分析

代码不多，逻辑挺清楚的。

先用Z3解出V7：

from z3 import *

s = Solver()
v1, v2, v3, v4, v5, v6 = BitVecs('v1 v2 v3 v4 v5 v6', 32)
v7, v8, v9, v10, v11 = BitVecs('v7 v8 v9 v10 v11', 32)

s.add((v1 << 15) ^ v1 == 0x2882D802120E)
s.add((v2 << 15) ^ v2 == 0x28529A05954)
s.add((v3 << 15) ^ v3 == 0x486088C03)
s.add((v4 << 15) ^ v4 == 0xC0FB3B55754)
s.add((v5 << 15) ^ v5 == 0xC2B9B7F8651)
s.add((v6 << 15) ^ v6 == 0xAE83FB054C)
s.add((v7 << 15) ^ v7 == 0x29ABF6DDCB15)
s.add((v8 << 15) ^ v8 == 0x10E261FC807)
s.add((v9 << 15) ^ v9 == 0x2A82FE86D707)
s.add((v10 << 15) ^ v10 == 0xE0CB79A5706)
s.add((v11 << 15) ^ v11 == 0x330560890D06)
if s.check() == sat:
    result = s.model()
    print(result)

可以得到：

enc = [1359286798,84564308,592899,404707156,408356433,22873420,1398229781,35407879,1426413319, 471422726,1711934726]

这里手动调整了一下顺序。

再将数据换成16进制，并分割成44的长度。

enc = [1359286798,84564308,592899,404707156,408356433,22873420,1398229781,35407879,
       1426413319, 471422726,1711934726]
enc2 = []
for i in range(11):
    hex_value = hex(enc[i])[2:]
    padded_hex_value = hex_value.rjust(8, '0')  # 填充到长度为8，左侧补0
    enc2 += [padded_hex_value[k:k+2] for k in range(0,8,2)]
print(enc2)

这里会得到：

[‘51’, ‘05’, ‘12’, ‘0e’, ‘05’, ‘0a’, ‘59’, ‘54’, ‘00’, ‘09’, ‘0c’, ‘03’, ‘18’, ‘1f’, ‘57’, ‘54’, ‘18’, ‘57’, ‘06’, ‘51’, ‘01’, ‘5d’, ‘05’, ‘4c’, ‘53’, ‘57’, ‘4b’, ‘15’, ‘02’, ‘1c’, ‘48’, ‘07’, ‘55’, ‘05’, ‘57’, ‘07’, ‘1c’, ‘19’, ‘57’, ‘06’, ‘66’, ‘0a’, ‘0d’, ‘06’]

因为0x66的ascii是f，结合要做的逆序，0x66应该是在最后一位。

所以再对分割出的每四位做一个逆序

# 将列表分割成长度为4的子列表
sublists = [enc2[i:i+4] for i in range(0, len(enc2), 4)]
# 对每个子列表进行逆序操作
reversed_sublists = [list(reversed(sublist)) for sublist in sublists]
# 将逆序后的子列表合并为一个列表
result_list = [item for sublist in reversed_sublists for item in sublist]
print(result_list)
hex_list = [int(x, 16) for x in result_list]
print(hex_list)

# ['0e', '12', '05', '51', '54', '59', '0a', '05', '03', '0c', '09', '00', '54', '57', '1f', '18', '51', '06', '57', '18', '4c', '05', '5d', '01', '15', '4b', '57', '53', '07', '48', '1c', '02', '07', '57', '05', '55', '06', '57', '19', '1c', '06', '0d', '0a', '66']
# [14, 18, 5, 81, 84, 89, 10, 5, 3, 12, 9, 0, 84, 87, 31, 24, 81, 6, 87, 24, 76, 5, 93, 1, 21, 75, 87, 83, 7, 72, 28, 2, 7, 87, 5, 85, 6, 87, 25, 28, 6, 13, 10, 102]

这样就可以开始异或了。

flag = [0]*44
for i in range(len(hex_list)-1,-1,-1):
    if i == 43:
        flag[i] = 102
    else:
        flag[i] = hex_list[i] ^ flag[i+1]
print(flag)
flag1=[]
for i in range(len(flag)):
    flag1.append(chr(flag[i]))
flag1 = flag1[::-1]
print("".join(flag1))

# flag{b53fc431-eb1f-89da-5bd5-2e1184728a5das}

感觉写的很繁琐。。
看了官方的WP。。