{"id":292,"date":"2022-12-20T16:59:29","date_gmt":"2022-12-20T08:59:29","guid":{"rendered":"https:\/\/shangwendada.co\/?p=292"},"modified":"2022-12-20T16:59:29","modified_gmt":"2022-12-20T08:59:29","slug":"nisactf-2022ezpythonpyinstaller%e5%b0%81%e8%a3%85%e7%a8%8b%e5%ba%8f%e5%8f%8d%e7%bc%96%e8%af%91","status":"publish","type":"post","link":"https:\/\/blog.shangwendada.top\/index.php\/2022\/12\/20\/nisactf-2022ezpythonpyinstaller%e5%b0%81%e8%a3%85%e7%a8%8b%e5%ba%8f%e5%8f%8d%e7%bc%96%e8%af%91\/","title":{"rendered":"[NISACTF 2022]ezpython(PyInstaller\u5c01\u88c5\u7a0b\u5e8f\u53cd\u7f16\u8bd1)"},"content":{"rendered":"
\n

\u9898\u76ee\u4e0b\u8f7d:ezpython<\/a><\/h2>\n

\u51c6\u5907<\/h1>\n

*\u4f7f\u7528PyInstxtractor\u63d0\u53d6 <\/em>.pyc \u6587\u4ef6**
\n\u4f7f\u7528PyInstaller Extractor \u63d0\u53d6\u7531PyiIstaller\u751f\u6210\u7684\u53ef\u6267\u884c\u6587\u4ef6\u5185\u5bb9
\n\u4f7f\u7528Uncompyle\u8fdb\u884c\u53cd\u7f16\u8bd1
\n\u8f6f\u4ef6\u7248\u672c\uff1a
\nPython 3.7.3
\nPyInstaller 3.6
\nPyInstxtractor 2.0
\nUncompyle 3.6.4<\/p>\n

\u4f7f\u7528PyInstxtractor\u63d0\u53d6 *.pyc \u6587\u4ef6
\n\u5de5\u5177\u51c6\u5907\uff1a
\nPyInstaller Extractor \u9879\u76ee\u5730\u5740\uff1ahttps:\/\/github.com\/extremecoders-re\/pyinstxtractor<\/a>
\nCSDN\u672c\u5730\u4e0b\u8f7d\uff1ahttps:\/\/download.csdn.net\/download\/ZH013\/12284418<\/a><\/p>\n

\u76ee\u5f55: D:\\Python_Project\\CFG\\dist\n\nMode                LastWriteTime         Length Name\n----                -------------         ------ ----\n-a----        2020\/3\/24     15:37       45937021 ez_python.exe\n-a----        2020\/3\/25     14:33          13194 pyinstxtractor.py\n<\/code><\/pre>\n
\u63d0\u53d6\u6587\u4ef6:<\/strong><\/p>\n
(base) PS D:\\Python_Project\\CFG\\dist> python pyinstxtractor.py ez_python.exe<\/code><\/pre>\n
\u53cd\u7f16\u8bd1<\/h1>\n
\u5c06\u63d0\u53d6\u7684\u6587\u4ef6\u4e2d\u51fa\u73b0\u7684src.pyc\u6587\u4ef6\u653e\u5165\u5728\u7ebf\u53cd\u7f16\u8bd1\u7f51\u7ad9\u4e2d\u8fdb\u884c\u53cd\u7f16\u8bd1\u5f97\u5230python\u6e90\u4ee3\u7801
\n\u63a8\u8350\u7f51\u7ad9\uff1ahttps:\/\/tool.lu\/pyc\/<\/a><\/p>\n
\u5206\u6790<\/h1>\n
\u5f97\u5230\u5982\u4e0b\u4ee3\u7801<\/p>\n
#!\/usr\/bin\/env python\n# visit https:\/\/tool.lu\/pyc\/ for more information\n# Version: Python 3.4\n\nimport rsa\nimport base64\nkey1 = rsa.PrivateKey.load_pkcs1(base64.b64decode('LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcVFJQkFBS0NBUUVBcVJUZ0xQU3BuT0ZDQnJvNHR1K1FBWXFhTjI2Uk42TzY1bjBjUURGRy9vQ1NJSU00ClNBeEVWaytiZHpSN2FucVNtZ1l5MEhRWGhDZTM2U2VGZTF0ejlrd0taL3UzRUpvYzVBSzR1NXZ4UW5QOWY1cTYKYVFsbVAvVjJJTXB5NFFRNlBjbUVoNEtkNm81ZWRJUlB2SHd6V0dWS09OQ3BpL0taQ082V0tWYkpXcWh3WGpEQgpsSDFNVURzZ1gyVUM4b3Bodnk5dXIyek9kTlBocElJZHdIc1o5b0ZaWWtaMUx5Q0lRRXRZRmlKam1GUzJFQ1RVCkNvcU9acnQxaU5jNXVhZnFvZlB4eHlPb2wwYVVoVGhiaHE4cEpXL3FPSFdYd0xJbXdtNk96YXFVeks4NEYyY3UKYWRiRE5zeVNvaElHaHYzd0lBVThNSlFnOEthd1Z3ZHBzRWhlSXdJREFRQUJBb0lCQURBazdwUStjbEZtWHF1Vgp1UEoyRWxZdUJpMkVnVHNMbHZ0c1ltL3cyQnM5dHQ0bEh4QjgxYlNSNUYyMEJ2UlJ4STZ3OXlVZCtWZzdDd1lMCnA5bHhOL3JJdWluVHBkUEhYalNhaGNsOTVOdWNOWEZ4T0dVU05SZy9KNHk4dUt0VHpkV3NITjJORnJRa0o4Y2IKcWF5czNOM3RzWTJ0OUtrUndjbUJGUHNJalNNQzB5UkpQVEE4cmNqOFkranV3SHZjbUJPNHVFWXZXeXh0VHR2UQova0RQelBqdTBuakhkR055RytkSDdkeHVEV2Jxb3VZQnRMdzllZGxXdmIydTJ5YnZzTXl0NWZTOWF1a01NUjNoCnBhaDRMcU1LbC9ETTU3cE44Vms0ZTU3WE1zZUJLWm1hcEptcVNnSGdjajRPNWE2R1RvelN1TEVoTmVGY0l2Tm8KWFczTEFHRUNnWWtBc0J0WDNVcFQ3aUcveE5BZDdSWER2MENOY1k1QnNZOGY4NHQ3dGx0U2pjSWdBKy9nUjFMZQpzb2gxY1RRd1RadUYyRTJXL1hHU3orQmJDTVVySHNGWmh1bXV6aTBkbElNV3ZhU0dvSlV1OGpNODBlUjRiVTRyCmdYQnlLZVZqelkzNVlLejQ5TEVBcFRQcTZRYTVQbzhRYkF6czhuVjZtNXhOQkNPc0pQQ29zMGtCclFQaGo5M0cKOFFKNUFQWEpva0UrMmY3NXZlazZNMDdsaGlEUXR6LzRPYWRaZ1MvUVF0eWRLUmg2V3VEeGp3MytXeXc5ZjNUcAp5OXc0RmtLRzhqNVRpd1RzRmdzem94TGo5TmpSUWpqb3cyVFJGLzk3b2NxMGNwY1orMUtsZTI1cEJ3bk9yRDJBCkVpMUVkMGVEV3dJR2gzaFhGRmlRSzhTOG5remZkNGFMa1ZxK1V3S0JpRXRMSllIamFZY0N2dTd5M0JpbG1ZK0gKbGZIYkZKTkowaXRhazRZZi9XZkdlOUd6R1h6bEhYblBoZ2JrZlZKeEVBU3ZCOE5NYjZ5WkM5THdHY09JZnpLRApiczJQMUhuT29rWnF0WFNxMCt1UnBJdEkxNFJFUzYySDJnZTNuN2dlMzJSS0VCYnVKb3g3YWhBL1k2d3ZscUhiCjFPTEUvNnJRWk0xRVF6RjRBMmpENmdlREJVbHhWTUVDZVFDQjcyUmRoYktNL3M0TSsvMmYyZXI4Y2hwT01SV1oKaU5Hb3l6cHRrby9sSnRuZ1RSTkpYSXdxYVNCMldCcXpndHNSdEhGZnpaNlNyWlJCdTd5Y0FmS3dwSCtUd2tsNQpoS2hoSWFTNG1vaHhwUVNkL21td1JzbTN2NUNDdXEvaFNtNmNXYTdFOVZxc25heGQzV21tQ2VqTnp0MUxQWUZNCkxZMENnWWdKUHhpVTVraGs5cHB6TVAwdWU0clA0Z2YvTENldEdmQjlXMkIyQU03eW9VM2VsMWlCSEJqOEZ3UFQKQUhKUWtCeTNYZEh3SUpGTUV1RUZSSFFzcUFkSTlYVDBzL2V0QTg1Y3grQjhjUmt3bnFHakFseW1PdmJNOVNrMgptMnRwRi8rYm56ZVhNdFA3c0ZoR3NHOXJ5SEZ6UFNLY3NDSDhXWWx0Y1pTSlNDZHRTK21qblAwelArSjMKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K'))\nkey2 = rsa.PublicKey.load_pkcs1(base64.b64decode('LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJDZ0tDQVFFQXFSVGdMUFNwbk9GQ0JybzR0dStRQVlxYU4yNlJONk82NW4wY1FERkcvb0NTSUlNNFNBeEUKVmsrYmR6UjdhbnFTbWdZeTBIUVhoQ2UzNlNlRmUxdHo5a3dLWi91M0VKb2M1QUs0dTV2eFFuUDlmNXE2YVFsbQpQL1YySU1weTRRUTZQY21FaDRLZDZvNWVkSVJQdkh3eldHVktPTkNwaS9LWkNPNldLVmJKV3Fod1hqREJsSDFNClVEc2dYMlVDOG9waHZ5OXVyMnpPZE5QaHBJSWR3SHNaOW9GWllrWjFMeUNJUUV0WUZpSmptRlMyRUNUVUNvcU8KWnJ0MWlOYzV1YWZxb2ZQeHh5T29sMGFVaFRoYmhxOHBKVy9xT0hXWHdMSW13bTZPemFxVXpLODRGMmN1YWRiRApOc3lTb2hJR2h2M3dJQVU4TUpRZzhLYXdWd2Rwc0VoZUl3SURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K'))\n\ndef encrypt1(message):\n    crypto_text = rsa.encrypt(message.encode(), key2)\n    return crypto_text\n\ndef decrypt1(message):\n    message_str = rsa.decrypt(message, key1).decode()\n    return message_str\n\ndef encrypt2(tips, key):\n    ltips = len(tips)\n    lkey = len(key)\n    secret = []\n    num = 0\n    for each in tips:\n        if num >= lkey:\n            num = num % lkey\n        secret.append(chr(ord(each) ^ ord(key[num])))\n        num += 1\n\n    return base64.b64encode(''.join(secret).encode()).decode()\n\ndef decrypt2(secret, key):\n    tips = base64.b64decode(secret.encode()).decode()\n    ltips = len(tips)\n    lkey = len(key)\n    secret = []\n    num = 0\n    for each in tips:\n        if num >= lkey:\n            num = num % lkey\n        secret.append(chr(ord(each) ^ ord(key[num])))\n        num += 1\n\n    return ''.join(secret)\n\nflag = 'IAMrG1EOPkM5NRI1cChQDxEcGDZMURptPzgHJHUiN0ASDgUYUB4LGQMUGAtLCQcJJywcFmddNno\/PBtQbiMWNxsGLiFuLwpiFlkyP084Ng0lKj8GUBMXcwEXPTJrRDMdNwMiHVkCBFklHgIAWQwgCz8YQhp6E1xUHgUELxMtSh0xXzxBEisbUyYGOx1DBBZWPg1CXFkvJEcxO0ADeBwzChIOQkdwXQRpQCJHCQsaFE4CIjMDcwswTBw4BS9mLVMLLDs8HVgeQkscGBEBFSpQFQQgPTVRAUpvHyAiV1oPE0kyADpDbF8AbyErBjNkPh9PHiY7O1ZaGBADMB0PEVwdCxI+MCcXARZiPhwfH1IfKitGOF42FV8FTxwqPzBPAVUUOAEKAHEEP2QZGjQVV1oIS0QBJgBDLx1jEAsWKGk5Nw03MVgmWSE4Qy5LEghoHDY+OQ9dXE44Th0='\nkey = 'this is key'\n\ntry:\n    result = input('please input key: ')\n    if result == decrypt2('AAAAAAAAAAAfFwwRSAIWWQ==', key):\n        print(decrypt1(base64.b64decode(decrypt2(flag, result))))\n    elif result == key:\n        print('flag{0e26d898-b454-43de-9c87-eb3d122186bc}')\n    else:\n        print('key is error.')\nexcept Exception:\n    e = None\n\n    try:\n        pass\n    finally:\n        e = None\n        del e\n<\/code><\/pre>\n
\"file\"<\/div>
\n\u770b\u5230\u5224\u65ad\u90e8\u5206\uff0c\u6211\u4eec\u53ea\u9700\u8981\u5355\u6b65\u8f93\u51fa<\/p>\n
decrypt2('AAAAAAAAAAAfFwwRSAIWWQ==', key)<\/code><\/pre>\n
\u770b\u770b\u662f\u4ec0\u4e48\u5c31\u884c\u4e86\uff0c\u53d1\u73b0\u662fthis is true key
\n\u7136\u540e\u8f93\u5165\u7a0b\u5e8f\u8fd0\u884c
\n
\"file\"<\/div><\/p>\n","protected":false},"excerpt":{"rendered":"
\u9898\u76ee\u4e0b\u8f7d:ezpython \u51c6\u5907 *\u4f7f\u7528PyInstxtractor\u63d0\u53d6 .pyc \u6587\u4ef6** \u4f7f\u7528PyInst […]<\/p>\n","protected":false},"author":1,"featured_media":157,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-292","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blog.shangwendada.top\/index.php\/wp-json\/wp\/v2\/posts\/292","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.shangwendada.top\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.shangwendada.top\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.shangwendada.top\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.shangwendada.top\/index.php\/wp-json\/wp\/v2\/comments?post=292"}],"version-history":[{"count":1,"href":"https:\/\/blog.shangwendada.top\/index.php\/wp-json\/wp\/v2\/posts\/292\/revisions"}],"predecessor-version":[{"id":295,"href":"https:\/\/blog.shangwendada.top\/index.php\/wp-json\/wp\/v2\/posts\/292\/revisions\/295"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.shangwendada.top\/index.php\/wp-json\/wp\/v2\/media\/157"}],"wp:attachment":[{"href":"https:\/\/blog.shangwendada.top\/index.php\/wp-json\/wp\/v2\/media?parent=292"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.shangwendada.top\/index.php\/wp-json\/wp\/v2\/categories?post=292"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.shangwendada.top\/index.php\/wp-json\/wp\/v2\/tags?post=292"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}