2892g62g52f255~


怀疑凯撒加密&＃xff0c;尝试解密&＃xff08;借鉴自&＃xff1a;51cto&＃xff09;

/**
* 凯撒加/解密
*
* &＃64;param str
* &＃64;return
*/
static String caesar(int key, String str) {StringBuilder es &＃61; new StringBuilder();for (int i &＃61; 0; i < str.length(); i&＃43;&＃43;) {char c &＃61; str.charAt(i);if (c > &＃39;a&＃39; && c < &＃39;z&＃39;) {c &＃43;&＃61; key % 26;if (c < &＃39;a&＃39;){c &＃43;&＃61; 26;}else if (c > &＃39;z&＃39;){c -&＃61; 26;}} else if (c > &＃39;A&＃39; && c < &＃39;Z&＃39;) {c &＃43;&＃61; key % 26;if (c < &＃39;A&＃39;){c &＃43;&＃61; 26;}else if (c > &＃39;Z&＃39;){c -&＃61; 26;}}es.append(c);}String str_ca &＃61; es.toString();return str_ca;
}


结果&＃xff1a;

是凯撒&＃xff0c;又不完全是&＃xff0c;flag也就是把字符串中所有字符的ASCII向前提了一位&＃xff0c;那就从第五位开始移位

/**
* 最终结果(由题&＃xff0c;flag前四位为“flag”)
*
* &＃64;param str
* &＃64;return
*/
static void final_res(String str){System.out.print("flag");for (int i &＃61; 4; i < str.length(); i&＃43;&＃43;) {char res &＃61; (char)(str.charAt(i) - 1);System.out.print(res);}System.out.println();
}


最终结果&＃xff1a;

flag{126e8g36f2c486075b1781g51g41f144}


完整代码&＃xff1a;

import java.util.Base64;/*** &＃64;Author: Jack Jparrow* &＃64;Date: 2021-11-21 21:03:03* &＃64;LastEditTime: 2021-11-21 21:51:43* &＃64;LastEditors: Jack Jparrow* &＃64;Description: 翻转字符串&＃xff0c;base64解密&＃xff0c;凯撒解密*/public class testpyc {public static void main(String[] args) {for (int i &＃61; 26; i > 0; i--) {// 加密正着&＃xff0c;解密反过来String result &＃61; rev(caesar(i, bas64(rev("&＃61;cWbihGfyMzNllzZ0cjZzMWN5cTM4YjYygTOycmNycWNyYmM1Ujf"))));// System.out.println(result &＃43; " " &＃43; (26 - i));if (i &＃61;&＃61; 1) {final_res(result);}}}/*** 翻转字符串* * &＃64;param str* &＃64;return*/static String rev(String str) {String str_r &＃61; (new StringBuilder(str)).reverse().toString();return str_r;}/*** base64解密* * &＃64;param str* &＃64;return*/static String bas64(String str) {Base64.Decoder de &＃61; Base64.getDecoder();String str_bas &＃61; new String((de.decode(str)));return str_bas;}/*** 凯撒加/解密* * &＃64;param str* &＃64;return*/static String caesar(int key, String str) {StringBuilder es &＃61; new StringBuilder();for (int i &＃61; 0; i < str.length(); i&＃43;&＃43;) {char c &＃61; str.charAt(i);if (c > &＃39;a&＃39; && c < &＃39;z&＃39;) {c &＃43;&＃61; key % 26;if (c < &＃39;a&＃39;){c &＃43;&＃61; 26;}else if (c > &＃39;z&＃39;){c -&＃61; 26;}} else if (c > &＃39;A&＃39; && c < &＃39;Z&＃39;) {c &＃43;&＃61; key % 26;if (c < &＃39;A&＃39;){c &＃43;&＃61; 26;}else if (c > &＃39;Z&＃39;){c -&＃61; 26;}}es.append(c);}String str_ca &＃61; es.toString();return str_ca;}/*** 最终结果(由题&＃xff0c;flag前四位为“flag”)* * &＃64;param str* &＃64;return*/static void final_res(String str){System.out.print("flag");for (int i &＃61; 4; i < str.length(); i&＃43;&＃43;) {char res &＃61; (char)(str.charAt(i) - 1);// 向前提一位System.out.print(res);}System.out.println();}
}