题目来源http://ctf.idf.cn/index.php?g=game&m=article&a=index&id=36
.NET逆向第一题
嗯,看名字就应该明白了,快去下载吧!
http://pan.baidu.com/s/1bnvVbp9
下载后是一个DotNetCrackMe1.exe文件。
分析
逆向分析的基础问题,可以参考以下资源列表
豆瓣逆向分析基础总结:https://www.douban.com/note/214872071/
看雪逆向精华区:http://bbs.pediy.com/forumdisplay.php?viewgoodnees=1&f=4&prefixid=phpforce_20
看雪破解精华区:http://bbs.pediy.com/forumdisplay.php?viewgoodnees=1&f=37下面从头讲讲这个小题的解决思路:
1.安装.net4.0、ILSPY2.3 or 更高版本
2.用ILSPY2.3打开DotNetCrackMe1.exe
3.展开DotNetCrackMe1,看到这个.net程序很简单,就一个WindowsFormsApplication1,里面就一个Form1,Form1下有button1_click方法,其中的判断语句
if ("fOCPTVF0diO+B0IMXntkPoRJDUj5CCsT" == this.Encode(this.textBox1.get_Text()))
意味着它提交一个用户输入值进行Encode(),然后判断是否与"fOCPTVF0diO+B0IMXntkPoRJDUj5CCsT"相同,若相同后就“OK"了。
4.再看一下Encode()函数,可以看出来是一个DES加密过程,最后又进行了base64的编码。
public string Encode(string data)
{string result;try{byte[] bytes = Encoding.get_ASCII().GetBytes("wctf{wol");byte[] bytes2 = Encoding.get_ASCII().GetBytes("dy_crack}");DESCryptoServiceProvider dESCryptoServiceProvider = new DESCryptoServiceProvider();int keySize = dESCryptoServiceProvider.get_KeySize();MemoryStream memoryStream = new MemoryStream();CryptoStream cryptoStream = new CryptoStream(memoryStream, dESCryptoServiceProvider.CreateEncryptor(bytes, bytes2), 1);StreamWriter streamWriter = new StreamWriter(cryptoStream);streamWriter.Write(data);streamWriter.Flush();cryptoStream.FlushFinalBlock();streamWriter.Flush();result = Convert.ToBase64String(memoryStream.GetBuffer(), 0, (int)memoryStream.get_Length());}catch{result = "http://weibo.com/woldy";}return result;
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
5.那么解决过程显然是根据上面的编码进行解码。网上已经有人解决了,我转载一下:
来源:http://blog.csdn.net/u010379510/article/details/44496995
public string Decode(string data)
{ string result; byte[] byte1; try { byte1 = Convert.FromBase64String("fOCPTVF0diO+B0IMXntkPoRJDUj5CCsT"); byte[] bytes = Encoding.ASCII.GetBytes("wctf{wol"); byte[] bytes2 = Encoding.ASCII.GetBytes("dy_crack}"); DESCryptoServiceProvider dESCryptoServiceProvider = new DESCryptoServiceProvider(); MemoryStream memoryStream = new MemoryStream(); CryptoStream cryptoStream = new CryptoStream(memoryStream, dESCryptoServiceProvider.CreateDecryptor(bytes, bytes2), CryptoStreamMode.Write); cryptoStream.Write(byte1, 0, byte1.Length); cryptoStream.FlushFinalBlock(); System.Text.Encoding encoding = System.Text.Encoding.UTF8; result = encoding.GetString(memoryStream.ToArray()); } catch { result = "http://weibo.com/woldy"; } return result;
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
另外,如果单独解决base64的编、解码问题,可以参考:http://blog.csdn.net/morewindows/article/details/11922473
最后附上逆向工具ILSPY的下载地址:
http://pan.baidu.com/share/link?shareid=505596871&uk=1376014793
答案:解码得到wctf{dotnet_crackme1}
)
