看雪2022 KCTF 春季赛 | 第三题设计思路及解析

admin 2022年5月16日19:42:26评论47 views字数 19718阅读65分43秒阅读模式
看雪 2022 KCTF春季赛 于5月10日中午12点正式开赛!第三题《石像病毒》已截止答题,经统计,本题围观人数2253人,共计27支战队成功破解。mininepRe战队】用时2小时13分12秒拿下第三题的“一血”。

现在第三题《末日邀请》已截止答题,想必不少小伙伴对该赛题本身也充满兴趣,接下来和我一起来看看该赛题的设计思路和相关解析吧~



出题团队简介


第三题《石像病毒》出题方 香蕉君 战队:


看雪2022 KCTF 春季赛 | 第三题设计思路及解析


看雪2022 KCTF 春季赛 | 第三题设计思路及解析



赛题设计思路



题目说明和答案在Duplicity题目说明.zip压缩包中:https://bbs.pediy.com/thread-272621.htm


题目设计说明

本题大致逻辑是以已知字符串的md5值为AES密钥,加密输入,并与已知数组进行对比;同时用异常处理藏起魔改逻辑,需要细心查看汇编代码才可发现。
 

主要魔改点(其余异常处理用于反调试):

1)在md5中,用除0异常(本函数中ebx的值不影响其他部分,故不考虑存储)调用exception_md5_change45,魔改k[42]。
 
看雪2022 KCTF 春季赛 | 第三题设计思路及解析
 
2)在AES的keyExpansion中,多次用未知指令异常调用exception_aes_sbox,交换S盒的两个值(同时起到花指令混淆的作用)。
 
看雪2022 KCTF 春季赛 | 第三题设计思路及解析
 
3)在AES的shiftRow中,用未知指令异常魔改移动方向(同时起到花指令混淆的作用)。
 
看雪2022 KCTF 春季赛 | 第三题设计思路及解析
 
4)在AES的GMul中,用除0异常魔改用来比较的已知密文字节。
 
看雪2022 KCTF 春季赛 | 第三题设计思路及解析


破解思路

可以patch掉异常处理进行调试,也可以静态硬刚。然后根据算法魔改的部分编写exp就可以了。
 
exp关键部分:
// 1k[42] = 0xD4AF3085;
// 2void swap_aes_sbox() { inv_S[S[113]] ^= inv_S[S[163]]; inv_S[S[163]] ^= inv_S[S[113]]; inv_S[S[113]] ^= inv_S[S[163]]; return;}int keyExpansion(const uint8_t *key, uint32_t keyLen, AesKey *aesKey) { uint32_t *w = aesKey->eK; uint32_t *v = aesKey->dK; /* W[0-3] */ for (int i = 0; i < 4; ++i) { swap_aes_sbox(); LOAD32H(w[i], key + 4*i); } /* W[4-43] */ for (int i = 0; i < 10; ++i) { swap_aes_sbox(); w[4] = w[0] ^ MIX(w[3]) ^ rcon[i]; w[5] = w[1] ^ w[4]; w[6] = w[2] ^ w[5]; w[7] = w[3] ^ w[6]; w += 4; } w = aesKey->eK+44 - 4; for (int j = 0; j < 11; ++j) { swap_aes_sbox(); for (int i = 0; i < 4; ++i) { v[i] = w[i]; } w -= 4; v += 4; } return 0;}
// 3int invShiftRows(uint8_t (*state)[4]) { uint32_t block[4] = {0}; for (int i = 0; i < 4; ++i) { LOAD32H(block[i], state[i]); block[i] = ROF32(block[i], 8*i); STORE32H(block[i], state[i]); } return 0;}
// 4byte_41C200[16] = 244;byte_41C200[17] = 242;


flag

flag{db5c6a8dfec4d0ec5569899640}




赛题解析


本赛题解析由看雪论坛专家 堂前燕 给出:

看雪2022 KCTF 春季赛 | 第三题设计思路及解析

flag{db5c6a8dfec4d0ec5569899640}


流程

看雪2022 KCTF 春季赛 | 第三题设计思路及解析

魔改AES-128-ECB加密操作

int __cdecl AES_EN_402070(char key, size_t keySize, char indata, char *outdata, int datasize)看雪2022 KCTF 春季赛 | 第三题设计思路及解析

S盒有变动

看雪2022 KCTF 春季赛 | 第三题设计思路及解析
对应修改

static const int S[16][16] = {0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,0x51, 0x0A, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,0xE0, 0x32, 0x3A, 0xA3, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16};

逆s盒
static const int S2[16][16]{    0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0x71, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,        0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,        0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,        0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,        0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,        0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,        0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,        0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,        0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,        0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,        0x47, 0xF1, 0x1A, 0xA3, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,        0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,        0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,        0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,        0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,        0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D,};

m_shiftRows函数

看雪2022 KCTF 春季赛 | 第三题设计思路及解析

对应修改shiftRows操作
看雪2022 KCTF 春季赛 | 第三题设计思路及解析

AES加解密源码参考

https://blog.csdn.net/qq_28205153/article/details/55798628

aes.h

#pragma once#ifndef MY_AES_H#define MY_AES_H /** * 参数 p: 明文的字符串数组。 * 参数 plen: 明文的长度,长度必须为16的倍数。 * 参数 key: 密钥的字符串数组。 */void aes(char* p, int plen, char* key); /** * 参数 c: 密文的字符串数组。 * 参数 clen: 密文的长度,长度必须为16的倍数。 * 参数 key: 密钥的字符串数组。 */void deAes(char* c, int clen, char* key);void AES_EN_402070(char* key, size_t keylen, char* p, char* outdata, int plen);void AES_DE_402070(char* key, size_t keylen, char* c, char* outdata, int clen);#endif

aes.cpp

#include <stdio.h>#include <stdlib.h>#include <string.h> #include "aes.h" /** * S盒 *///static const int S[16][16] = { 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,//    0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,//    0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,//    0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,//    0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,//    0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,//    0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,//    0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,//    0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,//    0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,//    0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,//    0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,//    0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,//    0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,//    0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,//    0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 };static const int S[16][16] = {0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,0x51, 0x0A, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,0xE0, 0x32, 0x3A, 0xA3, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16};/** * 逆S盒 *///static const int S2[16][16] = { 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,//    0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,//    0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,//    0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,//    0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,//    0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,//    0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,//    0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,//    0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,//    0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,//    0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,//    0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,//    0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,//    0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,//    0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,//    0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d };static const int S2[16][16]{    0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0x71, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,        0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,        0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,        0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,        0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,        0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,        0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,        0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,        0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,        0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,        0x47, 0xF1, 0x1A, 0xA3, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,        0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,        0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,        0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,        0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,        0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D,};/** * 获取整形数据的低8位的左4个位 */static int getLeft4Bit(int num) {    int left = num & 0x000000f0;    return left >> 4;} /** * 获取整形数据的低8位的右4个位 */static int getRight4Bit(int num) {    return num & 0x0000000f;}/** * 根据索引,从S盒中获得元素 */static int getNumFromSBox(int index) {    int row = getLeft4Bit(index);    int col = getRight4Bit(index);    return S[row][col];} /** * 把一个字符转变成整型 */static int getIntFromChar(char c) {    int result = (int)c;    return result & 0x000000ff;} /** * 把16个字符转变成4X4的数组, * 该矩阵中字节的排列顺序为从上到下, * 从左到右依次排列。 */static void convertToIntArray(char* str, int pa[4][4]) {    int k = 0;    int i, j;    for (i = 0; i < 4; i++)        for (j = 0; j < 4; j++) {            pa[j][i] = getIntFromChar(str[k]);            k++;        }} /** * 打印4X4的数组 */static void printArray(int a[4][4]) {    int i, j;    for (i = 0; i < 4; i++) {        for (j = 0; j < 4; j++)            printf("a[%d][%d] = 0x%x ", i, j, a[i][j]);        printf("n");    }    printf("n");} /** * 打印字符串的ASSCI, * 以十六进制显示。 */static void printASSCI(char* str, int len) {    int i;    for (i = 0; i < len; i++)        printf("0x%x ", getIntFromChar(str[i]));    printf("n");} /** * 把连续的4个字符合并成一个4字节的整型 */static int getWordFromStr(char* str) {    int one, two, three, four;    one = getIntFromChar(str[0]);    one = one << 24;    two = getIntFromChar(str[1]);    two = two << 16;    three = getIntFromChar(str[2]);    three = three << 8;    four = getIntFromChar(str[3]);    return one | two | three | four;} /** * 把一个4字节的数的第一、二、三、四个字节取出, * 入进一个4个元素的整型数组里面。 */static void splitIntToArray(int num, int array[4]) {    int one, two, three;    one = num >> 24;    array[0] = one & 0x000000ff;    two = num >> 16;    array[1] = two & 0x000000ff;    three = num >> 8;    array[2] = three & 0x000000ff;    array[3] = num & 0x000000ff;} /** * 将数组中的元素循环左移step位 */static void leftLoop4int(int array[4], int step) {    int temp[4];    int i;    int index;    for (i = 0; i < 4; i++)        temp[i] = array[i];     index = step % 4 == 0 ? 0 : step % 4;    for (i = 0; i < 4; i++) {        array[i] = temp[index];        index++;        index = index % 4;    }} /** * 把数组中的第一、二、三和四元素分别作为 * 4字节整型的第一、二、三和四字节,合并成一个4字节整型 */static int mergeArrayToInt(int array[4]) {    int one = array[0] << 24;    int two = array[1] << 16;    int three = array[2] << 8;    int four = array[3];    return one | two | three | four;} /** * 常量轮值表 */static const int Rcon[10] = { 0x01000000, 0x02000000,    0x04000000, 0x08000000,    0x10000000, 0x20000000,    0x40000000, 0x80000000,    0x1b000000, 0x36000000 };/** * 密钥扩展中的T函数 */static int T(int num, int round) {    int numArray[4];    int i;    int result;    splitIntToArray(num, numArray);    leftLoop4int(numArray, 1);//字循环     //字节代换    for (i = 0; i < 4; i++)        numArray[i] = getNumFromSBox(numArray[i]);     result = mergeArrayToInt(numArray);    return result ^ Rcon[round];} //密钥对应的扩展数组static int w[44];/** * 打印W数组 */static void printW() {    int i, j;    for (i = 0, j = 1; i < 44; i++, j++) {        printf("w[%d] = 0x%x ", i, w[i]);        if (j % 4 == 0)            printf("n");    }    printf("n");}  /** * 扩展密钥,结果是把w[44]中的每个元素初始化 */static void extendKey(char* key) {    int i, j;    for (i = 0; i < 4; i++)        w[i] = getWordFromStr(key + i * 4);     for (i = 4, j = 0; i < 44; i++) {        if (i % 4 == 0) {            w[i] = w[i - 4] ^ T(w[i - 1], j);            j++;//下一轮        }        else {            w[i] = w[i - 4] ^ w[i - 1];        }    } } /** * 轮密钥加 */static void addRoundKey(int array[4][4], int round) {    int warray[4];    int i, j;    for (i = 0; i < 4; i++) {         splitIntToArray(w[round * 4 + i], warray);         for (j = 0; j < 4; j++) {            array[j][i] = array[j][i] ^ warray[j];        }    }} /** * 字节代换 */static void subBytes(int array[4][4]) {    int i, j;    for (i = 0; i < 4; i++)        for (j = 0; j < 4; j++)            array[i][j] = getNumFromSBox(array[i][j]);} /** * 行移位 */static void shiftRows(int array[4][4]) {    int rowTwo[4], rowThree[4], rowFour[4];    int i;    for (i = 0; i < 4; i++) {        rowTwo[i] = array[1][i];        rowThree[i] = array[2][i];        rowFour[i] = array[3][i];    }/*    leftLoop4int(rowTwo, 1);    leftLoop4int(rowThree, 2);    leftLoop4int(rowFour, 3);*/    leftLoop4int(rowTwo, 3);    leftLoop4int(rowThree, 2);    leftLoop4int(rowFour, 1);     for (i = 0; i < 4; i++) {        array[1][i] = rowTwo[i];        array[2][i] = rowThree[i];        array[3][i] = rowFour[i];    }} /** * 列混合要用到的矩阵 */static const int colM[4][4] = { 2, 3, 1, 1,    1, 2, 3, 1,    1, 1, 2, 3,    3, 1, 1, 2 }; static int GFMul2(int s) {    int result = s << 1;    int a7 = result & 0x00000100;     if (a7 != 0) {        result = result & 0x000000ff;        result = result ^ 0x1b;    }     return result;} static int GFMul3(int s) {    return GFMul2(s) ^ s;} static int GFMul4(int s) {    return GFMul2(GFMul2(s));} static int GFMul8(int s) {    return GFMul2(GFMul4(s));} static int GFMul9(int s) {    return GFMul8(s) ^ s;} static int GFMul11(int s) {    return GFMul9(s) ^ GFMul2(s);} static int GFMul12(int s) {    return GFMul8(s) ^ GFMul4(s);} static int GFMul13(int s) {    return GFMul12(s) ^ s;} static int GFMul14(int s) {    return GFMul12(s) ^ GFMul2(s);} /** * GF上的二元运算 */static int GFMul(int n, int s) {    int result;     if (n == 1)        result = s;    else if (n == 2)        result = GFMul2(s);    else if (n == 3)        result = GFMul3(s);    else if (n == 0x9)        result = GFMul9(s);    else if (n == 0xb)//11        result = GFMul11(s);    else if (n == 0xd)//13        result = GFMul13(s);    else if (n == 0xe)//14        result = GFMul14(s);     return result;}/** * 列混合 */static void mixColumns(int array[4][4]) {     int tempArray[4][4];    int i, j;    for (i = 0; i < 4; i++)        for (j = 0; j < 4; j++)            tempArray[i][j] = array[i][j];     for (i = 0; i < 4; i++)        for (j = 0; j < 4; j++) {            array[i][j] = GFMul(colM[i][0], tempArray[0][j]) ^ GFMul(colM[i][1], tempArray[1][j])                ^ GFMul(colM[i][2], tempArray[2][j]) ^ GFMul(colM[i][3], tempArray[3][j]);        }}/** * 把4X4数组转回字符串 */static void convertArrayToStr(int array[4][4], char* str) {    int i, j;    for (i = 0; i < 4; i++)        for (j = 0; j < 4; j++)            *str++ = (char)array[j][i];}/** * 检查密钥长度 */static int checkKeyLen(int len) {    if (len == 16)        return 1;    else        return 0;}  void AES_EN_402070(char* key, size_t keylen, char* p, char* outdata, int plen) {    //int keylen = strlen(key);    int pArray[4][4];    int k, i;     if (plen == 0 || plen % 16 != 0) {        printf("明文字符长度必须为16的倍数!n");        exit(0);    }     if (!checkKeyLen(keylen)) {        printf("密钥字符长度错误!长度必须为16。当前长度为%dn", keylen);        exit(0);    }     extendKey(key);//扩展密钥     for (k = 0; k < plen; k += 16) {        convertToIntArray(p + k, pArray);         addRoundKey(pArray, 0);//一开始的轮密钥加         for (i = 1; i < 10; i++) {             subBytes(pArray);//字节代换             shiftRows(pArray);//行移位             mixColumns(pArray);//列混合             addRoundKey(pArray, i);         }         subBytes(pArray);//字节代换         shiftRows(pArray);//行移位         addRoundKey(pArray, 10);         convertArrayToStr(pArray, outdata + k);    }}/** * 参数 p: 明文的字符串数组。 * 参数 plen: 明文的长度。 * 参数 key: 密钥的字符串数组。 */void aes(char* p, int plen, char* key) {     int keylen = strlen(key);    int pArray[4][4];    int k, i;     if (plen == 0 || plen % 16 != 0) {        printf("明文字符长度必须为16的倍数!n");        exit(0);    }     if (!checkKeyLen(keylen)) {        printf("密钥字符长度错误!长度必须为16。当前长度为%dn", keylen);        exit(0);    }     extendKey(key);//扩展密钥     for (k = 0; k < plen; k += 16) {        convertToIntArray(p + k, pArray);         addRoundKey(pArray, 0);//一开始的轮密钥加         for (i = 1; i < 10; i++) {             subBytes(pArray);//字节代换             shiftRows(pArray);//行移位             mixColumns(pArray);//列混合             addRoundKey(pArray, i);         }         subBytes(pArray);//字节代换         shiftRows(pArray);//行移位         addRoundKey(pArray, 10);         convertArrayToStr(pArray, p + k);    }}/** * 根据索引从逆S盒中获取值 */static int getNumFromS1Box(int index) {    int row = getLeft4Bit(index);    int col = getRight4Bit(index);    return S2[row][col];}/** * 逆字节变换 */static void deSubBytes(int array[4][4]) {    int i, j;    for (i = 0; i < 4; i++)        for (j = 0; j < 4; j++)            array[i][j] = getNumFromS1Box(array[i][j]);}/** * 把4个元素的数组循环右移step位 */static void rightLoop4int(int array[4], int step) {    int temp[4];    int i;    int index;    for (i = 0; i < 4; i++)        temp[i] = array[i];     index = step % 4 == 0 ? 0 : step % 4;    index = 3 - index;    for (i = 3; i >= 0; i--) {        array[i] = temp[index];        index--;        index = index == -1 ? 3 : index;    }} /** * 逆行移位 */static void deShiftRows(int array[4][4]) {    int rowTwo[4], rowThree[4], rowFour[4];    int i;    for (i = 0; i < 4; i++) {        rowTwo[i] = array[1][i];        rowThree[i] = array[2][i];        rowFour[i] = array[3][i];    }     /*        rightLoop4int(rowTwo, 1);    rightLoop4int(rowThree, 2);    rightLoop4int(rowFour, 3);    */    rightLoop4int(rowTwo, 3);    rightLoop4int(rowThree, 2);    rightLoop4int(rowFour, 1);     for (i = 0; i < 4; i++) {        array[1][i] = rowTwo[i];        array[2][i] = rowThree[i];        array[3][i] = rowFour[i];    }}/** * 逆列混合用到的矩阵 */static const int deColM[4][4] = { 0xe, 0xb, 0xd, 0x9,    0x9, 0xe, 0xb, 0xd,    0xd, 0x9, 0xe, 0xb,    0xb, 0xd, 0x9, 0xe }; /** * 逆列混合 */static void deMixColumns(int array[4][4]) {    int tempArray[4][4];    int i, j;    for (i = 0; i < 4; i++)        for (j = 0; j < 4; j++)            tempArray[i][j] = array[i][j];     for (i = 0; i < 4; i++)        for (j = 0; j < 4; j++) {            array[i][j] = GFMul(deColM[i][0], tempArray[0][j]) ^ GFMul(deColM[i][1], tempArray[1][j])                ^ GFMul(deColM[i][2], tempArray[2][j]) ^ GFMul(deColM[i][3], tempArray[3][j]);        }}/** * 把两个4X4数组进行异或 */static void addRoundTowArray(int aArray[4][4], int bArray[4][4]) {    int i, j;    for (i = 0; i < 4; i++)        for (j = 0; j < 4; j++)            aArray[i][j] = aArray[i][j] ^ bArray[i][j];}/** * 从4个32位的密钥字中获得4X4数组, * 用于进行逆列混合 */static void getArrayFrom4W(int i, int array[4][4]) {    int index, j;    int colOne[4], colTwo[4], colThree[4], colFour[4];    index = i * 4;    splitIntToArray(w[index], colOne);    splitIntToArray(w[index + 1], colTwo);    splitIntToArray(w[index + 2], colThree);    splitIntToArray(w[index + 3], colFour);     for (j = 0; j < 4; j++) {        array[j][0] = colOne[j];        array[j][1] = colTwo[j];        array[j][2] = colThree[j];        array[j][3] = colFour[j];    } }void AES_DE_402070(char* key, size_t keylen, char* c, char* outdata, int clen) {    //(char* c, int clen, char* key)    //(char* p, int plen, char* key)    int cArray[4][4];    int k;    // int keylen, k;     //keylen = strlen(key);    if (clen == 0 || clen % 16 != 0) {        printf("密文字符长度必须为16的倍数!现在的长度为%dn", clen);        exit(0);    }     if (!checkKeyLen(keylen)) {        printf("密钥字符长度错误!长度必须为16、24和32。当前长度为%dn", keylen);        exit(0);    }     extendKey(key);//扩展密钥     for (k = 0; k < clen; k += 16) {        int i;        int wArray[4][4];         convertToIntArray(c + k, cArray);             addRoundKey(cArray, 10);         for (i = 9; i >= 1; i--) {            deSubBytes(cArray);             deShiftRows(cArray);             deMixColumns(cArray);            getArrayFrom4W(i, wArray);            deMixColumns(wArray);             addRoundTowArray(cArray, wArray);        }         deSubBytes(cArray);         deShiftRows(cArray);         addRoundKey(cArray, 0);         convertArrayToStr(cArray, outdata + k);     }} /** * 参数 c: 密文的字符串数组。 * 参数 clen: 密文的长度。 * 参数 key: 密钥的字符串数组。 */void deAes(char* c, int clen, char* key) {     int cArray[4][4];    int keylen, k;    keylen = strlen(key);    if (clen == 0 || clen % 16 != 0) {        printf("密文字符长度必须为16的倍数!现在的长度为%dn", clen);        exit(0);    }     if (!checkKeyLen(keylen)) {        printf("密钥字符长度错误!长度必须为16、24和32。当前长度为%dn", keylen);        exit(0);    }     extendKey(key);//扩展密钥     for (k = 0; k < clen; k += 16) {        int i;        int wArray[4][4];         convertToIntArray(c + k, cArray);             addRoundKey(cArray, 10);         for (i = 9; i >= 1; i--) {            deSubBytes(cArray);             deShiftRows(cArray);             deMixColumns(cArray);            getArrayFrom4W(i, wArray);            deMixColumns(wArray);             addRoundTowArray(cArray, wArray);        }         deSubBytes(cArray);         deShiftRows(cArray);         addRoundKey(cArray, 0);         convertArrayToStr(cArray, c + k);     }}

test

#include <iostream>#include "aes.h" int main(){    char target[] = { 0x57, 0x7C, 0xF5, 0x6D, 0x56, 0x96, 0x77, 0x45, 0xB0, 0xBD, 0xA1, 0xC7, 0x89, 0xA5, 0xAB, 0xDC,0xF4, 0xF2, 0x4B, 0xFE, 0xBE, 0xF5, 0xF5, 0x5C, 0x4D, 0x30, 0x42, 0x0F, 0x2B, 0x3B, 0xE6, 0xCB };    char key[] = {0x2F, 0x65, 0xB1, 0xFF, 0x31, 0xED, 0x86, 0xD0, 0x9A, 0x28, 0x5C, 0x0F, 0x40, 0x48, 0x05, 0x9D    };    char flag[33] = { 0 };    AES_DE_402070(key, 16, target, flag, 32);    for (int i = 0; i < 32; ++i) {        printf("%02x ", (unsigned char)flag[i]);        if (!((i + 1) % 16)) {            printf("n");        }    }    printf("n");    printf("%sn", flag);    return 0;}

看雪2022 KCTF 春季赛 | 第三题设计思路及解析

看雪2022 KCTF 春季赛 | 第三题设计思路及解析

第四题《飞蛾扑火》还在火热进行中,

👆还在等什么,快来参赛吧!


看雪2022 KCTF 春季赛 | 第三题设计思路及解析
- End -



看雪2022 KCTF 春季赛 | 第三题设计思路及解析



看雪2022 KCTF 春季赛 | 第三题设计思路及解析

球分享

看雪2022 KCTF 春季赛 | 第三题设计思路及解析

球点赞

看雪2022 KCTF 春季赛 | 第三题设计思路及解析

球在看



看雪2022 KCTF 春季赛 | 第三题设计思路及解析
“阅读原文继续第四题的角逐!

原文始发于微信公众号(看雪学苑):看雪2022 KCTF 春季赛 | 第三题设计思路及解析

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年5月16日19:42:26
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   看雪2022 KCTF 春季赛 | 第三题设计思路及解析http://cn-sec.com/archives/1011439.html

发表评论

匿名网友 填写信息