题目:
from Crypto.Random import random
from Crypto.Util import number
from flag import flag
def convert(m):
m = m ^ m >> 13
m = m ^ m << 9 & 2029229568
m = m ^ m << 17 & 2245263360
m = m ^ m >> 19
return m
def transform(message):
assert len(message) % 4 == 0
new_message = ''
for i in range(len(message) / 4):
block = message[i * 4 : i * 4 +4]
block = number.bytes_to_long(block)
block = convert(block)
block = number.long_to_bytes(block, 4)
new_message += block
return new_message
transformed_flag = transform(flag[5:-1].decode('hex')).encode('hex')
print 'transformed_flag:', transformed_flag
# transformed_flag: 641460a9e3953b1aaa21f3a2
首先,我们审计题目,这是一道基础的MT19937题目,本题考察的是我们的MT19937基础反推导能力。于是,将题目已知带入exp即可:
(其中,关于反推导的具体思路可查看:MT19937)
exp:(python3实现)
from Crypto.Util import number
# right shift inverse
def inverse_right(res, shift, bits=32):
tmp = res
for i in range(bits // shift):
tmp = res ^ tmp >> shift
return tmp
# right shift with mask inverse
def inverse_right_mask(res, shift, mask, bits=32):
tmp = res
for i in range(bits // shift):
tmp = res ^ tmp >> shift & mask
return tmp
# left shift inverse
def inverse_left(res, shift, bits=32):
tmp = res
for i in range(bits // shift):
tmp = res ^ tmp << shift
return tmp
# left shift with mask inverse
def inverse_left_mask(res, shift, mask, bits=32):
tmp = res
for i in range(bits // shift):
tmp = res ^ tmp << shift & mask
return tmp
def extract_number(y):
y = y ^ y >> 11
y = y ^ y << 7 & 2636928640
y = y ^ y << 15 & 4022730752
y = y ^ y >> 18
return y&0xffffffff
def convert(y):
y = inverse_right(y,19)
y = inverse_left_mask(y,17,2245263360)
y = inverse_left_mask(y,9,2029229568)
y = inverse_right(y,13)
return y&0xffffffff
def transform(message):
assert len(message) % 4 == 0
new_message = ''
for i in range(len(message) // 4):
block = message[i * 4 : i * 4 +4]
block = number.bytes_to_long(block)
block = convert(block)
block = number.long_to_bytes(block, 4)
new_message += str(block)
return new_message
from Crypto.Util.number import *
c = 0x641460a9e3953b1aaa21f3a2
print(c)
c=30973135979607982002676036514
flag=transform(long_to_bytes(c))
print(flag)
flag=b'\x84\xb4_\x89'b'\xaf"\xce~'b"g'[\xdc"
print(bytes_to_long(flag))
print(hex(41070079108587869185759468508)[2:])
得到:
30973135979607982002676036514
b'\x84\xb4_\x89'b'\xaf"\xce~'b"g'[\xdc"
41070079108587869185759468508
84b45f89af22ce7e67275bdc
最后一个即为我们所求的flag。