题目信息
https://github.com/veritas501/hctf_wp/tree/master/misc_level1_big_zip
解题思路
查看压缩包内容,发现有五字节长度的文件,用crc碰撞攻击破解明文
#!/usr/bin/env python
# coding: utf-8
# In[1]:
import binascii
# In[2]:
import zipfile
# In[3]:
a = 'abcdefghijklmnopqrstuvwxyz'
# In[4]:
b = a.upper()
# In[5]:
c = '_-,.\'";:!'
# In[6]:
words = a+b+c
# In[9]:
file_handler = zipfile.ZipFile('./big_zip.zip') #指定压缩包
# In[10]:
name_list = file_handler.namelist()
# In[11]:
crc_list = []
# In[12]:
print('--------------Filename CRC Info ----------------')
# In[15]:
for name in name_list:
name_info = file_handler.getinfo(name)
crc_list.append(name_info.CRC)
print('[+]{0}:{1}'.format(name,hex(name_info.CRC)))
print('------------------------------------------')
print(crc_list)
for i in words:
for j in words:
for k in words:
for l in words:
for m in words:
txt=i+j+k+l+m
crc = binascii.crc32(txt.encode())
if crc in crc_list:
print("crc32 of %s is-> %s"%(txt,hex(crc)))
# In[ ]:
# In[ ]:
[+]flag.txt:0x6cad0b82
[+]small_00.txt:0x251dee02
[+]small_01.txt:0xb890530f
[+]small_02.txt:0x6e6b39df
[+]small_03.txt:0x50f684c3
[+]small_04.txt:0xde41b551
[+]small_05.txt:0x24bd35b6
[+]small_06.txt:0xcef2eda8
[+]small_07.txt:0xba2b1745
[+]small_08.txt:0x1f4c7ea9
[+]small_09.txt:0x58b2bfa9
[+]small_10.txt:0x251dee02
[+]small_11.txt:0xe0f81f1e
[+]small_12.txt:0xbd6fbd41
[+]small_13.txt:0x7342a1f6
[+]small_14.txt:0x665648e9
[+]small_15.txt:0xe7c594b3
[+]small_16.txt:0xa60ffdd0
[+]small_17.txt:0xce2ce80b
[+]small_18.txt:0x22459f2d
[+]small_19.txt:0x6f8a6539
[+]small_20.txt:0x2073a2e4
[+]small_21.txt:0x52fa60a8
[+]small_22.txt:0x80410dda
[+]small_23.txt:0xb7c68f27
[+]small_24.txt:0x6e6b39df
[+]small_25.txt:0xbd598041
[+]small_26.txt:0xaa145d64
[+]small_27.txt:0x16da6b3b
[+]small_28.txt:0x7dd590bc
[+]small_29.txt:0xb9eef5a1
[+]small_30.txt:0xf0b958f0
[+]small_31.txt:0x445a43f7
[+]small_32.txt:0x8bd55271
[+]small_33.txt:0xc0340fe2
[+]small_34.txt:0xc0cd9ee5
[+]small_35.txt:0x7fc7de58
[+]small_36.txt:0x53bfec8a
[+]small_37.txt:0x99b5537b
[+]small_38.txt:0xd68019af
[+]small_39.txt:0x73d7ee30
[+]small_40.txt:0x5fbd3f5e
[+]something_small_make_me_bigger.txt:0xa4d96296
------------------------------------------
[1823280002, 622718466, 3096466191, 1852520927, 1358333123, 3728848209, 616379830, 3472027048, 3123386181, 525106857, 1488109481, 622718466, 3774357278, 3178216769, 1933746678, 1716930793, 3888485555, 2786065872, 3459049483, 574988077, 1871340857, 544449252, 1392140456, 2151747034, 3083243303, 1852520927, 3176759361, 2853461348, 383413051, 2111148220, 3119445409, 4038678768, 1146766327, 2346013297, 3224637410, 3234701029, 2143805016, 1405086858, 2578797435, 3598719407, 1943531056, 1606238046, 2765709974, 1823280002, 622718466, 3096466191, 1852520927, 1358333123, 3728848209, 616379830, 3472027048, 3123386181, 525106857, 1488109481, 622718466, 3774357278, 3178216769, 1933746678, 1716930793, 3888485555, 2786065872, 3459049483, 574988077, 1871340857, 544449252, 1392140456, 2151747034, 3083243303, 1852520927, 3176759361, 2853461348, 383413051, 2111148220, 3119445409, 4038678768, 1146766327, 2346013297, 3224637410, 3234701029, 2143805016, 1405086858, 2578797435, 3598719407, 1943531056, 1606238046, 2765709974]
crc32 of ad_th is-> 0xb9eef5a1
crc32 of color is-> 0x665648e9
crc32 of do_th is-> 0xa60ffdd0
crc32 of d_fee is-> 0x50f684c3
crc32 of ere_a is-> 0x1f4c7ea9
crc32 of e_las is-> 0xf0b958f0
crc32 of e_thi is-> 0xce2ce80b
crc32 of gh_Be is-> 0x8bd55271
crc32 of got_t is-> 0xb7c68f27
crc32 of he_be is-> 0x6e6b39df
crc32 of hink_ is-> 0x16da6b3b
crc32 of ing_h is-> 0xba2b1745
crc32 of k_tha is-> 0x7fc7de58
crc32 of lone_ is-> 0x58b2bfa9
crc32 of ls_wa is-> 0xde41b551
crc32 of m_in_ is-> 0x7342a1f6
crc32 of ngs_I is-> 0x22459f2d
crc32 of ng_go is-> 0xd68019af
crc32 of now_t is-> 0xb890530f
crc32 of now_I is-> 0xe0f81f1e
crc32 of od_is is-> 0x73d7ee30
crc32 of rmer_ is-> 0x24bd35b6
crc32 of rythi is-> 0x99b5537b
crc32 of st_of is-> 0xbd598041
crc32 of think is-> 0x52fa60a8
crc32 of t_eve is-> 0x53bfec8a
crc32 of t_lau is-> 0x445a43f7
crc32 of t_you is-> 0xc0340fe2
crc32 of you_h is-> 0x7dd590bc
crc32 of Sleep is-> 0xcef2eda8
crc32 of You_k is-> 0x251dee02
crc32 of _drea is-> 0xbd6fbd41
crc32 of _gone is-> 0x5fbd3f5e
crc32 of _me_T is-> 0xaa145d64
crc32 of _thin is-> 0xc0cd9ee5
crc32 of _want is-> 0x6f8a6539
crc32 of _you_ is-> 0x80410dda
crc32 of _And_ is-> 0xe7c594b3
crc32 of _You_ is-> 0x2073a2e4
根据上述逻辑可得到
You_know_the_bed_feels_warmer_Sleeping_here_alone_You_know_I_dream_in_color_And_do_the_things_I_want_You_think_you_got_the_best_of_me_Think_you_had_the_last_laugh_Bet_you_think_that_everything_good_is_gone
将其存为something_small_make_me_bigger.txt
内容为:You_know_the_bed_feels_warmer_Sleeping_here_alone_You_know_I_dream_in_color_And_do_the_things_I_want_You_think_you_got_the_best_of_me_Think_you_had_the_last_laugh_Bet_you_think_that_everything_good_is_gone
退出后得到解密的文件如下: