Title Description :

Games , Generally, when the score is high to a certain extent , You can pass

Turn on bp Take a look

Find out : When our game is over , The web page will send a package

Click to see  

Try to modify score Value

Obviously , You can't . Explain that there are other parameters to verify the authenticity of the score ; This parameter may be sign Or maybe in cookie in .

solve ： Send packets many times （ Play games many times , Keep different values ）, Compare different values  

Obviously , When the scores are different, the difference between different packages is score and sign

contrast sign Find out   sign By zM + **** +  ==  constitute

  Take the qualified four digits in the first bag cmd5 Decrypt , Find out , This is our score

Therefore, it is determined that sign = zM + base64(score) + ==

therefore We need to change the score , You need to score = 999999 also sign = zM+ base64(999999) + ==

base64(999999) This specific value can go to cmd5 To encrypt

The packets are as follows

Successfully get flag

summary ：

1. Games generally come by modifying scores , It should be raised （999999) , Or lower it （-999999)  

2. There may be more than one parameter controlling the score , If there is encryption, you have to try to decrypt . Usually try several more times , Find the parameters that change due to different scores , Then analyze the parameter