BUUCTF 每日打卡 2021-7-28

最新推荐文章于 2021-08-12 22:21:35 发布
最新推荐文章于 2021-08-12 22:21:35 发布
阅读量983 收藏
点赞数
分类专栏: crypto 文章标签: 密码学
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_52446095/article/details/119183523
版权

引言

[De1CTF2019]xorz

加密代码如下:

from itertools import *
from data import flag,plain

key=flag.strip("de1ctf{").strip("}")
assert(len(key)<38)
salt="WeAreDe1taTeam"
ki=cycle(key)
si=cycle(salt)
cipher = ''.join([hex(ord(p) ^ ord(next(ki)) ^ ord(next(si)))[2:].zfill(2) for p in plain])
print cipher
# output:
# 49380d773440222d1b421b3060380c3f403c3844791b202651306721135b6229294a3c3222357e766b2f15561b35305e3c3b670e49382c295c6c170553577d3a2b791470406318315d753f03637f2b614a4f2e1c4f21027e227a4122757b446037786a7b0e37635024246d60136f7802543e4d36265c3e035a725c6322700d626b345d1d6464283a016f35714d434124281b607d315f66212d671428026a4f4f79657e34153f3467097e4e135f187a21767f02125b375563517a3742597b6c394e78742c4a725069606576777c314429264f6e330d7530453f22537f5e3034560d22146831456b1b72725f30676d0d5c71617d48753e26667e2f7a334c731c22630a242c7140457a42324629064441036c7e646208630e745531436b7c51743a36674c4f352a5575407b767a5c747176016c0676386e403a2b42356a727a04662b4446375f36265f3f124b724c6e346544706277641025063420016629225b43432428036f29341a2338627c47650b264c477c653a67043e6766152a485c7f33617264780656537e5468143f305f4537722352303c3d4379043d69797e6f3922527b24536e310d653d4c33696c635474637d0326516f745e610d773340306621105a7361654e3e392970687c2e335f3015677d4b3a724a4659767c2f5b7c16055a126820306c14315d6b59224a27311f747f336f4d5974321a22507b22705a226c6d446a37375761423a2b5c29247163046d7e47032244377508300751727126326f117f7a38670c2b23203d4f27046a5c5e1532601126292f577776606f0c6d0126474b2a73737a41316362146e581d7c1228717664091c

有plain,有key,不禁让人想起维吉尼亚密码,想起之前做过的一道[NCTF2019]Sore
于是就参照维吉尼亚的爆破方法来解题,参考示例代码
首先是Kasiski 实验:

def GCD(step):
    gcd_list = []
    buf = []
    if not len(step):
        return "None has ben found"
    else:  # find GCD
        step_min = max(step) // 2
        for con in range(2, step_min + 1):
            flag = True
            for each_step in step:
                if each_step % con:
                    flag = False
                    break
            if flag:
                gcd_list.append(con)
    if len(gcd_list):
        return gcd_list
    else:  # find GCD list
        for con in range(2, step_min + 1):
            gcd_list.append([con, len(step)])
            for each_step in step:
                if each_step % con:
                    gcd_list[con - 2][1] -= 1
        for each in gcd_list:
            if each[1]:
                buf.append(each)
        for i in range(1, len(buf)):
            j = i
            while j > 0:
                if buf[j][1] < buf[j - 1][1]:
                    tem = buf[j - 1]
                    buf[j - 1] = buf[j]
                    buf[j] = tem
                j -= 1
        return buf

def find(string1, string2):
    k, t = 0, 0
    for t in range(len(string1)):
        if string1[t] == string2[0] and t+len(string2) <= len(string1):
            for k in range(len(string2)):
                if string1[t+k] != string2[k]:
                    k -= 1
                    break
            if k == len(string2)-1:
                break
    if t == len(string1)-1 or string1 == '':
        return -1
    else:
        return t

def kasiski(cipher):
    sec_msg = cipher
    step = []
    flag = False
    lenth = len(sec_msg)
    for i in range(lenth - 5):
        flag_tem = 0
        i_tem = i
        while True:
            print(sec_msg[i_tem + 3:], sec_msg[i_tem:i_tem + 3])
            flag_tem = find(sec_msg[i_tem + 3:], sec_msg[i_tem:i_tem + 3])
            # flag_tem = sec_msg[i_tem + 3:].find(sec_msg[i_tem:i_tem + 3])
            print(flag_tem)
            if flag_tem == -1:
                break
            flag_tem += 3
            step.append(flag_tem)
            i_tem += flag_tem
    # print('step:', step)
    print(GCD(step))
    return GCD(step)

if __name__ == '__main__':
    cipher = 'nsfAIHFrMuLynuCApeEstxJOzniQuyBVfAChDEznppfAiEIDcyNFBsCjsLvGlDtqztuaHvHbCmuyGNsIMhGlDtbotCoDzDjhyBzHGfHGfoHsuhlssIMvwlixBHHGfDRjoCKrapNIwqNyuxIBACQhtMwCmMCfEBpsrzEuiLGBoMipTkxrznoHfAkqwzvxuzCzDbLyApCGvjpqxkuwpgsLrqsVfCRwzlFmtlyrhuyEiivruFRpCRjkEDrqEqthyGwgsLnQvHmtzwDEznopBpsDOxvgBGIKzurFQxwQxkptutxzmfeLFQoRpJRvrpHxilwqeqMeiiIGBsQpCCvrptAlHsDnuRltmHuCGFpsBcwnsEblsswEPwerNpIADpJRCvwQxrntJltNpfAuFBwRstytoyvcepwtwqNlmmNGFsJjsQvkyvrkrstxJOzniQvNvzdDUdyJzjqzsErqxEjguyFMNwtPjsDwjoDfCdxzvftNGyzKjCEjsDxjqsjGMqFpimGpIADpJRFkovHJlpthyHnpqyBOHhmDMmoosClwiehEzmffOGMvDxDSnnyLuXFlwYEPvosQxCrRxwCpDswHopxDruvEzsOgBsXxDLvvlMpezwpnOOsjrANzHDsLCnoqLCepgtaHNHfpysNHGfOMqkyvlozxHetJGfvNuCGKjIRnoDLAbpyxnJCpqeLxuBCuwCpGpOnkEywrEPrisHrItSiDQgvtLCipyJnDzwtxBnNoKxpWuCxwuiqwDmIJxffIqSGSbzGpqlDnXvNIwqNzoxBrQoXuDRjonsAozzHeBjweTBBypDtIGnvHGDiosItqGvusGrIFzoNRjsyykrExweMvDtsLGItVbAIkxrFnuEyDmuIzxMNBIyziDJfyqLqbmjAtqOEiivnwyNgwCtmzsCgFxIfEMEiiBrFzNgxRdEEKqbHtJltIEmiNzygGfHyknVwnmJtJrxvyewNBSCTsHCnptxHlFiDnJHtohmuyKztHRkvwKxopfImuWFurIGuGRpGCcCDzntlxqevJCfEHLQoXxtIgzEynqEnCgsGztiLnHrBmDQgBEGCephprHJFtiFnHrXpJAqEwvBqlwItECpbvNuuHMvIRAwFKrZtyplMvJttFnSGhuLyuzwsHfyldhcvCjicGJzzztBvrlLBXxjHoDBlcsOGzwEuNWgkCKjdzBweDdHbwuyCHSmtIknezjqDtCeDDnfxBvHuzcDSvmlJAlFxtlIOsfCuyQoXtEJcIEznplrtsEIrtMNuIIFiIRjonsAozzHeBRltgFBMsCjCRjoHAwqpwIiCzzmhjuIsAfHyknTLFXDywevDCtxNvGsRitNtknLrZlqAyIvteeHLNvHovqjoAJxYlgAyvJChsNFBsVbHQwzAGBboyDbuNzsiuGGslbNzglpujrDjxtIvCpyHqWvQjHRokDaBXtihhuyterNFuMzoNRjsyyFepsXsqDouluGmvDqGMdkmDHoprtmrzCfhMuyKztHSrzzKnaEtqeIJCfeNzyRNzDSykyLClrtuoHvCjhyBHwSJHyknTCwbHxweFMzcevySrHelFgxDzntlxptyIJmmNGFsJjsypnLDufpfCdTWlohcHMsCuDEqDzLqbAfGkMDEilyEMvDxpQokosklFyIhuxlsvIHMsKZDSeyFDmkElttxzCpjzGBsFpsBcwEzrkrNBtEJmjkMuyGzjsgvrzMpeExweMvDoxABCBFuDypCHwAjpgJtICpemxaIMNvGCpyEYxlyNAlMvtujIESofpDLKClAmTpBtruMthlNGBsQfIFgxeznopBtruvqfAEvxGQjsGpqzFrqxtHtBTGfvSyCHSmtIknDswalktwFvCfrNFQsQfLykDtFpXCtJntJFuwCqyGHuIGpqzFCepgtnsCpteHquzKXwyvSoAmtlxXwuIEvtNBNvDxxLfyHOqbCjIhuTDfpFGBsSjrIgDDswamtJgxOzmhjuIsAfpRkmvwCQsjCIwvGfmNGIvDshFgGlKBqlssiDBCjkBGHsWuIMooSwAbTxpitrljxuFyqNosRcupLqbCjHtEAJpyLqIIFiIMqSDLjoEjsgyQtokBrLHGfGCuDzxCepiDuwCDiixyyBSntwqEvwnmtyZeuKtujIEGsRitQcsolqbyxweIvtevCtBHzgICtGlJmMwjpsuosbxMqyDQfHQkxrOqbyxDmuwzeCMnSGOmtyuoEGHlFNBeqItgmNFjvNfqCqBDGvbmtsyjCluhyCLsRttBvrpzniwtJtEAxfFOGcDTuIFgnzMpemfrkyIxztIpEsSBGCpDJGDdzsCaHDofxIBMvDbHIgnxwbepBpsBJzlmHtuHLfHMtDzxorysNYEPnpyFqNsKmHFgGlKwqEtDsEMpbxGruBXnDPgWlQkbTBxlBOsfryKNHHntgnvHsCZsDpIIvteKIGSCTsIGeupLhbDLDaxzlexBrHWKmqCqxEzrpmjCcxMthlNBPsQitPgSwDFXEhwyqdHfrNBPsQbCBukEvxtytCtxDDciHpBoMeHFgGpFCXyivoJJyulypuFQpJQgvdzntlqzetvwmeLBOBCjIgoolFBepBplAzoprwruzKuwCykJsAlFssiJosfrMuyGzusMyxzFCetxqiwwCpAHoyoSvEJqyvAwdzqshEMDfXBrHHGfrytBzMBbwxIaHOpeeHqcKzurFgnswAdzfGoKIobrxnLCTosrjoCwFbCjDnBTlcsOGzwUfDPusIGCepwzitNzoxBrLwCfpLfDswBlylIhuxlsvIHMsKxpQrvlQrkrBpsiHzliarNGHonMwBPQnpTyLaIKwbCCAAwSwtPAtlRIvlssfKIyzEFyNvDlxBuupHCqCDxnwOzhvuozCQuwCiywvAfylpntNzxeMBFroiDCdolFmFHfHsEMEpjusLoHeHFgnqsuizkutxzrphxnGvNsHCdEEamfosIsqTloCNuCBFpGBqkyQCetsvTxzEimHtQwSizGfCtKrcEmtyMvyuxItLoAuwCiywvAfylNoKClwiNBFsSuwConzACXyiCoJNlzeHLNvHovghDswHclqAovAEiiSsuzKpuDdEEACpmfsivTzvwuLuBXuwGpqEGCeprlhuIEiiLvxsVbHMxoCKqbrtIovAsfvBBLGDbCBekxwxspwIoCzjpyLvxsNorCvyzLqfDyxmuNsfwuvxbNJAJlEDLFXEhwyqdEimHxczKkJQvGlLleTxpitdrbzyuyFRpBCoyCwxcsjGdEPriLyEyUDuHMooxGAbEnrkuODTlyGICJuwCfyFyqlqkBeYHypxGnxoSzDScxJExopxweIvteMEAIKgvGPAEALqbEmxnwNrprHnMHzsIyiktFcepsplBJqbwOqxsMtwCikGwvblpxsIosfrMuyvDmsFgBsswazzIaDyDbmxVNGQbxLkxraCpDyprJDyhxIEuwMJzLqGeznkHmptICpemxvNrznCLgkCCriwjsmuNsfvynwvDexLoInGjqAtrkuOlohNBIyNvIKABpvqryyxnwClueHqJISjIMpwJznXoIDnJTzvAuANwSJHyknjGDZlsLeqMtueQuCzDPzyARFJAvFuIhEPrirIJsCTstEqxysvfDxNoKMCjhylIIVpCRioEQxrCtLnxJCtiIEuBXuwGpqdznhpuIhqIrjrAnLCTosRjyFyqAtiNoKHpbrCGQvzuNMwClAmVzzGeqGwzeLrHHFpxLikHsHXyDLhuMpBvyLIIQfpJnIrGrkrmDmuvquiLJuFCtHFgkDCnaxjneqCTteCqcADbCRkDEGxFHfHnJGJjrAGIvDsXPgkwDHativoxJxfezGyFVbGBuRFJAvFuCoMdDbmxgBsSixLiCDLjoEnCgiCpseHnHrApJEjDswAqthzeJvyekIGvoBlDLvrpyxaofBcqMCpyMrFxTtIGpDtEnQsjCsxzHbpErxoKmIFgGlQjozzCdyOEjpFFBsFpIFgBzOwezwHervnlXBrHGGfvMvyyACPsjLaLzousGruBCJLyxootjZvGDyyOmfkuANCQbxLnsvwjYlxIaHyTofOpEsStXQyolJClRtsABGEiiJnLsMuHypnxGCepwHaDypwiLLvCCzLCpDzNnolsssJJzevCtBHTosCtDswAlzkDfJCpdeLEIIRfAQqDswHtzzAdDOrfxMBuyDeIMvrpKtfytGaDTEimHtvISJHRwmvsAlFssoDOsffyAwvEpGOwsEwjtsnAeYBzutLrNHXtDymsyyFbEjHpuxtbpFLGMMfrIcxoEHmlsIscTsvrNvHuGbIPgkwDHdlAtmuLFjxynFCSpuNtyEwlqttCiDvHbCvHNWFpIQqkvwmXyDLaOdojhHGwoQfIFqErzRcpqIsEylnrBnJDXbAJqpDMmapsIhuRlzsFqjvNfqCmoALpltsvaHJFohuAxoQpJLfSHsBalrCnuvCceQyCBFJuCnDDGmXxswaFKJjjSBOKzoIRquyGFqsjIrKOsJhIANyMpLUjITLFXDoJsJOsbxMuyzNpzCfCzvjjysxcuOsfAuLMvDltNvqzAwdlwDuDylohuEIIMexLjoCturphDaJvyeeFyaCCJLGurJGDZzzAdLzmfiHGBsQfiFcDDsuiTrvoyIrusNrFzzcDSvSnGDiouGorvmmCNrFzXpJUjkEamfofutuMTxiHGBCLfpLfrzORdzyHisFlohuyFoMeLFcDDuqlzqXmIPAqsMrxHNhDRqxpPCclqAavOpsMArNCTuDDjoCwkrENsoDOqfiFyCyDjIgtolDuvotCtjCluwNHztCptQpDtFCbCjHtCzEpsGHwvQjvFvxzOJizyDfFzzqpyrMDDdxynvJLqfDtCeFNJdlInHoKzHRiEJLqbJmpvuCpsiEryDRbHIkxrEnfqNBgEDyheJCFMLzHCnpHznkTlDbqxvusMpBCNmCCzDdwyqprqeHdEtwOpBoRuJNknBMnpEnDnyIxzsJvHwNoXKgkyzxtotNoKFypAQuuHXpJPgqzAwdEtsoJDwmCIHxCHuiFgkyKFbCnHyEPoprNVNvHozgcwmMCezBsoYFypAcFQszsxRukDLDmtiFuuNEjsHQVwRoIyullvjpEmtruNEpjNuyAAvIFgupwyplxziDBxfeFBNCErJCuDtGwpEtDHuyCpzyBPsQmpQvclLDoofNwyOsulCFYBFmxQjlltnqsfIsyIEimMAyKOjrRwBpznpHwxtyIrTlyJuGOstRvIlxobnytdrPEwiLLACNeAMqutFpxyDLaOJyfxCzyKGfCQjoHwwqEtIhuGlemyFLCNnLyADswqbwqsoMItoxBrIHGfGUkxrVKXDptdCzHieNVNvNvvFvkmGDqlqAtxDDtxOszWIvHRhsyABepiIeBGtokSBOoApJRKntvwqvsDwMCluxBrBsKmIMukJaovzzLaDOEpoHBQHGfIPwDsamlyyznERHieNVNvHozydyFLrqTrHoHMJJxIyxGNnpLAzpGyipfqoKOtuEvBOHzmAgmxzOrpTxDrJJqnmMFyJDsNzqnJaClwipbEPEFzyAIzCTIPcnwsCbCfCdQxvmiSsIFHoHRcxnwRqsnCkYzGfrGvMGSipRiyovjjXfJryxpJxMsOBMzSMpDpNnoEjAlqIJcsxLuBXuwGpqTxHlFiDyEPDueLGGwRtxLioGwAvmtsy'
    kasiski(cipher)

稍微修改了一下原代码,放弃了原来只对字符串起作用的.find()方法,重新定义了一个find函数,使得对列表也管用
这里选用的cipher是[NCTF2019]Sore中的cipher,试验与结果相吻合
在这里插入图片描述
得到本题的key的长度代码如下:

from itertools import *
from kasiski import *

salt = "WeAreDe1taTeam"
si = cycle(salt)
c = '49380d773440222d1b421b3060380c3f403c3844791b202651306721135b6229294a3c3222357e766b2f15561b35305e3c3b670e49382c295c6c170553577d3a2b791470406318315d753f03637f2b614a4f2e1c4f21027e227a4122757b446037786a7b0e37635024246d60136f7802543e4d36265c3e035a725c6322700d626b345d1d6464283a016f35714d434124281b607d315f66212d671428026a4f4f79657e34153f3467097e4e135f187a21767f02125b375563517a3742597b6c394e78742c4a725069606576777c314429264f6e330d7530453f22537f5e3034560d22146831456b1b72725f30676d0d5c71617d48753e26667e2f7a334c731c22630a242c7140457a42324629064441036c7e646208630e745531436b7c51743a36674c4f352a5575407b767a5c747176016c0676386e403a2b42356a727a04662b4446375f36265f3f124b724c6e346544706277641025063420016629225b43432428036f29341a2338627c47650b264c477c653a67043e6766152a485c7f33617264780656537e5468143f305f4537722352303c3d4379043d69797e6f3922527b24536e310d653d4c33696c635474637d0326516f745e610d773340306621105a7361654e3e392970687c2e335f3015677d4b3a724a4659767c2f5b7c16055a126820306c14315d6b59224a27311f747f336f4d5974321a22507b22705a226c6d446a37375761423a2b5c29247163046d7e47032244377508300751727126326f117f7a38670c2b23203d4f27046a5c5e1532601126292f577776606f0c6d0126474b2a73737a41316362146e581d7c1228717664091c'
list_c = []
for i in range(0, len(c), 2):
    list_c.append(int(c[i:i + 2], 16) ^ ord(next(si)))
print(list_c)
len_key = max(kasiski(list_c))
print(len_key)

结果为:
在这里插入图片描述
后来找wp时发现也是正确的
但是下一步重合指数攻击和字母频率分析出现了瓶颈,原来的维吉尼亚密码爆破采用的把加密视作凯撒密码,只要进行位移即可,但本题是异或加密,几乎是重新把脚本写一遍了
直接找到了官方wp,稍微修改了一下:

from itertools import cycle

c = "49380d773440222d1b421b3060380c3f403c3844791b202651306721135b6229294a3c3222357e766b2f15561b35305e3c3b670e49382c295c6c170553577d3a2b791470406318315d753f03637f2b614a4f2e1c4f21027e227a4122757b446037786a7b0e37635024246d60136f7802543e4d36265c3e035a725c6322700d626b345d1d6464283a016f35714d434124281b607d315f66212d671428026a4f4f79657e34153f3467097e4e135f187a21767f02125b375563517a3742597b6c394e78742c4a725069606576777c314429264f6e330d7530453f22537f5e3034560d22146831456b1b72725f30676d0d5c71617d48753e26667e2f7a334c731c22630a242c7140457a42324629064441036c7e646208630e745531436b7c51743a36674c4f352a5575407b767a5c747176016c0676386e403a2b42356a727a04662b4446375f36265f3f124b724c6e346544706277641025063420016629225b43432428036f29341a2338627c47650b264c477c653a67043e6766152a485c7f33617264780656537e5468143f305f4537722352303c3d4379043d69797e6f3922527b24536e310d653d4c33696c635474637d0326516f745e610d773340306621105a7361654e3e392970687c2e335f3015677d4b3a724a4659767c2f5b7c16055a126820306c14315d6b59224a27311f747f336f4d5974321a22507b22705a226c6d446a37375761423a2b5c29247163046d7e47032244377508300751727126326f117f7a38670c2b23203d4f27046a5c5e1532601126292f577776606f0c6d0126474b2a73737a41316362146e581d7c1228717664091c"


def getCipher(c):
    codeintlist = []
    codeintlist.extend(
        (map(lambda i: int(c[i:i + 2], 16), range(0, len(c), 2))))
    salt = "WeAreDe1taTeam"
    si = cycle(salt)
    newcodeintlist = [ci ^ ord(next(si)) for ci in codeintlist]
    return newcodeintlist


def getKeyPool(cipher, stepSet, plainSet, keySet):
    ''' 传入的密文串、明文字符集、密钥字符集、密钥长度范围均作为数字列表处理.形如[0x11,0x22,0x33]
        返回一个字典,以可能的密钥长度为键,以对应的每一字节的密钥字符集构成的列表为值,密钥字符集为数字列表。
            形如{
                    1:[[0x11]],
                    3:[
                        [0x11,0x33,0x46],
                        [0x22,0x58],
                        [0x33]
                       ]
                }
    '''
    keyPool = dict()
    for step in stepSet:
        maybe = [None] * step
        for pos in range(step):
            maybe[pos] = []
            for k in keySet:
                flag = 1
                for c in cipher[pos::step]:
                    if c ^ k not in plainSet:
                        flag = 0
                if flag:
                    maybe[pos].append(k)
        for posPool in maybe:
            if len(posPool) == 0:
                maybe = []
                break
        if len(maybe) != 0:
            keyPool[step] = maybe
    return keyPool


def calCorrelation(cpool):
    '''传入字典,形如{'e':2,'p':3}
        返回可能性,0~1,值越大可能性越大
        (correlation between the decrypted column letter frequencies and
        the relative letter frequencies for normal English text)
    '''
    frequencies = {"e": 0.12702, "t": 0.09056, "a": 0.08167, "o": 0.07507, "i": 0.06966,
                   "n": 0.06749, "s": 0.06327, "h": 0.06094, "r": 0.05987, "d": 0.04253,
                   "l": 0.04025, "c": 0.02782, "u": 0.02758, "m": 0.02406, "w": 0.02360,
                   "f": 0.02228, "g": 0.02015, "y": 0.01974, "p": 0.01929, "b": 0.01492,
                   "v": 0.00978, "k": 0.00772, "j": 0.00153, "x": 0.00150, "q": 0.00095,
                   "z": 0.00074}
    relative = 0.0
    total = 0
    fpool = 'etaoinshrdlcumwfgypbvkjxqz'
    total = sum(cpool.values())  # 总和应包括字母和其他可见字符
    for i in cpool.keys():
        if i in fpool:
            relative += frequencies[i] * cpool[i] / total
    return relative


def analyseFrequency(cfreq):
    key = []
    for posFreq in cfreq:
        mostRelative = 0
        for keyChr in posFreq.keys():
            r = calCorrelation(posFreq[keyChr])
            if r > mostRelative:
                mostRelative = r
                keychar = keyChr
        key.append(keychar)
    return key


def getFrequency(cipher, keyPoolList):
    ''' 传入的密文作为数字列表处理
        传入密钥的字符集应为列表,依次包含各字节字符集。
            形如[[0x11,0x12],[0x22]]
        返回字频列表,依次为各字节字符集中每一字符作为密钥组成部分时对应的明文字频
            形如[{
                    0x11:{'a':2,'b':3},
                    0x12:{'e':6}
                 },
                 {
                    0x22:{'g':1}
                 }]
    '''
    freqList = []
    keyLen = len(keyPoolList)
    for i in range(keyLen):
        posFreq = dict()
        for k in keyPoolList[i]:
            posFreq[k] = dict()
            for c in cipher[i::keyLen]:
                p = chr(k ^ c)
                posFreq[k][p] = posFreq[k][p] + 1 if p in posFreq[k] else 1
        freqList.append(posFreq)
    return freqList


def vigenereDecrypt(cipher, key):
    plain = ''
    cur = 0
    ll = len(key)
    for c in cipher:
        plain += chr(c ^ key[cur])
        cur = (cur + 1) % ll
    return plain


def main():
    ps = []
    ks = []
    ss = []
    ps.extend(range(32, 127))
    ks.extend(range(0xff + 1))
    ss.extend(range(38))
    cipher = getCipher(c)

    keyPool = getKeyPool(cipher=cipher, stepSet=ss, plainSet=ps, keySet=ks)
    for i in keyPool:
        freq = getFrequency(cipher, keyPool[i])
        key = analyseFrequency(freq)
        plain = vigenereDecrypt(cipher, key)
        print(plain, "\n")
        print(''.join(map(chr, key)))


if __name__ == '__main__':
    main()

思想与维吉尼亚密码爆破相同,利用plain是一段有意义的字符,统计字母频率来得到key和plain
结果如下:
在这里插入图片描述
容易发现,得到的key的第二位是不对的
经过修改,结果为:W3lc0m3tOjo1nu55un1ojOt3q0cl3W

出了官方给出的解法,还找到了另一种解法,使得密文不同位置对应的同一key的字母之间的汉明距离最小来得到key的长度,进而还原key和plain
至于什么是汉明距离,摘自百度百科:
在这里插入图片描述
代码如下:

import string
from binascii import unhexlify, hexlify
from itertools import *


def bxor(a, b):  # xor two byte strings of different lengths
    if len(a) > len(b):
        return bytes([x ^ y for x, y in zip(a[:len(b)], b)])
    else:
        return bytes([x ^ y for x, y in zip(a, b[:len(a)])])


def hamming_distance(b1, b2):
    differing_bits = 0
    for byte in bxor(b1, b2):
        differing_bits += bin(byte).count("1")
    return differing_bits


def break_single_key_xor(text):
    key = 0
    possible_space = 0
    max_possible = 0
    letters = string.ascii_letters.encode('ascii')
    for a in range(0, len(text)):
        maxpossible = 0
        for b in range(0, len(text)):
            if (a == b):
                continue
            c = text[a] ^ text[b]
            if c not in letters and c != 0:
                continue
            maxpossible += 1
        if maxpossible > max_possible:
            max_possible = maxpossible
            possible_space = a
    key = text[possible_space] ^ 0x20
    return chr(key)


salt = "WeAreDe1taTeam"
si = cycle(salt)
b = unhexlify(
    b'49380d773440222d1b421b3060380c3f403c3844791b202651306721135b6229294a3c3222357e766b2f15561b35305e3c3b670e49382c295c6c170553577d3a2b791470406318315d753f03637f2b614a4f2e1c4f21027e227a4122757b446037786a7b0e37635024246d60136f7802543e4d36265c3e035a725c6322700d626b345d1d6464283a016f35714d434124281b607d315f66212d671428026a4f4f79657e34153f3467097e4e135f187a21767f02125b375563517a3742597b6c394e78742c4a725069606576777c314429264f6e330d7530453f22537f5e3034560d22146831456b1b72725f30676d0d5c71617d48753e26667e2f7a334c731c22630a242c7140457a42324629064441036c7e646208630e745531436b7c51743a36674c4f352a5575407b767a5c747176016c0676386e403a2b42356a727a04662b4446375f36265f3f124b724c6e346544706277641025063420016629225b43432428036f29341a2338627c47650b264c477c653a67043e6766152a485c7f33617264780656537e5468143f305f4537722352303c3d4379043d69797e6f3922527b24536e310d653d4c33696c635474637d0326516f745e610d773340306621105a7361654e3e392970687c2e335f3015677d4b3a724a4659767c2f5b7c16055a126820306c14315d6b59224a27311f747f336f4d5974321a22507b22705a226c6d446a37375761423a2b5c29247163046d7e47032244377508300751727126326f117f7a38670c2b23203d4f27046a5c5e1532601126292f577776606f0c6d0126474b2a73737a41316362146e581d7c1228717664091c')
plain = ''.join([hex(ord(c) ^ ord(next(si)))[2:].zfill(2) for c in b.decode()])
b = unhexlify(plain)
print(plain)

normalized_distances = []

for KEYSIZE in range(2, 40):
    n = len(b) // KEYSIZE
    list_b = []
    for i in range(n - 1):
        list_b.append(b[i * KEYSIZE: (i + 1) * KEYSIZE])

    normalized_distance = 0
    for i in range(len(list_b) - 1):
        normalized_distance += hamming_distance(list_b[i], list_b[i + 1])
    normalized_distance = float(normalized_distance) / (KEYSIZE * (len(list_b) - 1))

    normalized_distances.append(
        (KEYSIZE, normalized_distance)
    )
normalized_distances = sorted(normalized_distances, key=lambda x: x[1])
print(normalized_distances)

for KEYSIZE, _ in normalized_distances[:5]:
    block_bytes = [[] for _ in range(KEYSIZE)]
    for i, byte in enumerate(b):
        block_bytes[i % KEYSIZE].append(byte)
    keys = ''
    try:
        for bbytes in block_bytes:
            keys += break_single_key_xor(bbytes)
        key = bytearray(keys * len(b), "utf-8")
        plaintext = bxor(b, key)
        print("keysize:", KEYSIZE)
        print("key is:", keys)
        s = bytes.decode(plaintext)
        print(s)
    except Exception:
        continue

对代码进行了一些修改,得到结果:
在这里插入图片描述
经过测试,在某些情况下,该程序对key长度的计算会有偏差,会出现key内容缺失,或者重复的情况,但是对plain的还原比较准确
与第一种方法相比各有优劣
key = 'a24jq354qgikamzasmglzhjapwmiq3OMM93FI'为例
方法一的结果为:
在这里插入图片描述
方法二的结果为:
在这里插入图片描述
具体解题时,可以对照着看

还有一个问题就是方法二代码的第37行有一个^ 0x20不知道是什么意思,但是去掉了又不行,希望明白的师傅能指点指点

结语

希望继续坚持

Σ2333!
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
打卡提醒-crx插件
04-03
语言:English 妈妈再也不用担心忘记打卡了 这是一个考勤提醒工具妈妈再也不用担心忘记打卡了## 无痛打卡,你值得拥有1. 打开 Chrome 浏览器,进入 `工具-扩展程序`2. 将源文件中的 `dakaji.crx` 拖到扩展程度界面点击确定即可3. 通常安装好以后需要手工设置 `跳转页面` 为你要去打卡的页面
BUUCTF Crypto
最新发布
qq_74388419的博客
04-26 544
Crypto
人脸打卡机)-WiFi-TCP网络通信.docx
12-17
人脸打卡机)-WiFi-TCP网络通信.docx
jlu-health-reporter:为吉林大学本科生每日打卡放置的自动机器人
01-29
JLU健康记者 为吉林大学本科生每日健康打卡放置的自动机器人,支持自动提交各类网上办事大厅事务表单。 众所周知,低频对于次事件应使用中断而非轮询更不是心跳。作者相信,如果学生能在出现健康问题时主动汇报,则强制按时打卡只增加不产生价值的重复劳动,本程序的创作动机系解放生产力。 以WTFPL授权开源,爱干嘛用干嘛用。 免责声明 本自动程序为个人使用开发,适用于吉林大学分类网上办事大厅事务表格的自动提交,已充分测试,不保证正常工作,不建议没有调试能力的人使用。 本程序以你所见到的样子呈现给你,不附带任何明示或暗示的担保,包括但不遵守对功能合法性或对特定用途适用性的保证。在运行之前,你有责任理解其源代码的工作原理,并确认这是你想要执行的,本程序进行的操作都应被视为你本人进行,或由你授权代你进行的操作。在任何情况下,本程序作者与你决定运行本程序无关,不为您运行此程序所造成的任何损失,遭受的损坏以及造成的法律后果等负任何责任。 使用说明 需要Python 3.7+和requests库。 运行之前先登录平台提交一次打卡,确保正确信息正确。 参照example-config.json建立配置文件con
人脸打卡机)-WiFi-UDP网络通信.docx
12-17
人脸打卡机)-WiFi-UDP网络通信.docx
[De1CTF2019]xorz
2er0!=O的博客
08-02 1338
[De1CTF2019]xorz 附件: from itertools import * from data import flag,plain key=flag.strip("de1ctf{").strip("}") assert(len(key)<38) salt="WeAreDe1taTeam" ki=cycle(key) si=cycle(salt) cipher = ''.join([hex(ord(p) ^ ord(next(ki)) ^ ord(next(si)))[2:].zfill
De1CTF-2019部分wp
CTF小白的博客
08-05 2079
目录Misc1——We1comeMisc2——Mine SweepingWeb1——SSRF MeCrypto1——xorz 去De1CTF划了划水,发现自己是真的菜━┳━ ━┳━ Misc1——We1come https://t.me/De1CTF ,需要加Telegram群,需要VPN,群里有发签到的flag Misc2——Mine Sweeping 下载下来是一个扫雷游戏 在没有雷的地...
BUUCTF Cipher writeup
MikeCoke的博客
05-13 2819
还能提示什么呢?公平的玩吧(密钥自己找) Dncnoqqfliqrpgeklwmppu 注意:得到的 flag 请包上 flag{} 提交, flag{小写字母} “公平的玩吧”翻译成英文为 playfair 这是Playfair密码(哈哈哈哈哈) 普莱费尔密码百度百科 Playfair Cipher解密工具 得到flag: flag{itisnotaproblemhavefun} ...
BUUCTF 每日打卡 2021-8-11
weixin_52446095的博客
08-12 6174
引言 这两天把博客里里外外翻新了一遍,拖更了,抱歉 [XNUCA2018]baby_crypto 题目给了个加密的伪代码文件: The 26 letters a, b, c, …, y, z correspond to the integers 0, 1, 2, …, 25 len(key_a) = m len(key_k) = n c[i] = (p[i] * key_a[i % m] + key_k[i % n]) % 26 p is plain text, only lowercase letters
BUUCTF(传统知识+古典密码)
Bigotry77的博客
07-29 3211
先下载文件,发现有两个东西 然后再看题目:传统知识加古典密码 第一个文件,信中的不同年份目前不知道是什么密码,应该属于传统知识了,然后对照表格,看各个年份分别对应的数字,发现分别是这几个数字:28 30 23 08 17 10 16 30 然后再看到信的背面还有一个+甲子,一甲子=60年 然后把60加到上面一段数字中可以得到数字串:88 90 83 68 77 70 76 90 再然后把这些数字对应ASCII表,可以得到一串字母:XZSDMFLZ ASCII对...
人脸打卡机)-加解密及数据协议.docx
12-17
人脸打卡机)-加解密及数据协议.docx
易语言论坛登陆打卡源码-易语言
06-13
易语言论坛登陆打卡源码
uniapp打卡小程序 sign-in.zip
01-03
打卡小程序,只包含前端样式,功能未实现。
C#员工打卡系统-拍照入库
11-15
打卡时,采用C#代码调用本机摄像头拍照,将照片同其他信息一并上传至数据库,模拟打卡过程,并且有管理员模块!
基于springboot的前后端分离每日任务打卡系统-源码
10-02
基于springboot的前后端分离每日任务打卡系统_源码
BUUCTF 每日打卡 2021-5-8
weixin_52446095的博客
05-08 7295
引言 together 附件有两个 公钥,pem 和 flag(base64编码) 文件 联想题目,容易猜想是 RSA 共模攻击 编写代码验证: from Crypto.PublicKey import RSA with open("pubkey1.pem", "r") as f: key = RSA.import_key(f.read()) print(key.n) print(key.e) with open("pubkey2.pem", "r") as f: key
BUUCTF 每日打卡 2021-4-5
weixin_52446095的博客
04-05 2357
引言 出人意料的得到消息要被拉去打国赛(第十四届全国大学生信息安全竞赛-创新实践能力赛)了(一脸懵逼) 我还什么都没学呢(摸鱼) 嘛,不过被分到第二梯队大概也没抱什么希望吧(继续摸鱼) 害,说丧气话也改变不了什么,还是脚踏实地地慢慢进步吧 毕竟 Crypto手 在队里也是稀缺人才 我也是加把劲骑士!(doge) RSA2 dp(dq) 泄露的题没做过,不过跟 dp, dq 泄露相比容易许多 首先,根据 dp≡d mod (p−1) dp \equiv d\space mod \space
BUUCTF 每日打卡 2021-3-31
weixin_52446095的博客
03-31 2004
引言 3月的最后几天真tnd倒霉透了 抽卡各种暴死,明明是复刻活动让我卡紫皮(wtm上次毕业了) 搭个个人博客各种掉坑 搞了三天总算支棱起来了:https://luozj1020.github.io/ (害,域名还没整起来) 只是搭了一个框架,把这几天的wp丢了进去 欢迎你们来我的博客看,看累了就。。直接睡觉,没问题的[doge] hexo 遇到的各种坑 既然讲到了搭个人博客,就讲一讲我用 hexo + github 遇到的各种坑 我搭博客主要参考了知乎的这篇文章:https://zhuanlan.zhih
BUUCTF 每日打卡 2021-8-9
weixin_52446095的博客
08-09 1188
引言 加入了Nep联合战队,又要忙起来了啊 [NCTF2019]easyRSA 加密代码如下: from flag import flag e = 0x1337 p = 19913867782374383733992752015760782002974657455774654909492148829287722650919831501601891938525978123814840283331603363496816327619899927932782790187942642966467435884408
设计一个每日健康打卡数据表
03-30
数据表名称:每日健康打卡表 字段: - 姓名:文本,最多10个字符 - 打卡日期:日期,格式为YYYY-MM-DD - 体温:数字,小数点后保留1位,单位为℃ - 呼吸状况:文本,最多10个字符,如正常、气促、咳嗽等 - 是否有咳嗽、发热等症状:文本,最多10个字符,如有、无 - 是否接触过有症状人员:文本,最多10个字符,如有、无 - 其他症状或注意事项:文本,最多50个字符 主键:姓名+打卡日期 示例数据: | 姓名 | 打卡日期 | 体温 | 呼吸状况 | 是否有症状 | 是否接触有症状人员 | 其他症状或注意事项 | |------|-----------|------|----------|------------|--------------------|-------------------| | 张三 | 2021-01-01 | 36.5 | 正常 | 无 | 无 | | | 张三 | 2021-01-02 | 37.0 | 正常 | 无 | 无 | | | 张三 | 2021-01-03 | 36.8 | 气促 | 有 | 无 | 建议去医院检查 | | 李四 | 2021-01-01 | 37.2 | 正常 | 无 | 有 | 自我隔离14天 | | 李四 | 2021-01-02 | 37.4 | 咳嗽 | 有 | 无 | 电话咨询医生 | | 王五 | 2021-01-01 | 36.7 | 正常 | 无 | 无 | |

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值