CTF【每日一題20160623】dotNet逆向分析
阿新 • • 發佈:2019-01-02
.NET逆向第一題
嗯,看名字就應該明白了,快去下載吧!
下載後是一個DotNetCrackMe1.exe檔案。
分析
逆向分析的基礎問題,可以參考以下資源列表 豆瓣逆向分析基礎總結:https://www.douban.com/note/214872071/ 看雪逆向精華區:http://bbs.pediy.com/forumdisplay.php?viewgoodnees=1&f=4&prefixid=phpforce_20 看雪破解精華區:http://bbs.pediy.com/forumdisplay.php?viewgoodnees=1&f=37 下面從頭講講這個小題的解決思路: 1.安裝.net4.0、ILSPY2.3 or 更高版本 2.用ILSPY2.3開啟DotNetCrackMe1.exe
3.展開DotNetCrackMe1,看到這個.net程式很簡單,就一個WindowsFormsApplication1,裡面就一個Form1,Form1下有button1_click方法,其中的判斷語句
if ("fOCPTVF0diO+B0IMXntkPoRJDUj5CCsT" == this.Encode(this.textBox1.get_Text()))
意味著它提交一個使用者輸入值進行Encode(),然後判斷是否與"fOCPTVF0diO+B0IMXntkPoRJDUj5CCsT"相同,若相同後就“OK"了。
4.再看一下Encode()函式,可以看出來是一個DES加密過程,最後又進行了base64的編碼。
public string Encode(string data)
{
string result;
try
{
byte[] bytes = Encoding.get_ASCII().GetBytes("wctf{wol");
byte[] bytes2 = Encoding.get_ASCII().GetBytes("dy_crack}");
DESCryptoServiceProvider dESCryptoServiceProvider
= new DESCryptoServiceProvider();
int keySize = dESCryptoServiceProvider.get_KeySize();
MemoryStream memoryStream = new MemoryStream();
CryptoStream cryptoStream
= new CryptoStream(memoryStream,
dESCryptoServiceProvider.CreateEncryptor(bytes, bytes2), 1);
StreamWriter streamWriter = new StreamWriter(cryptoStream);
streamWriter.Write(data);
streamWriter.Flush();
cryptoStream.FlushFinalBlock();
streamWriter.Flush();
result = Convert.ToBase64String(memoryStream.GetBuffer(),
0, (int)memoryStream.get_Length());
}
catch
{
result = "http://weibo.com/woldy";
}
return result;
}
5.那麼解決過程顯然是根據上面的編碼進行解碼。網上已經有人解決了,我轉載一下:
來源:http://blog.csdn.net/u010379510/article/details/44496995
public string Decode(string data)
{
string result;
byte[] byte1;
try
{
byte1 = Convert.FromBase64String("fOCPTVF0diO+B0IMXntkPoRJDUj5CCsT");
byte[] bytes = Encoding.ASCII.GetBytes("wctf{wol");
byte[] bytes2 = Encoding.ASCII.GetBytes("dy_crack}");
DESCryptoServiceProvider dESCryptoServiceProvider
= new DESCryptoServiceProvider();
MemoryStream memoryStream = new MemoryStream();
CryptoStream cryptoStream = new CryptoStream(memoryStream,
dESCryptoServiceProvider.CreateDecryptor(bytes, bytes2),
CryptoStreamMode.Write);
cryptoStream.Write(byte1, 0, byte1.Length);
cryptoStream.FlushFinalBlock();
System.Text.Encoding encoding = System.Text.Encoding.UTF8;
result = encoding.GetString(memoryStream.ToArray());
}
catch
{
result = "http://weibo.com/woldy";
}
return result;
}
另外,如果單獨解決base64的編、解碼問題,可以參考:http://blog.csdn.net/morewindows/article/details/11922473
答案:解碼得到wctf{dotnet_crackme1}