某次热身赛re方向wp
📅 2026/7/6 2:47:18
👁️ 阅读次数
📝 编程学习
base64,只不过换了一个表,没有任何包装,这个总能做了吧
int __fastcall main(int argc, const char **argv, const char **envp) { int flag_len; // [rsp+4h] [rbp-2Ch] char *encoded; // [rsp+8h] [rbp-28h] char flag[24]; // [rsp+10h] [rbp-20h] BYREF unsigned __int64 v7; // [rsp+28h] [rbp-8h] v7 = __readfsqword(0x28u); read(0, flag, 0x15u); flag_len = strlen(flag); encoded = (char *)malloc(4 * flag_len / 3 + 4); if ( encoded ) { base64_custom_encode((const unsigned __int8 *)flag, flag_len, encoded); if ( !strcmp(encoded, "zNoHvOEJwug8z9sH0NQH0NQH0NQU") ) puts("success"); else puts("fail"); free(encoded); return 0; } else { fwrite("malloc failed\n", 1u, 0xEu, stderr); return 1; } }看到base64_custom_encode函数
void __cdecl base64_custom_encode(const unsigned __int8 *input, int len, char *output) { int v3; // eax int v4; // eax int v5; // eax int i; // [rsp+1Ch] [rbp-Ch] int j; // [rsp+20h] [rbp-8h] unsigned int triple; // [rsp+24h] [rbp-4h] unsigned int triplea; // [rsp+24h] [rbp-4h] unsigned int tripleb; // [rsp+24h] [rbp-4h] i = 0; j = 0; while ( len > i + 2 ) { triple = (input[i + 1] << 8) | (input[i] << 16) | input[i + 2]; output[j] = custom_b64_table[(triple >> 18) & 0x3F]; output[j + 1] = custom_b64_table[(triple >> 12) & 0x3F]; output[j + 2] = custom_b64_table[(triple >> 6) & 0x3F]; v3 = j + 3; j += 4; output[v3] = custom_b64_table[triple & 0x3F]; i += 3; } if ( len == i + 1 ) { triplea = input[i] << 16; output[j] = custom_b64_table[(input[i] >> 2) & 0x3F]; output[j + 1] = custom_b64_table[(triplea >> 12) & 0x3F]; output[j + 2] = 61; v4 = j + 3; j += 4; output[v4] = 61; } else if ( len == i + 2 ) { tripleb = (input[i] << 16) | (input[i + 1] << 8); output[j] = custom_b64_table[(tripleb >> 18) & 0x3F]; output[j + 1] = custom_b64_table[(tripleb >> 12) & 0x3F]; output[j + 2] = custom_b64_table[(tripleb >> 6) & 0x3F]; v5 = j + 3; j += 4; output[v5] = 61; } output[j] = 0; }再看到custom_b64_table,双击
custom_b64_table db 'XYZabcdefghijklmnopqrstuvwxyz0123456789+/ABCDEFGHIJKLMNOPQRSTUVW'拿到自定义的base64编码表
直接找在线工具http://web.chacuo.net/netbasex
sdpc{rererepwnpwnpwn}或者手搓python
STANDARD_ALPHABET = "XYZabcdefghijklmnopqrstuvwxyz0123456789+/ABCDEFGHIJKLMNOPQRSTUVW" def encode(data: str, alphabet: str = STANDARD_ALPHABET) -> str: result = [] for i in range(0, len(data), 3): #步长为3 chunk = data[i : i + 3] #三个一组 value = ord(chunk[0]) << 16 if len(chunk) > 1: value |= ord(chunk[1]) << 8 if len(chunk) > 2: value |= ord(chunk[2]) for j in range(4): if j < len(chunk) + 1: result.append(alphabet[(value >> (18 - j * 6)) & 0x3F]) else: result.append("=") return "".join(result) def decode(data: str, alphabet: str = STANDARD_ALPHABET) -> str: padding = data.count("=") data = data.rstrip("=") result = [] for i in range(0, len(data), 4): chunk = data[i : i + 4] value = 0 for j, c in enumerate(chunk): value |= alphabet.index(c) << (18 - j * 6) n = 4 - padding if i >= len(data) - 4 else 4 #判断是否为最后一组 for j in range(n - 1): result.append(chr((value >> (16 - j * 8)) & 0xFF)) return "".join(result) a=decode("zNoHvOEJwug8z9sH0NQH0NQH0NQU") print(a)如果脚本或代码有看不懂的,可以用以下提示词
把这段代码当作我完全不会编程来解释:逐行说明每行代码做了什么、为什么这样做,以及整个程序的功能。用最通俗的语言,不要跳过任何基础概念,包括函数用法。不会吧,直接给class文件还不会做吗
编程学习
技术分享
实战经验