【Android逆向】破解看雪9月算法破解第三题
这题的目标是算法还原,并写出注册机
1. 9月份算法第一题.apk 安装到手机
2. 随意输入账号密码,提示错误
3. apk拖入到jadx中
public native boolean register(String str, String str2);
static {
System.loadLibrary("register");
}
/* JADX INFO: Access modifiers changed from: protected */
@Override // androidx.fragment.app.FragmentActivity, androidx.activity.ComponentActivity, androidx.core.app.ComponentActivity, android.app.Activity
public void onCreate(Bundle bundle) {
super.onCreate(bundle);
requestWindowFeature(1);
getWindow().setFlags(1024, 1024);
setContentView(R.layout.activity_main);
initViews();
}
private void initViews() {
this.imageView = (ImageView) findViewById(R.id.imageView);
this.textView = (TextView) findViewById(R.id.textView);
this.edt_password = (EditText) findViewById(R.id.edt_password);
this.edt_username = (EditText) findViewById(R.id.edt_username);
this.btn_register = (Button) findViewById(R.id.btn_register);
Button button = (Button) findViewById(R.id.btn_tips);
this.btn_tips = button;
button.setOnClickListener(this);
this.btn_register.setOnClickListener(this);
if (Integer.parseInt(new SimpleDateFormat("hh").format(Long.valueOf(System.currentTimeMillis()))) >= 16) {
this.imageView.setImageResource(R.drawable.good_night_img);
this.textView.setText("Night");
}
......
@Override // android.view.View.OnClickListener
public void onClick(View view) {
switch (view.getId()) {
case R.id.btn_register /* 2131296354 */:
String obj = this.edt_username.getText().toString();
String obj2 = this.edt_password.getText().toString();
if (obj.equals("") || obj2.equals("")) {
Toasty.error((Context) this, (CharSequence) "请输入用户名和密码", 1, true).show();
return;
} else if (obj.length() < 6 || obj.length() > 20) {
Toasty.error((Context) this, (CharSequence) "请输入正确用户名", 1, true).show();
return;
} else if (!register(obj, obj2)) {
Toasty.error((Context) this, (CharSequence) "注册失败", 1, true).show();
return;
} else {
Toasty.success((Context) this, (CharSequence) "注册成功,恭喜恭喜", 1, true).show();
return;
}
case R.id.btn_tips /* 2131296355 */:
Toasty.info((Context) this, (CharSequence) "题目要求:逆向这个APP,查看使用了哪些算法,并做一个注册机\n可横向华滑动背景调整主题哦~", 1, true).show();
return;
default:
return;
}
}
4. 那么答案在libregister.so中, IDA打开它,查看关键函数
bool __fastcall sub_868(const char *username, const char *password)
{
__int64 len; // x0
void *v5; // x20
__int64 v6; // x0
__int128 v8[6]; // [xsp+0h] [xbp-D0h] BYREF
int v9; // [xsp+60h] [xbp-70h]
char v10[8]; // [xsp+68h] [xbp-68h] BYREF
__int64 v11; // [xsp+70h] [xbp-60h]
char v12; // [xsp+78h] [xbp-58h]
__int128 v13; // [xsp+80h] [xbp-50h] BYREF
__int64 md5_result[2]; // [xsp+90h] [xbp-40h] BYREF
char v15; // [xsp+A0h] [xbp-30h]
__int64 v16; // [xsp+A8h] [xbp-28h]
v16 = *(_QWORD *)(_ReadStatusReg(ARM64_SYSREG(3, 3, 13, 0, 2)) + 40);
md5_result[0] = 0LL;
md5_result[1] = 0LL;
v15 = 0;
len = strlen(username);
sub_26EC(username, len, md5_result);
*(_QWORD *)v10 = 0LL;
v11 = 0LL;
v12 = 0;
v13 = aDtayydsDtayyds;
v5 = (void *)sub_1A40(16LL);
sub_181C(&v13, v5);
sub_1AA4(md5_result, v10, v5);
free(v5);
v9 = 0;
memset(v8, 0, sizeof(v8));
v6 = __strlen_chk(v10, 0x11u);
base64_sub_A0C(v10, v6, v8);
return strcmp((const char *)v8, password) == 0;
}
5. 先看sub_26EC
其中看到一串常量
v13 = 0xEFCDAB89;
v14 = 0x98BADCFE;
v15 = 0x67452301;
v16 = 0x10325476;
这就是MD5算法的特征,怀疑就是MD5算法,hook看一下
frida代码
function main() {
Java.perform(function () {
hookCheck();
Java.choose('com.r0ysue.a202109crakeme.MainActivity', {
onMatch: function(instance) {
var username = "1234567890"
var password = "123456"
instance.register(username, password)
},
onComplete: function() {
}
})
})
}
function hookCheck() {
var lib_hanlder = Process.findModuleByName("libregister.so");
console.log("lib_handler: " + lib_hanlder.base)
if (lib_hanlder) {
//64位 不加一
var addr_hook = lib_hanlder.base.add(0x00000000000008E8)
Interceptor.attach(addr_hook,{
onEnter: function(args) {
console.log(" === hook before")
console.log("=== context:" + JSON.stringify(this.context))
console.log("=== context.x0:" + print_dump(this.context.x0))
console.log("==== 对比 e807f1fcf82d132f9bb018ca6738a19f")
// Memory.protect(this.context.r1, 1024, 'rw-')
// this.context.r1.writeUtf8String("REAL")
// console.log("=== r1:" + this.context.r1.readCString())
},
onLeave:function(retVal) {
console.log(" === hook after: ")
//print_dump(retVal, 128)
//console.log("=== after r1:" + this.context.r1.readCString())
}
})
}
}
function print_dump(arg, size) {
console.log(hexdump(arg, {
offset: 0,
length: size,
header: true,
ansi: true
}))
}
setTimeout(main, 1000)
日志
=== hook before
=== context:{"pc":"0x777f8048e8","sp":"0x7780642f50","x0":"0x7780642fe0","x1":"0x7780642fb8","x2":"0x779c454600","x3":"0xad","x4":"0xd0","x5":"0xa","x6":"0x0","x7":"0x0","x8":"0x777f819000","x9":"0x2c","x10":"0x2c","x11":"0x777f806b00","x12":"0x777f809000","x13":"0x777f809005","x14":"0x777f809008","x15":"0xab","x16":"0x7826c6e000","x17":"0x7780f3e330","x18":"0x0","x19":"0x779c4110c8","x20":"0x779c454600","x21":"0x7780645588","x22":"0x779c433130","x23":"0x779c4110c8","x24":"0xc","x25":"0x7780645588","x26":"0x779c4a08a0","x27":"0x7780645588","x28":"0x7780645588","fp":"0x7780643020","lr":"0x777f8048dc"}
0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
7780642fe0 e8 07 f1 fc f8 2d 13 2f 9b b0 18 ca 67 38 a1 9f .....-./....g8..
7780642ff0 00 00 00 00 00 00 00 00 21 cb 42 b8 90 0f ab 02 ........!.B.....
7780643000 88 30 64 80 77 00 00 00 88 30 64 80 77 00 00 00 .0d.w....0d.w...
==== 对比 e807f1fcf82d132f9bb018ca6738a19f
利用在线md5验证,发现确实md5算法
6. 再看sub_1A40和sub_181C
在sub_181C 中看到全局数组unk_2B00, 取前面几个值63 7C 77 7B F2 6B 6F C5 搜索引擎搜索,发现是AES的sbox表,说明这里是AES算法特征,github搜索AES算法实现,发现代码与https://github.com/dhuertas/AES类似sub_1A40对应init, sub_181C对应expansion,sub_1AA4对应aes_cipher
7. 再看sub_A0C, 直接发现其字典数组,说明这是一个base64算法
.rodata:0000000000002A40 41 42 43 44 45 46 47 48 49 4A+aAbcdefghijklmn DCB "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
.rodata:0000000000002A40 4B 4C 4D 4E 4F 50 51 52 53 54+ ; DATA XREF: base64_sub_A0C+4↑o
.rodata:0000000000002A40 55 56 57 58 59 5A 61 62 63 64+ ; base64_sub_A0C+1C↑o
8 证明猜想,编写frida验证
function main() {
Java.perform(function () {
hookCheck();
Java.choose('com.r0ysue.a202109crakeme.MainActivity', {
onMatch: function(instance) {
var username = "1234567890"
var password = "123456"
instance.register(username, password)
},
onComplete: function() {
}
})
})
}
function hookCheck() {
var lib_hanlder = Process.findModuleByName("libregister.so");
console.log("lib_handler: " + lib_hanlder.base)
if (lib_hanlder) {
//64位 不加一
var addr_hook = lib_hanlder.base.add(0x00000000000008E8)
Interceptor.attach(addr_hook,{
onEnter: function(args) {
console.log(" === hook before")
console.log("=== context:" + JSON.stringify(this.context))
console.log("=== context.x0:" + print_dump(this.context.x0))
console.log("==== 对比 e807f1fcf82d132f9bb018ca6738a19f")
// Memory.protect(this.context.r1, 1024, 'rw-')
// this.context.r1.writeUtf8String("REAL")
// console.log("=== r1:" + this.context.r1.readCString())
},
onLeave:function(retVal) {
console.log(" === hook after: ")
//print_dump(retVal, 128)
//console.log("=== after r1:" + this.context.r1.readCString())
}
})
var aes_hook = lib_hanlder.base.add(0x0000000000000920)
Interceptor.attach(aes_hook,{
onEnter: function(args) {
console.log(" === aes hook before")
console.log("=== context:" + JSON.stringify(this.context))
console.log("=== context.x0:" + print_dump(this.context.x0))
console.log("=== 0be6e80d12c7780a10ace20c02728350")
},
onLeave:function(retVal) {
console.log(" === hook after: ")
//print_dump(retVal, 128)
//console.log("=== after r1:" + this.context.r1.readCString())
}
})
var base64_hook = lib_hanlder.base.add(0x000000000000092C)
Interceptor.attach(base64_hook,{
onEnter: function(args) {
console.log(" === base64 hook before")
console.log("=== context:" + JSON.stringify(this.context))
console.log("=== context.x0:" + print_dump(this.context.x0))
},
onLeave:function(retVal) {
console.log(" === hook after: ")
//print_dump(retVal, 128)
//console.log("=== after r1:" + this.context.r1.readCString())
}
})
}
}
function print_dump(arg, size) {
console.log(hexdump(arg, {
offset: 0,
length: size,
header: true,
ansi: true
}))
}
setTimeout(main, 1000)
日志
=== hook before
=== context:{"pc":"0x777f8048e8","sp":"0x7780642f50","x0":"0x7780642fe0","x1":"0x7780642fb8","x2":"0x779c454600","x3":"0xad","x4":"0xd0","x5":"0xa","x6":"0x0","x7":"0x0","x8":"0x777f819000","x9":"0x2c","x10":"0x2c","x11":"0x777f806b00","x12":"0x777f809000","x13":"0x777f809005","x14":"0x777f809008","x15":"0xab","x16":"0x7826c6e000","x17":"0x7780f3e330","x18":"0x0","x19":"0x779c4110c8","x20":"0x779c454600","x21":"0x7780645588","x22":"0x779c433130","x23":"0x779c4110c8","x24":"0xc","x25":"0x7780645588","x26":"0x779c4a08a0","x27":"0x7780645588","x28":"0x7780645588","fp":"0x7780643020","lr":"0x777f8048dc"}
0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
7780642fe0 e8 07 f1 fc f8 2d 13 2f 9b b0 18 ca 67 38 a1 9f .....-./....g8..
7780642ff0 00 00 00 00 00 00 00 00 21 cb 42 b8 90 0f ab 02 ........!.B.....
7780643000 88 30 64 80 77 00 00 00 88 30 64 80 77 00 00 00 .0d.w....0d.w...
7780643010 c0 c6 41 9c 77 00 00 00 8c 30 64 80 77 00 00 00 ..A.w....0d.w...
7780643020 60 30 64 80 77 00 00 00 c0 49 80 7f 77 00 00 00 `0d.w....I..w...
7780643030 0c 00 00 00 00 00 00 00 e2 53 df 7f 77 00 00 00 .........S..w...
7780643040 b0 33 64 80 77 00 00 00 00 08 4a 9c 77 00 00 00 .3d.w.....J.w...
7780643050 20 ad 1b a5 77 00 00 00 00 08 4a 9c 77 00 00 00 ...w.....J.w...
7780643060 58 31 64 80 77 00 00 00 d8 80 91 7f 77 00 00 00 X1d.w.......w...
7780643070 38 21 cb 25 78 00 00 00 00 00 00 00 00 00 00 00 8!.%x...........
7780643080 03 00 00 00 e8 04 28 1b e0 95 e6 12 00 96 e6 12 ......(.........
7780643090 0e 00 00 00 00 00 00 00 a0 71 fe 8c 77 00 00 00 .........q..w...
77806430a0 00 00 00 00 00 00 f0 3f 00 00 00 00 00 00 f0 3f .......?.......?
77806430b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
77806430c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
77806430d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
=== context.x0:undefined
==== 对比 e807f1fcf82d132f9bb018ca6738a19f
=== aes hook before
=== context:{"pc":"0x777f804920","sp":"0x7780642f50","x0":"0x7780642fb8","x1":"0x10","x2":"0x7780642f50","x3":"0x2ab0f90b842cb00","x4":"0x0","x5":"0x10","x6":"0x1aa0e8fb741c9ff","x7":"0x7fff7fffff7fff7f","x8":"0x101010101010101","x9":"0x2ab0f90b842cb21","x10":"0x54","x11":"0xa0","x12":"0xc","x13":"0x50","x14":"0xab","x15":"0xb","x16":"0x7826c6e000","x17":"0x7780f3e3d0","x18":"0x0","x19":"0x779c4110c8","x20":"0x779c454600","x21":"0x7780645588","x22":"0x779c433130","x23":"0x779c4110c8","x24":"0xc","x25":"0x7780645588","x26":"0x779c4a08a0","x27":"0x7780645588","x28":"0x7780645588","fp":"0x7780643020","lr":"0x777f804914"}
0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
7780642fb8 0b e6 e8 0d 12 c7 78 0a 10 ac e2 0c 02 72 83 50 ......x......r.P
7780642fc8 00 cb 42 b8 90 0f ab 02 64 74 61 79 79 64 73 21 ..B.....dtayyds!
7780642fd8 64 74 61 79 79 64 73 21 e8 07 f1 fc f8 2d 13 2f dtayyds!.....-./
7780642fe8 9b b0 18 ca 67 38 a1 9f 00 00 00 00 00 00 00 00 ....g8..........
7780642ff8 21 cb 42 b8 90 0f ab 02 88 30 64 80 77 00 00 00 !.B......0d.w...
7780643008 88 30 64 80 77 00 00 00 c0 c6 41 9c 77 00 00 00 .0d.w.....A.w...
7780643018 8c 30 64 80 77 00 00 00 60 30 64 80 77 00 00 00 .0d.w...`0d.w...
7780643028 c0 49 80 7f 77 00 00 00 0c 00 00 00 00 00 00 00 .I..w...........
7780643038 e2 53 df 7f 77 00 00 00 b0 33 64 80 77 00 00 00 .S..w....3d.w...
7780643048 00 08 4a 9c 77 00 00 00 20 ad 1b a5 77 00 00 00 ..J.w... ...w...
7780643058 00 08 4a 9c 77 00 00 00 58 31 64 80 77 00 00 00 ..J.w...X1d.w...
7780643068 d8 80 91 7f 77 00 00 00 38 21 cb 25 78 00 00 00 ....w...8!.%x...
7780643078 00 00 00 00 00 00 00 00 03 00 00 00 e8 04 28 1b ..............(.
7780643088 e0 95 e6 12 00 96 e6 12 0e 00 00 00 00 00 00 00 ................
7780643098 a0 71 fe 8c 77 00 00 00 00 00 00 00 00 00 f0 3f .q..w..........?
77806430a8 00 00 00 00 00 00 f0 3f 00 00 00 00 00 00 00 00 .......?........
=== context.x0:undefined
=== 0be6e80d12c7780a10ace20c02728350
=== base64 hook before
=== context:{"pc":"0x777f80492c","sp":"0x7780642f50","x0":"0x7780642f50","x1":"0x779c4110c8","x2":"0x7780642f50","x3":"0x2ab0f90b842cb00","x4":"0x0","x5":"0x10","x6":"0x1aa0e8fb741c9ff","x7":"0x7fff7fffff7fff7f","x8":"0x41","x9":"0x16","x10":"0x17","x11":"0x3d","x12":"0x1","x13":"0x50","x14":"0x1","x15":"0x14","x16":"0x7826c6e000","x17":"0x7780f3e470","x18":"0x0","x19":"0x779c4110c8","x20":"0x779c454600","x21":"0x7780645588","x22":"0x779c433130","x23":"0x779c4110c8","x24":"0xc","x25":"0x7780645588","x26":"0x779c4a08a0","x27":"0x7780645588","x28":"0x7780645588","fp":"0x7780643020","lr":"0x7778ae7138"}
0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
7780642f50 43 2b 62 6f 44 52 4c 48 65 41 6f 51 72 4f 49 4d C+boDRLHeAoQrOIM
7780642f60 41 6e 4b 44 55 41 3d 3d 00 00 00 00 00 00 00 00 AnKDUA==........
7780642f70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
7780642f80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
7780642f90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
7780642fa0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
7780642fb0 00 00 00 00 77 00 00 00 0b e6 e8 0d 12 c7 78 0a ....w.........x.
7780642fc0 10 ac e2 0c 02 72 83 50 00 cb 42 b8 90 0f ab 02 .....r.P..B.....
7780642fd0 64 74 61 79 79 64 73 21 64 74 61 79 79 64 73 21 dtayyds!dtayyds!
7780642fe0 e8 07 f1 fc f8 2d 13 2f 9b b0 18 ca 67 38 a1 9f .....-./....g8..
7780642ff0 00 00 00 00 00 00 00 00 21 cb 42 b8 90 0f ab 02 ........!.B.....
7780643000 88 30 64 80 77 00 00 00 88 30 64 80 77 00 00 00 .0d.w....0d.w...
7780643010 c0 c6 41 9c 77 00 00 00 8c 30 64 80 77 00 00 00 ..A.w....0d.w...
7780643020 60 30 64 80 77 00 00 00 c0 49 80 7f 77 00 00 00 `0d.w....I..w...
7780643030 0c 00 00 00 00 00 00 00 e2 53 df 7f 77 00 00 00 .........S..w...
7780643040 b0 33 64 80 77 00 00 00 00 08 4a 9c 77 00 00 00 .3d.w.....J.w...
用在线工具对比发现,确实是md5处理后 再aes处理 再base64处理,得到注册码
9 编写注册机
import hashlib
from Crypto.Cipher import AES
import base64
input = "1234567890"
hl = hashlib.md5()
hl.update(input.encode("utf-8"))
md5_data = hl.hexdigest()
key = '64746179796473216474617979647321'
key = bytes.fromhex(key)
aes = AES.new(key, AES.MODE_ECB)
aes_en = aes.encrypt(bytes.fromhex(md5_data))
l = [hex(int(i)) for i in aes_en]
print(" ".join(l))
encrypted_text = str(base64.encodebytes(aes_en), encoding='utf8').replace('\n', '')
print(encrypted_text)
【Android逆向】破解看雪9月算法破解第三题的更多相关文章
- 看雪.TSRC 2017CTF秋季赛第三题
看雪.TSRC 2017CTF秋季赛第三题 wp 这是一道很简单的题,反调试的坑略多.这道题采用了很多常用的反调试手段,比如调用IsDebuggerPresent.进程名检查等等.另外也有利用SEH的 ...
- off-by-one&doublefree. 看雪10月ctf2017 TSRC 第四题赛后学习
off-by-one 0x00 发现漏洞 1.off-by-one 在massage函数中,如图所示,可以修改的字节数比原内存大小多了一个字节 2.悬挂指针 可以看到,在free堆块的时候,没有清空指 ...
- 2019看雪CTF 晋级赛Q2第四题wp
上次参加2019看雪CTF 晋级赛Q2卡在了这道题上,虽然逆出算法,但是方程不会解,哈哈哈哈,果然数学知识很重要呀,现在记录一下. 首先根据关键信息,根据错误提示字符串定位到这里: 1 int __t ...
- Android逆向之so的半自动化逆向
因为工作需要,转型干android逆向,有几个月了.不过对于so的逆向,任然停留在,难难难的阶段,虽然上次自己还是逆向了一个15k左右的小so文件,但是,那个基本是靠,一步一步跟代码,查看堆栈信息来自 ...
- 天眼查sign 算法破解
天眼查sign 算法破解 最近真的在sign算法破解上一去不复返 前几天看过了企查查的sign破解 今天再看看天眼查的sign算法破解,说的好(zhuang)点(bi)就是破解,不好的就是这是很简单的 ...
- Android逆向之旅---Android中锁屏密码算法解析以及破解方案
一.前言 最近玩王者荣耀,下载了一个辅助样本,结果被锁机了,当然破解它很简单,这个后面会详细分析这个样本,但是因为这个样本引发出的欲望就是解析Android中锁屏密码算法,然后用一种高效的方式制作锁机 ...
- Android逆向之旅---动态方式破解apk进阶篇(IDA调试so源码)
Android逆向之旅---动态方式破解apk进阶篇(IDA调试so源码) 来源 https://blog.csdn.net/jiangwei0910410003/article/details/51 ...
- Android 逆向实战篇(加密数据包破解)
1. 实战背景由于工作需要,要爬取某款App的数据,App的具体名称此处不便透露,避免他们发现并修改加密逻辑我就得重新破解了. 爬取这款App时发现,抓包抓到的数据是加密过的,如图1所示(原数据较长, ...
- 看雪论坛 破解exe 看雪CTF2017第一题分析-『CrackMe』-看雪安全论坛
韩梦飞沙 韩亚飞 313134555@qq.com yue31313 han_meng_fei_sha 逆向 黑客 破解 学习 论坛 『CrackMe』 http://bbs.pediy.co ...
- 启xin宝app的token算法破解——逆向篇(二)
启xin宝app的token算法破解--抓包分析篇(一)文章已经对该app进行了抓包分析,现在继续对它进行逆向. 对于一个app而言,我们要逆向app,需要知道什么呢? 逆向工具 Java基础,甚至c ...
随机推荐
- [转帖]5、kafka监控工具Kafka-Eagle介绍及使用
https://zhuanlan.zhihu.com/p/628039102 # Apache Kafka系列文章 1.kafka(2.12-3.0.0)介绍.部署及验证.基准测试 2.java调 ...
- 一个简单的科普-延迟与RT时间
一个简单的科普-延迟与RT时间 背景 发现稍微一复杂就没人看. 这次像是写一个简单的科普文章. 主要说一下网络延迟还有网络的响应时间. 这里想通过一个题目进行引申. 如果Skylink全球商用: 中国 ...
- [转帖]Perf IPC以及CPU性能
https://plantegg.github.io/2021/05/16/Perf%20IPC%E4%BB%A5%E5%8F%8ACPU%E5%88%A9%E7%94%A8%E7%8E%87/ Pe ...
- 【K哥爬虫普法】大众点评VS百度地图,论“数据权属”对爬虫开发的罪与罚!
我国目前并未出台专门针对网络爬虫技术的法律规范,但在司法实践中,相关判决已屡见不鲜,K哥特设了"K哥爬虫普法"专栏,本栏目通过对真实案例的分析,旨在提高广大爬虫工程师的法律意识,知 ...
- pycharm像vs那样进行代码折叠
在visual studio中可以使用#region和#endregion来进行代码折叠,我尝试在pycharm中也可以使用相同的指令来折叠代码. 但是如果#endregion是在方法的最后面或者类的 ...
- Python PyWin32 模块
Python的生产效率极高,通过使用pypiwin32模块可以快速调用windows API函数,结合Python的高效开发能力,同等时间内比C++能更快的达到目标,pypiwin32模块封装了Win ...
- LyScript 寻找ROP漏洞指令片段
ROP绕过片段简单科普一下,你可以理解成一个可以关闭系统自身内存保护的一段机器指令,这段代码需要我们自己构造,这就涉及到在对端内存搜寻这样的指令,LyScript插件增强了指令片段的查找功能,但需要我 ...
- Leetcode刷题第六天-回溯
131:分割回文串 链接:131. 分割回文串 - 力扣(LeetCode) for 遍历字符串 递归切割,切割到字符串尾,单次结束 1 class Solution: 2 def partition ...
- 用GPT4聊天制作AI绘画搞笑视频,播放量近10w,附GPT4开通教程
AI一天,人间一年 大家好,我是小卷,最近大家在视频号.抖音刷短视频时,是不是经常刷到那种用AI生成的聊天搞笑绘画视频.比如下面这个视频:南方小土豆来哈尔滨 又或者是AI眼中的各个大学 又或者是两个大 ...
- Java并发(七)----线程sleep、yield、线程优先级
1.sleep 与 yield sleep 调用 sleep 会让当前线程从 Running 进入 Timed Waiting 状态(阻塞) 其它线程可以使用 interrupt 方法打断正在睡眠的线 ...