XYCTF 2025 WriteUp

前言

比赛时间：2025.4.4 - 2025.4.6

XYCTF 2025 WriteUp，当时没怎么做，只做出了一个逆向签到，然后帮忙看了个brainfuck。

Reverse

WARMUP

我来签到了

看看VBS里面，源码用char掩盖了。

把Execute换成wscript.echo再运行VBS，源码就出来了。

RC4，CyberChef解掉。

XYCTF{5f9f46c147645dd1e2c8044325d4f93c}

Misc

签个到吧

注意到代码有一定规律，于是这样分行。

>+++++++++++++++++[<++++++>-+-+-+-]<[-]
>++++++++++++[<+++++++++>-+-+-+-]<[-]
>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++[<+>-+-+-+-]<[-]
>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++[<+>-+-+-+-]<[-]
>+++++++++++++++++++++++++++++++++++++++++[<+++>-+-+-+-]<[-]
>+++++++++++++++++++++++++++++[<+++>-+-+-+-]<[-]
>+++++++++++++++++[<+++>-+-+-+-]<[-]
>++++++++++++[<+++++++++>-+-+-+-]<[-]
>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++[<+>-+-+-+-]<[-]
>++++++++[<++++++>-+-+-+-]<[-]
>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++[<+>-+-+-+-]<[-]
>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++[<+>-+-+-+-]<[-]
>+++++++++++++++++++[<+++++>-+-+-+-]<[-]
>+++++++++++++++++++++++++++++[<++++>-+-+-+-]<[-]
>++++++++[<++++++>-+-+-+-]<[-]
>+++++++++++++++++++[<+++++>-+-+-+-]<[-]
>+++++++++++[<++++++++>-+-+-+-]<[-]
>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++[<+>-+-+-+-]<[-]
>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++[<+>-+-+-+-]<[-]
>++++++++++++[<+++++++>-+-+-+-]<[-]
>++++++++++[<+++++++>-+-+-+-]<[-]
>+++++++++++++++++++[<+++++>-+-+-+-]<[-]
>++++++++++[<+++++>-+-+-+-]<[-]
>++++++++[<++++++>-+-+-+-]<[-]
>++++++++++[<+++++>-+-+-+-]<[-]
>+++++++++++++++++++++++++++++++++++++++++++++++++++++[<+>-+-+-+-]<[-]
>+++++++++++++++++++[<+++++>-+-+-+-]<[-]
>+++++++++++++++++++++++[<+++>-+-+-+-]<[-]
>+++++++++++[<++++++++++>-+-+-+-]<[-]
>+++++++++++++++++++++++++++++++++++++++++++++++++++++[<++>-+-+-+-]<[-]
>++++++++[<++++++>-+-+-+-]<[-]
>+++++++++++[<+++++>-+-+-+-]<[-]
>+++++++++++++++++++[<+++++>-+-+-+-]<[-]
>+++++++[<+++++++>-+-+-+-]<[-]
>+++++++++++++++++++++++++++++[<++++>-+-+-+-]<[-]
>+++++++++++[<+++>-+-+-+-]<[-]
>+++++++++++++++++++++++++[<+++++>-+-+-+-]<[-]

每行的格式相似，例如这样一句，用python翻译一下。这一行计算的值就是4*6=24，但被<[-]给清零了，所以直接运行没有回显。

# >++++[<++++++>-+-+-+-]<[-]
data = [0, 0]
ptr = 0
ptr += 1
data[ptr] += 4
while data[ptr] != 0:
    ptr -= 1
    data[ptr] += 6
    ptr += 1
    data[ptr] -= 1

print(data) # [24, 0]
ptr -= 1
while data[ptr] != 0:
    data[ptr] -= 1
print(data) # [0, 0]

我们可以写脚本，把每行的乘积给算出来再转换成字符。或者简单点，在[-]前加一个.来输出。