前言
第一次参加网安相关的竞赛,种了一百万课数(因为要上课,只做了一天半)。看大佬们都在写Writeup(查了下意思是 ctf(信息安全夺旗赛)中的解题思路),我也来搞一篇,记录一下我的解题思路和学到的东西(好多东西是第一次见)。
题目
第一题
第一题是直接把第一个请求返回的参数在发送出去。
代码语言:txt复制def main():
url = "http://159.75.70.9:8081/pull?u=000003315146DEE5E425871CDE778FF5"
postData = "u=000003315146DEE5E425871CDE778FF5"
try:
r = requests.post(url, data=postData)
t = json.loads(r.text)["t"]
a = json.loads(r.text)["a"]
c = json.loads(r.text)["c"]
url1 = "http://159.75.70.9:8081/push?t=" t "&a=" a
r1 = requests.get(url1, timeout=0.5)
print(r1.text)
except Exception as e:
print(e)
if __name__ == "__main__":
while True:
main()第二题
第二题题目JS文件:
代码语言:txt复制window.A3C2EA99=async function({a}){return new Promise(_=>setTimeout(__=>_(a[0]*a[0] a[0]),2000))}一个简单计算,只是加了一个定时器,这个题感觉直接在浏览器上修改就可以,但是我为了以后的题,统一使用的python。
代码语言:txt复制def main():
url = "http://159.75.70.9:8081/pull?u=000003315146DEE5E425871CDE778FF5"
postData = "u=000003315146DEE5E425871CDE778FF5"
try:
r = requests.post(url, data=postData)
t = json.loads(r.text)["t"]
a = int(json.loads(r.text)["a"])
c = json.loads(r.text)["c"]
a = str(a*a a)
url1 = "http://159.75.70.9:8081/push?t=" t "&a=" a
r1 = requests.get(url1, timeout=0.5)
print(r1.text)
except Exception as e:
print(e)
if __name__ == "__main__":
while True:
main()第三题
第三题JS文件
代码语言:txt复制eval(atob("dmFyIF8weGU5MzY9WydBNTQ3Mzc4OCddOyhmdW5jdGlvbihfMHg0OGU4NWMsXzB4ZTkzNmQ4KXt2YXIgXzB4MjNmYzVhPWZ1bmN0aW9uKF8weDI4NThkOSl7d2hpbGUoLS1fMHgyODU4ZDkpe18weDQ4ZTg1Y1sncHVzaCddKF8weDQ4ZTg1Y1snc2hpZnQnXSgpKTt9fTtfMHgyM2ZjNWEoKytfMHhlOTM2ZDgpO30oXzB4ZTkzNiwweDE5NikpO3ZhciBfMHgyM2ZjPWZ1bmN0aW9uKF8weDQ4ZTg1YyxfMHhlOTM2ZDgpe18weDQ4ZTg1Yz1fMHg0OGU4NWMtMHgwO3ZhciBfMHgyM2ZjNWE9XzB4ZTkzNltfMHg0OGU4NWNdO3JldHVybiBfMHgyM2ZjNWE7fTt3aW5kb3dbXzB4MjNmYygnMHgwJyldPWZ1bmN0aW9uKF8weDMzNTQzNyl7dmFyIF8weDFhYWMwMj0weDMwZDNmO2Zvcih2YXIgXzB4M2JlZDZhPTB4MzBkM2Y7XzB4M2JlZDZhPjB4MDtfMHgzYmVkNmEtLSl7dmFyIF8weDM3NTM0MD0weDA7Zm9yKHZhciBfMHgxZGRiNzc9MHgwO18weDFkZGI3NzxfMHgzYmVkNmE7XzB4MWRkYjc3Kyspe18weDM3NTM0MCs9XzB4MzM1NDM3WydhJ11bMHgwXTt9XzB4Mzc1MzQwJV8weDMzNTQzN1snYSddWzB4Ml09PV8weDMzNTQzN1snYSddWzB4MV0mJl8weDNiZWQ2YTxfMHgxYWFjMDImJihfMHgxYWFjMDI9XzB4M2JlZDZhKTt9cmV0dXJuIF8weDFhYWMwMjt9Ow=="))搜了一下atob(),发现 atob() 方法用于解码使用 base-64 编码的字符串 。
Base64解码,格式化代码后:
代码语言:txt复制var _0xe936 = ['A5473788']; (function(_0x48e85c, _0xe936d8) {
var _0x23fc5a = function(_0x2858d9) {
while (--_0x2858d9) {
_0x48e85c['push'](_0x48e85c['shift']());
}
};
_0x23fc5a( _0xe936d8);
} (_0xe936, 0x196));
var _0x23fc = function(_0x48e85c, _0xe936d8) {
_0x48e85c = _0x48e85c - 0x0;
var _0x23fc5a = _0xe936[_0x48e85c];
return _0x23fc5a;
};
window[_0x23fc('0x0')] = function(_0x335437) {
var _0x1aac02 = 0x30d3f;
for (var _0x3bed6a = 0x30d3f; _0x3bed6a > 0x0; _0x3bed6a--) {
var _0x375340 = 0x0;
for (var _0x1ddb77 = 0x0; _0x1ddb77 < _0x3bed6a; _0x1ddb77 ) {
_0x375340 = _0x335437['a'][0x0];
}
_0x375340 % _0x335437['a'][0x2] == _0x335437['a'][0x1] && _0x3bed6a < _0x1aac02 && (_0x1aac02 = _0x3bed6a);
}
return _0x1aac02;
};最后通过变量替换得到解决代码:
代码语言:txt复制i1 = 199999
value = 199999
while i1 > 0:
temp_val = 0
i2 = 0
while i2 < i1:
temp_val = a[0] temp_val
i2 = i2 1
if i1 % 100 == 0:
temp_val = i1 * a[0]
if temp_val % a[2] == a[1]:
if i1 < 199999:
value = i1
i1 = i1 - 1
a = value第四题
题目JS文件
代码语言:txt复制/*
* 提示:该行代码过长,系统自动注释不进行高亮。一键复制会移除系统注释
* window.A593C8B8=async(_)=>(($,_,__,___,____)=>{let _____=function*(){while([])yield[(_,__)=>_ __,(_,__)=>_-__,(_,__)=>_*__][ __%(! [] ! [] ! [])][( ( ! [] [ ! []]))[(!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ( ![] ([] [])[([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ ! []] (![] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [])[ ! []] ([][[]] [])[ []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ []] (!![] [])[ ! []] ([![]] [][[]])[ ! [] [ []]] ([][[]] [])[ ! []] ( ![] [![]] ([] [])[([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ ! []] (![] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [])[ ! []] ([][[]] [])[ []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []]])[! [] ! [] [ []]]](! [] ! [] [ []]) ([![]] [][[]])[ ! [] [ []]] ([][[]] [])[ ! []] ([][[]] [])[! [] ! []]]( [],___,____)}();let ______=function(_____,______,_______){____=_____;___=______[([][[]] '')[ ! []] (!![] '')[ ! [] ! [] ! []] ( ( ! [] [ []] [ ! []]))[(!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ( ![] ([] [])[([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ ! []] (![] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [])[ ! []] ([][[]] [])[ []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ []] (!![] [])[ ! []] ([![]] [][[]])[ ! [] [ []]] ([][[]] [])[ ! []] ( ![] [![]] ([] [])[([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ ! []] (![] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [])[ ! []] ([][[]] [])[ []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []]])[! [] ! [] [ []]]](! [] ! [] ! [] [! [] ! [] ! [] ! []])[ ! []] (!![] '')[ []]]()[( (! [] ! [] ! [] [ ! []]))[(!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ( ![] ([] [])[([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ ! []] (![] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [])[ ! []] ([][[]] [])[ []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ []] (!![] [])[ ! []] ([![]] [][[]])[ ! [] [ []]] ([][[]] [])[ ! []] ( ![] [![]] ([] [])[([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ ! []] (![] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [])[ ! []] ([][[]] [])[ []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []]])[! [] ! [] [ []]]](! [] ! [] ! [] [! [] ! []]) (![] [])[ ! []] (![] [])[! [] ! []] ([][[]] [])[ []] (!![] [])[! [] ! [] ! []]]();__==_[(![] '')[ ! []]][(![] [])[! [] ! []] (!![] [])[! [] ! [] ! []] ([][[]] [])[ ! []] ( ![] [![]] ([] [])[([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ ! []] (![] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [])[ ! []] ([][[]] [])[ []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []]])[! [] ! [] [ []]] (!![] [])[ []] ( ( ! [] [ []] [ ! []]))[(!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ( ![] ([] [])[([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ ! []] (![] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [])[ ! []] ([][[]] [])[ []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ []] (!![] [])[ ! []] ([![]] [][[]])[ ! [] [ []]] ([][[]] [])[ ! []] ( ![] [![]] ([] [])[([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ ! []] (![] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [])[ ! []] ([][[]] [])[ []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []]])[! [] ! [] [ []]]](! [] ! [] [ ! []])[ ! []]]&&_______(-___)};return new Promise(__=>_[(![] '')[ ! []]][(![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]][([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ ! []] (![] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [])[ ! []] ([][[]] [])[ []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []]]((!![] [])[ ! []] (!![] [])[! [] ! [] ! []] (!![] [])[ []] ([][[]] [])[ []] (!![] [])[ ! []] ([][[]] [])[ ! []] (![] [ ![]])[([![]] [][[]])[ ! [] [ []]] (!![] [])[ []] (![] [])[ ! []] (![] [])[! [] ! []] ([![]] [][[]])[ ! [] [ []]] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (![] [])[! [] ! [] ! []]]()[ ! [] [ []]] [ []] (![] [ ![]])[([![]] [][[]])[ ! [] [ []]] (!![] [])[ []] (![] [])[ ! []] (![] [])[! [] ! []] ([![]] [][[]])[ ! [] [ []]] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (![] [])[! [] ! [] ! []]]()[ ! [] [ []]])()[([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ ! []] (![] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [])[ ! []] ([][[]] [])[ []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []]] [])[ ! [] [! [] ! []]] (![] [])[ ! []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] ( ( ! [] [ []] [ ! []]))[(!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ( ![] ([] [])[([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ ! []] (![] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [])[ ! []] ([][[]] [])[ []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ []] (!![] [])[ ! []] ([![]] [][[]])[ ! [] [ []]] ([][[]] [])[ ! []] ( ![] [![]] ([] [])[([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ ! []] (![] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [])[ ! []] ([][[]] [])[ []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []]])[! [] ! [] [ []]]](! [] ! [] [ ! []])[ ! []]](___=>$[(![] [])[! [] ! [] ! []] (!![] [])[! [] ! [] ! []] (!![] [])[ []] ( [![]] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]][([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ ! []] (![] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [])[ ! []] ([][[]] [])[ []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []]]((!![] [])[ ! []] (!![] [])[! [] ! [] ! []] (!![] [])[ []] ([][[]] [])[ []] (!![] [])[ ! []] ([][[]] [])[ ! []] ( [![]] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ ! []]] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]][([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ ! []] (![] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [])[ ! []] ([][[]] [])[ []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []]]((!![] [])[ ! []] (!![] [])[! [] ! [] ! []] (!![] [])[ []] ([][[]] [])[ []] (!![] [])[ ! []] ([][[]] [])[ ! []] ( [![]] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ ! []]] (!![] [])[! [] ! [] ! []] (![] [])[! [] ! [] ! []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (![] [])[ ! []] ( (! [] ! [] [ ! []] [ ! []]))[(!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ( ![] ([] [])[([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ ! []] (![] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [])[ ! []] ([][[]] [])[ []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ []] (!![] [])[ ! []] ([![]] [][[]])[ ! [] [ []]] ([][[]] [])[ ! []] ( ![] [![]] ([] [])[([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ ! []] (![] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [])[ ! []] ([][[]] [])[ []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []]])[! [] ! [] [ []]]](! [] ! [] ! [] [ ! []])[ ! []] (!![] [])[! [] ! [] ! []])()(([] [])[(![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ ! []] (!![] [])[ []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []]]()[ ! [] [ ! []]])[! [] ! []] (![] [])[ ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []])()())[! [] ! [] ! [] [ []]] ([![]] [][[]])[ ! [] [ []]] (( [])[([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ ! []] (![] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [])[ ! []] ([][[]] [])[ []] ([][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]] [])[! [] ! [] ! []] (!![] [])[ []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] (!![] [])[ ! []]] [])[ ! [] [ ! []]] (!![] [])[! [] ! [] ! []] (!![] [][(![] [])[ []] ([![]] [][[]])[ ! [] [ []]] (![] [])[! [] ! []] (!![] [])[ []] (!![] [])[! [] ! [] ! []] (!![] [])[ ! []]])[ ! [] [ []]] ([][[]] [])[ []] (!![] [])[ []]](____=>______(___,_____,__),___)))})(window,_, [], [], [])
*/日,刚开始给我看蒙了。
然后把那些“! []”等放到浏览器中计算,然后进行变量替换得到:
代码语言:txt复制window.A593C8B8 = async (A) => (($, A, B, C, D) => {
let E = function* () {
while (1) yield[(A, B) => A B, (A, B) => A - B, (A, B) => A * B][ B % 3]["bind"](0, C, D)
}();
let F = function (E, F, G) {
D = E;
C = F["next"]()["value"]();
B == A["a"]["length"] && G(-C)
};
let temp = new Promise(B => A["a"]["forEach"](C => $["setTimeout"](D => F(C, E, B), C)))
return temp
})(window, A, 0, 0, 0)通过分析代码和观察数据得出这其实就是先把A中的数据排序,然后按照固定加减乘次序做一次运算。
这里浪费了我好长时间,看来以后得重视使用浏览器开发者工具调试。
解题代码关键部分:
代码语言:txt复制temArr = a
for i in range(6):
temArr.append(a[i])
temArr.sort()
tempVal = (temArr[0] * temArr[1] - temArr[2] temArr[3]) * temArr[4] - temArr[5] temArr[6]第五题
题目JS文件:
代码语言:txt复制window.A661E542 = async function ({
a: A
}) {
return (await WebAssembly.instantiate(
await WebAssembly.compile(await (
await fetch("data:application/octet-binary;base64,AGFzbQEAAAABBwFgAn9/AX8CFwIETWF0aANtaW4AAARNYXRoA21heAAAAwIBAAcHAQNSdW4AAgpgAV4BBn8gACECIAFBAWsiBARAA0AgAiEDQQAhBkEKIQcDQCADQQpwIQUgA0EKbiEDIAUgBhABIQYgBSAHEAAhByADQQBLDQALIAIgBiAHbGohAiAEQQFrIgQNAAsLIAIL")).arrayBuffer()), {
Math: Math
})).exports.Run(...A)
}Data部分解密之后得到:
代码语言:txt复制00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
--------------------------------------------------------------------
00 61 73 6D 01 00 00 00 01 07 01 60 02 7F 7F 01 | .asm.......`..
7F 02 17 02 04 4D 61 74 68 03 6D 69 6E 00 00 04 | ....Math.min...
4D 61 74 68 03 6D 61 78 00 00 03 02 01 00 07 07 | Math.max........
01 03 52 75 6E 00 02 0A 60 01 5E 01 06 7F 20 00 | ..Run...`.^.. .
21 02 20 01 41 01 6B 22 04 04 40 03 40 20 02 21 | !. .A.k"..@.@ .!
03 41 00 21 06 41 0A 21 07 03 40 20 03 41 0A 70 | .A.!.A.!..@ .A.p
21 05 20 03 41 0A 6E 21 03 20 05 20 06 10 01 21 | !. .A.n!. . ...!
06 20 05 20 07 10 00 21 07 20 03 41 00 4B 0D 00 | . . ...!. .A.K..
0B 20 02 20 06 20 07 6C 6A 21 02 20 04 41 01 6B | . . . .lj!. .A.k
22 04 0D 00 0B 0B 20 02 0B | "..... ..好家伙又是没见到过的东西。
去搜了一下。
WebAssembly(缩写为 Wasm)是基于堆栈的虚拟机的二进制指令格式。Wasm 被设计为编程语言的可移植编译目标,从而可以在 Web 上为客户端和服务器应用程序进行部署。
高效快捷:Wasm stack machine 设计为以节省大小和加载时间的二进制格式进行编码。WebAssembly旨在通过利用广泛平台上可用的通用硬件功能,以本机速度执行。
安全的:WebAssembly描述了一种内存安全的沙盒执行环境,该环境甚至可以在现有JavaScript虚拟机内部实现。当嵌入到Web中时,WebAssembly将强制执行浏览器的同源和权限安全策略。
开放且可调试:WebAssembly设计为以文本格式精美打印,用于手工调试,测试,实验,优化,学习,教学和编写程序。在Web上查看Wasm模块的来源时,将使用文本格式。
开放式网络平台的一部分:WebAssembly旨在维护Web的无版本,经过功能测试和向后兼容的性质。WebAssembly模块将能够调用和退出JavaScript上下文,并通过可从JavaScript访问的相同Web API来访问浏览器功能。WebAssembly还支持非Web嵌入。
搞了一下午了反汇编,得到:
代码语言:txt复制(module
(func $Math.min (;0;) (import "Math" "min") (param i32 i32) (result i32))
(func $Math.max (;1;) (import "Math" "max") (param i32 i32) (result i32))
(func $Run (;2;) (export "Run") (param $var0 i32) (param $var1 i32) (result i32)
(local $var2 i32) (local $var3 i32) (local $var4 i32) (local $var5 i32) (local $var6 i32) (local $var7 i32)
local.get $var0
local.set $var2
local.get $var1
i32.const 1
i32.sub
local.tee $var4
if
loop $label1
local.get $var2
local.set $var3
i32.const 0
local.set $var6
i32.const 10
local.set $var7
loop $label0
local.get $var3
i32.const 10
i32.rem_u
local.set $var5
local.get $var3
i32.const 10
i32.div_u
local.set $var3
local.get $var5
local.get $var6
call $Math.max
local.set $var6
local.get $var5
local.get $var7
call $Math.min
local.set $var7
local.get $var3
i32.const 0
i32.gt_u ;; a0 > 0
br_if $label0
end $label0
local.get $var2
local.get $var6
local.get $var7
i32.mul ;; v6*v7
i32.add
local.set $var2
local.get $var4
i32.const 1
i32.sub
local.tee $var4
br_if $label1
end $label1
end
local.get $var2
)
)好吧,看不懂这些指令,去学了wasm及其指令集,之后用python写了一下这个算法,不过奇怪的事情发现了,答案有时候对,有时候不对。奇怪的很!
two hour later ~
偶然间发现浏览器开发者工具中的source不但可以直接得到反汇编后的代码,而且可以设断点,进行调式。
然后进行了优化,很快得到了正确解题代码:
代码语言:txt复制v0 = a[0]
v1 = a[1]
v2 = v0
v3 = 0
v4 = v1 - 1
v5 = 0
if v4 > 0:
while True:
v3 = v2
v6 = 0
v7 = 10
while True:
v5 = v3 % 10
v3 = int(v3 / 10)
6 = max(v5, v6)
v7 = min(v5, v7)
if v3 <= 0:
break
v2 = v2 v6 * v7
v4 = v4 - v1
if v4 <= 0:
break
a = str(v2)
