[AFCTF2018]MyOwnCBC1

暹攕J峦敕?(緲\槊^!6赾1?[+祙砡?JL潋?醕?龉'>c籭剙lst?Y戸kb?飀[hC?	x曑籃祏?HC)蘶鑶崧字得?g謾帟*M痎?=臛琥渣n8??П鮷蹛?梎zS'/鼿致M泅?u=|鐓﹌?-R帇S?求N,a蜆AD?露0?~@?S鑸78& 1C?B瓫\厊X煷3;玾尣a軋灛?粺皕?玔X釆貫??H氌l?鋗鵨??Y 	?惰8亩w?殦坎鱟襺鼻熶???糱佴?萿捏9k)k?肱憜~焧WK1腏样C>E~媜侨蛵閘?智釈榝澕宪?敘D捔/渌亚蔊4-?誒徣x攐擘N8UY栻_蓵I)^鶱暁夶k8T)譾緞垏酬<D0褋n&U粴O痨Y駇猕鏖煛贍鑗H嫰箁娺2緡极Yw^U_?禬て?d㈩?由_外槥g?僶?譲J?? jI}[dRp9俬乞g蝐?齐/
8?K庽>@??@熢麕刺hT?Ds*籜2?埙銋ym壙_Y濭o€?MI\Zà#砶[櫃h-欦肫g?4M:3襽?
賯犉畬edZ琑G?晅3炴邊璜2b矦	dc?耻??梽	 ?斌庢N~i^
`P'裕vp伺斃鱄駰螽薤??瞴Iq驠?{\齞繍	V涚+??.唔?竾DJ 悤罻P?濣?5牁鄊_u厘飯絺Q?鐧 怑j崜j埔頽臽沽憆I惋? 聳F?T荅??AF蓯>??A??5癊??饨睞裏R﹜唠q牰rO椡sr汖睌?s?螘80lC_摪鐟;W╲晶5\Y徾ih壼a灦}膲'/斳 ?	勎v6喅?u??縝h?[鎴杜?匨kf鸻?髭譌s0?F鼑8?>"Ou摦e觲跩闙饽? 9+Bg諽涒rI?S?Ⅴ`剆愌卆摅萺琘[Y}綒锕倠K?祺虸?SK暽も6@8芉]?7UQ熍t m?O^坓?f刭?[?n?葆:浬t潎艙T?籃wC
S惴|?\矵稲? R寧嗲 W蜿K诺?\?b秢?IO瘕?(硧B!Hk庢@襶6鵸遆隣;k怴.]b]u褢?!H?乸S? a趆撹禸?e貋?蔡3:欛TY渓	B奨z筴?e胮 誮|揧z?"JT?b"t鏿6鵱?頏:╆V笓屮?憤璅?怖猸縲Z∧я?囗体K|Kd"? ?f9察m毳XHO聴?蚜訸卒#H?c庘敁s活;<gT\年捙?筚v"G樧gx"]泔靬焙v溤顟諓彪?鍠憌[eO鬺iB
M枦捝痵貎?/薬呋?\爻j灿?鰻顴始築???wp~?嫤qr??刌D紫\1v ?贴d鄄e8酲嵱?H趣翛燫?0娩缗閈fU	gK琮]
e曂9%謢&c?躽.O嬈戝圿T?$~椣疤堐N?橥溾€%?齧?铝盩宸眐5?惱掯圲猀?gsX"U:鯟<囗S逧梭兿8?-Ku=ㄖlY憇u%
()'=1+F垟c?

from Crypto.Cipher import AES
from Crypto.Random import random
from Crypto.Util.number import *

def MyOwnCBC(key, plain):
	if len(key)!=32:
		return "error!"
	cipher_txt = b""
	cipher_arr = []
	cipher = AES.new(key, AES.MODE_ECB, "")
	plain = [plain[i:i+32] for i in range(0, len(plain), 32)]
	print plain
	cipher_arr.append(cipher.encrypt(plain[0]))
	cipher_txt += cipher_arr[0]
	for i in range(1, len(plain)):
		cipher = AES.new(cipher_arr[i-1], AES.MODE_ECB, "")
		cipher_arr.append(cipher.encrypt(plain[i]))
		cipher_txt += cipher_arr[i]
	return cipher_txt
	
key = random.getrandbits(256)
key = long_to_bytes(key)

s = ""
with open("flag.txt","r") as f:
	s = f.read()
	f.close()

with open("flag_cipher","wb") as f:
	f.write(MyOwnCBC(key, s))
	f.close()

解题思路大致就是将上一级cipher，当作下一级的key进行加密，

由此可得初始的key为32位

from Crypto.Cipher import AES
from Crypto.Random import random
from Crypto.Util.number import *

def myowncbc(key,cipher):
	flag=b''
	cipher=[cipher[i:i+32] for i in range(0,len(cipher),32)]
	tempkey=key
	for i in range(1,len(cipher)):
		dic_cipher=AES.new(tempkey,AES.MODE_ECB)
		flag+=dic_cipher.decrypt(cipher[i])
		tempkey=cipher[i]
	return flag
cipher=open(r'C:\Users\mqy23\Downloads\attachment\flag_cipher','rb').read()
key=cipher[0:32]
print(myowncbc(key,cipher))

得到afctf{Don't_be_fooled_by_yourself}