【月饼杯】月饼杯 -crypto2_月自圆 - CTFshow WP

  • 【月饼杯】月饼杯 -crypto2_月自圆 - CTFshow WP已关闭评论
  • 1 views
  • A+
所属分类:CTF专场

题目名称:crypto2_月自圆

题目描述:Baby (Don’t) Cry

世远人何在?天空月自圆。

出题师傅:Lazzaro

一血师傅:airrudder

源码文件Baby(Don't)Cry.py

# -*- coding:utf-8 -*-
#Author: Lazzaro

from itertools import *
from random import *
from string import *

def encrypt(m, a, si):
	c=""
	for i in range(len(m)):
		c+=hex(((ord(m[i])) * a + ord(next(si))) % 128)[2:].zfill(2)
	return c
	
if __name__ == "__main__":
	m = '****************************************************flag{*************}'
	assert(len(m)==71)
	a = randint(50,100)
	#随机产生四位大写字母
	salt = ''.join(sample(ascii_uppercase, 4))
	#迭代
	si = cycle(salt.lower())
	c=encrypt(m, a, si)
	print(c)
#3472184e657e50561c481f5c1c4e1938163e154431015e13062c1b073d4e3a444f4a5c5c7a071919167b034e1c29566647600c4e1c2956661b6c1f50622f0016317e563546202a

明文长度为71位,加密后为142位。
这里由于a不大,salt长度也不长,且明文m中存在flag,正好可以用这几位去爆破出asalt
flag在明文m中的位置是53,对应密文c中的位置是105。flag出现的位置正好对应salt的位置。

f ⇒ 1c
l ⇒ 29
a ⇒ 56
g ⇒ 66

写脚本爆出a、salt

from itertools import *
from random import *
from string import *

def encrypt(m, a, si):
	c=""
	for i in range(len(m)):
		c+=hex(((ord(m[i])) * a + ord(next(si))) % 128)[2:].zfill(2)
	return c

if __name__ == "__main__":
	for i in range(50,100):
		for j in ascii_uppercase:
			si = cycle(j.lower())
			# if encrypt('f', i, si)=='1c':
			# 	print('i =',i,'tj =',j)

			if encrypt('l', i, si)=='29':
				print('i =',i,'tj =',j)

结果:
满足encrypt('f', i, si)=='1c'的结果:

i = 52 	j = D
i = 57 	j = F
i = 62 	j = H
i = 67 	j = J
i = 72 	j = L
i = 77 	j = N
i = 82 	j = P
i = 87 	j = R
i = 92 	j = T
i = 97 	j = V

满足encrypt('l', i, si)=='29'的结果:

i = 54 	j = A
i = 55 	j = U
i = 61 	j = M
i = 67 	j = E
i = 68 	j = Y
i = 74 	j = Q
i = 80 	j = I
i = 86 	j = A
i = 87 	j = U
i = 93 	j = M
i = 99 	j = E

相同的i只有67,说明随机数a=67

然后拿着a去继续爆salt的后两位

if encrypt('a', 67, si)=='56':
	print('j =',j)

if encrypt('g', 67, si)=='66':
	print('j =',j)

最终得出salt='JESQ'
知道了随机出a和salt,这道题就出来了

from itertools import *
from random import *
from string import *

def encrypt(m, a, si):
	c=""
	for i in range(len(m)):
		c+=hex(((ord(m[i])) * a + ord(si)) % 128)[2:].zfill(2)
	return c
	
if __name__ == "__main__":
	
	salt = 'JESQ'
	si = cycle(salt.lower())
	c = '3472184e657e50561c481f5c1c4e1938163e154431015e13062c1b073d4e3a444f4a5c5c7a071919167b034e1c29566647600c4e1c2956661b6c1f50622f0016317e563546202a'
	res = ''
	for i in range(0,len(c),2):
		ssi = next(si)
		for j in range(32,127):
			if encrypt(chr(j),67,ssi)==c[i]+c[i+1]:
				res += chr(j)
	print(res)

得到最终结果:

now_is_7fad9fcb-d361-4964-821c-177c906b8d20_flag_is_flag{md5(now-salt)}

7fad9fcb-d361-4964-821c-177c906b8d20-JESQ经md5加密后为1efce62ee0a96e39149e2179db1dd04c
最终flag:flag{1efce62ee0a96e39149e2179db1dd04c}

 

 

相关推荐: 【学习笔记】陇剑杯之攻击取证内存分析

VolatilityVolatility是一款开源内存取证框架,能够对导出的内存镜像进行分析,通过获取内核数据结构,使用插件获取内存的详细情况以及系统的运行状态。特点:开源:Python编写,易于和基于python的主机防御框架集成。支持多平台:Windows…