https://buuoj.cn/challenges#[GKCTF2020]code%20obfuscation

BUUCTF:[GKCTF2020]code obfuscation_ci


BUUCTF:[GKCTF2020]code obfuscation_ci_02


一张倾斜的二维码

BUUCTF:[GKCTF2020]code obfuscation_二维码_03


PS拉一下

BUUCTF:[GKCTF2020]code obfuscation_ci_04


手动修补一下

BUUCTF:[GKCTF2020]code obfuscation_ci_05


BUUCTF:[GKCTF2020]code obfuscation_ci_06


BUUCTF:[GKCTF2020]code obfuscation_二维码_07


binwalk -e分离得到一个加密的RAR,根据提示以及上面二维码解出来这条信息

base(gkctf)

经过测试,发现gkctfbase58编码CfjxaPF可以成功解开RAR

BUUCTF:[GKCTF2020]code obfuscation_ci_08


flag3.png

$Bn$Ai$An$Ac$Al$Au$Ad$Ae$Bk$Cc$As$At$Ad$Ai$Ao$By$Ah$Ce
$Ai$An$At$Bk$Am$Aa$Ai$Bs$Bt$Cn
$Ap$Ar$Ai$An$At$Bs$Bm$Aw$Dd$Al$Ac$Da$Am$Ae$Cl$De$Ao$Cl$Dj$Ak$Ac$At$Df$Bm$Bt$Cb
$Ar$Ae$At$Au$Ar$An$Bk$Da$Cb
$Cp

1

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('15 n 14 a b c d e f g h i j k l m n o p q r s t u v w x y z 10 11 17="n"12 15 n 14 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 10 11 17="n"12 13=0 15 n 14 a b c d e f g h i j 10 11 16="n"13=$((13+1))12 1g("1f=\' \';1e=\'"\';16=\'#\';1j=\'(\';1i=\')\';1h=\'.\';1a=\';\';19=\'<\';18=\'>\';1d=\'1c\';1b=\'{\';1k=\'}\';1t=\'0\';1u=\'1\';1s=\'2\';1r=\'3\';1n=\'4\';1m=\'5\';1l=\'6\';1q=\'7\';1p=\'8\';1o=\'9\';")',62,93,'||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||do|eval|done|num|in|for|Bn|An|Ce|Cc|Cb|Cn|_|Cl|Bm|Bk|alert|By|Bt|Bs|Cp|Dg|Df|De|Dj|Di|Dh|Dd|Dc|Da|Db'.split('|'),0,{}))

JS混淆 JS混淆在线解密:http://tool.chinaz.com/js.aspx

for n in a b c d e f g h i j k l m n o p q r s t u v w x y z do eval An = "n"
    done
for n in A B C D E F G H I J K L M N O P Q R S T U V W X Y Z do eval An = "n"
    done
    num = 0
for n in a b c d e f g h i j do eval Bn = "n"
    num =
    $((num + 1)) done alert("Bk=' ';Bm='"
        ';Bn='#
        ';Bs=' (';Bt=')
        ';By='.
        ';Cb=';
        ';Cc=' < ';Ce=' > ';Cl='
        _ ';Cn=' {
            ';Cp='
        }
        ';Da='
        0 ';Db='
        1 ';Dc='
        2 ';Dd='
        3 ';De='
        4 ';Df='
        5 ';Dg='
        6 ';Dh='
        7 ';Di='
        8 ';Dj='
        9 ';")

整理一下

for n in a b c d e f g h i j k l m n o p q r s t u v w x y z do eval An = "n"
done
for n in A B C D E F G H I J K L M N O P Q R S T U V W X Y Z do eval An = "n"
done num = 0
for n in a b c d e f g h i j do eval Bn = "n"
num = $((num + 1))
done alert("Bk=' ';Bm='"';Bn='#';Bs='(';Bt=')';By='.';Cb='';Cc='<';Ce='>';Cl='_';Cn='{';Cp='}';Da='0';Db='1';Dc='2';Dd='3';De='4';Df='5';Dg='6';Dh='7';Di='8';Dj='9';")

找到替换关系,替换即可

贴个网上找到的脚本

import string
s = "$Bn$Ai$An$Ac$Al$Au$Ad$Ae$Bk$Cc$As$At$Ad$Ai$Ao$By$Ah$Ce$Ai$An$At$Bk$Am$Aa$Ai$An$Bs$Bt$Cn$Ap$Ar$Ai$An$At$Bs$Bm$Aw$Dd$Al$Ac$Da$Am$Ae$Cl$De$Ao$Cl$Dj$Ak$Ac$At$Df$Bm$Bt$Cb$Ar$Ae$At$Au$Ar$An$Bk$Da$Cb$Cp"
ll = s.split('$')
list1 = ['Bk','Bm','Bn','Bs','Bt','By','Cb','Cc','Ce','Cl','Cn','Cp',
'Da','Db','Dc','Dd','De','Df','Dg','Dh','Di','Dj']
list2 = [' ','"','#','(',')','.','','<','>','_','{','}','0','1','2','3','4','5','6','7','8','9']
list3 = []
list4 = []
s = string.ascii_lowercase
for i in s:
	list3.append('A%s'%i)
	list4.append(i)
#print(list3,'\n',list4)

t = ''
for i in range(0,len(ll)):
	for j in range(0,len(list1)):
		if ll[i]==list1[j]:
			t += list2[j]
	for k in range(0,len(list3)):
		if ll[i]==list3[k]:
			t +=list4[k]
print(t)

BUUCTF:[GKCTF2020]code obfuscation_ci_09

flag{w3lc0me_4o_9kct5}