1.base64
代码片段中出现"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"索引表,基本可以断定这是base64加密
2.TEA
TEA是一种分组加密算法,密钥128bit,明文64bit,做了32轮变换,下面是源码:
static void tea_encrypt(uint32_t *v, uint32_t *k) {
uint32_t v0 = v[0], v1 = v[1], sum = 0, i;
uint32_t delta = 0x9e3779b9;
uint32_t k0 = k[0], k1 = k[1], k2 = k[2], k3 = k[3];
for (i = 0; i < tea_round; i++) {
sum += delta;
v0 += ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1);
v1 += ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3);
}
v[0] = v0;
v[1] = v1;
}
static void tea_decrypt(uint32_t *v, uint32_t *k) {
uint32_t v0 = v[0], v1 = v[1], sum, i;
sum = (tea_round == 16) ? 0xE3779B90 : 0xC6EF3720;
uint32_t delta = 0x9e3779b9;
uint32_t k0 = k[0], k1 = k[1], k2 = k[2], k3 = k[3];
for (i = 0; i < tea_round; i++) {
v1 -= ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3);
v0 -= ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1);
sum -= delta;
}
v[0] = v0;
v[1] = v1;
}
对于TEA算法的识别,主要看两个固定参数:0x9e3779b9 && 0x61c88647
3.AES
AES也是常见的分组加密算法,分4种操作(SubBytes,ShiftRows,MixColumns,AddRoundKey)
如果发现程序中生成了S盒,那么可以确定采用了AES(2014 ISCC Reverse7,sub_4013B0就是AES加密)
4.RC4
RC4属于流加密算法,包括初始化函数&加解密函数
加密源码:
import base64
def rc4_main(key = "init_key", message = "init_message"):
# print("RC4加密主函数")
s_box = rc4_init_sbox(key)
crypt = str(rc4_excrypt(message, s_box))
return crypt
def rc4_init_sbox(key):
s_box = list(range(256)) # 我这里没管秘钥小于256的情况,小于256不断重复填充即可
# print("原来的 s 盒:%s" % s_box)
j = 0
for i in range(256):
j = (j + s_box[i] + ord(key[i % len(key)])) % 256
s_box[i], s_box[j] = s_box[j], s_box[i]
# print("混乱后的 s 盒:%s"% s_box)
return s_box
def rc4_excrypt(plain, box):
# print("调用加密程序成功。")
res = []
i = j = 0
for s in plain:
i = (i + 1) % 256
j = (j + box[i]) % 256
box[i], box[j] = box[j], box[i]
t = (box[i] + box[j]) % 256
k = box[t]
res.append(chr(ord(s) ^ k))
# print("res用于加密字符串,加密后是:%res" %res)
cipher = "".join(res)
# print("加密后的字符串是:%s" %cipher)
# print("加密后的输出(经过编码):")
# print(str(base64.b64encode(cipher.encode('utf-8')), 'utf-8'))
return (str(base64.b64encode(cipher.encode('utf-8')), 'utf-8'))
# rc4_main("123456sh","123456sh")
解密函数:
import base64
def rc4_main(key = "init_key", message = "init_message"):
# print("RC4解密主函数调用成功")
s_box = rc4_init_sbox(key)
crypt = rc4_excrypt(message, s_box)
return crypt
def rc4_init_sbox(key):
s_box = list(range(256)) # 我这里没管秘钥小于256的情况,小于256不断重复填充即可
# print("原来的 s 盒:%s" % s_box)
j = 0
for i in range(256):
j = (j + s_box[i] + ord(key[i % len(key)])) % 256
s_box[i], s_box[j] = s_box[j], s_box[i]
# print("混乱后的 s 盒:%s"% s_box)
return s_box
def rc4_excrypt(plain, box):
# print("调用解密程序成功。")
plain = base64.b64decode(plain.encode('utf-8'))
plain = bytes.decode(plain)
res = []
i = j = 0
for s in plain:
i = (i + 1) % 256
j = (j + box[i]) % 256
box[i], box[j] = box[j], box[i]
t = (box[i] + box[j]) % 256
k = box[t]
res.append(chr(ord(s) ^ k))
# print("res用于解密字符串,解密后是:%res" %res)
cipher = "".join(res)
# print("解密后的字符串是:%s" %cipher)
# print("解密后的输出(没经过任何编码):")
return cipher
# rc4_main("123456sh", "ABHCum92PMOXwqI=")
主要是识别初始化代码中对于S盒的声明来判断RC4算法。
5.MD5
MD5是密码散列函数,生成一个128位(16字节)的散列值,确保信息传输的完整性。
当看到(0x67452301)(0xefcdab89)(0x98badcfe)(0x10325476)可以怀疑是MD5了。
----------------下期更新《求取flag方法》---------------------