2023熵密杯第一关简析

已知一段密文32字节，同时提供加密的源代码如下。要求根据加密源码得到解密代码，从而获得password明文。

CipherText：
6B562E2D3E7B6C61636078616C666C62

#include <stdio.h>

void reverseBits(unsigned char* password) {
    int i, j;
    unsigned char temp;

    for (i = 0; i < 16; i++) {
        temp = 0;
        for (j = 0; j < 8; j++) {
            temp |= ((password[i] >> j) & 1) << (7 - j);
        }
        password[i] = temp;
    }
}

void swapPositions(unsigned char* password) {
    int i;
    unsigned char temp[16];
    int positions[16] =
            {
                    13, 4, 0, 5,
                    2, 12, 11, 8,
                    10, 6, 1, 9,
                    3, 15, 7, 14
            };

    for (i = 0; i < 16; i++) {
        temp[positions[i]] = password[i];
    }

    for (i = 0; i < 16; i++) {
        password[i] = temp[i];
    }
}

void leftShiftBytes(unsigned char* password) {
    for (int i = 0; i < 16; i++) {
        password[i] = password[i] << 3 | password[i] >> 5;
    }
}

void xorWithKeys(unsigned char* password, unsigned int round) {
    int i;
    for (i = 0; i < 16; i++) {
        password[i] ^= (unsigned char)(0x78 * round & 0xFF);
    }
}

void encryptPassword(unsigned char* password) {
    int i;
    unsigned int round;

    for (round = 0; round < 16; round++) {
        reverseBits(password);
        swapPositions(password);
        leftShiftBytes(password);
        xorWithKeys(password, round);
    }
}

int main() {
    unsigned char password[17] = "1234567890";
    printf("加密前的口令为：\n");
    for (int i = 0; i < 16; i++) {
        printf("%02X ", password[i]);
    }
    encryptPassword(password);
    printf("加密后的口令为：\n");
    for (int i = 0; i < 16; i++) {
        printf("%02X ", password[i]);
    }
    printf("\n");
    return 0;
}

分析：思路比较直接，解密是加密的逆过程来一遍就可以了。

解密代码如下：

#include <stdio.h>

void reverseBits_dec(unsigned char* password) {

    int i, j;

    unsigned char temp;

    for (i = 0; i < 16; i++) {

        temp = 0;

        for (j = 0; j < 8; j++) {

            temp |= ((password[i] >> (7 - j)) & 1) << j;

        }

        password[i] = temp;

    }

}

void swapPositions_dec(unsigned char* password) {

    int i;

    unsigned char temp[16];

    int positions[16] =

            {

                    13, 4, 0, 5,

                    2, 12, 11, 8,

                    10, 6, 1, 9,

                    3, 15, 7, 14

            };

    for (i = 0; i < 16; i++) {

        temp[i] = password[positions[i]];

    }

    for (i = 0; i < 16; i++) {

        password[i] = temp[i];

    }

}

void leftShiftBytes_dec(unsigned char* password) {

    for (int i = 0; i < 16; i++) {

        password[i] = password[i] >> 3 | password[i] << 5;

    }

}

void xorWithKeys_dec(unsigned char* password, unsigned int round) {

    int i;

    for (i = 0; i < 16; i++) {

        password[i] ^= (unsigned char)(0x78 * round & 0xFF);

    }

}

void encryptPassword_dec(unsigned char* password) {

    int i;

    unsigned int round;

    for (round = 16; round >= 1; round--) {

        xorWithKeys_dec(password, round-1);     //处理函数不变，修改参数即可

        leftShiftBytes_dec(password);                   //加密是循环左移3位，解密则循环右3位

        swapPositions_dec(password);                 //position矩阵不变，index<-->value

        reverseBits_dec(password);                      //位逆转做逆向处理即可

    }

}

int main() {

    unsigned char password[17] = {0x6B,0x56,0x2E,0x2D,0x3E,0x7B,0x6C,0x61,0x63,0x60,0x78,0x61,0x6C,0x66,0x6C,0x62};

    printf("加密后的口令为：\n");

    for (int i = 0; i < 16; i++) {

        printf("%02X ", password[i]);

    }

    printf("\n");

    encryptPassword_dec(password);

    printf("加密前的口令为：\n");

    for (int i = 0; i < 16; i++) {

        printf("%c", password[i]);

    }

    printf("\n");

    return 0;

}

运行结果如下：

----------------------------------------------------

加密后的口令为：
6B 56 2E 2D 3E 7B 6C 61 63 60 78 61 6C 66 6C 62 
加密前的口令为：
pdksidicndjh%^&6

-----------------------------------------------------