我们暂时把经过S盒处理的32bits排列称为L
则P(L)的输出格式和P盒相同
输出的第一位 就是根据P盒第一位获得的数值16 提取L中第16位的数值
到此回顾整个加密流程就解释清楚了
基本解密流程
因为是对称密码体系,所以在解密的过程中一定要始终保持对称的思想,充分借鉴加密的流程,从上面的output反推回input
相当于现在已知R16L16
然后进行反向解密
Rn-1 = Ln
Ln-1 = Rn ^ f(Ln,Kn) = Rn ^ f(Rn-1,Kn)
同时注意子密钥一定要反着传
这里看概念比较抽象,下面跟着这道优秀的题目好好感受一下DES的魅力吧~
参考优质论文:DES
simple_des
在下面的代码中可以关注一下注释 做出了比较细的解释~
题目源码:
from operator import add
from typing import List
from functools import reduce
from gmpy2 import \*
from Crypto.Util.number import \*
_IP = [57, 49, 41, 33, 25, 17, 9, 1,
59, 51, 43, 35, 27, 19, 11, 3,
61, 53, 45, 37, 29, 21, 13, 5,
63, 55, 47, 39, 31, 23, 15, 7,
56, 48, 40, 32, 24, 16, 8, 0,
58, 50, 42, 34, 26, 18, 10, 2,
60, 52, 44, 36, 28, 20, 12, 4,
62, 54, 46, 38, 30, 22, 14, 6
]
def IP(plain: List[int]) -> List[int]:
return [plain[x] for x in _IP]
__pc1 = [56, 48, 40, 32, 24, 16, 8,
0, 57, 49, 41, 33, 25, 17,
9, 1, 58, 50, 42, 34, 26,
18, 10, 2, 59, 51, 43, 35,
62, 54, 46, 38, 30, 22, 14,
6, 61, 53, 45, 37, 29, 21,
13, 5, 60, 52, 44, 36, 28,
20, 12, 4, 27, 19, 11, 3
]
__pc2 = [
13, 16, 10, 23, 0, 4,
2, 27, 14, 5, 20, 9,
22, 18, 11, 3, 25, 7,
15, 6, 26, 19, 12, 1,
40, 51, 30, 36, 46, 54,
29, 39, 50, 44, 32, 47,
43, 48, 38, 55, 33, 52,
45, 41, 49, 35, 28, 31
]
#这是规定的left shift对照表
ROTATIONS = [1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1]
def PC\_1(key: List[int]) -> List[int]:
return [key[x] for x in __pc1]
def PC\_2(key: List[int]) -> List[int]:
return [key[x] for x in __pc2]
#通过初始密钥获得16轮子密钥的过程
def get\_sub\_key(key: List[int]) -> List[List[int]]:
#先把原始密钥key进行PC-1盒的处理 64bits->56bits
key = PC_1(key)
#这里的L和R 是生成密钥体系中的C和D
L, R = key[:28], key[28:]
sub_keys = []
#生成16轮子密钥
for i in range(16):
#这是进行lift shift操作 循环次数就是左位移次数
#pop是抛出从列表左侧踢出去的值附加到列表的后面 相当于实现了左移操作
for j in range(ROTATIONS[i]):
L.append(L.pop(0))
R.append(R.pop(0))
combined = L + R
#在PC-2盒中提取密钥
sub_key = PC_2(combined)
sub_keys.append(sub_key)
#还差9位 需要爆破 这里的L和R相当于最后一轮经过处理后的C16和D16
print('LL=',L[:19])
print('Rr=',R)
return sub_keys
#生成密钥时的E函数 expansion\_table
__ep = [31, 0, 1, 2, 3, 4,
3, 4, 5, 6, 7, 8,
7, 8, 9, 10, 11, 12,
11, 12, 13, 14, 15, 16,
15, 16, 17, 18, 19, 20,
19, 20, 21, 22, 23, 24,
23, 24, 25, 26, 27, 28,
27, 28, 29, 30, 31, 0
]
#permutation\_table 32个 是f函数中最后加密的P盒
__p = [15, 6, 19, 20, 28, 11, 27, 16,
0, 14, 22, 25, 4, 17, 30, 9,
1, 7, 23, 13, 31, 26, 2, 8,
18, 12, 29, 5, 21, 10, 3, 24
]
def EP(data: List[int]) -> List[int]:
return [data[x] for x in __ep]
def P(data: List[int]) -> List[int]:
return [data[x] for x in __p]
#S盒
__s_box = [
[
[14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7],
[ 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8],
[ 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0],
[15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13]
],
[
[15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10],
[ 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5],
[ 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15],
[13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9]
],
[
[10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8],
[13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1],
[13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7],
[ 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12]
],
[
[ 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15],
[13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9],
[10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4],
[ 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14]
],
[
[ 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9],
[14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6],
[ 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14],
[11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3]
],
[
[12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11],
[10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8],
[ 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6],
[ 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13]
],
[
[ 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1],
[13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6],
[ 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2],
[ 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12]
],
[
[13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7],
[ 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2],
[ 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8],
[ 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11]
]
]
def S\_box(data: List[int]) -> List[int]:
output = []
for i in range(0, 48, 6):
row = data[i] \* 2 + data[i + 5]
col = reduce(add, [data[i + j] \* (2 \*\* (4 - j)) for j in range(1, 5)])
output += [int(x) for x in format(__s_box[i // 6][row][col], '04b')]
return output
def encrypt(plain: List[int], sub_keys: List[List[int]]) -> List[int]:
plain = IP(plain)
L, R = plain[:32], plain[32:]
#进行16轮循环加密
for i in range(16):
prev_L = L
L = R
expanded_R = EP(R)
xor_result = [a ^ b for a, b in zip(expanded_R, sub_keys[i])]
substituted = S_box(xor_result)
permuted = P(substituted)
R = [a ^ b for a, b in zip(permuted, prev_L)]
cipher = R + L
cipher = [cipher[x] for x in [39, 7, 47, 15, 55, 23, 63, 31,
38, 6, 46, 14, 54, 22, 62, 30,
37, 5, 45, 13, 53, 21, 61, 29,
36, 4, 44, 12, 52, 20, 60, 28,
35, 3, 43, 11, 51, 19, 59, 27,
34, 2, 42, 10, 50, 18, 58, 26,
33, 1, 41, 9, 49, 17, 57, 25,
32, 0, 40, 8, 48, 16, 56, 24]]
return cipher
def bitxor(plain1: List[int], plain2: List[List[int]]) -> List[int]:
return [int(i) for i in bin(int(''.join(str(i) for i in plain1),2)^int(''.join(str(i) for i in plain2),2))[2:].zfill(64)]
#key的字母表为abcdefghijklmnopqrstuvwsyz
from secret import flag, key
t=[]
z=[[0]\*64]
#对key中的每一位进行循环操作 将该为转为二进制 前置0进行填充到8位
#然后map应用于迭代对象(这里是一个字符串)中的每个元素,将每个二进制位字符转换为整数 然后放到列表里
#reduce(add, ...):这是 functools 模块中的 reduce() 函数,用于将一个二进制位的整数列表合并为一个整数,通过逐步应用 add 函数来实现。
key = reduce(add, [list(map(int, bin(key_byte)[2:].zfill(8))) for key_byte in key])
#对flag进行分段加密 0,1,2 相当于进行了3次的des操作
for i in range(0,3):
#仿照key的方法 提取flag的前8位字符
pt = reduce(add, [list(map(int, bin(flag_byte)[2:].zfill(8))) for flag_byte in flag[ 8\*i:8\*(i+1) ]])
#进行des的加密操作 待加密对象是pt 传入所有子密钥 注意原始的key第一次是key本身 往后则需要与上一次的明文进行异或
#输入时64bits的盒 每一次des输出的ct也是64bits
ct = encrypt(pt, get_sub_key(bitxor(z[i],key)))
#z保存明文
z.append(pt)
#t保存每次des加密的结果
t += ct
print(t)
'''
i=0情况下的LL,Rr
LL= [0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
Rr= [0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0]
t=[0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0]
'''
参考文章:子密钥的逆推:https://www.freebuf.com/news/topnews/219723.html
出题师傅的思路:
解第一段(i=0):
通过泄露的最后一轮的C16和D16推出一组子密钥
通过已知的一组子密钥进入到guess_allsbkey函数中获得所有子密钥 并记录下C1和D1
将所有子密钥倒序进行des原始的enc加密操作中进行解密
from base64 import b64decode
from itertools import product
from DES import \* # https://github.com/soreatu/Cryptography/blob/master/DES.py 自行导入
from typing import List
from Crypto.Util.number import \*
guess_8bit = list(product(range(2), repeat=8))
#这是在PC2盒中没出现的位置数
not_in_PC2 = [9,18,22,25,35,38,43,54]
def re\_PC2(sbkey):
# 48-bit -> 56-bit
res = ['\*']\*56 #这样不确定的位置更明确一点
for i in range(len(sbkey)):
#这里之所以减1是因为在置换的时候我们是从第一位开始回推CD 但在列表中是从第0位开始的
#但这个地方有个小困惑 就是这个DES加密是出题师傅自己写的 我们发现\_\_pc2盒相比于我们调用库里的PC-2要减了1
#现在明白了 出题师傅构造的盒的位数采用的是列表中的思维 直接从0开始计数
#所以可以写为res[\_\_pc2[i]] = sbkey[i] 就不用再减1了 道理是一样的 还要修改一下上面的not\_in\_PC2列表
res[PC_2_table[i]-1] = sbkey[i]
#sbkey的长度只有48 所以存在8bit不确定的位置
return res # ok
#对这8bit进行猜测 也就是不在PC2的数值对应的位置
def guess\_CiDi16(sbkey, t):
res = re_PC2(sbkey)
for i in range(8):
#填充爆破未知位 其中guess\_8bit包含256种8位二进制的全部组合
res[not_in_PC2[i]-1] = guess_8bit[t][i]
return res # ok
def guess\_allsbkey(roundkey, r, t):
sbkey = [[]]\*16
#因为是列表的形式 所以r传入15 表示的仍为第16轮的子密钥
sbkey[r] = roundkey
CiDi = guess_CiDi16(roundkey, t)
Ci, Di = CiDi[:28], CiDi[28:]
#往后走15次 通过猜出的最后一轮子密钥 推测出全部密钥 注意取模操作
for i in range(r+1,r+16): #16-30
#CD的移位 现在获取的私钥sbkey是第0位 进行对应位移即可 对称密码嘛
Ci, Di = LR(Ci, Di, i%16)
sbkey[i%16] = PC_2(Ci+Di)
#相当于返回初始密钥C1和D1
if i%16 == 0:
combined = Ci+Di
return combined,sbkey # ok
def long\_des\_enc(c, k):
assert len(c) % 8 == 0
res = b''
for i in range(0,len(c),8):
#一轮一轮的子密钥进行解密 先用第16轮的最后第1轮的子密钥 所以这里的k是刚刚的倒序给到加密函数 因为对称密码就像当与解密
#密文也是8字节切分解密 这是因为加密的时候对flag进行了切分
res += DES_enc(c[i:i+8], k)
return res
def try\_des(cipher, roundkey):
for t in range(256):
combined,allkey = guess_allsbkey(roundkey, 15, t)
#将子密钥倒序传入
plain = long_des_enc(cipher, allkey[::-1])
if plain.startswith(b'Nep'):
#保留初始的CD
print(combined,plain)
exit()
def PC\_2(key: List[int]) -> List[int]:
return [key[x] for x in __pc2]
__pc2 = [
13, 16, 10, 23, 0, 4,
2, 27, 14, 5, 20, 9,
22, 18, 11, 3, 25, 7,
15, 6, 26, 19, 12, 1,
40, 51, 30, 36, 46, 54,
29, 39, 50, 44, 32, 47,
43, 48, 38, 55, 33, 52,
45, 41, 49, 35, 28, 31
]
tt=[0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0]
t = tt[:64]
t = ''.join(str(i) for i in t)
t= int(t,2)
t = long_to_bytes(t) #转为字节作为密文
LL= [0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
Rr= [0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0]
#512-1=511 每次-1 直到129
for i in range(2\*\*9-1,2\*\*7,-1):
#指定0作为填充字符 前导0 转为列表
tmp = list(bin(i)[2:].rjust(9,'0'))
#补充i=0
L = LL + [ int(u) for u in tmp]
R = Rr
combined = L+R
sub_key = PC_2(combined)
try_des(t, sub_key)
#[0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0] b'NepCTF{N'
第二段解密(i=1,2时):
通过上次记录的C1和D1进行右移1位得到C0和D0
然后逆PC1盒获得不完整的KEY 因为需要和上次的明文异或 所以随意补充KEY为64bits即可
然后根据异或的结果生成所有子密钥
最后进行des解密即可 和第一段相同 也是逆序传入所有的子密钥
from itertools import product
from typing import List
from operator import add
from functools import reduce
from gmpy2 import \*
from Crypto.Util.number import \*
#现在获取的是第一轮的子密钥 想要获得原始KEY 对C1D1进行还原C0D0 即右移一位
guess_8bit = list(product(range(2), repeat=8))
combined = [0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0]
C0D0 = combined[-2:-1] + combined[:-1]
__pc1 = [56, 48, 40, 32, 24, 16, 8,
0, 57, 49, 41, 33, 25, 17,
9, 1, 58, 50, 42, 34, 26,
18, 10, 2, 59, 51, 43, 35,
62, 54, 46, 38, 30, 22, 14,
6, 61, 53, 45, 37, 29, 21,
13, 5, 60, 52, 44, 36, 28,
20, 12, 4, 27, 19, 11, 3
]
def PC\_1(key: List[int]) -> List[int]:
return [key[x] for x in __pc1]
#逆一下P1盒就行56bit -> 64bit 八位爆破
not_in_PC1 = []
for i in range(64):
if not i in __pc1:
not_in_PC1.append(i)
# print(not\_in\_PC1) #[7, 15, 23, 31, 39, 47, 55, 63]
def re\_PC1(sbkey):
# 56-bit -> 64-bit
res = ['\*']\*64 #这样不确定的位置更明确一点
for i in range(len(sbkey)):
res[__pc1[i]] = sbkey[i]
#sbkey的长度只有48 所以存在8bit不确定的位置
return res # ok
def guess(C0D0, t):
res = re_PC1(C0D0)
for i in range(8):
res[not_in_PC1[i]] = guess_8bit[t][i]
return res # ok
def bitxor(plain1: List[int], plain2: List[List[int]]) -> List[int]:
return [int(i) for i in bin(int(''.join(str(i) for i in plain1),2)^int(''.join(str(i) for i in plain2),2))[2:].zfill(64)]
__pc2 = [
13, 16, 10, 23, 0, 4,
2, 27, 14, 5, 20, 9,
22, 18, 11, 3, 25, 7,
15, 6, 26, 19, 12, 1,
40, 51, 30, 36, 46, 54,
29, 39, 50, 44, 32, 47,
43, 48, 38, 55, 33, 52,
45, 41, 49, 35, 28, 31
]
#这是规定的left shift对照表
def PC\_2(key: List[int]) -> List[int]:
return [key[x] for x in __pc2]
ROTATIONS = [1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1]
#S盒
__s_box = [
[
[14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7],
[ 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8],
[ 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0],
[15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13]
],
[
[15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10],
[ 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5],
[ 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15],
[13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9]
],
[
[10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8],
[13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1],
[13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7],
[ 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12]
],
[
[ 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15],
[13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9],
[10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4],
[ 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14]
],
[
[ 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9],
[14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6],
[ 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14],
[11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3]
],
[
[12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11],
[10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8],
[ 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6],
[ 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13]
],
[
[ 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1],
[13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6],
[ 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2],
[ 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12]
],
[
[13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7],
[ 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2],
[ 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8],
[ 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11]
]
]
def S\_box(data: List[int]) -> List[int]:
output = []
for i in range(0, 48, 6):
row = data[i] \* 2 + data[i + 5]
col = reduce(add, [data[i + j] \* (2 \*\* (4 - j)) for j in range(1, 5)])
output += [int(x) for x in format(__s_box[i // 6][row][col], '04b')]
return output
_IP = [57, 49, 41, 33, 25, 17, 9, 1,
59, 51, 43, 35, 27, 19, 11, 3,
61, 53, 45, 37, 29, 21, 13, 5,
63, 55, 47, 39, 31, 23, 15, 7,
56, 48, 40, 32, 24, 16, 8, 0,
58, 50, 42, 34, 26, 18, 10, 2,
60, 52, 44, 36, 28, 20, 12, 4,
62, 54, 46, 38, 30, 22, 14, 6
]
def IP(plain: List[int]) -> List[int]:
return [plain[x] for x in _IP]
__ep = [31, 0, 1, 2, 3, 4,
3, 4, 5, 6, 7, 8,
7, 8, 9, 10, 11, 12,
11, 12, 13, 14, 15, 16,
15, 16, 17, 18, 19, 20,
19, 20, 21, 22, 23, 24,
23, 24, 25, 26, 27, 28,
27, 28, 29, 30, 31, 0
]
#permutation\_table 32个 是f函数中最后加密的P盒
__p = [15, 6, 19, 20, 28, 11, 27, 16,
0, 14, 22, 25, 4, 17, 30, 9,
1, 7, 23, 13, 31, 26, 2, 8,
18, 12, 29, 5, 21, 10, 3, 24
]
def EP(data: List[int]) -> List[int]:
return [data[x] for x in __ep]
def P(data: List[int]) -> List[int]:
return [data[x] for x in __p]
def get\_sub\_key(key: List[int]) -> List[List[int]]:
#先把原始密钥key进行PC-1盒的处理 64bits->56bits
key = PC_1(key)
#这里的L和R 是生成密钥体系中的C和D
L, R = key[:28], key[28:]
sub_keys = []
#生成16轮子密钥
for i in range(16):
#这是进行lift shift操作 循环次数就是左位移次数
#pop是抛出从列表左侧踢出去的值附加到列表的后面 相当于实现了左移操作
for j in range(ROTATIONS[i]):
L.append(L.pop(0))
R.append(R.pop(0))
combined = L + R
#在PC-2盒中提取密钥
sub_key = PC_2(combined)
sub_keys.append(sub_key)
#还差9位 需要爆破 这里的L和R相当于最后一轮经过处理后的C16和D16
return sub_keys
def encrypt(plain: List[int], sub_keys: List[List[int]]) -> List[int]:
plain = IP(plain)
L, R = plain[:32], plain[32:]
#进行16轮循环加密
for i in range(16):
prev_L = L
L = R
expanded_R = EP(R)
xor_result = [a ^ b for a, b in zip(expanded_R, sub_keys[i])]
substituted = S_box(xor_result)
permuted = P(substituted)
R = [a ^ b for a, b in zip(permuted, prev_L)]
cipher = R + L
cipher = [cipher[x] for x in [39, 7, 47, 15, 55, 23, 63, 31,
38, 6, 46, 14, 54, 22, 62, 30,
37, 5, 45, 13, 53, 21, 61, 29,
36, 4, 44, 12, 52, 20, 60, 28,
35, 3, 43, 11, 51, 19, 59, 27,
34, 2, 42, 10, 50, 18, 58, 26,
33, 1, 41, 9, 49, 17, 57, 25,
32, 0, 40, 8, 48, 16, 56, 24]]
return cipher
tt=[0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0]
flag = b"NepCTF{N"
# for j in range(3,256):
#这里对于KEY的缺失的8bits根本不需要爆破
#!!因为在这个相同的加密体系中即使恢复了PC1盒中缺少的位置数
#得到一个相对完整的KEY 但是我们再去生成子密钥的时候仍然根据PC1盒去砍掉KEY中多余的8bits
#所以之所以补充KEY 就是为了让它达到64位 与上次的明文进行异或 所以补充的8bits数值随意即可 全为0都行
KEY = guess(C0D0,0)
for i in range(2):
t = tt[64\*i+64:64\*i+128]
p = flag[i\*8:i\*8+8]
p = bytes_to_long(p)
p = bin(p)[2:].rjust(64,'0')
p = [int(i) for i in p]
skeys = get_sub_key(bitxor(p,KEY))
#解密
ct = encrypt(t, skeys[::-1])
**自我介绍一下,小编13年上海交大毕业,曾经在小公司待过,也去过华为、OPPO等大厂,18年进入阿里一直到现在。**
**深知大多数网络安全工程师,想要提升技能,往往是自己摸索成长,但自己不成体系的自学效果低效又漫长,而且极易碰到天花板技术停滞不前!**
**因此收集整理了一份《2024年网络安全全套学习资料》,初衷也很简单,就是希望能够帮助到想自学提升又不知道该从何学起的朋友。**
![img](https://img-blog.csdnimg.cn/img_convert/d4b504cfb1e419529340aede808fea6b.png)
![img](https://img-blog.csdnimg.cn/img_convert/e031f88a94760492a9555fad8232f91e.png)
![img](https://img-blog.csdnimg.cn/img_convert/afe7d6da587af14eee4b8143a412d855.png)
![img](https://img-blog.csdnimg.cn/img_convert/54312dd7362dd86fe02e3a14ec8d56f8.png)
![img](https://img-blog.csdnimg.cn/img_convert/30ed984d17db594061d1aa9860975616.png)
![img](https://img-blog.csdnimg.cn/img_convert/5670e0c1f68cf0f249310e0b0aee50e0.png)
**既有适合小白学习的零基础资料,也有适合3年以上经验的小伙伴深入学习提升的进阶课程,基本涵盖了95%以上网络安全知识点,真正体系化!**
**由于文件比较大,这里只是将部分目录大纲截图出来,每个节点里面都包含大厂面经、学习笔记、源码讲义、实战项目、讲解视频,并且后续会持续更新**
**如果你觉得这些内容对你有帮助,可以添加VX:vip204888 (备注网络安全获取)**
![img](https://img-blog.csdnimg.cn/img_convert/91a71d04c7a94b9ff381abef91e6afc5.png)
])
**自我介绍一下,小编13年上海交大毕业,曾经在小公司待过,也去过华为、OPPO等大厂,18年进入阿里一直到现在。**
**深知大多数网络安全工程师,想要提升技能,往往是自己摸索成长,但自己不成体系的自学效果低效又漫长,而且极易碰到天花板技术停滞不前!**
**因此收集整理了一份《2024年网络安全全套学习资料》,初衷也很简单,就是希望能够帮助到想自学提升又不知道该从何学起的朋友。**
[外链图片转存中...(img-k7KTYaEH-1712884045128)]
[外链图片转存中...(img-FdJNjQ2A-1712884045129)]
[外链图片转存中...(img-8qpZPZT0-1712884045129)]
[外链图片转存中...(img-DTkF77PW-1712884045129)]
[外链图片转存中...(img-7sW9Gtc7-1712884045130)]
[外链图片转存中...(img-phu0PxXs-1712884045130)]
**既有适合小白学习的零基础资料,也有适合3年以上经验的小伙伴深入学习提升的进阶课程,基本涵盖了95%以上网络安全知识点,真正体系化!**
**由于文件比较大,这里只是将部分目录大纲截图出来,每个节点里面都包含大厂面经、学习笔记、源码讲义、实战项目、讲解视频,并且后续会持续更新**
**如果你觉得这些内容对你有帮助,可以添加VX:vip204888 (备注网络安全获取)**
[外链图片转存中...(img-IY4ee7c7-1712884045130)]