安恆2018年9月賽~簡單加密
阿新 • • 發佈:2018-12-22
#!/usr/bin/env python # -*- coding:utf-8 -*- from Crypto.Cipher import AES from Crypto import Random def encrypt(data, password): bs = AES.block_size pad = lambda s: s + (bs - len(s) % bs) * chr(bs - len(s) % bs) iv = "0102030405060708" cipher = AES.new(password, AES.MODE_CBC, iv) data = cipher.encrypt(pad(data)) return data def decrypt(data, password): unpad = lambda s : s[0:-ord(s[-1])] iv = "0102030405060708" cipher = AES.new(password, AES.MODE_CBC, iv) data = cipher.decrypt(data) return unpad(data) def generate_passwd(key): data_halt = "LvR7GrlG0A4WIMBrUwTFoA==".decode("base64") rand_int = int(decrypt(data_halt, key).encode("hex"), 16) round = 0x7DC59612 result = 1 a1 = 0 while a1 < round: a2 = 0 while a2 < round: a3 = 0 while a3 < round: result = result * (rand_int % 0xB18E) % 0xB18E a3 += 1 a2 += 1 a1 += 1 return encrypt(str(result), key) if __name__ == '__main__': key = raw_input("key:") if len(key) != 32: print "check key length!" exit() passwd = generate_passwd(key.decode("hex")) flag = raw_input("flag:") print "output:", encrypt(flag, passwd).encode("base64") # key = md5(sha1("flag")) # output = "u6WHK2bnAsvTP/lPagu7c/K3la0mrveKrXryBPF/LKFE2HYgRNLGzr1J1yObUapw"
通過觀察這條語句:result = result * (rand_int % 0xB18E) % 0xB18E
result不會超過0xB18E,於是採用爆破result方式生成passwd。
該程式使用了PyCrypto庫,訪問http://www.voidspace.org.uk/python/modules.shtml#pycrypto,下載並安裝PyCrypto 2.6 for Python 2.7 64bit。
重寫程式,爆破。
#!/usr/bin/env python # -*- coding:utf-8 -*- from Crypto.Cipher import AES from Crypto import Random from hashlib import md5, sha1 def encrypt(data, password): bs = AES.block_size pad = lambda s: s + (bs - len(s) % bs) * chr(bs - len(s) % bs) iv = "0102030405060708" cipher = AES.new(password, AES.MODE_CBC, iv) data = cipher.encrypt(pad(data)) return data def decrypt(data, password): unpad = lambda s : s[0:-ord(s[-1])] iv = "0102030405060708" cipher = AES.new(password, AES.MODE_CBC, iv) data = cipher.decrypt(data) return unpad(data) def generate_passwd(result, key): ''' data_halt = "LvR7GrlG0A4WIMBrUwTFoA==".decode("base64") rand_int = int(decrypt(data_halt, key).encode("hex"), 16) round = 0x7DC59612 result = 1 a1 = 0 while a1 < round: a2 = 0 while a2 < round: a3 = 0 while a3 < round: result = result * (rand_int % 0xB18E) % 0xB18E a3 += 1 a2 += 1 a1 += 1 ''' return encrypt(str(result), key) def Md5(input1): m1 = md5() m1.update(input1) return m1.hexdigest() def Sha1(input1): m2 = sha1() m2.update(input1) return m2.hexdigest() if __name__ == '__main__': ''' key = raw_input("key:") if len(key) != 32: print "check key length!" exit() passwd = generate_passwd(key.decode("hex")) flag = raw_input("flag:") print "output:", encrypt(flag, passwd).encode("base64") ''' key = Md5(Sha1("flag")).decode("hex") output = "u6WHK2bnAsvTP/lPagu7c/K3la0mrveKrXryBPF/LKFE2HYgRNLGzr1J1yObUapw" for result in range(0x0B18E): passwd = generate_passwd(result, key) flag = decrypt(output.decode("base64"), passwd) if 'flag' in flag: print flag break print 'ok'
得到結果flag{552d3a0e567542d99694c4d61d1a652e}