Hctf-xorgame&theend详细wp
本文首发于安全客
这次比赛只做出了这两个题,其中我觉的the_end的思路还是可以借鉴一下的。
xor_game
文件分析
题目给出了两个文件一个是加密脚本,一个是加密后输出的文件。打开加密的脚本,就能看出和2017suctf的一个题目很像。
加密脚本
from Crypto.Util.strxor import strxor
import base64
import random
def enc(data, key):
key = (key * (len(data) / len(key) + 1))[:len(data)]
return strxor(data, key)
poem = open('poem.txt', 'r').read()
flag = "hctf{xxxxxxxxxxx}"
with open('cipher.txt', 'w') as f:
f.write(base64.b64encode(enc(poem, flag[5:-1])))
f.close()
加密的数据
ciMbOQxffx0GHQtSBB0QSQIORihXVQAUOUkHNgQLV AQcAVMAAAMCASFEGQYcVS8BNh8BGAoHFlMAABwCTS VQC2UdMQx5FkkGEQQAAVMAAQtHRCNLF0NSORscMkk aHABSExIYBQseUmBCFgtSKwEWfwELFRcGbzwEDABH VS8DDAcXfwUcMQwCDUUBCgYYSQEBATNKGwQeOkkbP hsYERYGDB0TYzwCUSVCDE8dKh0BNg4GAAkLSVMWHB pHQCxQF08AOhkWPh1OAA0XRQQRBQJKQyVKFghSMA9 5Gh8LGhEHBB8YEE4UViFaEQEVfwAdfx0GEUUWAAAR GxpHTiFQERx4FkkROgUHERMXRTpUCANtYy9RFk8TL EkHNwxOFhcbAhsASR0STC1GCk8UMwYEOhsdfiEdRR 0bHU4QSDRLHR0XO0kGMQ0LEgATERYQSQgORDJaWAs XMgYdfxsbGAB4LRYVGxpHUyFXHU8TMQ1TPRsLFREa DB0TSRoIASJGGR1SKwEWfwUBFQFSChVUHQYCASNWF Q0XLRocMgxkNgoAABd+PRkIKwkDEAoTLQ1TKwELVA gHFhoXRU4BUy9OWBsaOkkeMAYAVAQcAVMXCBwEQDN Qci4HJwAfNggcDUUXHQcGDAMCASFGCxsaOh0aPAAd GUUQBBoASRoIASNCCBsHLQxTMgAdABx4IxoYBQcJR mBXEApSNgcHOgcdEUUeDBURRU4FVDQDGQMBMEkVNg UCHQsVRQccDE4XVDJGcjsaOhsWfwgcEUUTCQQVEB1 HTCVOFx0bOhpTKwEcGxAVDRwBHU4TSSUDHQ4AKwF5 FkkMEQkbAAURSSdHQC0pPAYXO0kSLEkaHABSFAYdD BpHQyVCDRsLfwYVfwgbABAfC1MYDA8RRDMpKwcXMQ 5TNhpOGgoGRRAcCAEUDWBQFQAZOkkUOhoaARcXbzY CDABHVilPDE8TMxocfxsLAAQbCxYQSQwITyUDCB0d Kg0fJkk/ HQsVRTURBwlHTDVQGwMXVSYQPBwCAG8mDQERDGQuA ShGGR1SMwYFOkVOPUUQAB8dDBgCASlNWAMdKQx5Ew YYEUUbFlMVSR4ITiwDFwlSLB0BKg4JGAwcAlMWBRs CDCdRHQocfwgfOAgLfiQBRRcRGgELQDRGWAIbPBsc cgsbBhYGRRwSSRkOTyQpOgMXOg0aMQ5OAA0ACgYTA U4KWGBVHQYcLGMqOggcB0UBERIAAAEJRCQDEQFSKw EWfwsLGAwXA3kyBhsVKwkDGgoeNgwFOkkaHAQGRRI YBU4EQC4DEAoTLWM2KQwAVAQcERoXAB4GVSUDHAYB PBsWKwxCVCxSCBYASRoPRGBMDAcXLUkHNwwHBkUdE h1+OgEKRGBAGQFSMQYHfw4cFRYCRQccDE4KTi1GFh t4EwwVK0kaG0UGDRZULA8UVWBXF08VMEkkOhoaWEU GDRZUDQsGRWBODRwGfwccK0kcEREHFx1UHQFHTy9U