KnightCTF2022-WP

夏末四顾1024

已于 2022-01-24 16:17:27 修改

阅读量557

点赞数 2

文章标签：密码学 python

于 2022-01-24 11:59:25 首次发布

本文链接：https://blog.csdn.net/qq_45989120/article/details/122664662

版权

Feistel 密码结构

Challenge：

m, n = 21, 22
def f(word, key):
    out = ""
    for i in range(len(word)):
        out += chr(ord(word[i]) ^ key)
    return out

flag = open("flag.txt", "r").read()

L, R = flag[0:len(flag)//2], flag[len(flag)//2:]
x = "".join(chr(ord(f(R, m)[i]) ^ ord(L[i])) for i in range(len(L)))
y = f(R, 0)

L, R = y, x
x = "".join(chr(ord(f(R, n)[i]) ^ ord(L[i])) for i in range(len(L)))
y = f(R, 0)

ciphertext = x + y
ct = open("cipher.txt", "w")
ct.write(ciphertext)
ct.close()

Decrypto：

# Decrypto
def f(word, key):
    out = ""
    for i in range(len(word)):
        out += chr(ord(word[i]) ^ key)  # ord()返回ascii
    return out

m, n = 21, 22
ciphertext = open("cipher.txt", "r").read()
x, y = ciphertext[0:len(ciphertext)//2], ciphertext[len(ciphertext)//2:]
R1 = f(y, 0)
L1 = ""
for i in range(len(x)):
    L1 += chr(ord(x[i]) ^ ord(f(R1, n)[i]))
R = f(L1, 0)
L = ""
for i in range(len(R1)):
    L += chr(ord(R1[i]) ^ ord(f(R, m)[i]))
flag = L + R

ct = open("ans.txt", "w")
ct.write(flag)
ct.close()

数字取证

签名扫描：
Binwalk可以扫描固件映像以查找许多不同的嵌入式文件类型和文件系统。根据特征头对文件进行解析，每行三个字段。十进制，十六进制，描述。

$ binwalk -e 1.png  

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             PNG image, 1024 x 768, 8-bit/color RGBA, non-interlaced
99            0x63            Zlib compressed data, best compression
69968         0x11150         Zip archive data, at least v1.0 to extract, name: Flag/
70031         0x1118F         Zip archive data, encrypted at least v1.0 to extract, compressed size: 37, uncompressed size: 25, name: Flag/flag.txt

Broken Datasheet

$ binwalk -e 1.xlsx                                                                                                                                                                                                          3 ⨯

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             Zip archive data, at least v2.0 to extract, compressed size: 6101, uncompressed size: 8593, name: Broken Datasheet.xlsx
6152          0x1808          Zip archive data, at least v2.0 to extract, compressed size: 334, uncompressed size: 1032, name: [Content_Types].xml
7055          0x1B8F          Zip archive data, at least v2.0 to extract, compressed size: 244, uncompressed size: 588, name: _rels/.rels
7860          0x1EB4          Zip archive data, at least v2.0 to extract, compressed size: 239, uncompressed size: 394, name: docProps/app.xml
8409          0x20D9          Zip archive data, at least v2.0 to extract, compressed size: 390, uncompressed size: 790, name: docProps/core.xml
9110          0x2396          Zip archive data, at least v2.0 to extract, compressed size: 224, uncompressed size: 557, name: xl/_rels/workbook.xml.rels
9654          0x25B6          Zip archive data, at least v2.0 to extract, compressed size: 662, uncompressed size: 1597, name: xl/styles.xml
10359         0x2877          Zip archive data, at least v2.0 to extract, compressed size: 1870, uncompressed size: 8390, name: xl/theme/theme1.xml
12278         0x2FF6          Zip archive data, at least v2.0 to extract, compressed size: 693, uncompressed size: 1687, name: xl/workbook.xml
13016         0x32D8          Zip archive data, at least v2.0 to extract, compressed size: 474, uncompressed size: 909, name: xl/worksheets/sheet1.xml
14221         0x378D          End of Zip archive, footer length: 22

在这里插入图片描述

$ binwalk -e 2.xlsx

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             Zip archive data, at least v2.0 to extract, compressed size: 351, uncompressed size: 1168, name: [Content_Types].xml
920           0x398           Zip archive data, at least v2.0 to extract, compressed size: 244, uncompressed size: 588, name: _rels/.rels
1725          0x6BD           Zip archive data, at least v2.0 to extract, compressed size: 691, uncompressed size: 1687, name: xl/workbook.xml
2461          0x99D           Zip archive data, at least v2.0 to extract, compressed size: 243, uncompressed size: 698, name: xl/_rels/workbook.xml.rels
3024          0xBD0           Zip archive data, at least v2.0 to extract, compressed size: 606, uncompressed size: 1173, name: xl/worksheets/sheet1.xml
3684          0xE64           Zip archive data, at least v2.0 to extract, compressed size: 1870, uncompressed size: 8390, name: xl/theme/theme1.xml
5603          0x15E3          Zip archive data, at least v2.0 to extract, compressed size: 749, uncompressed size: 1904, name: xl/styles.xml
6395          0x18FB          Zip archive data, at least v2.0 to extract, compressed size: 234, uncompressed size: 457, name: xl/sharedStrings.xml
6679          0x1A17          Zip archive data, at least v2.0 to extract, compressed size: 392, uncompressed size: 790, name: docProps/core.xml
7382          0x1CD6          Zip archive data, at least v2.0 to extract, compressed size: 239, uncompressed size: 394, name: docProps/app.xml
8571          0x217B          End of Zip archive, footer length: 22

在这里插入图片描述

RSA

在这里插入图片描述

先用Openssl打开发现private.pem文件编码有问题
在这里插入图片描述
notepad++打开(UTF-8)，发现有一个字符缺失

解密脚本暂无以后补上

夏末四顾1024

关注

2
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
KnightCTF2022-WP

Feistel 密码结构Challenge：m, n = 21, 22def f(word, key): out = "" for i in range(len(word)): out += chr(ord(word[i]) ^ key) return outflag = open("flag.txt", "r").read()L, R = flag[0:len(flag)//2], flag[len(flag)//2:]x = "".join(chr
复制链接

扫一扫