天津大学生信安大赛 2021 [rev] Bytecode Posted on 2021-10-30 bytecode上来一个py字节码: 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242Disassembly of main: 27 0 LOAD_CONST 1 (305419896) 2 LOAD_CONST 2 (2271560481) 4 LOAD_CONST 3 (2427178479) 6 LOAD_CONST 4 (4275878409) 8 BUILD_LIST 4 10 STORE_FAST 0 (key) 28 12 LOAD_CONST 5 (3888592564) 14 LOAD_CONST 6 (3737879155) 16 BUILD_LIST 2 18 LOAD_CONST 7 (4063334467) 20 LOAD_CONST 8 (2214487552) 22 BUILD_LIST 2 24 LOAD_CONST 9 (2420456096) 26 LOAD_CONST 10 (1529806583) 28 BUILD_LIST 2 30 LOAD_CONST 11 (2576007368) 32 LOAD_CONST 12 (2328179940) 34 BUILD_LIST 2 36 LOAD_CONST 13 (1665686107) 38 LOAD_CONST 14 (1748819876) 40 BUILD_LIST 2 42 BUILD_LIST 5 44 STORE_FAST 1 (arr) 29 46 LOAD_GLOBAL 0 (input) 48 LOAD_CONST 15 ('please input your secret key: ') 50 CALL_FUNCTION 1 52 STORE_FAST 2 (flag) 31 54 BUILD_LIST 0 56 STORE_FAST 3 (encry) 32 58 BUILD_LIST 0 60 STORE_FAST 4 (encryted) 33 62 LOAD_GLOBAL 1 (range) 64 LOAD_CONST 16 (0) 66 LOAD_GLOBAL 2 (len) 68 LOAD_FAST 2 (flag) 70 CALL_FUNCTION 1 72 LOAD_CONST 17 (8) 74 CALL_FUNCTION 3 76 GET_ITER >> 78 FOR_ITER 112 (to 192) 80 STORE_FAST 5 (i) 34 82 LOAD_FAST 3 (encry) 84 LOAD_METHOD 3 (append) 86 LOAD_GLOBAL 4 (struct) 88 LOAD_METHOD 5 (unpack) 90 LOAD_CONST 18 ('<I') 92 LOAD_FAST 2 (flag) 94 LOAD_FAST 5 (i) 96 LOAD_FAST 5 (i) 98 LOAD_CONST 19 (4) 100 BINARY_ADD 102 BUILD_SLICE 2 104 BINARY_SUBSCR 106 LOAD_METHOD 6 (encode) 108 LOAD_CONST 20 ('utf-8') 110 CALL_METHOD 1 112 CALL_METHOD 2 114 LOAD_CONST 16 (0) 116 BINARY_SUBSCR 118 CALL_METHOD 1 120 POP_TOP 35 122 LOAD_FAST 3 (encry) 124 LOAD_METHOD 3 (append) 126 LOAD_GLOBAL 4 (struct) 128 LOAD_METHOD 5 (unpack) 130 LOAD_CONST 18 ('<I') 132 LOAD_FAST 2 (flag) 134 LOAD_FAST 5 (i) 136 LOAD_CONST 19 (4) 138 BINARY_ADD 140 LOAD_FAST 5 (i) 142 LOAD_CONST 17 (8) 144 BINARY_ADD 146 BUILD_SLICE 2 148 BINARY_SUBSCR 150 LOAD_METHOD 6 (encode) 152 LOAD_CONST 20 ('utf-8') 154 CALL_METHOD 1 156 CALL_METHOD 2 158 LOAD_CONST 16 (0) 160 BINARY_SUBSCR 162 CALL_METHOD 1 164 POP_TOP 36 166 LOAD_GLOBAL 7 (encrypt) 168 LOAD_FAST 3 (encry) 170 LOAD_FAST 0 (key) 172 CALL_FUNCTION 2 174 STORE_FAST 6 (encrypted) 37 176 LOAD_FAST 4 (encryted) 178 LOAD_METHOD 3 (append) 180 LOAD_FAST 6 (encrypted) 182 CALL_METHOD 1 184 POP_TOP 38 186 BUILD_LIST 0 188 STORE_FAST 3 (encry) 190 JUMP_ABSOLUTE 78 39 >> 192 LOAD_FAST 4 (encryted) 194 LOAD_FAST 1 (arr) 196 COMPARE_OP 2 (==) 198 POP_JUMP_IF_FALSE 210 40 200 LOAD_GLOBAL 8 (print) 202 LOAD_CONST 21 ('ok,fine~') 204 CALL_FUNCTION 1 206 POP_TOP 208 JUMP_FORWARD 8 (to 218) 42 >> 210 LOAD_GLOBAL 8 (print) 212 LOAD_CONST 22 ('sry~') 214 CALL_FUNCTION 1 216 POP_TOP >> 218 LOAD_CONST 0 (None) 220 RETURN_VALUEDisassembly of encrypt: 6 0 LOAD_FAST 0 (v) 2 LOAD_CONST 1 (0) 4 BINARY_SUBSCR 6 STORE_FAST 2 (v0) 7 8 LOAD_FAST 0 (v) 10 LOAD_CONST 2 (1) 12 BINARY_SUBSCR 14 STORE_FAST 3 (v1) 8 16 LOAD_CONST 1 (0) 18 STORE_FAST 4 (x) 9 20 LOAD_CONST 3 (6710886) 22 STORE_FAST 5 (delta) 10 24 LOAD_FAST 1 (k) 26 LOAD_CONST 1 (0) 28 BINARY_SUBSCR 30 STORE_FAST 6 (k0) 11 32 LOAD_FAST 1 (k) 34 LOAD_CONST 2 (1) 36 BINARY_SUBSCR 38 STORE_FAST 7 (k1) 12 40 LOAD_FAST 1 (k) 42 LOAD_CONST 4 (2) 44 BINARY_SUBSCR 46 STORE_FAST 8 (k2) 13 48 LOAD_FAST 1 (k) 50 LOAD_CONST 5 (3) 52 BINARY_SUBSCR 54 STORE_FAST 9 (k3) 14 56 LOAD_GLOBAL 0 (range) 58 LOAD_CONST 6 (32) 60 CALL_FUNCTION 1 62 GET_ITER >> 64 FOR_ITER 108 (to 174) 66 STORE_FAST 10 (i) 15 68 LOAD_FAST 4 (x) 70 LOAD_FAST 5 (delta) 72 INPLACE_ADD 74 STORE_FAST 4 (x) 16 76 LOAD_FAST 4 (x) 78 LOAD_CONST 7 (4294967295) 80 BINARY_AND 82 STORE_FAST 4 (x) 17 84 LOAD_FAST 2 (v0) 86 LOAD_FAST 3 (v1) 88 LOAD_CONST 8 (4) 90 BINARY_LSHIFT 92 LOAD_FAST 6 (k0) 94 BINARY_ADD 96 LOAD_FAST 3 (v1) 98 LOAD_FAST 4 (x) 100 BINARY_ADD 102 BINARY_XOR 104 LOAD_FAST 3 (v1) 106 LOAD_CONST 9 (5) 108 BINARY_RSHIFT 110 LOAD_FAST 7 (k1) 112 BINARY_ADD 114 BINARY_XOR 116 INPLACE_ADD 118 STORE_FAST 2 (v0) 18 120 LOAD_FAST 2 (v0) 122 LOAD_CONST 7 (4294967295) 124 BINARY_AND 126 STORE_FAST 2 (v0) 19 128 LOAD_FAST 3 (v1) 130 LOAD_FAST 2 (v0) 132 LOAD_CONST 8 (4) 134 BINARY_LSHIFT 136 LOAD_FAST 8 (k2) 138 BINARY_ADD 140 LOAD_FAST 2 (v0) 142 LOAD_FAST 4 (x) 144 BINARY_ADD 146 BINARY_XOR 148 LOAD_FAST 2 (v0) 150 LOAD_CONST 9 (5) 152 BINARY_RSHIFT 154 LOAD_FAST 9 (k3) 156 BINARY_ADD 158 BINARY_XOR 160 INPLACE_ADD 162 STORE_FAST 3 (v1) 20 164 LOAD_FAST 3 (v1) 166 LOAD_CONST 7 (4294967295) 168 BINARY_AND 170 STORE_FAST 3 (v1) 172 JUMP_ABSOLUTE 64 21 >> 174 LOAD_FAST 2 (v0) 176 LOAD_FAST 0 (v) 178 LOAD_CONST 1 (0) 180 STORE_SUBSCR 22 182 LOAD_FAST 3 (v1) 184 LOAD_FAST 0 (v) 186 LOAD_CONST 2 (1) 188 STORE_SUBSCR 23 190 LOAD_FAST 0 (v) 192 RETURN_VALUE 很明显的tea加密,上解密脚本: 123456789101112131415161718192021222324252627282930313233343536#!/bin/python3import structdef de(v, k): k0 = k[0] k1 = k[1] k2 = k[2] k3 = k[3] v0 = v[0] v1 = v[1] sum = (0x666666) * 32 delta = 0x666666 for i in range(32): v0 &= 0xffffffff v1 -= ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3) v1 &= 0xffffffff v0 -= ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1) sum -= delta return v0, v1key = [(305419896), (2271560481), (2427178479), (4275878409)]arr = [ [(3888592564), (3737879155)], [(4063334467), (2214487552)], [(2420456096), (1529806583)], [(2576007368), (2328179940)], [(1665686107), (1748819876)]]for i in range(0, len(arr)): v0, v1 = de(arr[i], key) print(struct.pack('<I', v0 & 0xffffffff)) print(struct.pack('<I', v1 & 0xffffffff))