日韩性视频-久久久蜜桃-www中文字幕-在线中文字幕av-亚洲欧美一区二区三区四区-撸久久-香蕉视频一区-久久无码精品丰满人妻-国产高潮av-激情福利社-日韩av网址大全-国产精品久久999-日本五十路在线-性欧美在线-久久99精品波多结衣一区-男女午夜免费视频-黑人极品ⅴideos精品欧美棵-人人妻人人澡人人爽精品欧美一区-日韩一区在线看-欧美a级在线免费观看

歡迎訪問 生活随笔!

生活随笔

當前位置: 首頁 > 编程语言 > python >内容正文

python

MoeCTF 2021Re部分------Midpython.exe

發布時間:2025/3/21 python 23 豆豆
生活随笔 收集整理的這篇文章主要介紹了 MoeCTF 2021Re部分------Midpython.exe 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

文章目錄

    • Midpython.exe
      • marshal和dis庫配合:
      • 手動改為py
      • 解密腳本
    • 總結:

Midpython.exe

python代碼寫成的exe,進行反編譯,先搞成pyc,然后把pyc反編譯成py,但是再第二個步驟反編譯成py的時候出現了如下報錯:

Traceback (most recent call last):File "g:\python3.7.6-64\lib\runpy.py", line 193, in _run_module_as_main"__main__", mod_spec)File "g:\python3.7.6-64\lib\runpy.py", line 85, in _run_codeexec(code, run_globals)File "G:\python3.7.6-64\Scripts\uncompyle6.exe\__main__.py", line 7, in <module>File "g:\python3.7.6-64\lib\site-packages\uncompyle6\bin\uncompile.py", line 194, in main_bin**options)File "g:\python3.7.6-64\lib\site-packages\uncompyle6\main.py", line 324, in maindo_fragments,File "g:\python3.7.6-64\lib\site-packages\uncompyle6\main.py", line 222, in decompile_filedo_fragments=do_fragments,File "g:\python3.7.6-64\lib\site-packages\uncompyle6\main.py", line 141, in decompileco, out, bytecode_version, debug_opts=debug_opts, is_pypy=is_pypyFile "g:\python3.7.6-64\lib\site-packages\uncompyle6\semantics\pysource.py", line 2570, in code_deparsescanner = get_scanner(version, is_pypy=is_pypy)File "g:\python3.7.6-64\lib\site-packages\uncompyle6\scanner.py", line 566, in get_scanner"scan.Scanner%s(show_asm=show_asm)" % v_str, locals(), globals()File "<string>", line 1, in <module>File "g:\python3.7.6-64\lib\site-packages\uncompyle6\scanners\scanner39.py", line 36, in __init__Scanner37Base.__init__(self, 3.9, show_asm)File "g:\python3.7.6-64\lib\site-packages\uncompyle6\scanners\scanner37base.py", line 98, in __init__self.opc.END_FINALLY, AttributeError: module 'xdis.opcodes.opcode_39' has no attribute 'END_FINALLY'

查看后是反編譯器的版本出現了不合。uncompyle6可將python字節碼轉換回等效的python源代碼,它接受python 1.3版到3.8版的字節碼,但是這個題目是python3.9,所以需要換其他方法

marshal和dis庫配合:

當然前提是需要到pyc的步驟,并且把頭修改好。

import marshal import dis a=open('Midpython.pyc','rb') a.seek(16) dis.dis(marshal.load(a))

然后先跳過頭結點(magic和time),原因,利用marshal進行以二進制格式讀取,然后用dis庫進行輸出,

1 0 BUILD_LIST 02 LOAD_CONST 0 ((69, 70, 79, 72, 88, 75, 85, 127, 89, 85, 74, 19, 74, 122, 107, 103, 75, 77, 9, 73, 29, 28, 67))4 LIST_EXTEND 16 STORE_NAME 0 (key)2 8 LOAD_CONST 1 (<code object <lambda> at 0x7f0b479a2be0, file "Midpython.py", line 2>)10 LOAD_CONST 2 ('<lambda>')12 MAKE_FUNCTION 014 STORE_NAME 1 (xxor)3 16 LOAD_CONST 3 (<code object <lambda> at 0x7f0b479a2c90, file "Midpython.py", line 3>)18 LOAD_CONST 2 ('<lambda>')20 MAKE_FUNCTION 022 STORE_NAME 2 (xoor)4 24 LOAD_CONST 4 (<code object <lambda> at 0x7f0b479a2d40, file "Midpython.py", line 4>)26 LOAD_CONST 2 ('<lambda>')28 MAKE_FUNCTION 030 STORE_NAME 3 (xorr)5 32 LOAD_NAME 4 (len)34 LOAD_NAME 0 (key)36 CALL_FUNCTION 138 STORE_NAME 5 (length)6 40 LOAD_NAME 6 (input)42 LOAD_CONST 5 ('>>>input your flag:\n>>>')44 CALL_FUNCTION 146 STORE_NAME 7 (ipt)7 48 LOAD_CONST 6 (1)50 STORE_NAME 8 (flag)8 52 LOAD_NAME 4 (len)54 LOAD_NAME 7 (ipt)56 CALL_FUNCTION 158 LOAD_NAME 5 (length)60 COMPARE_OP 2 (==)62 POP_JUMP_IF_FALSE 1149 64 LOAD_NAME 9 (range)66 LOAD_NAME 5 (length)68 CALL_FUNCTION 170 GET_ITER>> 72 FOR_ITER 38 (to 112)74 STORE_NAME 10 (i)10 76 LOAD_NAME 3 (xorr)78 LOAD_NAME 11 (ord)80 LOAD_NAME 7 (ipt)82 LOAD_NAME 10 (i)84 BINARY_SUBSCR86 CALL_FUNCTION 188 LOAD_NAME 10 (i)90 CALL_FUNCTION 292 LOAD_NAME 0 (key)94 LOAD_NAME 10 (i)96 BINARY_SUBSCR98 COMPARE_OP 3 (!=)100 POP_JUMP_IF_FALSE 7211 102 LOAD_CONST 7 (0)104 STORE_NAME 8 (flag)12 106 POP_TOP108 JUMP_ABSOLUTE 118110 JUMP_ABSOLUTE 72>> 112 JUMP_FORWARD 4 (to 118)14 >> 114 LOAD_CONST 7 (0)116 STORE_NAME 8 (flag)15 >> 118 LOAD_NAME 8 (flag)120 LOAD_CONST 6 (1)122 COMPARE_OP 2 (==)124 POP_JUMP_IF_FALSE 13616 126 LOAD_NAME 12 (print)128 LOAD_CONST 8 ('>>>Right!!')130 CALL_FUNCTION 1132 POP_TOP134 JUMP_FORWARD 8 (to 144)18 >> 136 LOAD_NAME 12 (print)138 LOAD_CONST 9 ('>>>Wrong!!')140 CALL_FUNCTION 1142 POP_TOP>> 144 LOAD_CONST 10 (None)146 RETURN_VALUEDisassembly of <code object <lambda> at 0x7f0b479a2be0, file "Midpython.py", line 2>:2 0 LOAD_FAST 0 (x)2 LOAD_FAST 1 (y)4 BINARY_XOR6 LOAD_CONST 1 (11)8 BINARY_XOR10 RETURN_VALUEDisassembly of <code object <lambda> at 0x7f0b479a2c90, file "Midpython.py", line 3>:3 0 LOAD_GLOBAL 0 (xxor)2 LOAD_FAST 0 (x)4 LOAD_FAST 1 (y)6 CALL_FUNCTION 28 LOAD_CONST 1 (45)10 BINARY_XOR12 RETURN_VALUEDisassembly of <code object <lambda> at 0x7f0b479a2d40, file "Midpython.py", line 4>:4 0 LOAD_GLOBAL 0 (xoor)2 LOAD_FAST 0 (x)4 LOAD_FAST 1 (y)6 CALL_FUNCTION 28 LOAD_CONST 1 (14)10 BINARY_XOR12 RETURN_VALUE

手動改為py

import dis def pyc():key=[(69, 70, 79, 72, 88, 75, 85, 127, 89, 85, 74, 19, 74, 122, 107, 103, 75, 77, 9, 73, 29, 28, 67)]xxor=lambda x,y:x^y^11xoor=lambda xxor,x,y:xxor(x,y)^45xorr=lambda xoor,x,y:xoor(x,y)^14length=len(key)ipt=input('>>>input your flag:\n>>>')flag=1if len(ipt)==length:for i in range(length):if xorr(ord(ipt[i]),i)!=key[i]:flag=0else:flag=0 if flag==1:print('>>>Right!!')else:print('>>>Wrong!!')dis.dis(pyc)

解密腳本

key=[69, 70, 79, 72, 88, 75, 85, 127, 89, 85, 74, 19, 74, 122, 107, 103, 75, 77, 9, 73, 29, 28, 67] for i in range(len(key)):flag=key[i]^11^i^45^14print(chr(flag),end='')

moectf{Pyth0n_M@st3r!!}

總結:

python3.9編譯的exe:

  • marshal庫和dis庫配合使用
  • uncompyle6對版本的限制

    • 總結

    以上是生活随笔為你收集整理的MoeCTF 2021Re部分------Midpython.exe的全部內容,希望文章能夠幫你解決所遇到的問題。

    如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。