from ctypes import *

def decrypt(v, k):

    v0, v1 = c_uint32(v[0]), c_uint32(v[1])

    delta = 0x543210DD

    k0, k1, k2, k3 = k[0], k[1], k[2], k[3]

    total = c_uint32(delta * -32)

    for i in range(32):

        v1.value -= ((v0.value << 4) + k2) ^ (v0.value + total.value) ^ ((v0.value >> 5) + k3)

        v0.value -= ((v1.value << 4) + k0) ^ (v1.value + total.value) ^ ((v1.value >> 5) + k1)

        total.value += delta

    return v0.value, v1.value

# test

if __name__ == "__main__":

    # 待加密的明文，两个 32 位整型，即 64bit 的明文数据

    value = [0, 0]

    buf2 = [0x2E63829D, 0xC14E400F, 0x9B39BFB9, 1512016660, 0x61886DDE, 0x6565C6CF, 0x9F064F64, 0x236A43F6]

    # buf2=[0x9D82632E,  0x0F404EC1,  0x9B39BFB9,  1512016660,  0x61886DDE,  0x6565C6CF,  0x9F064F64,  0x236A43F6]

    # 四个 key，每个是 32bit，即密钥长度为 128bit

    key = [0x12345678, 0x23456789, 0x34567890, 0x45678901]

    for i in range(0, len(buf2), 2):

        value[0], value[1] = buf2[i], buf2[i + 1]

        res = decrypt(value, key)

        bytearray.fromhex(hex(res[0])[2::]).decode()

        print(bytearray.fromhex(hex(res[0])[2::]).decode()[::-1], bytearray.fromhex(hex(res[1])[2::]).decode()[::-1],

              sep='', end='')

    print('k}', end='')

# hgame{Tea_15_4_v3ry_h3a1thy_drlnk}

a=[0x5b,0x54,0x52,0x5e,0x56,0x48,0x44,0x56,0x5f,0x50,0x3,0x5e,0x56,0x6c,0x47,0x3,0x6c,0x41,0x56,0x6c,0x44,0x5c,0x41,0x2,0x57,0x12,0x4e]

for i in a:

    print(chr(i^0x33),end='')# hgame{welc0me_t0_re_wor1d!}

a = [0x04, 0xFF, 0xFD, 0x09, 0x01, 0xF3, 0xB0, 0x00, 0x00, 0x05, 0xF0, 0xAD, 0x07, 0x06, 0x17, 0x05, 0xEB, 0x17, 0xFD,

     0x17, 0xEA, 0x01, 0xEE, 0x01, 0xEA, 0xB1, 0x05, 0xFA, 0x08, 0x01, 0x17, 0xAC, 0xEC, 0x01, 0xEA, 0xFD, 0xF0, 0x05,

     0x07, 0x06, 0xF9]

for i in a:

    if i > 0xA0:

        i=-(0xff-i+1)

    print(chr((i + 86) ^ 0x32), end='')

# hgame{4ddit1on_is_a_rever5ible_0peration}

v4=[0x00000008, 0x00000006, 0x00000007, 0x00000006, 0x00000001, 0x00000006, 0x0000000D, 0x00000006, 0x00000005, 0x00000006, 0x0000000B, 0x00000007, 0x00000005, 0x00000006, 0x0000000E, 0x00000006, 0x00000003, 0x00000006, 0x0000000F, 0x00000006, 0x00000004, 0x00000006, 0x00000005, 0x00000006, 0x0000000F, 0x00000005, 0x00000009, 0x00000006, 0x00000003, 0x00000007, 0x0000000F, 0x00000005, 0x00000005, 0x00000006, 0x00000001, 0x00000006, 0x00000003, 0x00000007, 0x00000009, 0x00000007, 0x0000000F, 0x00000005, 0x00000006, 0x00000006, 0x0000000F, 0x00000006, 0x00000002, 0x00000007, 0x0000000F, 0x00000005, 0x00000001, 0x00000006, 0x0000000F, 0x00000005, 0x00000002, 0x00000007, 0x00000005, 0x00000006, 0x00000006, 0x00000007, 0x00000005, 0x00000006, 0x00000002, 0x00000007, 0x00000003, 0x00000007, 0x00000005, 0x00000006, 0x0000000F, 0x00000005, 0x00000005, 0x00000006, 0x0000000E, 0x00000006, 0x00000007, 0x00000006, 0x00000009, 0x00000006, 0x0000000E, 0x00000006, 0x00000005, 0x00000006, 0x00000005, 0x00000006, 0x00000002, 0x00000007, 0x0000000D, 0x00000007, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]

for i in range(50):

    print(chr((v4[2 * i + 1] << 4) | v4[2 * i]),end='')

# hgame{encode_is_easy_for_a_reverse_engineer}

import json

import time

from web3 import Web3, HTTPProvider

contract_address = '0x34D0aCD466A0f208e57722D4aF80479A047B3271'

private_key = [你的钱包私钥]

wallet = Web3.toChecksumAddress([你的钱包地址])

w3 = Web3(HTTPProvider('http://week-1.hgame.lwsec.cn:32663'))

ABI = json.loads(

    '[{"inputs":[{"internalType":"string","name":"_greeting","type":"string"}],"stateMutability":"nonpayable","type":"constructor"},{"inputs":[],"name":"greet","outputs":[{"internalType":"string","name":"","type":"string"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"isSolved","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"string","name":"_greeting","type":"string"}],"name":"setGreeting","outputs":[],"stateMutability":"nonpayable","type":"function"}]')

# w3.eth.enable_unaudited_features()

contract = w3.eth.contract(address=contract_address, abi=ABI)

nonce = w3.eth.getTransactionCount(wallet)

gasPrice = w3.toWei('10', 'gwei')

gasLimit = 4000000

tx = {

    'nonce': nonce,

    'gas': gasLimit,

    'gasPrice': gasPrice,

    'from': wallet

}

transaction = contract.functions.setGreeting("HelloHGAME!").buildTransaction(tx)

signed_tx = w3.eth.account.sign_transaction(transaction, private_key)

tx_hash = w3.eth.sendRawTransaction(signed_tx.rawTransaction)

transaction_hash = w3.toHex(tx_hash)

tx_receipt = w3.eth.wait_for_transaction_receipt(transaction_hash)

import string

res = string.printable

a='qaCpwYM2tO/RP0XeSZv8kLd6nfA7UHJ1No4gF5zr3VsBQbl9juhEGymc+WTxIiDK'

a=[ord(i) for i in a]

v6 = 'AMHo7dLxUEabf6Z3PdWr6cOy75i4fdfeUzL17kaV7rG='

for i in range(0, len(v6), 4):

    for xx in res:

        for yy in res:

            for zz in res:

                x, y, z = ord(xx), ord(yy), ord(zz)

                if ord(v6[i]) == a[x >> 2] and ord(v6[i + 1]) == a[(16 * x) & 0x30 | (y >> 4)] and ord(v6[i + 2]) == a[(4 * y) & 0x3C | (z >> 6)] and ord(v6[i + 3]) == a[z & 0x3F]:

                    print(xx, yy, zz, sep='',end='')

print('n}') # 为了连接成完整的 flag，所以猜一个末尾是 n}

# hgame{s0meth1ng_run_befOre_m@in}

from z3 import *

v10 = [0x0000007E, 0x000000E1, 0x0000003E, 0x00000028, 0x000000D8, 0x000000FD, 0x00000014, 0x0000007C, 0x000000E8,

       0x0000007A, 0x0000003E, 0x00000017, 0x00000064, 0x000000A1, 0x00000024, 0x00000076, 0x00000015, 0x000000B8,

       0x0000001A, 0x0000008E, 0x0000003B, 0x0000001F, 0x000000BA, 0x00000052, 0x0000004F]

v12 = [0x0000F9FE, 0x00008157, 0x000108B2, 0x0000D605, 0x0000F21B, 0x00010FF3, 0x00009146, 0x00011212, 0x0000CF76,

       0x00010C46, 0x0000F76B, 0x000077DF, 0x000103BE, 0x0000C6F8, 0x0000ED8A, 0x0000BE90, 0x000075EC, 0x0000EAC8,

       0x0000AE37, 0x0000CC29, 0x0000A828, 0x00005C6C, 0x0000AB4A, 0x0000836E, 0x0000ACEE]

flag = [Int('flag%d' % i) for i in range(40)]

solver = Solver()

for i in range(5):

    for j in range(5):

        solver.add(v12[5 * i + j]==flag[5 * i + 0]*v10[5 * 0 + j] + flag[5 * i + 1]*v10[5 * 1 + j] + flag[5 * i + 2]*v10[5 * 2 + j] + flag[5 * i + 3]*v10[5 * 3 + j] + flag[5 * i + 4]*v10[5 * 4 + j])

if solver.check() == sat:

    m = solver.model()

    # print(m)

    for i in range(len(m)):

        print(chr(int(str(m[flag[i]]))),end='')

else:

    print('unsat')

# hgame{y0ur_m@th_1s_gO0d}

#!/usr/bin/env python

# visit https://tool.lu/pyc/ for more information

# Version: Python 3.10

import base64

def gen(key):

    s = list(range(256))

    j = 0

    for i in range(256):

        j = (j + s[i] + ord(key[i % len(key)])) % 256

        tmp = s[i]

        s[i] = s[j]

        s[j] = tmp

    i = j = 0

    data = []

    for _ in range(50):

        i = (i + 1) % 256

        j = (j + s[i]) % 256

        tmp = s[i]

        s[i] = s[j]

        s[j] = tmp

        data.append(s[(s[i] + s[j]) % 256])

    return data

def encrypt(text, key):

    result = ''

    for c, k in zip(text, gen(key)):

        result += chr(ord(c) ^ k)

    result = base64.b64encode(result.encode()).decode()

    return result

text = input('Flag: ')

key = 'As_we_do_as_you_know'

enc = encrypt(text, key)

if enc == 'wr3ClVcSw7nCmMOcHcKgacOtMkvDjxZ6asKWw4nChMK8IsK7KMOOasOrdgbDlx3DqcKqwr0hw701Ly57w63CtcOl':

    print('yes!')

    return None

None('try again...')

#!/usr/bin/env python

# visit https://tool.lu/pyc/ for more information

# Version: Python 3.10

import base64

def gen(key):

    s = list(range(256))

    j = 0

    for i in range(256):

        j = (j + s[i] + ord(key[i % len(key)])) % 256

        tmp = s[i]

        s[i] = s[j]

        s[j] = tmp

    i = j = 0

    data = []

    for _ in range(50):

        i = (i + 1) % 256

        j = (j + s[i]) % 256

        tmp = s[i]

        s[i] = s[j]

        s[j] = tmp

        data.append(s[(s[i] + s[j]) % 256])

    return data

key = 'As_we_do_as_you_know'

enc = 'wr3ClVcSw7nCmMOcHcKgacOtMkvDjxZ6asKWw4nChMK8IsK7KMOOasOrdgbDlx3DqcKqwr0hw701Ly57w63CtcOl'

_enc = base64.b64decode(enc).decode()

result = ''

for c, k in zip(_enc, gen(key)):

    result += chr(ord(c) ^ k)

print(result)

# hgame{python_reverse_is_easy_with_internet}

from ctypes import *

def encrypt(v, key):

    v0, v1 = c_uint32(v[0]), c_uint32(v[1])

    delta = 0x34566543

    total = c_uint32(0)

    for i in range(32):

        v0.value += (((v1.value << 4) ^ (v1.value >> 5)) + v1.value) ^ (total.value + key[total.value & 3])

        total.value += delta

        v1.value += (((v0.value << 4) ^ (v0.value >> 5)) + v0.value) ^ (total.value + key[(total.value >> 11) & 3])

    return v0.value, v1.value

def decrypt(v, key):

    v0, v1 = c_uint32(v[0]), c_uint32(v[1])

    delta = 0x34566543

    total = c_uint32(delta * 33)

    for i in range(33):

        total.value -= delta

        v1.value -= (((v0.value << 4) ^ (v0.value >> 5)) + v0.value) ^ (total.value + key[(total.value >> 11) & 3])

        # total.value -= delta

        v0.value -= (((v1.value << 4) ^ (v1.value >> 5)) + v1.value) ^ (total.value + key[total.value & 3])^total.value

    return v0.value, v1.value

# 637666042,457511012,-2038734351,578827205,-245529892,-1652281167,435335655,733644188,705177885,-596608744

# test

if __name__ == "__main__":

    # 待加密的明文，两个 32 位整型，即 64bit 的明文数据

    value = [637666042, 457511012, -2038734351, 578827205, -245529892, -1652281167, 435335655, 733644188, 705177885, -596608744]

    # 四个 key，每个是 32bit，即密钥长度为 128bit

    key = [2233, 4455, 6677, 8899]

    for i in range(len(value) - 2, -1, -1):

        _value = [value[i], value[i+1]]

        value[i], value[i+1] = decrypt(_value, key)

    for i in value:

        print(bytearray.fromhex(hex(i)[2::]).decode()[::-1],sep='', end='')

# hgame{d8c1d7d34573434ea8dfe5db40fbb25c0}

with open('data', 'rb') as f:

    s = f.read()

    s = bytearray(s)

    for i in range(len(s)):

        s[i] ^= 104

    with open('data_new', 'wb') as f:

        f.write(s)

from z3 import *

num = [BitVec('num%d' % i, 50) for i in range(13)]

solver = Solver()

solver.add(num[0] + 52296 + num[1] - 26211 + num[2] - 11754 + (num[3] ^ 0xA114) + num[4] * 63747 + num[5] - 52714 + num[

    6] - 10512 + num[7] * 12972 + num[8] + 45505 + num[9] - 21713 + num[10] - 59122 + num[11] - 12840 + (

                   num[12] ^ 0x525F) == 12702282)

solver.add(

    num[0] - 25228 + (num[1] ^ 0x50DB) + (num[2] ^ 0x1FDE) + num[3] - 65307 + num[4] * 30701 + num[5] * 47555 + num[

        6] - 2557 + (num[7] ^ 0xBF9F) + num[8] - 7992 + (num[9] ^ 0xE079) + (num[10] ^ 0xE052) + num[11] + 13299 + num[

        12] - 50966 == 9946829)

solver.add(num[0] - 64801 + num[1] - 60698 + num[2] - 40853 + num[3] - 54907 + num[4] + 29882 + (num[5] ^ 0x3506) + (

        num[6] ^ 0x533E) + num[7] + 47366 + num[8] + 41784 + (num[9] ^ 0xD1BA) + num[10] * 58436 + num[11] * 15590 +

           num[12] + 58225 == 2372055)

solver.add(

    num[0] + 61538 + num[1] - 17121 + num[2] - 58124 + num[3] + 8186 + num[4] + 21253 + num[5] - 38524 + num[

        6] - 48323 + num[7] - 20556 + num[8] * 56056 + num[9] + 18568 + num[10] + 12995 + (num[11] ^ 0x995C) + num[

        12] + 25329 == 6732474)

solver.add(

    num[0] - 42567 + num[1] - 17743 + num[2] * 47827 + num[3] - 10246 + (num[4] ^ 0x3F9C) + num[5] + 39390 + num[

        6] * 11803 + num[7] * 60332 + (num[8] ^ 0x483B) + (num[9] ^ 0x12BB) + num[10] - 25636 + num[11] - 16780 + num[

        12] - 62345 == 14020739)

solver.add(num[0] - 10968 + num[1] - 31780 + (num[2] ^ 0x7C71) + num[3] - 61983 + num[4] * 31048 + num[5] * 20189 + num[

    6] + 12337 + num[7] * 25945 + (num[8] ^ 0x1B98) + num[9] - 25369 + num[10] - 54893 + num[11] * 59949 + (

                   num[12] ^ 0x3099) == 14434062)

solver.add(num[0] + 16689 + num[1] - 10279 + num[2] - 32918 + num[3] - 57155 + num[4] * 26571 + num[5] * 15086 + (

        num[6] ^ 0x59CA) + (num[7] ^ 0x5B35) + (num[8] ^ 0x3FFD) + (num[9] ^ 0x5A85) + num[10] - 40224 + num[

               11] + 31751 + num[12] * 8421 == 7433598)

solver.add(

    num[0] + 28740 + num[1] - 64696 + num[2] + 60470 + num[3] - 14752 + (num[4] ^ 0x507) + (num[5] ^ 0x89C8) + num[

        6] + 49467 + num[7] - 33788 + num[8] + 20606 + (num[9] ^ 0xAF4A) + num[10] * 19764 + num[11] + 48342 + num[

        12] * 56511 == 7989404)

solver.add((num[0] ^ 0x7132) + num[1] + 23120 + num[2] + 22802 + num[3] * 31533 + (num[4] ^ 0x9977) + num[5] - 48576 + (

        num[6] ^ 0x6F7E) + num[7] - 43265 + num[8] + 22365 + num[9] + 61108 + num[10] * 2823 + num[11] - 30343 +

           num[12] + 14780 == 3504803)

solver.add(

    num[0] * 22466 + (num[1] ^ 0xDABF) + num[2] - 53658 + (num[3] ^ 0xB838) + (num[4] ^ 0x30DF) + num[5] * 59807 + num[

        6] + 46242 + num[7] + 3052 + (num[8] ^ 0x62BF) + num[9] + 30202 + num[10] * 22698 + num[11] + 33480 + (

            num[12] ^ 0x4175) == 11003580)

solver.add(

    num[0] * 57492 + (num[1] ^ 0x346D) + num[2] - 13941 + (num[3] ^ 0xBBDC) + num[4] * 38310 + num[5] + 9884 + num[

        6] - 45500 + num[7] - 19233 + num[8] + 58274 + num[9] + 36175 + (num[10] ^ 0x4888) + num[11] * 49694 + (

            num[12] ^ 0x2501) == 25546210)

solver.add(num[0] - 23355 + num[1] * 50164 + (num[2] ^ 0x873A) + num[3] + 52703 + num[4] + 36245 + num[5] * 46648 + (

        num[6] ^ 0x12FA) + (num[7] ^ 0xA376) + num[8] * 27122 + (num[9] ^ 0xA44A) + num[10] * 15676 + num[

               11] - 31863 + num[12] + 62510 == 11333836)

solver.add(

    num[0] * 30523 + (num[1] ^ 0x1F36) + num[2] + 39058 + num[3] * 57549 + (num[4] ^ 0xD0C0) + num[5] * 4275 + num[

        6] - 48863 + (num[7] ^ 0xD88C) + (num[8] ^ 0xA40) + (num[9] ^ 0x3554) + num[10] + 62231 + num[11] + 19456 + num[

        12] - 13195 == 13863722)

solver.add(num[0] == 236, num[1] == 72, num[2] == 213, num[3] == 106, num[4] == 189, num[5] == 86)

if solver.check() == sat:

    m = solver.model()

    for i in range(len(m)):

        print('num[%d]' % i, '=', int(str(m[num[i]])))

else:

    print('unsat')

'''

num[0] = 236

num[1] = 72

num[2] = 213

num[3] = 106

num[4] = 189

num[5] = 86

num[6] = 62

num[7] = 53

num[8] = 120

num[9] = 199

num[10] = 15

num[11] = 93

num[12] = 133

'''

num = [0 for i in range(13)]

num[0] = 236

num[1] = 72

num[2] = 213

num[3] = 106

num[4] = 189

num[5] = 86

num[6] = 62

num[7] = 53

num[8] = 120

num[9] = 199

num[10] = 15

num[11] = 93

num[12] = 133

array = [132, 47, 180, 7, 216, 45, 68, 6, 39, 246,

         124, 2, 243, 137, 58, 172, 53, 200, 99, 91,

         83, 13, 171, 80, 108, 235, 179, 58, 176, 28,

         216, 36, 11, 80, 39, 162, 97, 58, 236, 130,

         123, 176, 24, 212, 56, 89, 72]

for i in range(len(array)):

    print(chr(array[i] ^ num[i % len(num)]),end='')# hgame{z3_1s_very_u5eful_1n_rever5e_engin3ering}

v8 = [0 for i in range(8)]

v8[0] = 0x5416D999808A28FA

v8[1] = 0x588505094953B563

v8[2] = 0xCE8CF3A0DC669097

v8[3] = 0x4C5CF3E854F44CBD

v8[4] = 0xD144E49916678331

v8[5] = -631149652

v8[6] = -17456

v8[7] = 85

v12 = [0 for i in range(8)]

v12[0] = 0x3B4FA2FCEDEB4F92

v12[1] = 0x7E45A6C3B67EA16

v12[2] = 0xAFE1ACC8BF12D0E7

v12[3] = 0x132EC3B7269138CE

v12[4] = 0x8E2197EB7311E643

v12[5] = -1370223935

v12[6] = -13899

v12[7] = 40

for i in range(len(v8)):

    a = v8[i] ^ v12[i]

    print(bytearray.fromhex(hex(a)[2::]).decode()[::-1], end='')

    # hgame{You_4re_a_p@tch_master_0r_reverse_ma5ter}

import numpy as np

import struct

import hashlib

import warnings

from ctypes import *

# ChaCha20 Matrix: 16 words, 32-bits each (4 bytes each) for a total of 64-bytes

# cccccccc  cccccccc  cccccccc  cccccccc    #constants

# kkkkkkkk  kkkkkkkk  kkkkkkkk  kkkkkkkk    #key

# kkkkkkkk  kkkkkkkk  kkkkkkkk  kkkkkkkk    #key

# bbbbbbbb  nnnnnnnn  nnnnnnnn  nnnnnnnn    #block_number and nonce

# Disable overflow warnings for numpy uint as we need the overflow in ChaCha20's addition

warnings.filterwarnings("ignore")

def quarterround(a, b, c, d):

    def circular_left(num, i):

        return ((num << i) & 0xFFFFFFFF) | (num >> (32 - i))

    # a, b, c, d are numpy uint32. The addition may overflow which is ok for ChaCha20

    a += b

    d ^= a

    d = circular_left(d, 16)

    c += d

    b ^= c

    b = circular_left(b, 12)

    a += b

    d ^= a

    d = circular_left(d, 8)

    c += d

    b ^= c

    b = circular_left(b, 7)

    return (a, b, c, d)

def rounds(block):

    steps = [

        [0, 4, 8, 12],

        [1, 5, 9, 13],

        [2, 6, 10, 14],

        [3, 7, 11, 15],

        [0, 5, 10, 15],

        [1, 6, 11, 12],

        [2, 7, 8, 13],

        [3, 4, 9, 14],

    ]

    # print(type(block))

    for _ in range(10):

        for round in steps:

            block[round] = quarterround(*(block[round]))

    return block

def _xor(data_1, data_2):

    return [a ^ b for a, b in zip(data_1, data_2)]

def encrypt(plaintext):

    '''

    global matrix

    # Add the 4-byte block number

    # matrix[12] = counter

    state = matrix.copy()

    state = rounds(state)

    # Create the final state

    final = state + matrix

    # Serialize the final state

    # print(hex(c_uint32(final[0]).value))

    '''

    final = np.array(

        [0x4037A04E, 0xFDDA0246, 0x3C6EFA21, 0xCF9CD9AF, 0x673347B9, 0x0DEC4EE0, 0x1380C4D1, 0x3AB2A932, 0x025D50A7,