贪吃蛇的秘密
修改代码后,报了一个错
# uncompyle6 version 3.9.1
# Python bytecode version base 3.7.0 (3394)
# Decompiled from: Python 3.11.8 (tags/v3.11.8:db85d51, Feb 6 2024, 22:03:32) [MSC v.1937 64 bit (AMD64)]
# Embedded file name: snake1.py
# Compiled at: 1995-09-28 00:18:56
# Size of source mod 2**32: 272 bytes
import pygame, sys, random
SCREEN_X = 700
SCREEN_Y = 700
class Snake(object):
def __init__(self):
self.dirction = pygame.K_RIGHT
self.body = []
for x in range(5):
self.addnode()
def addnode(self):
left, top = (0, 0)
if self.body:
left, top = self.body[0].left, self.body[0].top
else:
node = pygame.Rect(left, top, 20, 20)
if self.dirction == pygame.K_LEFT:
node.left -= 20
else:
if self.dirction == pygame.K_RIGHT:
node.left += 20
else:
if self.dirction == pygame.K_UP:
node.top -= 20
else:
if self.dirction == pygame.K_DOWN:
node.top += 20
self.body.insert(0, node)
def delnode(self):
self.body.pop()
def isdead(self):
if self.body[0].x not in range(SCREEN_X):
return True
if self.body[0].y not in range(SCREEN_Y):
return True
if self.body[0] in self.body[1[:None]]:
return True
return False
def move(self):
self.addnode()
self.delnode()
def changedirection(self, curkey):
LR = [
pygame.K_LEFT, pygame.K_RIGHT]
UD = [pygame.K_UP, pygame.K_DOWN]
if curkey in LR + UD:
if curkey in LR:
if self.dirction in LR:
return
if curkey in UD:
if self.dirction in UD:
return
self.dirction = curkey
class Food:
def __init__(self):
self.rect = pygame.Rect(-20, 0, 20, 20)
def remove(self):
self.rect.x = -20
def set(self):
if self.rect.x == -20:
allpos = [
(100, 540), (200, 200), (500, 160), (360, 400),
(280, 300), (500, 300), (360, 160), (420, 360), (160, 320),
(420, 300), (320, 200), (540, 440), (360, 120), (100, 220),
(380, 100), (440, 140), (40, 440), (100, 300), (480, 140),
(420, 480), (460, 520), (280, 380), (600, 260), (440, 320),
(480, 400), (40, 540), (440, 300), (440, 80), (400, 40),
(300, 580), (540, 400), (180, 320), (80, 340), (40, 520),
(340, 140), (160, 540), (260, 300), (480, 380), (280, 60),
(40, 480), (340, 40), (260, 220), (440, 500), (380, 40),
(80, 360), (340, 280), (480, 80), (200, 340), (240, 300),
(600, 120), (120, 40), (520, 80), (480, 520), (100, 100),
(320, 560), (100, 80), (260, 580), (40, 400), (540, 560),
(440, 380), (220, 600), (40, 420), (260, 420), (560, 160),
(140, 600), (80, 240), (580, 460), (40, 60), (360, 560),
(80, 40), (600, 200), (140, 440), (520, 440), (440, 480),
(280, 160), (100, 420), (520, 220), (80, 160), (600, 140),
(120, 220), (500, 320), (400, 560), (440, 100), (140, 480),
(240, 220), (220, 200), (120, 520), (340, 200), (180, 240),
(40, 240), (500, 540), (60, 480), (40, 580), (100, 120),
(440, 440), (460, 300), (480, 560), (540, 300), (320, 300),
(240, 380), (480, 300), (140, 280), (180, 300), (540, 480),
(600, 160), (460, 220), (240, 180), (120, 400), (200, 220),
(380, 240), (380, 560), (540, 160), (320, 380), (160, 200),
(80, 380), (200, 520), (440, 580), (360, 260), (40, 160),
(480, 160), (440, 520), (580, 420), (280, 260), (540, 120),
(80, 260), (400, 300), (600, 220), (160, 120), (240, 100),
(240, 40), (580, 560), (200, 560), (100, 340), (40, 360),
(120, 120), (80, 100), (260, 520), (200, 180), (480, 260),
(420, 80), (600, 100), (160, 600), (560, 300), (220, 100),
(500, 220), (360, 420), (580, 580), (540, 100), (600, 40),
(260, 320), (200, 160), (440, 120), (480, 120), (260, 280),
(220, 560), (520, 300), (560, 100), (140, 400), (40, 380),
(300, 420), (420, 600), (40, 100), (420, 540), (440, 240),
(280, 520), (40, 560), (260, 480), (520, 260), (200, 60),
(480, 420), (80, 440), (360, 440), (340, 80), (580, 200),
(520, 40), (320, 260), (160, 240), (600, 300), (40, 280),
(360, 600), (360, 320), (200, 360), (80, 200), (600, 460),
(280, 200), (560, 80), (340, 580), (200, 540), (220, 340),
(200, 140), (120, 360), (140, 160), (300, 460), (220, 280),
(520, 460), (40, 340), (220, 300), (100, 480), (340, 260),
(400, 460), (540, 500), (320, 240), (340, 360), (340, 600),
(520, 600), (100, 400), (80, 600), (280, 460), (160, 280),
(320, 340), (280, 220), (320, 440), (120, 340), (320, 280),
(300, 180), (440, 360), (160, 400), (300, 400), (160, 100),
(260, 540), (240, 360), (320, 420), (360, 520), (300, 380),
(500, 200), (100, 560), (520, 100), (120, 320), (120, 240),
(100, 40), (340, 340), (440, 260), (160, 480), (80, 120),
(380, 440), (560, 120), (360, 360), (120, 200), (360, 500),
(140, 40), (340, 520), (200, 80), (300, 500), (400, 420),
(120, 560), (580, 380), (520, 500), (520, 560), (560, 380),
(200, 300), (220, 60), (260, 200), (520, 380), (60, 340),
(100, 280), (580, 260), (180, 380), (380, 60), (540, 600),
(540, 40), (340, 480), (460, 380), (600, 80), (260, 600),
(500, 580), (440, 180), (200, 460), (540, 80), (300, 60),
(340, 100), (460, 240), (540, 380), (400, 340), (340, 240),
(360, 40), (220, 420), (580, 220), (40, 600), (560, 200),
(120, 600), (100, 520), (400, 200), (580, 160), (100, 600),
(500, 520), (460, 420), (80, 520), (380, 500), (80, 480),
(60, 220), (500, 380), (200, 260), (500, 280), (100, 360),
(600, 380), (300, 540), (240, 520), (40, 140), (420, 280),
(320, 160), (40, 120), (440, 160), (160, 60), (540, 340),
(360, 180), (520, 420), (260, 240), (520, 120), (100, 160),
(120, 540), (560, 40), (520, 520), (540, 220), (380, 580),
(140, 260), (580, 360), (420, 100), (340, 440), (440, 460),
(600, 420), (240, 160), (260, 440), (80, 540), (60, 160),
(520, 480), (500, 600), (500, 240), (400, 120), (400, 160),
(440, 40), (160, 440), (160, 500), (320, 60), (240, 260),
(320, 600), (80, 560), (340, 460), (360, 540), (160, 160),
(500, 440), (360, 80), (380, 220), (540, 280), (380, 320),
(520, 160), (160, 80), (340, 220), (240, 240), (160, 40),
(480, 220), (60, 600), (160, 140), (220, 480), (320, 480),
(120, 100), (80, 300), (40, 80), (320, 400), (200, 40),
(480, 340), (340, 500), (480, 480), (420, 500), (420, 380),
(480, 200), (120, 480), (160, 560), (480, 320), (320, 120),
(240, 140), (280, 180), (280, 320), (400, 240), (120, 440),
(460, 440), (560, 360), (400, 360), (320, 220), (300, 300),
(160, 580), (40, 300), (420, 340), (280, 120),
(40, 500), (400, 140), (460, 560), (320, 580), (220, 120),
(160, 520), (480, 440), (420, 60), (300, 320), (120, 160),
(340, 60), (80, 80), (120, 80), (40, 40), (540, 260),
(120, 260), (100, 200), (460, 200), (320, 500), (380, 420),
(200, 380), (300, 600), (320, 80), (580, 40), (160, 360),
(260, 460), (540, 580), (260, 120), (560, 520), (500, 40),
(540, 420), (600, 60), (220, 460), (480, 100), (180, 360),
(460, 600), (400, 600), (300, 140), (500, 560), (480, 40),
(220, 80), (60, 40), (440, 400), (480, 60), (440, 420),
(560, 400)]
random.shuffle(allpos)
self.rect.left, self.rect.top = random.choice(allpos)
def show_text(screen, pos, text, color, font_bold=False, font_size=30, font_italic=False):
cur_font = pygame.font.SysFont("����", font_size)
cur_font.set_bold(font_bold)
cur_font.set_italic(font_italic)
text_fmt = cur_font.render(text, 1, color)
screen.blit(text_fmt, pos)
def main():
pygame.init()
screen_size = (SCREEN_X, SCREEN_Y)
screen = pygame.display.set_mode(screen_size)
pygame.display.set_caption("Snake")
clock = pygame.time.Clock()
scores = 0
isdead = False
snake = Snake()
food = Food()
while True:
for event in pygame.event.get():
if event.type == pygame.QUIT:
sys.exit()
if event.type == pygame.KEYDOWN:
snake.changedirection(event.key)
if event.key == pygame.K_SPACE and isdead:
return main()
screen.fill((205, 205, 205))
if not isdead:
snake.move()
for rect in snake.body:
pygame.draw.rect(screen, (20, 220, 39), rect, 0)
isdead = snake.isdead()
if isdead:
show_text(screen, (100, 200), "YOU DEAD!", (227, 29, 18), False, 100)
show_text(screen, (150, 260), "press space to try again...", (0, 0, 22), False, 30)
if food.rect == snake.body[0]:
scores += 10000
food.remove()
snake.addnode()
food.set()
pygame.draw.rect(screen, (136, 0, 21), food.rect, 0)
show_text(screen, (50, 600), "Scores: " + str(scores), (223, 0, 0))
if scores > 1000:
show_text(screen, (450, 650), "Try to get 10000 points", (223, 223, 223))
if scores >= 10000:
show_text(screen, (100, 670), "wtf,you really got 10000 points?check the source code", (223,
223,
223))
pygame.display.update()
clock.tick(10)
if __name__ == "__main__":
main()
# okay decompiling E:\open bag\pyinstxtractor-master\pyinstxtractor-master\snake1.exe_extracted\snake1.pyc
看看 wp ,感觉脑洞好大, pos 就是那些坐标点,目前想到的是 maze ,QR ,image ,
就很 0.0
from PIL import Image
s=[100,200,500,360,280,500,360,420,160,420,320,540,360,100,380,440,40,100,480,420,460,280,600,440,480,40,440,440,400,300,540,180,80,40,340,160,260,480,280,40,340,260,440,380,80,340,480,200,240,600,120,520,480,100,320,100,260,40,540,440,220,40,260,560,140,80,580,40,360,80,600,140,520,440,280,100,520,80,600,120,500,400,440,140,240,220,120,340,180,40,500,60,40,100,440,460,480,540,320,240,480,140,180,540,600,460,240,120,200,380,380,540,320,160,80,200,440,360,40,480,440,580,280,540,80,400,600,160,240,240,580,200,100,40,120,80,260,200,480,420,600,160,560,220,500,360,580,540,600,260,200,440,480,260,220,520,560,140,40,300,420,40,420,440,280,40,260,520,200,480,80,360,340,580,520,320,160,600,40,360,360,200,80,600,280,560,340,200,220,200,120,140,300,220,520,40,220,100,340,400,540,320,340,340,520,100,80,280,160,320,280,320,120,320,300,440,160,300,160,260,240,320,360,300,500,100,520,120,120,100,340,440,160,80,380,560,360,120,360,140,340,200,300,400,120,580,520,520,560,200,220,260,520,60,100,580,180,380,540,540,340,460,600,260,500,440,200,540,300,340,460,540,400,340,360,220,580,40,560,120,100,400,580,100,500,460,80,380,80,60,500,200,500,100,600,300,240,40,420,320,40,440,160,540,360,520,260,520,100,120,560,520,540,380,140,580,420,340,440,600,240,260,80,60,520,500,500,400,400,440,160,160,320,240,320,80,340,360,160,500,360,380,540,380,520,160,340,240,160,480,60,160,220,320,120,80,40,320,200,480,340,480,420,420,480,120,160,480,320,240,280,280,400,120,460,560,400,320,300,160,40,420,280,40,400,460,320,220,160,480,420,300,120,340,80,120,40,540,120,100,460,320,380,200,300,320,580,160,260,540,260,560,500,540,600,220,480,180,460,400,300,500,480,220,60,440,480,440,560]
t=[540,200,160,400,300,300,160,360,320,300,200,440,120,220,100,140,440,300,140,480,520,380,260,320,400,540,300,80,40,580,400,320,340,520,140,540,300,380,60,480,40,220,500,40,360,280,80,340,300,120,40,80,520,100,560,80,580,400,560,380,600,420,420,160,600,240,460,60,560,40,200,440,440,480,160,420,220,160,140,220,320,560,100,480,220,200,520,200,240,240,540,480,580,120,440,300,560,300,300,380,300,280,300,480,160,220,180,400,220,240,560,160,380,200,380,520,580,260,160,160,520,420,260,120,260,300,220,120,100,40,560,560,340,360,120,100,520,180,260,80,100,600,300,100,220,420,580,100,40,320,160,120,120,280,560,300,100,400,380,420,600,100,540,240,520,560,480,260,60,420,440,440,80,200,40,260,240,300,280,600,320,360,200,460,200,80,580,540,340,140,360,160,460,280,460,340,300,480,260,460,500,240,360,600,600,400,600,460,280,340,220,440,340,280,180,360,400,400,100,540,360,420,520,380,200,560,100,320,240,40,340,260,480,120,440,120,360,200,500,40,520,80,500,420,560,380,500,560,380,300,60,200,380,340,280,260,380,60,600,40,480,380,80,600,580,180,460,80,60,100,240,380,340,240,40,420,220,600,200,600,520,200,160,600,520,420,520,500,480,220,380,260,280,360,380,540,520,140,280,160,120,160,60,340,180,420,240,120,160,540,40,520,220,580,260,360,100,440,460,420,160,440,540,160,480,600,240,120,160,40,440,500,60,260,600,560,460,540,160,440,80,220,280,320,160,80,220,240,40,220,600,140,480,480,100,300,80,400,40,340,500,480,500,380,200,480,560,320,120,140,180,320,240,440,440,360,360,220,300,580,300,340,120,500,140,560,580,120,520,440,60,320,160,60,80,80,40,260,260,200,200,500,420,380,600,80,40,360,460,580,120,520,40,420,60,460,100,360,600,600,140,560,40,80,40,400,60,420,400]
img0 = Image.new('RGB', (1000, 1000), '#ffffff')
for i in range(len(s)):
for j in range(20):
for n in range(20):
img0.putpixel ((s[i]+j,t[i]+n), (0,0,0))
img0.save("result.png")
赞个大佬的脚本,但那个 20 也是自己试出来的。
RunTheELF
附件很大,ida加载了半天,撤退
运行时,报错
ida 分析出来,main函数中套了一个又一个函数
应该就是要让他 run
撕,长脑子了 wp
from pwn import u32
# 用于将四个字节的数据解析为无符号整数
data = open("D:\\ctf附件2\\RUN_THE_ELF\\RUN_THE_ELF", 'rb').read()
def getc():
global ptr, flag
ptr += 1 + 3 + 7 + 1 # mov eax, xxxx
mov_eax = u32(data[ptr: ptr + 4])
if mov_eax == 0:
ptr += 4 + 1
else:
flag += chr(mov_eax)
print(flag)
ptr += 4 + 3 + 5 + 5 + 1
call = u32(data[ptr: ptr + 4]) # call xxxx
if call & 0x80000000 != 0: # 如果最高位为 1
# 将 call 进行无符号整数处理
call -= 0x100000000
# print('call', hex(ptr+call+4))
ptr += call + 4
ptr = 0x3c1
flag = ''
while True:
getc()
# flag{Just_A_Straight_IN_Program_5853e2fe-52c9-469b-85d2-8ddcff9b0faf}
LunaticRE
在那个函数找到疑似密文字符串
真不大可能去逆,
看 wp 说是去翻其他函数
转汇编
这就是 flag 了 0.0
就想不到,感觉 ctfshow 上的题真脑洞不是一般大!!!
![【刷题汇总 -- 最长回文子串、买卖股票的最好时机(一)、[NOIP2002 普及组] 过河卒】](https://i-blog.csdnimg.cn/direct/efb7152d419047c89e418b8cd1f1fcd6.png)
