guess the key
附件
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int main(int argc, char **argv) {
if (argc != 3) {
printf("USAGE: %s INPUT OUTPUT\n", argv[0]);
return 0;
}
FILE* input = fopen(argv[1], "rb");
FILE* output = fopen(argv[2], "wb");
if (!input || !output) {
printf("Error\n");
return 0;
}
char key[] = "guessthekey";
char d, q, t = 0;
int ijk = 0;
while ((q = fgetc(input)) != EOF) {
d = (q + (key[ijk % strlen( key )] ^ t) + ijk*ijk) & 0xff;
t = q;
ijk++;
fputc(d, output);
}
return 0;
}
思路
属于是原题了
c程序
给了一个加密逻辑,只要知道input
和output
这两个文件,就可以根据加密逻辑恢复key
.
观察到题目给了msg01
和msg01.enc
,前者是对应的input
,后者是对应的output
.
于是,可以得到key[0] = chr(0x9E-ord('H') & 0xff)
恢复key
后,同样的逻辑,解一遍msg02.enc
就可以了
exp
cipher1 = b''.join([
b'\x9E\x97\x4B\xD2\x9A\x8B\xAD\xA1\x89\x09\xDE\xAD\x69\x23\x4E\x76',
b'\x70\xAB\xE4\x97\x44\x22\x81\x8D\x7F\x22\x23\x70\x7F\xB5\xFF\x68',
b'\x72\xC1\xC2\x4B'])
message = 'Hi,there is nothing here,heiheihei.'
key = ''
key += chr(cipher1[0]-ord('H') & 0xff)
for i in range(1,len(message)):
key += chr(((cipher1[i] - i*i - ord(message[i])) ^ ord(message[i-1])) & 0xff)
# Copy as Python - from 010 Editor - byte count: 340 (0x154)
cipher2 = b''.join([
b'\xA9\x9F\x83\x45\xEE\x87\x9B\x6E\x0E\xC3\xD4\xE9\xD5\x61\x36\x81',
b'\x70\x96\xD4\xD7\xF9\xE4\xC9\x8C\xD3\xEA\xDE\xAC\x7B\xC5\xA9\x84',
b'\x97\xCB\xB8\xA8\x8A\x95\x54\x6D\xBA\xC0\x7B\xA0\x06\x68\x9F\x02',
b'\xA8\xCD\x2A\x52\x49\x91\xE7\x4A\x71\x6B\xA8\x1E\x8E\xBB\xDC\xED',
b'\x7C\x0B\x5C\x04\x74\x6B\xBE\x1C\xC1\x59\xBC\xAD\x12\xC2\xFB\xDA',
b'\xEB\x26\xB1\x61\xED\xE0\x5D\xF2\xC8\xA3\x27\xC5\x96\x58\xAD\xF5',
b'\x8D\x54\x05\xBC\x47\xAD\x0C\xE9\xC0\xAF\x48\x02\x25\x1E\xC9\xAB',
b'\x6F\x5B\x37\x30\xBD\x3A\xC8\xC7\xCD\xA0\x4F\xD9\xBC\x72\x7E\x84',
b'\x53\xB5\x87\x48\xE5\x8D\x92\xA9\xC7\xBC\xEE\x13\x01\xE7\x5D\x73',
b'\x99\x59\x29\xDC\x1A\xEF\xA6\xBB\xB6\xFD\x12\x86\x82\x7E\x4C\x6F',
b'\x84\xBA\xF7\x52\x80\x92\x0D\xB0\xD9\x07\x40\xF3\x17\x95\xAF\xC9',
b'\xBB\xE8\xE7\xF1\x08\x75\xF4\xF1\x03\x1C\xC3\x11\x36\x49\xAA\x04',
b'\x69\xF7\xA0\xC5\xCD\x17\xC6\x23\x6B\xBE\xE7\x7B\xE2\xE6\x4B\xD4',
b'\x5E\x55\xC3\x0C\x54\xD3\x5C\x05\x79\xCE\x1B\xD4\x91\x50\xF6\xB4',
b'\x36\x41\x46\xD5\x38\xB1\x21\xE0\xE2\x38\xA2\x65\xB7\x16\x71\xF7',
b'\x82\x56\x4D\x22\xE2\x3B\xEE\x89\x1E\xA7\xB3\x46\xFA\x82\x83\x3D',
b'\xB1\x8C\x85\x92\xB7\x52\x99\x13\xBA\x72\x43\xDB\x10\xE8\xA0\x5B',
b'\x39\xDA\xB3\xF8\xF8\xE3\xAF\xA2\x6A\x29\x2F\x82\x91\x6E\x41\x58',
b'\x77\xC8\xAD\xA8\x89\xCF\x00\xB3\xB6\x27\x5F\xC6\xD6\xAF\xB3\x1C',
b'\x6B\xF1\x25\xB8\x20\xA0\xD1\x89\xBA\x04\xF9\xD5\x8E\x0B\xB0\x10',
b'\x8B\x37\x99\xBC\xBA\x05\xB3\x58\xA3\x5C\xF4\x86\x43\xEA\x08\x1D',
b'\x79\xFE\x1B\x05'])
m = ''
key = 'VeryVeryLongKeyYouWillNeverKnow'
for i in range(len(cipher2)):
if i == 0:
k = chr((cipher2[i] - i*i - (ord(key[i % len(key)]) ^ 0)) & 0xff)
else:
k = chr((cipher2[i] - i*i - (ord(key[i % len(key)]) ^ ord(t))) & 0xff)
t = k
m += k
print(m)
# flag{101a6ec9f938885df0a44f20458d2eb4}
Vigenere
附件
import sys
from secret_file import *
def _l(idx, s):
return s[idx:] + s[:idx]
def main(p, k1, k2):
s = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz_{}"
t = [[_l((i+j) % len(s), s) for j in range(len(s))] for i in range(len(s))]
i1 = 0
i2 = 0
c = ""
for a in p:
c += t[s.find(a)][s.find(k1[i1])][s.find(k2[i2])]
i1 = (i1 + 1) % len(k1)
i2 = (i2 + 1) % len(k2)
return c
flag="flag{************************}"
key="**********"
# * 为马赛克,长度为1。
# hint: 可以自己尝试下运行加密函数,看看秘钥对加密结果的影响。
# hint: 首先根据线索求秘钥,秘钥不唯一,找到一个有效的,就能爆破flag了。
print main(flag, key, key[::-1])
# 程序运行结果(即密文为):
xkO2o}Um4{sd6zYdpiYyUv34txQCxR
思路
古典密码分析思路-2017 SECCON Vigenere3d
exp
# exp2.py
enc_str = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz_{}'
dec_dic = {k:v for v,k in enumerate(enc_str)}
encrypt = 'xkO2o}Um4{sd6zYdpiYyUv34txQCxR'
flag_bg = 'flag{************************}'
sim_key = [dec_dic[encrypt[i]]-dec_dic[flag_bg[i]] for i in range(5)] # 破解模拟密钥
sim_key = sim_key + sim_key[::-1]
flag_ed = [dec_dic[v]-sim_key[k%10] for k,v in enumerate(encrypt)] # 模拟密钥解密
flag_ed = ''.join([enc_str[i%len(enc_str)] for i in flag_ed]) # 解码
print(flag_ed)
# flag{M8F5jaesKbqABZgCwpiDH4Yy}
babyRSA
有限域内开方
exp
from Crypto.Util.number import *
p=165183720742741436051373219716388644270093189046466421563632727622389425827620783096218651072108769567350808642169644915755493944233905573858905774991122631609402471527613272585988802294622263573574301013199411535656758222265554222107815469076608655188293263358371274025455477828555535371028164366376886408977
q=120848273460784230746197749214740170558670241437030497317956826606952430354830550737450520592481405802317202852411775956584677841602475259120706429378240071206662182089399302414435162197602907213282222144680788273948123482886712835590321726087823477518087588076504167863011019333002124841000448268076303735731
e=33
c=10407733127291995335613764691145477155502676597183852092212444772475748406250517097288411248334115120781386833588013995106957807313657632637086223225958539244315092039575434338289689184523710991223212333496000621300008178955253701172159259970353872359828291763446333588873982621853358272632447440961028670921631505593309092190417674648927653583956106734654954561031328286272044755552317084498103486458373580383410475085969677647030080606373264155592552338785789990114607084241499363324045488462563945268471178702696791804080490936763759252660049728533344304874474003893472238560682850602644793844258072019357796047919
n = p*q
P.<a>=PolynomialRing(Zmod(p),implementation='NTL')
f=a^e-c
mps=f.monic().roots()
P.<a>=PolynomialRing(Zmod(q),implementation='NTL')
g=a^e-c
mqs=g.monic().roots()
flag=[]
for mpp in mps:
x=mpp[0]
for mqq in mqs:
y=mqq[0]
solution = CRT_list([int(x), int(y)], [p, q])
flag.append(solution)
for i in flag:
m=long_to_bytes(i)
if b'flag'in m:
print(m)
# flag{2dac48e387b89858115178c6ab5f9a4b}