打开py文件
import base64
import urllib.parse
# 定义密钥和原始标志
key = "HereIsFlagggg"
flag = "xxxxxxxxxxxxxxxxxxx"
# 初始化 S 盒
s_box = list(range(256))
j = 0
# 针对密钥进行混淆,初始化 S 盒
for i in range(256):
j = (j + s_box[i] + ord(key[i % len(key)]) % 256)
s_box[i], s_box[j] = s_box[j], s_box[i]
res = []
i = j = 0
# 使用 S 盒对原始标志进行加密
for s in flag:
i = (i + 1) % 256
j = (j + s_box[i]) % 256
s_box[i], s_box[j] = s_box[j], s_box[i]
t = (s_box[i] + s_box[j]) % 256
k = s_box[t]
res.append(chr(ord(s) ^ k))
# 得到加密后的结果
cipher = "".join(res)
# 对加密结果进行 Base64 编码
crypt = (str(base64.b64encode(cipher.encode('utf-8')), 'utf-8'))
# 尝试将 Base64 编码结果解码为 UTF-8 格式
enc = str(base64.b64decode(crypt), 'utf-8')
# 对解码结果进行 URL 编码
enc = urllib.parse.quote(enc)
# 输出最终结果
print(enc)
# enc = %C2%A6n%C2%87Y%1Ag%3F%C2%A01.%C2%9C%C3%B7%C3%8A%02%C3%80%C2%92W%C3%8C%C3%BA
题目的思路是先进行RC4加密再进行Bse64编码 最后对解码结果进行URL编码 得到最后的结果
我们有了这个思路后进行逆向
import urllib.parse
key = "HereIsFlagggg"
enc = "%C2%A6n%C2%87Y%1Ag%3F%C2%A01.%C2%9C%C3%B7%C3%8A%02%C3%80%C2%92W%C3%8C%C3%BA"
crypt =urllib.parse.unquote(enc)
s_box = list(range(256))
j = 0
for i in range(256):
j = (j + s_box[i] + ord(key[i % len(key)])) % 256
s_box[i], s_box[j] = s_box[j], s_box[i]
a = []
i = j = 0
for s in crypt:
i = (i + 1) % 256
j = (j + s_box[i]) % 256
s_box[i], s_box[j] = s_box[j], s_box[i]
t = (s_box[i] + s_box[j]) % 256
k = s_box[t]
a.append(chr(ord(s) ^ k))
flag = "".join(a)
print('flag=',flag)
得到flag
NSSCTF{REAL_EZ_RC4}