拿到文件是一段加密代码,吐槽一句,格式过于粗糙 ,所以我用python重写一下就是这样:
s = []
t = []
key = 'hello world'
falg = '???????'
for i in range(256):
s.append(i)
t.append(ord(key[i % len(key)]))
j = 0
for i in range(256):
j = (j + s[i] + t[i]) % 256
s[i], s[j] = s[j], s[i]
i = 0; j = 0
flag_enc = ''
for m in range(37):
i = (i + 1) % 256
j = (j + s[i]) % 256
s[i], s[j] = s[j], s[i]
x = (s[i] + (s[j] % 256)) % 256
flag_enc += chr(flag[m] ^ s[x])
with open('enc.txt', 'wb') as fp:
fp.writ(flag_enc)
看到这一段代码,嗯,RC4没错了
RC4就是使用一段秘钥key,将其重复地放进一个size = 256的数组t中,然后再用一个[1,2,3,…,255]这样的一个s数组,对于明文中每一个字符,两个数组弄来弄去弄出来一个位置x,最后用s[x]来异或该明文字符得到相应的密文字符
- 首先,x是可以复现出来的,也就是对于s和t的操作我们是可以复现的
- 其次,a ^ b = c, c ^ b = a
- 所以我们知道秘钥key的话,完全可以再复现一遍加密过程就可以得到明文了
s = []
t = []
key = 'hello world'
with open('../Easy_Crypto/enc/enc.txt', 'rb') as fp:
flag_enc = fp.read()
for i in range(256):
s.append(i)
t.append(ord(key[i % len(key)]))
j = 0
for i in range(256):
j = (j + s[i] + t[i]) % 256
s[i], s[j] = s[j], s[i]
i = 0; j = 0
flag = ''
for m in range(37):
i = (i + 1) % 256
j = (j + s[i]) % 256
s[i], s[j] = s[j], s[i]
x = (s[i] + (s[j] % 256)) % 256
flag += chr(flag_enc[m] ^ s[x])
print(flag)