内容简介:上周末玩了RCTF,可能为了防止冠军AK题目比*CTF难不少,下面是一道密码的题解。只给了一个
前言
上周末玩了RCTF,可能为了防止冠军AK题目比*CTF难不少,下面是一道密码的题解。
题目内容
只给了一个 crypto.py
:
#!/usr/bin/python3 -u from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import padding from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes import binascii import os import sys import copy import struct rcon = [ 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91 ] S = [0x93 ,0x43 ,0x5D ,0x6E ,0x9E ,0xE6 ,0x02 ,0x3D ,0x48 ,0x65 ,0x9C ,0x39 ,0xEA ,0x1C ,0x5F ,0x01 ,0x26 ,0x9F ,0x2B ,0xEC ,0x6D ,0xB5 ,0x8D ,0x84 ,0x7F ,0xF1 ,0xC5 ,0x82 ,0x4B ,0x00 ,0x55 ,0xE3 ,0xC2 ,0xB2 ,0x63 ,0x8F ,0x41 ,0xA3 ,0x2F ,0x4D ,0x92 ,0x08 ,0x8B ,0x4F ,0x09 ,0x36 ,0xFC ,0x16 ,0x33 ,0x78 ,0x7B ,0x76 ,0x35 ,0x13 ,0x73 ,0x6B ,0x05 ,0xC3 ,0x2A ,0x7E ,0xEF ,0x37 ,0x22 ,0x4E ,0xED ,0xBA ,0x3A ,0x74 ,0xCC ,0xB1 ,0x2D ,0x59 ,0x10 ,0x23 ,0xA0 ,0x7D ,0xDA ,0x0F ,0x3F ,0x3E ,0xE9 ,0x4C ,0xD4 ,0x11 ,0x66 ,0xA1 ,0x90 ,0x28 ,0xFA ,0xC4 ,0xD5 ,0xDF ,0x60 ,0x18 ,0x32 ,0x68 ,0xF7 ,0x24 ,0x94 ,0x0B ,0xF9 ,0xF6 ,0x95 ,0xB9 ,0xCF ,0x9A ,0x29 ,0x25 ,0x31 ,0x7C ,0x64 ,0xCB ,0x5A ,0x0C ,0x77 ,0x71 ,0x12 ,0x30 ,0xCE ,0x86 ,0xA4 ,0x42 ,0x72 ,0x5E ,0xCA ,0xFB ,0x19 ,0x6A ,0x27 ,0xF0 ,0x8C ,0xF3 ,0x5B ,0xB8 ,0x45 ,0x56 ,0x50 ,0x61 ,0xBF ,0xC7 ,0xDC ,0xD7 ,0x67 ,0x75 ,0xB0 ,0x54 ,0xE2 ,0x15 ,0x57 ,0x1D ,0xBC ,0x1E ,0x2C ,0x80 ,0xF5 ,0x91 ,0xF4 ,0x2E ,0xC9 ,0xEE ,0xFD ,0xBB ,0xD3 ,0x44 ,0x34 ,0xE0 ,0xE8 ,0x07 ,0x5C ,0xB6 ,0x06 ,0x0D ,0x6F ,0xDB ,0xBD ,0xFF ,0xAB ,0x9D ,0x20 ,0xA8 ,0x88 ,0x6C ,0xC8 ,0xBE ,0xE5 ,0xA5 ,0x14 ,0xD0 ,0x8A ,0x1B ,0x9B ,0x40 ,0x81 ,0xE1 ,0x1A ,0xD1 ,0x89 ,0xD8 ,0xB4 ,0xFE ,0xC0 ,0xEB ,0x1F ,0x79 ,0x62 ,0xE7 ,0x98 ,0xAA ,0xF8 ,0x87 ,0x51 ,0xD6 ,0x70 ,0x58 ,0xA6 ,0x96 ,0x83 ,0xA9 ,0x85 ,0x8E ,0x99 ,0xA2 ,0x21 ,0x17 ,0x38 ,0xAD ,0x0E ,0x53 ,0x46 ,0xB3 ,0x49 ,0x69 ,0x52 ,0xD2 ,0x4A ,0xC1 ,0xB7 ,0xD9 ,0xC6 ,0x03 ,0xF2 ,0xA7 ,0xE4 ,0xAE ,0xAC ,0x04 ,0xDD ,0x3B ,0x47 ,0x3C ,0x0A ,0x97 ,0xAF ,0xDE ,0x7A ,0xCD ,] T1 = [0xF467D4E9 ,0x2E6DD254 ,0xDE838832 ,0x5D3311CD ,0x9C02F7D0 ,0x71978453 ,0x10120E0A ,0xF3CEB3C9 ,0x763EE373 ,0x056020EA ,0x8C10F9DA ,0xD3EAAFDD ,0x11FBA06F ,0xE0FC546C ,0xCE918638 ,0x08090705 ,0x2B0DF2BE ,0x940BF0D5 ,0x4368D187 ,0x21CDB271 ,0x452818C2 ,0xDF6A2657 ,0x04898E8F ,0x4CC8B1A2 ,0xD5AA6698 ,0xC938E118 ,0x72B76DFC ,0x7CFEA3BC ,0x6E25EA7C ,0x00000000 ,0x9ECBB01A ,0x59BA9F42 ,0x4A8878E7 ,0xE755334C ,0x355632F4 ,0x149B8085 ,0x3E7FDC5E ,0x6FCC4419 ,0x634CCD93 ,0x5E13F862 ,0xFC6ED3EC ,0x40483828 ,0x34BF9C91 ,0x4E01F668 ,0x48413F2D ,0xAB9D82EE ,0xA15DC221 ,0xB0A6624E ,0x83B099FF ,0xED957383 ,0xF58E7A8C ,0x9DEB59B5 ,0xB3868BE1 ,0x988B795F ,0xB5C642A4 ,0x751E0ADC ,0x282D1B11 ,0x42817FE2 ,0x4B61D682 ,0xDDA3619D ,0x39D6BB7E ,0xA39485EB ,0x0B29EEAA ,0x4608F16D ,0x29C4B574 ,0xA71D0B64 ,0xCBF1A6D2 ,0x8DF957BF ,0x3AF652D1 ,0xFF4E3A43 ,0x735EC399 ,0xFEA79426 ,0x80907050 ,0x0320E9AF ,0x77D74D16 ,0xC5B86892 ,0x8A50309F ,0x78772D33 ,0xE3DCBDC3 ,0xEBD5BAC6 ,0x09E0A960 ,0x561AFF67 ,0xFA2E1AA9 ,0x88997755 ,0x1D7B29E5 ,0x7FDE4A13 ,0xEC7CDDE6 ,0x5B73D888 ,0x916BD03F ,0x7ABE6AF9 ,0xF2271DAC ,0xA27D2B8E ,0x2D4D3BFB ,0xC0D84878 ,0x8BB99EFA ,0x6D0503D3 ,0xF90EF306 ,0x3B1FFCB4 ,0xCC58C1F2 ,0x58533127 ,0x8970D930 ,0xF107F403 ,0xC451C6F7 ,0xBF06026B ,0x22ED5BDE ,0xBC26EBC4 ,0x537ADF8D ,0x3316FBB1 ,0x93A297F5 ,0xCDB16F97 ,0x0D6927EF ,0x02C947CA ,0xE6BC9D29 ,0x606C243C ,0x95E25EB0 ,0xA5D44CAE ,0x90827E5A ,0x9BAB90F0 ,0x2AE45CDB ,0x5CDABFA8 ,0x57F35102 ,0x2664D551 ,0xBDCF45A1 ,0xC698813D ,0x0AC040CF ,0x9962D73A ,0xC8D14F7D ,0x7D170DD9 ,0x2304F5BB ,0xC131E61D ,0x0C80898A ,0xD92AEF12 ,0xEEB59A2C ,0xB70F056E ,0x1E5BC04A ,0x86D0B915 ,0xB6E6AB0B ,0x25443CFE ,0x8F301075 ,0x62A563F6 ,0xBA662281 ,0xE23513A6 ,0x15722EE0 ,0x85F050BA ,0xF7473D46 ,0x96C2B71F ,0x51B39847 ,0xA8BD6B41 ,0x8ED9BE10 ,0xE8F55369 ,0x972B197A ,0xF0EE5A66 ,0x7B57C49C ,0x6CECADB6 ,0xE91CFD0C ,0xE475DAE3 ,0xE115FA09 ,0x6B45CA96 ,0x12DB49C0 ,0x31DFBC7B ,0xA954C524 ,0xAF140C61 ,0xC2110FB2 ,0x1652C74F ,0xBB8F8CE4 ,0x41A1964D ,0x01E9AE65 ,0x383F151B ,0xD68A8F37 ,0xC7712F58 ,0x3036121E ,0x68652339 ,0x553A16C8 ,0x8259379A ,0x9F221E7F ,0xB946CB2E ,0x2F847C31 ,0x8419FEDF ,0x1B3BE0A0 ,0x379F753E ,0x2CA4959E ,0x4D211FC7 ,0x1AD24EC5 ,0x87391770 ,0x698C8D5C ,0x5FFA5607 ,0xA0B46C44 ,0xDA0A06BD ,0x3CB69B94 ,0xD8C34177 ,0xB42FECC1 ,0x3676DB5B ,0x64E5AAB3 ,0x49A89148 ,0xD0CA4672 ,0xD20301B8 ,0x24AD929B ,0x9A423E95 ,0xD7632152 ,0xB14FCC2B ,0x5A9A76ED ,0x19F2A76A ,0xF8E75D63 ,0xE59C7486 ,0x3D5F35F1 ,0x799E8356 ,0xAC34E5CE ,0x278D7B34 ,0x8179DE35 ,0x54D3B8AD ,0xBEEFAC0E ,0xEA3C14A3 ,0xADDD4BAB ,0xF6AE9323 ,0x47E15F08 ,0xDC4ACFF8 ,0x74F7A4B9 ,0x3F96723B ,0x44C1B6A7 ,0x1C928780 ,0xA43DE2CB ,0x67C5431C ,0x1332E7A5 ,0xB8AF654B ,0xDBE3A8D8 ,0x1FB26E2F ,0x707E2A36 ,0xAEFDA204 ,0x0640C945 ,0xEF5C3449 ,0x7E37E476 ,0x650C04D6 ,0xA6F4A501 ,0xCA1808B7 ,0x662CED79 ,0x529371E8 ,0xCF78285D ,0x924B3990 ,0x6AAC64F3 ,0x181B090F ,0xD123E817 ,0x4FE8580D ,0x61858A59 ,0x07A96720 ,0x17BB692A ,0x20241C14 ,0xB26F2584 ,0xC3F8A1D7 ,0x0E49CE40 ,0xFBC7B4CC ,0x505A3622 ,0xD443C8FD ,0x0FA06025 ,0xAA742C8B ,0xFD877D89 ,0x32FF55D4 ,] T2 = [0xE9F467D4 ,0x542E6DD2 ,0x32DE8388 ,0xCD5D3311 ,0xD09C02F7 ,0x53719784 ,0x0A10120E ,0xC9F3CEB3 ,0x73763EE3 ,0xEA056020 ,0xDA8C10F9 ,0xDDD3EAAF ,0x6F11FBA0 ,0x6CE0FC54 ,0x38CE9186 ,0x05080907 ,0xBE2B0DF2 ,0xD5940BF0 ,0x874368D1 ,0x7121CDB2 ,0xC2452818 ,0x57DF6A26 ,0x8F04898E ,0xA24CC8B1 ,0x98D5AA66 ,0x18C938E1 ,0xFC72B76D ,0xBC7CFEA3 ,0x7C6E25EA ,0x00000000 ,0x1A9ECBB0 ,0x4259BA9F ,0xE74A8878 ,0x4CE75533 ,0xF4355632 ,0x85149B80 ,0x5E3E7FDC ,0x196FCC44 ,0x93634CCD ,0x625E13F8 ,0xECFC6ED3 ,0x28404838 ,0x9134BF9C ,0x684E01F6 ,0x2D48413F ,0xEEAB9D82 ,0x21A15DC2 ,0x4EB0A662 ,0xFF83B099 ,0x83ED9573 ,0x8CF58E7A ,0xB59DEB59 ,0xE1B3868B ,0x5F988B79 ,0xA4B5C642 ,0xDC751E0A ,0x11282D1B ,0xE242817F ,0x824B61D6 ,0x9DDDA361 ,0x7E39D6BB ,0xEBA39485 ,0xAA0B29EE ,0x6D4608F1 ,0x7429C4B5 ,0x64A71D0B ,0xD2CBF1A6 ,0xBF8DF957 ,0xD13AF652 ,0x43FF4E3A ,0x99735EC3 ,0x26FEA794 ,0x50809070 ,0xAF0320E9 ,0x1677D74D ,0x92C5B868 ,0x9F8A5030 ,0x3378772D ,0xC3E3DCBD ,0xC6EBD5BA ,0x6009E0A9 ,0x67561AFF ,0xA9FA2E1A ,0x55889977 ,0xE51D7B29 ,0x137FDE4A ,0xE6EC7CDD ,0x885B73D8 ,0x3F916BD0 ,0xF97ABE6A ,0xACF2271D ,0x8EA27D2B ,0xFB2D4D3B ,0x78C0D848 ,0xFA8BB99E ,0xD36D0503 ,0x06F90EF3 ,0xB43B1FFC ,0xF2CC58C1 ,0x27585331 ,0x308970D9 ,0x03F107F4 ,0xF7C451C6 ,0x6BBF0602 ,0xDE22ED5B ,0xC4BC26EB ,0x8D537ADF ,0xB13316FB ,0xF593A297 ,0x97CDB16F ,0xEF0D6927 ,0xCA02C947 ,0x29E6BC9D ,0x3C606C24 ,0xB095E25E ,0xAEA5D44C ,0x5A90827E ,0xF09BAB90 ,0xDB2AE45C ,0xA85CDABF ,0x0257F351 ,0x512664D5 ,0xA1BDCF45 ,0x3DC69881 ,0xCF0AC040 ,0x3A9962D7 ,0x7DC8D14F ,0xD97D170D ,0xBB2304F5 ,0x1DC131E6 ,0x8A0C8089 ,0x12D92AEF ,0x2CEEB59A ,0x6EB70F05 ,0x4A1E5BC0 ,0x1586D0B9 ,0x0BB6E6AB ,0xFE25443C ,0x758F3010 ,0xF662A563 ,0x81BA6622 ,0xA6E23513 ,0xE015722E ,0xBA85F050 ,0x46F7473D ,0x1F96C2B7 ,0x4751B398 ,0x41A8BD6B ,0x108ED9BE ,0x69E8F553 ,0x7A972B19 ,0x66F0EE5A ,0x9C7B57C4 ,0xB66CECAD ,0x0CE91CFD ,0xE3E475DA ,0x09E115FA ,0x966B45CA ,0xC012DB49 ,0x7B31DFBC ,0x24A954C5 ,0x61AF140C ,0xB2C2110F ,0x4F1652C7 ,0xE4BB8F8C ,0x4D41A196 ,0x6501E9AE ,0x1B383F15 ,0x37D68A8F ,0x58C7712F ,0x1E303612 ,0x39686523 ,0xC8553A16 ,0x9A825937 ,0x7F9F221E ,0x2EB946CB ,0x312F847C ,0xDF8419FE ,0xA01B3BE0 ,0x3E379F75 ,0x9E2CA495 ,0xC74D211F ,0xC51AD24E ,0x70873917 ,0x5C698C8D ,0x075FFA56 ,0x44A0B46C ,0xBDDA0A06 ,0x943CB69B ,0x77D8C341 ,0xC1B42FEC ,0x5B3676DB ,0xB364E5AA ,0x4849A891 ,0x72D0CA46 ,0xB8D20301 ,0x9B24AD92 ,0x959A423E ,0x52D76321 ,0x2BB14FCC ,0xED5A9A76 ,0x6A19F2A7 ,0x63F8E75D ,0x86E59C74 ,0xF13D5F35 ,0x56799E83 ,0xCEAC34E5 ,0x34278D7B ,0x358179DE ,0xAD54D3B8 ,0x0EBEEFAC ,0xA3EA3C14 ,0xABADDD4B ,0x23F6AE93 ,0x0847E15F ,0xF8DC4ACF ,0xB974F7A4 ,0x3B3F9672 ,0xA744C1B6 ,0x801C9287 ,0xCBA43DE2 ,0x1C67C543 ,0xA51332E7 ,0x4BB8AF65 ,0xD8DBE3A8 ,0x2F1FB26E ,0x36707E2A ,0x04AEFDA2 ,0x450640C9 ,0x49EF5C34 ,0x767E37E4 ,0xD6650C04 ,0x01A6F4A5 ,0xB7CA1808 ,0x79662CED ,0xE8529371 ,0x5DCF7828 ,0x90924B39 ,0xF36AAC64 ,0x0F181B09 ,0x17D123E8 ,0x0D4FE858 ,0x5961858A ,0x2007A967 ,0x2A17BB69 ,0x1420241C ,0x84B26F25 ,0xD7C3F8A1 ,0x400E49CE ,0xCCFBC7B4 ,0x22505A36 ,0xFDD443C8 ,0x250FA060 ,0x8BAA742C ,0x89FD877D ,0xD432FF55 ,] T3 = [0xD4E9F467 ,0xD2542E6D ,0x8832DE83 ,0x11CD5D33 ,0xF7D09C02 ,0x84537197 ,0x0E0A1012 ,0xB3C9F3CE ,0xE373763E ,0x20EA0560 ,0xF9DA8C10 ,0xAFDDD3EA ,0xA06F11FB ,0x546CE0FC ,0x8638CE91 ,0x07050809 ,0xF2BE2B0D ,0xF0D5940B ,0xD1874368 ,0xB27121CD ,0x18C24528 ,0x2657DF6A ,0x8E8F0489 ,0xB1A24CC8 ,0x6698D5AA ,0xE118C938 ,0x6DFC72B7 ,0xA3BC7CFE ,0xEA7C6E25 ,0x00000000 ,0xB01A9ECB ,0x9F4259BA ,0x78E74A88 ,0x334CE755 ,0x32F43556 ,0x8085149B ,0xDC5E3E7F ,0x44196FCC ,0xCD93634C ,0xF8625E13 ,0xD3ECFC6E ,0x38284048 ,0x9C9134BF ,0xF6684E01 ,0x3F2D4841 ,0x82EEAB9D ,0xC221A15D ,0x624EB0A6 ,0x99FF83B0 ,0x7383ED95 ,0x7A8CF58E ,0x59B59DEB ,0x8BE1B386 ,0x795F988B ,0x42A4B5C6 ,0x0ADC751E ,0x1B11282D ,0x7FE24281 ,0xD6824B61 ,0x619DDDA3 ,0xBB7E39D6 ,0x85EBA394 ,0xEEAA0B29 ,0xF16D4608 ,0xB57429C4 ,0x0B64A71D ,0xA6D2CBF1 ,0x57BF8DF9 ,0x52D13AF6 ,0x3A43FF4E ,0xC399735E ,0x9426FEA7 ,0x70508090 ,0xE9AF0320 ,0x4D1677D7 ,0x6892C5B8 ,0x309F8A50 ,0x2D337877 ,0xBDC3E3DC ,0xBAC6EBD5 ,0xA96009E0 ,0xFF67561A ,0x1AA9FA2E ,0x77558899 ,0x29E51D7B ,0x4A137FDE ,0xDDE6EC7C ,0xD8885B73 ,0xD03F916B ,0x6AF97ABE ,0x1DACF227 ,0x2B8EA27D ,0x3BFB2D4D ,0x4878C0D8 ,0x9EFA8BB9 ,0x03D36D05 ,0xF306F90E ,0xFCB43B1F ,0xC1F2CC58 ,0x31275853 ,0xD9308970 ,0xF403F107 ,0xC6F7C451 ,0x026BBF06 ,0x5BDE22ED ,0xEBC4BC26 ,0xDF8D537A ,0xFBB13316 ,0x97F593A2 ,0x6F97CDB1 ,0x27EF0D69 ,0x47CA02C9 ,0x9D29E6BC ,0x243C606C ,0x5EB095E2 ,0x4CAEA5D4 ,0x7E5A9082 ,0x90F09BAB ,0x5CDB2AE4 ,0xBFA85CDA ,0x510257F3 ,0xD5512664 ,0x45A1BDCF ,0x813DC698 ,0x40CF0AC0 ,0xD73A9962 ,0x4F7DC8D1 ,0x0DD97D17 ,0xF5BB2304 ,0xE61DC131 ,0x898A0C80 ,0xEF12D92A ,0x9A2CEEB5 ,0x056EB70F ,0xC04A1E5B ,0xB91586D0 ,0xAB0BB6E6 ,0x3CFE2544 ,0x10758F30 ,0x63F662A5 ,0x2281BA66 ,0x13A6E235 ,0x2EE01572 ,0x50BA85F0 ,0x3D46F747 ,0xB71F96C2 ,0x984751B3 ,0x6B41A8BD ,0xBE108ED9 ,0x5369E8F5 ,0x197A972B ,0x5A66F0EE ,0xC49C7B57 ,0xADB66CEC ,0xFD0CE91C ,0xDAE3E475 ,0xFA09E115 ,0xCA966B45 ,0x49C012DB ,0xBC7B31DF ,0xC524A954 ,0x0C61AF14 ,0x0FB2C211 ,0xC74F1652 ,0x8CE4BB8F ,0x964D41A1 ,0xAE6501E9 ,0x151B383F ,0x8F37D68A ,0x2F58C771 ,0x121E3036 ,0x23396865 ,0x16C8553A ,0x379A8259 ,0x1E7F9F22 ,0xCB2EB946 ,0x7C312F84 ,0xFEDF8419 ,0xE0A01B3B ,0x753E379F ,0x959E2CA4 ,0x1FC74D21 ,0x4EC51AD2 ,0x17708739 ,0x8D5C698C ,0x56075FFA ,0x6C44A0B4 ,0x06BDDA0A ,0x9B943CB6 ,0x4177D8C3 ,0xECC1B42F ,0xDB5B3676 ,0xAAB364E5 ,0x914849A8 ,0x4672D0CA ,0x01B8D203 ,0x929B24AD ,0x3E959A42 ,0x2152D763 ,0xCC2BB14F ,0x76ED5A9A ,0xA76A19F2 ,0x5D63F8E7 ,0x7486E59C ,0x35F13D5F ,0x8356799E ,0xE5CEAC34 ,0x7B34278D ,0xDE358179 ,0xB8AD54D3 ,0xAC0EBEEF ,0x14A3EA3C ,0x4BABADDD ,0x9323F6AE ,0x5F0847E1 ,0xCFF8DC4A ,0xA4B974F7 ,0x723B3F96 ,0xB6A744C1 ,0x87801C92 ,0xE2CBA43D ,0x431C67C5 ,0xE7A51332 ,0x654BB8AF ,0xA8D8DBE3 ,0x6E2F1FB2 ,0x2A36707E ,0xA204AEFD ,0xC9450640 ,0x3449EF5C ,0xE4767E37 ,0x04D6650C ,0xA501A6F4 ,0x08B7CA18 ,0xED79662C ,0x71E85293 ,0x285DCF78 ,0x3990924B ,0x64F36AAC ,0x090F181B ,0xE817D123 ,0x580D4FE8 ,0x8A596185 ,0x672007A9 ,0x692A17BB ,0x1C142024 ,0x2584B26F ,0xA1D7C3F8 ,0xCE400E49 ,0xB4CCFBC7 ,0x3622505A ,0xC8FDD443 ,0x60250FA0 ,0x2C8BAA74 ,0x7D89FD87 ,0x55D432FF ,] T4 = [0x67D4E9F4 ,0x6DD2542E ,0x838832DE ,0x3311CD5D ,0x02F7D09C ,0x97845371 ,0x120E0A10 ,0xCEB3C9F3 ,0x3EE37376 ,0x6020EA05 ,0x10F9DA8C ,0xEAAFDDD3 ,0xFBA06F11 ,0xFC546CE0 ,0x918638CE ,0x09070508 ,0x0DF2BE2B ,0x0BF0D594 ,0x68D18743 ,0xCDB27121 ,0x2818C245 ,0x6A2657DF ,0x898E8F04 ,0xC8B1A24C ,0xAA6698D5 ,0x38E118C9 ,0xB76DFC72 ,0xFEA3BC7C ,0x25EA7C6E ,0x00000000 ,0xCBB01A9E ,0xBA9F4259 ,0x8878E74A ,0x55334CE7 ,0x5632F435 ,0x9B808514 ,0x7FDC5E3E ,0xCC44196F ,0x4CCD9363 ,0x13F8625E ,0x6ED3ECFC ,0x48382840 ,0xBF9C9134 ,0x01F6684E ,0x413F2D48 ,0x9D82EEAB ,0x5DC221A1 ,0xA6624EB0 ,0xB099FF83 ,0x957383ED ,0x8E7A8CF5 ,0xEB59B59D ,0x868BE1B3 ,0x8B795F98 ,0xC642A4B5 ,0x1E0ADC75 ,0x2D1B1128 ,0x817FE242 ,0x61D6824B ,0xA3619DDD ,0xD6BB7E39 ,0x9485EBA3 ,0x29EEAA0B ,0x08F16D46 ,0xC4B57429 ,0x1D0B64A7 ,0xF1A6D2CB ,0xF957BF8D ,0xF652D13A ,0x4E3A43FF ,0x5EC39973 ,0xA79426FE ,0x90705080 ,0x20E9AF03 ,0xD74D1677 ,0xB86892C5 ,0x50309F8A ,0x772D3378 ,0xDCBDC3E3 ,0xD5BAC6EB ,0xE0A96009 ,0x1AFF6756 ,0x2E1AA9FA ,0x99775588 ,0x7B29E51D ,0xDE4A137F ,0x7CDDE6EC ,0x73D8885B ,0x6BD03F91 ,0xBE6AF97A ,0x271DACF2 ,0x7D2B8EA2 ,0x4D3BFB2D ,0xD84878C0 ,0xB99EFA8B ,0x0503D36D ,0x0EF306F9 ,0x1FFCB43B ,0x58C1F2CC ,0x53312758 ,0x70D93089 ,0x07F403F1 ,0x51C6F7C4 ,0x06026BBF ,0xED5BDE22 ,0x26EBC4BC ,0x7ADF8D53 ,0x16FBB133 ,0xA297F593 ,0xB16F97CD ,0x6927EF0D ,0xC947CA02 ,0xBC9D29E6 ,0x6C243C60 ,0xE25EB095 ,0xD44CAEA5 ,0x827E5A90 ,0xAB90F09B ,0xE45CDB2A ,0xDABFA85C ,0xF3510257 ,0x64D55126 ,0xCF45A1BD ,0x98813DC6 ,0xC040CF0A ,0x62D73A99 ,0xD14F7DC8 ,0x170DD97D ,0x04F5BB23 ,0x31E61DC1 ,0x80898A0C ,0x2AEF12D9 ,0xB59A2CEE ,0x0F056EB7 ,0x5BC04A1E ,0xD0B91586 ,0xE6AB0BB6 ,0x443CFE25 ,0x3010758F ,0xA563F662 ,0x662281BA ,0x3513A6E2 ,0x722EE015 ,0xF050BA85 ,0x473D46F7 ,0xC2B71F96 ,0xB3984751 ,0xBD6B41A8 ,0xD9BE108E ,0xF55369E8 ,0x2B197A97 ,0xEE5A66F0 ,0x57C49C7B ,0xECADB66C ,0x1CFD0CE9 ,0x75DAE3E4 ,0x15FA09E1 ,0x45CA966B ,0xDB49C012 ,0xDFBC7B31 ,0x54C524A9 ,0x140C61AF ,0x110FB2C2 ,0x52C74F16 ,0x8F8CE4BB ,0xA1964D41 ,0xE9AE6501 ,0x3F151B38 ,0x8A8F37D6 ,0x712F58C7 ,0x36121E30 ,0x65233968 ,0x3A16C855 ,0x59379A82 ,0x221E7F9F ,0x46CB2EB9 ,0x847C312F ,0x19FEDF84 ,0x3BE0A01B ,0x9F753E37 ,0xA4959E2C ,0x211FC74D ,0xD24EC51A ,0x39177087 ,0x8C8D5C69 ,0xFA56075F ,0xB46C44A0 ,0x0A06BDDA ,0xB69B943C ,0xC34177D8 ,0x2FECC1B4 ,0x76DB5B36 ,0xE5AAB364 ,0xA8914849 ,0xCA4672D0 ,0x0301B8D2 ,0xAD929B24 ,0x423E959A ,0x632152D7 ,0x4FCC2BB1 ,0x9A76ED5A ,0xF2A76A19 ,0xE75D63F8 ,0x9C7486E5 ,0x5F35F13D ,0x9E835679 ,0x34E5CEAC ,0x8D7B3427 ,0x79DE3581 ,0xD3B8AD54 ,0xEFAC0EBE ,0x3C14A3EA ,0xDD4BABAD ,0xAE9323F6 ,0xE15F0847 ,0x4ACFF8DC ,0xF7A4B974 ,0x96723B3F ,0xC1B6A744 ,0x9287801C ,0x3DE2CBA4 ,0xC5431C67 ,0x32E7A513 ,0xAF654BB8 ,0xE3A8D8DB ,0xB26E2F1F ,0x7E2A3670 ,0xFDA204AE ,0x40C94506 ,0x5C3449EF ,0x37E4767E ,0x0C04D665 ,0xF4A501A6 ,0x1808B7CA ,0x2CED7966 ,0x9371E852 ,0x78285DCF ,0x4B399092 ,0xAC64F36A ,0x1B090F18 ,0x23E817D1 ,0xE8580D4F ,0x858A5961 ,0xA9672007 ,0xBB692A17 ,0x241C1420 ,0x6F2584B2 ,0xF8A1D7C3 ,0x49CE400E ,0xC7B4CCFB ,0x5A362250 ,0x43C8FDD4 ,0xA060250F ,0x742C8BAA ,0x877D89FD ,0xFF55D432 ,] def init(key): rounds = 10 _Ke = [[0] * 4 for i in range(rounds + 1)] round_key_count = (rounds + 1) * 4 KC = len(key) // 4 tk = [ struct.unpack('>i', key[i:i + 4])[0] for i in range(0, len(key), 4) ] for i in range(0, KC): _Ke[i // 4][i % 4] = tk[i] rconpointer = 0 t = KC while t < round_key_count: tt = tk[KC - 1] tk[0] ^= ((S[(tt >> 16) & 0xFF] << 24) ^ (S[(tt >> 8) & 0xFF] << 16) ^ (S[ tt & 0xFF] << 8) ^ S[(tt >> 24) & 0xFF] ^ (rcon[rconpointer] << 24)) rconpointer += 1 for i in range(1, KC): tk[i] ^= tk[i - 1] j = 0 while j < KC and t < round_key_count: _Ke[t // 4][t % 4] = tk[j] j += 1 t += 1 return _Ke def encrypt(plaintext, _Ke): rounds = len(_Ke) - 1 (s1, s2, s3) = [1, 2, 3] a = [0, 0, 0, 0] t = [(struct.unpack('>i', plaintext[4 * i:4 * i + 4])[0] ^ _Ke[0][i]) for i in range(0, 4)] sign = 0 for r in range(1, rounds): for i in range(0, 4): if sign<2: sign += 1 a[i] = (T1[(t[ i ] >> 24) & 0xFF] ^ T2[(t[(i + s1) % 4] >> 16) & 0xFF] ^ T3[(t[(i + s2) % 4] >> 8) & 0xFF] ^ T4[ t[(i + s3) % 4] & 0xFF] ^ _Ke[r][i]) t = copy.copy(a) result = [ ] for i in range(0, 4): tt = _Ke[rounds][i] result.append((S[(t[ i ] >> 24) & 0xFF] ^ (tt >> 24)) & 0xFF) result.append((S[(t[(i + s1) % 4] >> 16) & 0xFF] ^ (tt >> 16)) & 0xFF) result.append((S[(t[(i + s2) % 4] >> 8) & 0xFF] ^ (tt >> 8)) & 0xFF) result.append((S[ t[(i + s3) % 4] & 0xFF] ^ tt ) & 0xFF) return bytes(result) def main(): K = b"x01x23x45x67x89xabxcdxefxfexdcxbax98x76x54x32x10" Ke = init(K) backend = default_backend() key = os.urandom(16) iv = encrypt(key, Ke) cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=backend) decryptor = cipher.decryptor() try: print("Input a hexstr to decrypt:") data = sys.stdin.readline().strip() ciphertext = binascii.unhexlify(data) plaintext = decryptor.update(ciphertext) + decryptor.finalize() print("Decrypted result:") print(binascii.hexlify(plaintext).decode()) except Exception as e: pass with open("flag", 'rb') as f: flag = f.read() padder = padding.PKCS7(128).padder() flag_padded = padder.update(flag) + padder.finalize() encryptor = cipher.encryptor() flag_encrypted = encryptor.update(flag_padded) + encryptor.finalize() print("Your encrypted flag is:") print(binascii.hexlify(flag_encrypted).decode()) if __name__ == '__main__': main()
题目分析
题目流程如下:
- 每次连接随机生成
key
并使用自己实现的加密函数加密得到iv
; - 使用上面的
key
,iv
生成AES对象,加密模式使用CBC
; - 接受一个用户输入,返回AES解密结果;
- 提供
flag
加密的结果。
也就是说,只要我们得到 iv
和 key
,即可得到 flag
。
其中获取 iv
是很常见的基本操作,所以这个题的主要工作量在于分析 encrypt
函数。
目测 encrypt
函数和AES查表实现流程相似,当然如果之前不了解AES查表实现通过题目名也能找到。
解题过程
获取 iv
是一个相对简单的工作,注意到对 CBC
模式,有:
- m[0] = dec(c[0]) xor iv
- m[i] = dec(c[i]) xor c[i-1]
那么我们可以构造:
- c[0] = c[1] = cipher
则:
- m[0] = dec(cipher) xor iv
- m[1] = dec(cipher) xor cipher
可以推出:
- iv = cipher xor m[1] xor m[0]
代码实现:
from pwn import * from Crypto.Util.number import * r = remote("207.148.68.109",20002) r.recv() cipher = "00"*16 r.sendline(cipher*2) r.recv() # Out :Decrypted result: d34c206fb1906727f10155a953d5978d9d876914c0ab817a736ab80663f34e27 # Your encrypted flag is: # 7f015db80352a325cacdac4bb25d8ac9494e468fb0aa514d6c916df1b8a0fafe46e9c3aad6fca5f109c414f2f99ffb81 m = "d34c206fb1906727f10155a953d5978d9d876914c0ab817a736ab80663f34e27" m0,m1 = m[:32],m[32:] iv = long_to_bytes(bytes_to_long(cipher.decode('hex')) ^ bytes_to_long(m1.decode('hex')) ^ bytes_to_long(m0.decode('hex'))) # In : iv # Out: 'NxcbI{q;xe6]x82kxedxaf0&xd9xaa'
分析加密函数
上一步中我们已经得到了 iv
而 key = decrypt(iv)
,因此我们需要分析加密函数。
AES查表实现:
因为AES的临界时间函数(字节代换, ShiftRow, MixColumn)都作用于单个字节,最直接的AES实现方式比较适合8位处理器,而在现代32位或64位处理器中这种实现方式是非常低效的。
AES查表实现由AES(Rijndael)的设计者提出,其核心思想是创建四个256*32bits的查找表,通过16次查表完成每轮操作,在消耗一定内存的情况下有效提高AES吞吐量(相比直接的软件实现)。
观察题目给的函数特征,发现和AES查表实现流程相似。想起以前读过一个查表实现AES的源码 1 , 对比后发现过程基本一致。但是代码中的Sbox,Tbox均不同。
关于Sbox,这个不是问题,因为我们依然可以通过 Sbox[Sbox_inv[i]] == i
找到Sbox_inv;
关于Tbox,找到一篇讲解AES查表实现的文章 2 ,里面的内容不再赘述,比较关键的一点在于 Tbox
的构造,以T1为例,注意运算是在 GF(2^8)
上进行的:
- T1[i] =[2, 1, 1, 3]^T * S[i]
但是验证后发现题目代码中的的T盒并不满足上面的式子,注意上面式中S[i]左乘的向量是列混淆矩阵的一列,猜想可能是这个算法对列混淆矩阵进行了更换。
通过尝试发现列混淆矩阵被更换为:
对加密函数的分析,我们得到以下结论:
- 函数流程与AES相同;
- 函数修改了AES中的S盒,修改后的内容见代码;
- 函数修改了AES 列混淆矩阵。
构造解密函数
上一步中我们基本了解了加密函数结构,现在我们需要构造解密函数。
失败的构造
首先很自然的想法是同样构造解密函数的查表实现,参考 1 ,我们需要构造Si, T5, T6, T7, T8, U1, U2, U3, U4共三类9个表。
构造Si:
根据 Sbox_inv[Sbox[i]] == i
,有:
Si = [0] *256 for i in range(256): Si[S[i]] = i
构造Tbox:
参考 2 ,构造解密所用Tbox的流程与加密所用Tbox相同,不过需要使用Si代替S,列混淆矩阵的逆代替列混淆矩阵。
Si 已经在上一步得出,但是很遗憾上文中我们找到的列混淆矩阵在本原多项式为 x^4+1
的 GF(2^4)
上是没有逆的。因此无法成功构造解密函数的查表实现。
正确的构造
虽然构造解密函数的查表实现失败,但是其实上面我们已经把加密流程分析的很清楚了,因此我们依然可以构造解密函数的直接实现,已知:
- Sbox, Sbox_inv
- K (题目给的代码里有)
- 更改后的列混淆矩阵
根据上述条件我们完全可以直接实现这个部分数据被修改的AES并确保加密功能可用,但解密功能所需的 MixColumnsInv 还是需要列混淆矩阵的逆。这里可以采用暴力破解的思路。
对于每一次MixColumnsInv,其输入等于MixColumns后的输出,而对于矩阵乘法而言,输出的一列仅与输入的一列相关,故依次尝试每一列的所有可能即可找到MixColumnsInv应有的输出。
这里每一列有 2^32
种可能,平均代价为 2^31
,鉴于每次MixColumnsInv需要暴力破解四列,解密流程需要9轮MixColumnsInv,故平均尝试次数为 2^36+2^33
计算资源丰富的情况下是可以接受的。
破解时间优化
显然上一步中暴力破解key的算法还有很大优化空间,这里可以使用中间相遇攻击 3 的思想,这是一种空间换时间的策略。
以一个最简单的问题为例:
输入一个数组和A一个数R,要求找到数组中的两数a,b满足 a+b = R
对于这个问题,最朴素的方式是遍历所有可能的a,b,这需要 O(n^2)
的时间;但如果我们一次遍历数组,并将映射关系 R-i -> i
存到哈希表中,我们就可以在第二次遍历时查表找到a,b,在使用了额外n对映射的存储空间后我们可以使用 O(n)
的时间解决这个问题。
对应到这里的暴破,我们需要找到 a1,a2,a3,a4
满足下列式子(其中 lst = [[8,5,7,9],[9,8,5,7],[7,9,8,5],[5,7,9,8]]
):
FFmul(lst[0][0],a1)^FFmul(lst[0][1],a2)^FFmul(lst[0][2],a3)^FFmul(lst[0][3],a4)^res[0][i] == 0 FFmul(lst[1][0],a1)^FFmul(lst[1][1],a2)^FFmul(lst[1][2],a3)^FFmul(lst[1][3],a4)^res[1][i] == 0 FFmul(lst[2][0],a1)^FFmul(lst[2][1],a2)^FFmul(lst[2][2],a3)^FFmul(lst[2][3],a4)^res[2][i] == 0 FFmul(lst[3][0],a1)^FFmul(lst[3][1],a2)^FFmul(lst[3][2],a3)^FFmul(lst[3][3],a4)^res[3][i] == 0
我们可以先计算所有可能的a1,a2,得到下列式子结果并将 (t1,t2,t3,t4) -> (a1,a2)
到哈希表中:
t1 = FFmul(lst[0][0],a1)^FFmul(lst[0][1],a2) t2 = FFmul(lst[1][0],a1)^FFmul(lst[1][1],a2) t3 = FFmul(lst[2][0],a1)^FFmul(lst[2][1],a2) t4 = FFmul(lst[3][0],a1)^FFmul(lst[3][1],a2)
然后对于所有可能的a3,a4,计算下面的算式:
t1 = FFmul(lst[0][2],a3)^FFmul(lst[0][3],a4)^res[0][i] t2 = FFmul(lst[1][2],a3)^FFmul(lst[1][3],a4)^res[1][i] t3 = FFmul(lst[2][2],a3)^FFmul(lst[2][3],a4)^res[2][i] t4 = FFmul(lst[3][2],a3)^FFmul(lst[3][3],a4)^res[3][i]
如果 (t1,t2,t3,t4)
在哈希表中,我们就找到了一组满足条件的 a1,a2,a3,a4
。
相比暴力破解的 2^32
种可能,使用中间相遇攻击只需缓存 2^16
对映射并最多进行 2^17
次计算,在我的低配置电脑上完成解密耗时不超过五分钟。
代码及结果
解密代码:
from functools import reduce import copy def bit_rot_left(lst, pos): return lst[pos:] + lst[:pos] def bit_rot_right(lst, pos): return lst[-pos:] + lst[:-pos] def lst_xor(lst1, lst2): return [i^j for i,j in zip(lst1, lst2)] def ggwp(res): def FFmul(a,b): rr = [a] def xtime(x): return x<<1 ^(0x1b if x&0x80 else 0x00) for i in range(1,8): rr.append(xtime(rr[i-1])) t = (b & 0x01) * a for i in range(1,8): t ^= (((b >> i) & 0x01) * rr[i]) return t&0xff lst = [[8,5,7,9],[9,8,5,7],[7,9,8,5],[5,7,9,8]] for i in range(4): cache = {} for a1 in range(0x100): for a2 in range(0x100): (t1,t2,t3,t4) = FFmul(lst[0][0],a1)^FFmul(lst[0][1],a2), FFmul(lst[1][0],a1)^FFmul(lst[1][1],a2), FFmul(lst[2][0],a1)^FFmul(lst[2][1],a2), FFmul(lst[3][0],a1)^FFmul(lst[3][1],a2) if (t1,t2,t3,t4) not in cache: cache[(t1,t2,t3,t4)] = (a1,a2) flag = 0 for a3 in range(0x100): for a4 in range(0x100): (t1,t2,t3,t4) = FFmul(lst[0][2],a3)^FFmul(lst[0][3],a4)^res[0][i], FFmul(lst[1][2],a3)^FFmul(lst[1][3],a4)^res[1][i], FFmul(lst[2][2],a3)^FFmul(lst[2][3],a4)^res[2][i], FFmul(lst[3][2],a3)^FFmul(lst[3][3],a4)^res[3][i] if (t1,t2,t3,t4) in cache: res[0][i],res[1][i],res[2][i],res[3][i] = cache[(t1,t2,t3,t4)]+(a3,a4) flag = 1 break if flag: break return res class AES128: Sbox = [147, 67, 93, 110, 158, 230, 2, 61, 72, 101, 156, 57, 234, 28, 95, 1, 38, 159, 43, 236, 109, 181, 141, 132, 127, 241, 197, 130, 75, 0, 85, 227, 194, 178, 99, 143, 65, 163, 47, 77, 146, 8, 139, 79, 9, 54, 252, 22, 51, 120, 123, 118, 53, 19, 115, 107, 5, 195, 42, 126, 239, 55, 34, 78, 237, 186, 58, 116, 204, 177, 45, 89, 16, 35, 160, 125, 218, 15, 63, 62, 233, 76, 212, 17, 102, 161, 144, 40, 250, 196, 213, 223, 96, 24, 50, 104, 247, 36, 148, 11, 249, 246, 149, 185, 207, 154, 41, 37, 49, 124, 100, 203, 90, 12, 119, 113, 18, 48, 206, 134, 164, 66, 114, 94, 202, 251, 25, 106, 39, 240, 140, 243, 91, 184, 69, 86, 80, 97, 191, 199, 220, 215, 103, 117, 176, 84, 226, 21, 87, 29, 188, 30, 44, 128, 245, 145, 244, 46, 201, 238, 253, 187, 211, 68, 52, 224, 232, 7, 92, 182, 6, 13, 111, 219, 189, 255, 171, 157, 32, 168, 136, 108, 200, 190, 229, 165, 20, 208, 138, 27, 155, 64, 129, 225, 26, 209, 137, 216, 180, 254, 192, 235, 31, 121, 98, 231, 152, 170, 248, 135, 81, 214, 112, 88, 166, 150, 131, 169, 133, 142, 153, 162, 33, 23, 56, 173, 14, 83, 70, 179, 73, 105, 82, 210, 74, 193, 183, 217, 198, 3, 242, 167, 228, 174, 172, 4, 221, 59, 71, 60, 10, 151, 175, 222, 122, 205] Sbox_r = [29, 15, 6, 239, 245, 56, 170, 167, 41, 44, 250, 99, 113, 171, 226, 77, 72, 83, 116, 53, 186, 147, 47, 223, 93, 126, 194, 189, 13, 149, 151, 202, 178, 222, 62, 73, 97, 107, 16, 128, 87, 106, 58, 18, 152, 70, 157, 38, 117, 108, 94, 48, 164, 52, 45, 61, 224, 11, 66, 247, 249, 7, 79, 78, 191, 36, 121, 1, 163, 134, 228, 248, 8, 230, 234, 28, 81, 39, 63, 43, 136, 210, 232, 227, 145, 30, 135, 148, 213, 71, 112, 132, 168, 2, 123, 14, 92, 137, 204, 34, 110, 9, 84, 142, 95, 231, 127, 55, 181, 20, 3, 172, 212, 115, 122, 54, 67, 143, 51, 114, 49, 203, 254, 50, 109, 75, 59, 24, 153, 192, 27, 216, 23, 218, 119, 209, 180, 196, 188, 42, 130, 22, 219, 35, 86, 155, 40, 0, 98, 102, 215, 251, 206, 220, 105, 190, 10, 177, 4, 17, 74, 85, 221, 37, 120, 185, 214, 241, 179, 217, 207, 176, 244, 225, 243, 252, 144, 69, 33, 229, 198, 21, 169, 236, 133, 103, 65, 161, 150, 174, 183, 138, 200, 235, 32, 57, 89, 26, 238, 139, 182, 158, 124, 111, 68, 255, 118, 104, 187, 195, 233, 162, 82, 90, 211, 141, 197, 237, 76, 173, 140, 246, 253, 91, 165, 193, 146, 31, 242, 184, 5, 205, 166, 80, 12, 201, 19, 64, 159, 60, 129, 25, 240, 131, 156, 154, 101, 96, 208, 100, 88, 125, 46, 160, 199, 175] RC = [0x00,0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36] def __init__(self, key): self.subkey = self.key_get(key,) def permute(self, lst, tb): return [tb[(i>>4) * 16 + (i&0x0f)] for i in lst] def key_get(self, key): def g(lst,lk): lstt = bit_rot_left(lst, 1) lstt = self.permute(lstt, self.Sbox) lstt[0] ^= self.RC[lk//4] return lstt tmpK = [[0] * 4 for i in range(44)] for i in range(4): for j in range(4): tmpK[i][j] = ord(key[4*i+j]) for i in range(4,44): if i % 4: tmpK[i] = lst_xor(tmpK[i-4], tmpK[i-1]) else: tmpK[i] = lst_xor(tmpK[i-4], g(tmpK[i-1],i)) return tmpK def SubBytes(self): self.tmp = [self.permute(i, self.Sbox) for i in self.tmp] return def SubBytesInv(self): self.tmp = [self.permute(i, self.Sbox_r) for i in self.tmp] return def ShiftRows(self): self.tmp = [bit_rot_left(self.tmp[i], i) for i in range(4)] return def ShiftRowsInv(self): self.tmp = [bit_rot_right(self.tmp[i], i) for i in range(4)] return def MixColumns(self): def FFmul(a,b): rr = [a] def xtime(x): return x<<1 ^(0x1b if x&0x80 else 0x00) for i in range(1,8): rr.append(xtime(rr[i-1])) t = (b & 0x01) * a for i in range(1,8): t ^= (((b >> i) & 0x01) * rr[i]) return t&0xff lst = [[8,5,7,9],[9,8,5,7],[7,9,8,5],[5,7,9,8]] self.tmp = [[reduce(lambda x,y: x^y,[FFmul(lst[i][k],self.tmp[k][j]) for k in range(4)]) for j in range(4)] for i in range(4)] return def MixColumnsInv(self): lst = [[8,5,7,9],[9,8,5,7],[7,9,8,5],[5,7,9,8]] def FFmul(a,b): rr = [a] def xtime(x): return x<<1 ^(0x1b if x&0x80 else 0x00) for i in range(1,8): rr.append(xtime(rr[i-1])) t = (b & 0x01) * a for i in range(1,8): t ^= (((b >> i) & 0x01) * rr[i]) return t self.tmp = ggwp(self.tmp) def AddRoundKey(self,rd): self.tmp = [lst_xor(self.tmp[i], [self.subkey[4*rd + j][i] for j in range(4)]) for i in range(4)] return def aes_encipher(self,m): self.tmp = [[ord(m[i+4*j]) for j in range(4)] for i in range(4)] self.AddRoundKey(0) for i in range(1,10): self.SubBytes() self.ShiftRows() self.MixColumns() self.AddRoundKey(i) self.SubBytes() self.ShiftRows() self.AddRoundKey(10) self.tmp = [hex(self.tmp[j][i])[2:].zfill(2) for i in range(4) for j in range(4)] return self.tmp def aes_decipher(self,m): self.tmp = [[ord(m[i+4*j]) for j in range(4)] for i in range(4)] self.AddRoundKey(10) self.ShiftRowsInv() self.SubBytesInv() for i in range(9,0,-1): self.AddRoundKey(i) self.MixColumnsInv() self.ShiftRowsInv() self.SubBytesInv() self.AddRoundKey(0) self.tmp = [hex(self.tmp[j][i])[2:].zfill(2) for i in range(4) for j in range(4)] return self.tmp k = "x01x23x45x67x89xabxcdxefxfexdcxbax98x76x54x32x10" A = AES128(k) c = 'NxcbI{q;xe6]x82kxedxaf0&xd9xaa' m = A.aes_decipher(c) m = bytes([int(i,16) for i in m]) print(m)
解密得到 key = b'xc3x81Axa8x84xf9x0b{xb7xe4xf4x14D,xdds'
然后解密flag:
flag = '7f015db80352a325cacdac4bb25d8ac9494e468fb0aa514d6c916df1b8a0fafe46e9c3aad6fca5f109c414f2f99ffb81' key = b'xc3x81Axa8x84xf9x0b{xb7xe4xf4x14D,xdds' iv = b'NxcbI{q;xe6]x82kxedxaf0&xd9xaa' cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=backend) ciphertext = binascii.unhexlify(flag) decryptor = cipher.decryptor() plaintext = decryptor.update(ciphertext) + decryptor.finalize() print(plaintext) # Out:b'RCTF{88358abe-e571-4bdf-95a3-93e9d8ddf558}x06x06x06x06x06x06'
FLAG值
- RCTF{88358abe-e571-4bdf-95a3-93e9d8ddf558}
结语
做题的时候浪费了太多时间在求列混淆矩阵的逆,结果发现很多时候还是暴破靠谱。
参考
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
Erlang趣学指南
邓辉、孙鸣 / 人民邮电出版社 / 2016-9-7 / 79.00元
这是一本讲解Erlang编程语言的入门指南,内容通俗易懂,插图生动幽默,示例短小清晰,结构安排合理。书中从Erlang的基础知识讲起,融汇所有的基本概念和语法。内容涉及模块、函数、类型、递归、错误和异常、常用数据结构、并行编程、多处理、OTP、事件处理,以及所有Erlang的重要特性和强大功能。一起来看看 《Erlang趣学指南》 这本书的介绍吧!