知识点:动调,伪随机数
伪随机数
发现::str少一部分动调
动调注意的点,F5后,fn+F8动调,动调一两步,点点想要的函数
找到加密后的密文
把加码转化为自己能看懂的
已知Str=yunzh1junTCL,tracKYYDS
scanf("%s", flag );
v5 = strlen(flag );
for ( i = 0; i < v5; ++i )
flag [i] ^= Str[i % v6];
for ( j = 0; j < v5; ++j )
flag [j] += rand() % 10;
printf(flag)
//flag =0x15, 0x21, 0x0F, 0x19, 0x25, 0x5B, 0x19, 0x39, 0x5F, 0x3A, 0x3B, 0x30, 0x74, 0x07, 0x43, 0x3F, 0x09, 0x5A, 0x34, 0x0C, 0x74, 0x3F, 0x1E, 0x2D, 0x27, 0x21, 0x12, 0x16, 0x1F
exp:
# 已知的加密数据
encrypted_str = [0x15, 0x21, 0x0F, 0x19, 0x25, 0x5B, 0x19, 0x39, 0x5F, 0x3A, 0x3B, 0x30, 0x74, 0x07, 0x43, 0x3F, 0x09,
0x5A, 0x34, 0x0C, 0x74, 0x3F, 0x1E, 0x2D, 0x27, 0x21, 0x12, 0x16, 0x1F]
# 密钥
Str = [ord(c) for c in "yunzh1junTCL,tracKYYDS"] # 密钥字符转换为整数
key_length = len(Str)
# 伪随机数序列
random_numbers = [1, 7, 4, 0, 9, 4, 8, 8, 2, 4, 5, 5, 1, 7, 1, 1, 5, 2, 7, 6, 1, 4, 2, 3, 2, 2, 1, 6, 8]
# 逆向处理加密数据
def reverse_random_addition(encrypted_data, random_numbers):
if len(random_numbers) != len(encrypted_data):
raise ValueError("随机数序列长度与加密数据长度不匹配")
intermediate = [encrypted_data[i] - random_numbers[i] for i in range(len(encrypted_data))]
return intermediate
def reverse_xor(data, key):
return [x ^ key[i % len(key)] for i, x in enumerate(data)]
# 解密步骤
intermediate_data = reverse_random_addition(encrypted_str, random_numbers)
decrypted_flag = reverse_xor(intermediate_data, Str)
# 打印结果
decrypted_str = ''.join(chr(c) if 32 <= c <= 126 else '.' for c in decrypted_flag)
print("Decrypted flag:", decrypted_str)
//moectf{D3bug_t0_g3t_7he_Key!}