JarvisOJ 做题记录

[pwn]guestbook2

问题&读别人wp 10-6

  • unlink操作
  • glibc版本为2.28
  • 需要阅读源码
  • 局部性原理 locality

[rev]bbencode

是一个流密钥生成器,这种密钥生成器一般都有一个周期, 并且不是很大,所以直接爆破即可

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
def bbencode(n):
    a = 0
    for i in bin(n)[2:]:
        a = a << 1
        if (int(i)):
            a = a ^ n
        if a >> 256:
            a = a ^ 0x10000000000000000000000000000000000000000000000000000000000000223
    return a
a = 61406787709715709430385495960238216763226399960658358000016620560764164045692
s = 61406787709715709430385495960238216763226399960658358000016620560764164045692
while True:
    if bbencode(s)==a:
        print(s.to_bytes(32,'big'))
        break
    s = bbencode(s)

[rev]爬楼梯

直接使用ApkIDE把onCreate的v5改成1即可获取flag