NepNep
新人来写第一次帖子
Crypto Realbase
看了一眼,大概是base64自有表,且给出一对明密文对。那么可以通过映射明密文对还原base64自有表,但事实上并不能全部还原,遂观察自有表规律,发现是[a-z]+[0-9]+[A-Z],又没有新引入的符号,盲猜最后两位仍为[/+],将得到的自有表丢到之前写的base64自有表脚本里,就有结果了。
附:已知明文的py脚本
import string
def match(p,q):
binstr=[ bin(ord(p[i])).replace('0b','').zfill(8) for i in range(len(p))]
p1=len(binstr) // 3
p2=len(binstr) % 3
part1 = binstr[0:3*p1]
base=['*']*64
for i in range(p1):
str_p1=binstr[i*3]+binstr[i*3+1]+binstr[i*3+2]
tmp_str = [str_p1[x: x + 6] for x in [0, 6, 12, 18]]
for j in range(4):
base[int(tmp_str[j],2)]=q[i*4+j]
return base
p='rTcb1BR8YVW2EOUjweXpIiLt5QCNg7ZAsD9muq3ylMhvofnx/P'
q='2Br9y9fcu97zvB2OruZv0D3Bwhbj0uNQnvfdtC2TwAfPrdBJ3xeP4wNn0hzLzCVUlRa='
base=match(p,q)
print(base)
输出:
['*', 'b', 'c', 'd', 'e', 'f', '*', 'h', '*', 'j', '*', '*', '*', 'n', '*', '*', '*', 'r', '*', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '*', '2', '3', '4', '*', '*', '7', '*', '9', 'A', 'B', 'C', 'D', '*', '*', '*', '*', '*', 'J', '*', 'L', '*', 'N', 'O', 'P', 'Q', '*', '*', 'T', 'U', 'V', '*', '*', '*', 'Z', '*', '*']
base64自有表脚本:
from base64 import *
key=input("ur own table:")
s=input("will decode:")
table="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
ans=[]
for i in range(len(s)):
if s[i]=='=':
ans.append(s[i])
continue
for j in range(64):
if(s[i]==key[j]):
ans.append(table[j])
break;
ss=''.join(ans)
print(ss)
print("ans:")
print(b64decode(ss))
flag:Nep{Wwe_a4re_b1as3r!!Bby_Ccomptine}
Re hardcsharp
最开始对着ida死命看汇编,读通流程了后知后觉原来可以用dnspy直接逆向看源码,异或解密密钥是'badbadwomen!!!!!!!!!!!!!!!!!!!!!',又有直接的密文,遂丢进AES在线工具,将编码转为utf-8,解出明文:
flag:Nep{up_up_down_down_B_a_b_A_Nep_nep~}
Re 二十六进制
就……26进制啊,找到ans和26个字符的对应表,注意用了链表,顺序是倒过来的,手动计算进制得到ans=518100101,然后md5(ans),直接解出结果:
flag:Nep{967fa25cbea166ded43127f141cff31a}
Re Easymips
看似mips,实则社工(x)。读流程看到encry()函数,发现主体流程是减一个变量。直接idapython逆过去发现有三位(0,5,6)明显的乱码。回来看init,发现还有个rand控制正好这三位的单独加密,想了想看了看题目,发现第一位乱码必然是N,中间两位乱码是出题人id,flag解出。
flag:8ep{sK;ar_is_sotql}->Nep{solar_is_sotql}
Re password
先用ida看看.so文件,发现主函数在搞base64,找xmm=3g6L2PWL2PXFmR+73g6L2PWL2PXFmR+7ise7iq==,看到'th1s_1s_k3y!th1s_1s_k3y!!!!!'丢进去apk发现不对,遂用另一个xmm=PXFmR+7ise7iq==,发现比较中忽略前几位,乐了,不就是上边那个串的后半部分嘛,验证'th1s_1s_k3y!!!!!'正确,开始找明文。
解开apk用dex2jar 把apk中的class.dex逆回去,再用jd-gui打开。读源码,直奔Encrypt类去,读了读,觉得熟悉,后知后觉是rc4,然后发现答案串,遂从网上找了rc4脚本解决题目。
import requests
import base64
import hashlib
from binascii import unhexlify
def crypt(data,key) :
s = [0] * 256
for i in range(256) :
s[i] = 256-i
print(s)
j = 0
for i in range(256) :
j = (j + s[i] + key[i % len(key)]) % 256
print(j)
s[i], s[j] = s[j], s[i]
i = 0
j = 0
res = ""
for c in data :
i = (i + 1) % 256
j = (j + s[i]) % 256
s[i], s[j] = s[j], s[i]
res = res + chr(c ^ s[(s[i] + s[j]) % 256])
return res
def tdecode(data ,key) :
data = base64.b64decode(data)
salt = data[:16]
return crypt(data[16:] ,hashlib.sha1(bytes(key,encoding='utf8') + salt).digest())
if __name__ =='__main__':
t=[139,210,217,93,149,255,126,95,41,86,18,185,239,236,139,208,69]
key = "th1s_1s_k3y!!!!!" #填写key
k=[ord(i) for i in key] #填写密文
print(crypt(t,k))
得到
Y0uG3tTheP4ssw0rd
然后解开assets里的flag包,得到flag.
flag:Nep{4c89261f-4d09-4bbf-be6c-9303128a143c}
Re worrrrms
打开题干发现go_go_ghost,心头一紧,打开果然是go逆向。看左侧列表发现有sm4 和base64,大概有谱了,然后点进puzzle相关的函数依次看,发现一个base64解码是icanttelluasample,猜测是密钥,然后动调找到比较的长度和密文,网上找了个sm4脚本解决问题。
from binascii import hexlify
SBOX = ['d6', '90', 'e9', 'fe', 'cc', 'e1', '3d', 'b7', '16', 'b6', '14', 'c2', '28', 'fb', '2c', '05',
'2b', '67', '9a', '76', '2a', 'be', '04', 'c3', 'aa', '44', '13', '26', '49', '86', '06', '99',
'9c', '42', '50', 'f4', '91', 'ef', '98', '7a', '33', '54', '0b', '43', 'ed', 'cf', 'ac', '62',
'e4', 'b3', '1c', 'a9', 'c9', '08', 'e8', '95', '80', 'df', '94', 'fa', '75', '8f', '3f', 'a6',
'47', '07', 'a7', 'fc', 'f3', '73', '17', 'ba', '83', '59', '3c', '19', 'e6', '85', '4f', 'a8',
'68', '6b', '81', 'b2', '71', '64', 'da', '8b', 'f8', 'eb', '0f', '4b', '70', '56', '9d', '35',
'1e', '24', '0e', '5e', '63', '58', 'd1', 'a2', '25', '22', '7c', '3b', '01', '21', '78', '87',
'd4', '00', '46', '57', '9f', 'd3', '27', '52', '4c', '36', '02', 'e7', 'a0', 'c4', 'c8', '9e',
'ea', 'bf', '8a', 'd2', '40', 'c7', '38', 'b5', 'a3', 'f7', 'f2', 'ce', 'f9', '61', '15', 'a1',
'e0', 'ae', '5d', 'a4', '9b', '34', '1a', '55', 'ad', '93', '32', '30', 'f5', '8c', 'b1', 'e3',
'1d', 'f6', 'e2', '2e', '82', '66', 'ca', '60', 'c0', '29', '23', 'ab', '0d', '53', '4e', '6f',
'd5', 'db', '37', '45', 'de', 'fd', '8e', '2f', '03', 'ff', '6a', '72', '6d', '6c', '5b', '51',
'8d', '1b', 'af', '92', 'bb', 'dd', 'bc', '7f', '11', 'd9', '5c', '41', '1f', '10', '5a', 'd8',
'0a', 'c1', '31', '88', 'a5', 'cd', '7b', 'bd', '2d', '74', 'd0', '12', 'b8', 'e5', 'b4', 'b0',
'89', '69', '97', '4a', '0c', '96', '77', '7e', '65', 'b9', 'f1', '09', 'c5', '6e', 'c6', '84',
'18', 'f0', '7d', 'ec', '3a', 'dc', '4d', '20', '79', 'ee', '5f', '3e', 'd7', 'cb', '39', '48',]
FK = ['a3b1bac6', '56aa3350', '677d9197', 'b27022dc']
CK = ['00070e15', '1c232a31', '383f464d', '545b6269',
'70777e85', '8c939aa1', 'a8afb6bd', 'c4cbd2d9',
'e0e7eef5', 'fc030a11', '181f262d', '343b4249',
'50575e65', '6c737a81', '888f969d', 'a4abb2b9',
'c0c7ced5', 'dce3eaf1', 'f8ff060d', '141b2229',
'30373e45', '4c535a61', '686f767d', '848b9299',
'a0a7aeb5', 'bcc3cad1', 'd8dfe6ed', 'f4fb0209',
'10171e25', '2c333a41', '484f565d', '646b7279']
def left(list,n):
return list[n:] + list[:n]
def group(list, n):
for i in range(0, len(list), n):
yield list[i:i + n]
def xor(a,b):
a1 = int(a,16)
b1 = int(b,16)
if a == b:
A = '{:032x}'.format(int(a1^b1))
else:
A = '{:08x}'.format(int(a1^b1))
return A
def round_function(k0,k1,k2,k3,rk,mod):
k = xor(xor(xor(k1,k2),k3),rk)
Tr = T(k,mod)
rki = xor(k0,Tr)
return rki
def T(A,mod):
T = linear(S(A),mod)
return T
def S(A):
A1 = []
A2 = [0,0,0,0]
for i in group(A,2):
A1.append(i)
for i in range(4):
l = int(A1[i],16)
A2[i] = '{:02x}'.format(int(SBOX[l],16))
A2 = ''.join(A2)
return A2
def linear(B,mod):
B1 = list(B)
for i in range(8):
B1[i] = '{:04b}'.format(int(B1[i],16))
B1 = ''.join(B1)
B1_2= left(B1,2)
B1_10 = left(B1,10)
B1_18 = left(B1,18)
B1_24 = left(B1,24)
B1_13 = left(B1,13)
B1_23 = left(B1,23)
if mod == 'enc' or mod == 'dec':
BX = xor(xor(xor(xor(B1,B1_2),B1_10),B1_18),B1_24)
elif mod == 'extend':
BX = xor(xor(B1,B1_13),B1_23)
else:
return "模式输入错误"
BX = '%x'%int(BX, 2)
return BX
def get_key(key):
MK = []
for i in group(key,8):
MK.append(i)
key0 = xor(MK[0],FK[0])
key1 = xor(MK[1],FK[1])
key2 = xor(MK[2],FK[2])
key3 = xor(MK[3],FK[3])
keylist = [key0,key1,key2,key3]
rk = []
for i in range(32):
a = round_function(keylist[i],keylist[i+1],keylist[i+2],keylist[i+3],CK[i],mod='extend')
keylist.append(a)
rk.append(a)
return rk
def get_sm4_ecb(key,input_data,mod):
data = []
rk = get_key(key)
for i in group(input_data,8):
data.append(i)
for i in range(32):
if mod == 'enc':
ldata = round_function(data[i],data[i+1],data[i+2],data[i+3],rk[i],mod)
else:
ldata = round_function(data[i],data[i+1],data[i+2],data[i+3],rk[31-i],mod)
data.append(ldata)
out_data = [data[35],data[34],data[33],data[32]]
out_data = ''.join(out_data)
return out_data
def get_sm4_cbc(key,input_data,iv,mod):
rk = get_key(key)
if mod == 'enc':
input_data = xor(input_data,iv)
data = []
for i in group(input_data,8):
data.append(i)
for i in range(32):
ldata = round_function(data[i],data[i+1],data[i+2],data[i+3],rk[i],mod)
data.append(ldata)
out_data = [data[35],data[34],data[33],data[32]]
out_data = ''.join(out_data)
else:
data = []
for i in group(input_data,8):
data.append(i)
for i in range(32):
ldata = round_function(data[i],data[i+1],data[i+2],data[i+3],rk[31-i],mod)
data.append(ldata)
out_data = [data[35],data[34],data[33],data[32]]
out_data = ''.join(out_data)
out_data = xor(out_data,iv)
out_data = '{:032x}'.format(int(out_data, 16))
return out_data
#print(get_sm4_ecb(key = '0123456789abcdeffedcba9876543210', input_data = '0123456789abcdeffedcba9876543210', mod = 'enc'))
#print(get_sm4_ecb(key = '0123456789abcdeffedcba9876543210', input_data = '681edf34d206965e86b3e94f536e4246', mod = 'dec'))
#print(get_sm4_cbc(key = '0123456789abcdeffedcba9876543210', input_data = '681edf34d206965e86b3e94f536e4246',iv = '0123456789abcdeffedcba9876543210', mod='enc'))
#print(get_sm4_cbc(key = '0123456789abcdeffedcba9876543210', input_data = '9ff11dcfd3afaa236c76090babc3bb85',iv = '0123456789abcdeffedcba9876543210', mod='dec'))
#cipher=hexlify(bytes(input('cipher:'),'ascii'))
#k=hexlify(bytes(input('key:'),'ascii'))
k=hexlify(bytes('icantelluasimple','ascii'))
cipher=hexlify(b'1234567890123456')
data=b'021789c8d9dafbe50e478c894c1d7ab9'
print(cipher)
print(data)
s=get_sm4_ecb(key = k, input_data = data, mod = 'dec')
print(s)
得到明文776531636f6d655f325f6e6570435446,看数据大小没有问题。
再用之前写的16进制转文字脚本,得到明文we1come_2_nepCTF
脚本如下:
s=input()
t=[]
m=int(input('sub:'))
for i in range (0,len(s),2):
t.append(chr(int(s[i:i+2],base=16)-m))
t=''.join(t)
print(t)
因为事先读过了go的文段,看到了flag格式,直接提交解决问题。
flag:Nep{we1come_2_nepCTF}
总结
用脚本真香啊【不是】
发表于 2021-3-29 07:59
