摘要:前言肝了一天,最后打了第三,记录下。同一样,它也将输入的字符串或数据编码成全是码的可打印字符串。
前言
肝了一天,最后打了第三,记录下。
我逆向真的好菜啊~~~~
加密函数如下
int __fastcall encode(const char *a1, __int64 a2) { char v3[32]; // [rsp+10h] [rbp-70h] char v4[32]; // [rsp+30h] [rbp-50h] char v5[36]; // [rsp+50h] [rbp-30h] int v6; // [rsp+74h] [rbp-Ch] int v7; // [rsp+78h] [rbp-8h] int i; // [rsp+7Ch] [rbp-4h] v7 = 18; i = 0; v6 = 0; if ( strlen(a1) != 18 ) return puts("Your Length is Wrong"); puts("flag{This_1s_f4cker_flag}"); for ( i = 0; i < v7; i += 3 ) { v5[i] = v7 ^ (a1[i] + 6); v4[i + 1] = (a1[i + 1] - 6) ^ v7; v3[i + 2] = a1[i + 2] ^ 6 ^ v7; *(_BYTE *)(a2 + i) = v5[i]; *(_BYTE *)(a2 + i + 1LL) = v4[i + 1]; *(_BYTE *)(a2 + i + 2LL) = v3[i + 2]; } return a2; }
很简单得加密函数
一共分为三组
key = "bIwhroo8cwqgwrxusi" flag = "" for i in range(0,18,3): flag += chr((ord(key[i])^18) - 6) + chr((ord(key[i+1])^18) + 6) + chr(ord(key[i+2])^6^18) print flag #jactf{w0w_is_flag}Replace
加密函数如下
v2 = a1; if ( a2 != 35 ) return -1; v4 = 0; while ( 1 ) { v5 = *(_BYTE *)(v4 + v2); v6 = (v5 >> 4) % 16; v7 = (16 * v5 >> 4) % 16; v8 = byte_402150[2 * v4]; if ( v8 < 48 || v8 > 57 ) v9 = v8 - 87; else v9 = v8 - 48; v10 = byte_402151[2 * v4]; v11 = 16 * v9; if ( v10 < 48 || v10 > 57 ) v12 = v10 - 87; else v12 = v10 - 48; if ( (unsigned __int8)byte_4021A0[16 * v6 + v7] != ((v11 + v12) ^ 0x19) ) break; if ( ++v4 >= 35 ) return 1; } return -1;
这是爆破的思路
import string byte_402150 = [0x32, 0x61, 0x34, 0x39, 0x66, 0x36, 0x39, 0x63, 0x33, 0x38, 0x33, 0x39, 0x35, 0x63, 0x64, 0x65, 0x39, 0x36, 0x64, 0x36, 0x64, 0x65, 0x39, 0x36, 0x64, 0x36, 0x66, 0x34, 0x65, 0x30, 0x32, 0x35, 0x34, 0x38, 0x34, 0x39, 0x35, 0x34, 0x64, 0x36,0x31, 0x39, 0x35, 0x34, 0x34, 0x38, 0x64, 0x65, 0x66, 0x36, 0x65, 0x32, 0x64, 0x61, 0x64, 0x36, 0x37, 0x37, 0x38, 0x36, 0x65, 0x32, 0x31, 0x64, 0x35, 0x61, 0x64,0x61, 0x65, 0x36, 0x00] byte_4021A0 = [0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75, 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8, 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73, 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB, 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08, 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A, 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16] flag="" v4=0 dic=string.ascii_lowercase+string.ascii_uppercase+string.digits+"{}_!%^&" while(v4<35): v8 = byte_402150[2*v4] if (v8 < 48 or v8 > 57): v9 = v8 - 87 else: v9 = v8 -48 v10 = byte_402150[2*v4+1] v11 = 16 * v9 if(v10 < 48 or v10 >57): v12 = v10 -87 else: v12 = v10 -48 for i in dic: v6 = (ord(i)>>4)%16 v7 = (16*ord(i)>>4)%16 if(byte_4021A0[16*v6 + v7]==(v11+v12)^0x19): flag += i break v4 += 1 print flag #flag{Th1s_1s_Simple_Rep1ac3_Enc0d3}
贴一下大佬用z3解的脚本
#-*-coding:utf-8 -*- #flag{Th1s_1s_Simple_Rep1ac3_Enc0d3} list_flag = [51, 80, 239, 133, 33, 32, 69, 199, 143, 207, 199, 143, 207, 237, 249, 60, 81, 80, 77, 207, 0, 77, 81, 199, 239, 251, 195, 207, 110, 159, 251, 4, 67, 195, 255] byte_4021A0 = [99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118, 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192, 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21, 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117, 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132, 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210, 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115, 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187] from z3 import * def z3_solve(res_flag,byte_4021A0,flag1): solve_flag = Solver() flag2 = [] for i in range(35): flag2.append(BitVec("v"+str(i),8)) for i in range(35): solve_flag.add(( (16 * ((flag2[i] >> 4) % 16))+(16 * flag2[i] >> 4) % 16)== flag1[i]) check_flag = solve_flag.check() print check_flag,type(check_flag) res_model = solve_flag.model() flag_final = "" for i in range(35): flag_chr =("%s"%(res_model[flag2[i]])) flag_final = flag_final + chr(int(flag_chr)) print flag_final def res_find(list_flag,byte_4021A0): list_find = [] for i in list_flag: res = byte_4021A0.index(i) list_find.append(res) return list_find if __name__ == "__main__": res = res_find(list_flag,byte_4021A0) # for i in res: # print i z3_solve(list_flag,byte_4021A0,res) print "Finish "Misc 真的不是图片
题目给了一张图片,binwalk一下
pumpkin9@pumpkin9:/mnt/c/Users/Desktop/juean$ binwalk Misc-JASEC.png DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 PNG image, 824 x 639, 8-bit/color RGB, non-interlaced 91 0x5B Zlib compressed data, compressed 140598 0x22536 End of Zip archive, footer length: 22
题目中有zip,和正常压缩包图片对比一下
emmm
反正是少了个zip头了
可以发现 50 4B 03 04 被替换成了ja66
pumpkin9@pumpkin9:/mnt/c/Users/Desktop/juean$ binwalk Misc-JASEC.png DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 PNG image, 824 x 639, 8-bit/color RGB, non-interlaced 91 0x5B Zlib compressed data, compressed 137859 0x21A83 Zip archive data, at least v2.0 to extract, compressed size: 2605, uncompressed size: 11258, name: subject.zip 140598 0x22536 End of Zip archive, footer length: 22
然后foremost分离
ja66解压缩
import base64 flag = "" for i in range(0,32): f = open("./"+str(i)+"/"+str(i)+".txt","r") flag += f.read() print base64.b64decode(flag) #jactf{64se64_1s_50_c001}what 题目描述
=E4=BD=9B=E6=9B=B0=EF=BC=9A=E6=A2=B5=E5=83=A7=E5=A5=A2=E6=A5=9E=E5=A5=A2=E5=90=89=E8=8B=A5=E5=A5=A2=E4=B8=8D=E5=B8=9D=E5=86=A5=E5=A4=9C=E6=98=AF=E7=BC=BD=E6=9C=8B=E7=BC=BD=E7=9C=9F=E7=89=B9=E4=BF=B1=E4=B8=8A=E7=BD=B0=E8=83=BD=E7=9A=A4=E5=AE=A4=E9=98=BF=E8=AB=B3=E6=98=8E=E4=B8=80=E5=88=87=E5=91=90=E9=99=A4=E6=A2=B5=E5=A7=AA=E7=BC=BD=E5=A9=86=E5=91=90=E4=BA=A6=E5=8F=83=E4=BE=84=E5=91=BC=E7=9A=A4=E4=B8=96=E5=93=86=E7=89=B9=E5=93=86=E6=95=85=E5=8B=9D=E8=AB=B3=E7=88=8D=E8=AC=B9=E6=99=BA=E7=9A=A4=E5=8F=83=E5=AD=95=E9=80=9D=E8=AB=B3=E8=AC=B9=E6=BC=AB=E6=AD=BB=E5=8D=B3=E4=BE=84=E9=99=A4=E5=93=86=E9=80=9D=E4=BE=84=E6=98=AF=E5=A5=A2=E5=96=9D=E7=A4=99=E8=B1=86=E8=AB=B3=E6=A5=9E=E7=84=A1=E4=BF=B1=E8=80=85=E5=93=86=E5=BA=A6=E8=80=85=E3=80=82=E8=AB=B3=E7=9C=9F=E5=86=A5=E8=A8=B6=E4=BE=84=E5=8B=9D=E7=AB=9F=E8=97=9D=E5=A5=A2=E4=B8=8D=E4=BC=8A=E7=9A=A4=E8=AC=B9=E6=B6=85=E5=AD=95=E7=84=A1=E4=BB=96=E7=BE=85=E5=A4=A7=E5=BE=97=E9=97=8D=E5=93=86=E5=96=9D=E8=80=B6=E5=83=A7=E7=84=A1=E7=BE=AF=E6=BB=85=E9=99=A4=E5=88=A9=E7=BC=BD=E5=A4=9A=E6=A2=B5=E5=A4=B7=E6=A2=B5=E6=A0=97=E7=BC=BD=E8=80=85=E5=AD=95=E8=AB=B3=E7=9B=A7=E7=9A=A4=E4=B8=89=E7=BD=B0=E5=AF=AB=E8=80=81=E6=A2=B5=E8=80=B6=E5=AE=A4=E5=B8=9D=E6=A2=B5=E5=AF=AB=E7=BE=AF=E6=95=B8=E6=A2=B5=E7=9B=A1=E4=BE=84=E6=A0=97=E4=BE=84=E8=97=90=E4=BF=B1=E4=B8=96=E8=AB=B3=E4=B8=8A=E8=AB=B3=E5=A7=AA=E6=95=B8=E5=AE=A4=E5=A9=86=E7=BD=B0=E6=A7=83=E5=A5=A2=E8=A8=B6=E5=93=86=E5=A4=9A=E9=80=9D=E8=97=90=E9=81=93=E6=A2=B5=E6=A5=9E=E6=A2=B5=E5=8D=97=E4=BE=84=E8=BF=A6=E5=91=90=E7=9F=A5=E6=9C=8B=E6=A5=9E=E4=BE=84=E9=9B=A2=E5=91=90=E6=B2=99=E5=91=90=E6=99=BA=E9=81=AE=E5=A4=A7=E5=AE=A4=E7=A5=9E=E5=86=A5=E8=BC=B8=E6=AE=BF=E7=BC=BD=E6=A7=83=E6=A2=B5=E6=80=9B=E6=81=90=E8=88=8D=E7=9F=A5=E7=9A=A4=E8=BF=A6=E5=A5=A2=E8=88=AC=E8=AB=B3=E7=88=8D=E5=AF=AB=E6=BC=AB=E4=BC=8A=E4=BF=B1=E6=A0=97=E5=93=86=E4=BB=96=E4=BA=A6=E7=BC=BD=E6=A5=9E=E6=80=9B=E5=86=A5=E5=91=BC=E5=88=87=E4=BF=B1=E8=8F=A9=E8=88=8D=E5=91=90=E5=AF=A6=E6=A0=97=E5=A5=A2=E6=B3=A2=E6=91=A9=E8=AB=B3=E9=81=93=E7=BC=BD=E7=91=9F=E5=93=86=E5=AF=A6=E7=9A=A4=E7=88=8D=E5=8B=9D=E8=96=A9=E7=BD=B0=E8=AB=B8=E5=A5=A2=E8=88=AC=E8=AB=A6=E7=BD=B0=E6=98=8E=E7=BC=BD=E8=AB=A6=E5=B0=BC=E5=93=86=E6=A5=9E=E4=BD=9B=E4=BF=B1=E9=86=AF=E8=AB=B3=E6=BB=85=E5=BA=A6=E5=93=86=E6=89=80=E6=A7=83=E5=A7=AA=E9=BA=BC=E6=89=80=E6=81=90=E8=AB=B3=E4=BB=96=E4=BE=84=E5=AF=AB=E7=91=9F=E4=BE=84=E6=89=80=E5=BE=97=E9=9A=B8=E5=93=86=E9=97=8D=E5=91=90=E6=8F=90=E7=9B=A7=E5=86=A5=E5=92=92=E5=A5=A2=E6=9B=B0=E5=91=90=E6=B2=99=E6=80=AF=E8=88=AC=E5=8D=97=E6=80=AF=E5=9C=B0=E7=BC=BD=E5=96=9D=E5=86=A5=E6=83=B3=E5=91=90=E7=9B=A7=E7=BD=B0=E8=AC=B9=E5=91=BC=E8=B7=8B=E7=BC=BD=E4=B8=8A=E5=A8=91=E8=AB=A6=E6=AD=BB=E4=BE=84=E8=BF=A6
解题过程Quoted-Printable也是MIME邮件中常用的编码方式之一。同Base64一样,它也将输入的字符串或数据编码成全是ASCII码的可打印字符串。
quopri
quopri.decodestring()解码可得
佛曰:梵僧奢楞奢吉若奢不帝冥夜是缽朋缽真特俱上罰能皤室阿諳明一切呐除梵姪缽婆呐亦參侄呼皤世哆特哆故勝諳爍謹智皤參孕逝諳謹漫死即侄除哆逝侄是奢喝礙豆諳楞無俱者哆度者。諳真冥訶侄勝竟藝奢不伊皤謹涅孕無他羅大得闍哆喝耶僧無羯滅除利缽多梵夷梵栗缽者孕諳盧皤三罰寫老梵耶室帝梵寫羯數梵盡侄栗侄藐俱世諳上諳姪數室婆罰槃奢訶哆多逝藐道梵楞梵南侄迦呐知朋楞侄離呐沙呐智遮大室神冥輸殿缽槃梵怛恐舍知皤迦奢般諳爍寫漫伊俱栗哆他亦缽楞怛冥呼切俱菩舍呐實栗奢波摩諳道缽瑟哆實皤爍勝薩罰諸奢般諦罰明缽諦尼哆楞佛俱醯諳滅度哆所槃姪麼所恐諳他侄寫瑟侄所得隸哆闍呐提盧冥咒奢曰呐沙怯般南怯地缽喝冥想呐盧罰謹呼跋缽上娑諦死侄迦
参悟佛所言的真意
公正友善自由公正民主公正和谐法治自由公正公正法治友善平等公正爱国公正平等法治爱国公正敬业公正友善爱国平等诚信平等法治敬业法治平等公正公正公正诚信平等平等友善敬业法治民主法治富强法治友善法治
社会主义核心价值观解码得flag
jactf{hexin_yufo_qp}
生成字典爆破
crunch 11 11 -t 138364%%%%% -o/root/桌面/test.txt aircrack-ng -w /root/桌面/test.txt Tenda_D07D90-01.capCrypto 贝斯家族三英战群魔
直接上脚本
$ python base.py ciphertext_ea88a4d420c804686a8899608e06130f.txt 1 using base16 decode sucess..... 2 using base16 decode failuer..... using base32 decode sucess..... 3 using base16 decode failuer..... using base32 decode failuer..... using base64 decode sucess..... 4 using base16 decode sucess..... 5 using base16 decode failuer..... using base32 decode sucess..... 6 using base16 decode failuer..... using base32 decode failuer..... using base64 decode sucess..... 7 using base16 decode sucess..... 8 using base16 decode failuer..... using base32 decode sucess..... 9 using base16 decode failuer..... using base32 decode failuer..... using base64 decode sucess..... 10 using base16 decode sucess..... 11 using base16 decode failuer..... using base32 decode sucess..... 12 using base16 decode failuer..... using base32 decode failuer..... using base64 decode sucess..... 13 using base16 decode failuer..... using base32 decode failuer..... using base64 decode failuer..... jactf{4(b64_32_16)}罗马帝国的奠基者
根据凯撒加密方式和flag格式可得
a = "h^_o`[pZi^i`" b = "" for j in range(0,90): b= "" for i in range(len(a)): b += chr(ord(a[i])+i+2) print b绝密情报 题目描述
WzI2NDAzMjMxMEwsIDQ5NTA2MzczNDFMLCA0MTg5MTM3MjM1TCwgMzUwMzY3NTkwNkwsIDExOTMyNzJMLCAzNzQ1MzA5NjhMLCA1MTg5MjgxNTMxTCwgMjUxNDIwMDI3MkwsIDQ0NTQzMDU1ODFMLCA2NDEwNzg1OTdMLCA0Mzk1OTMxNjU5TCwgMjcxNjQyNjU5OUwsIDQzNzUzOTE5NEwsIDM0NDgwMTM1OTZMLCAzMDcyMDcyMDlMLCA0NzUwODIwNjA2TCwgMzI1MDQwNzk5M0wsIDg1MzkwNTIwOUwsIDIxMDk3OTExNTlMLCAyNzE2NDI2NTk5TCwgMjEwNzg5OTU1NEwsIDQzOTU5MzE2NTlMLCAyNzk0Mzg0NTk4TCwgMjEwOTc5MTE1OUwsIDUyOTc3NzkwOTRMLCAxNDYwODc0Mjg2TCwgMTQ2MDg3NDI4NkwsIDc5NDkzMTY3OUwsIDc5NDkzMTY3OUwsIDU0NDcwNTE2MjJMLCA4NTM5MDUyMDlMLCAzMTk4MzQwMjE4TCwgMTE5MzI3MkwsIDE5MTIzMjMxMDFMLCA1Mjk3Nzc5MDk0TCwgMzA3MjA3MjA5TCwgMzIzMTU3MjYwOEwsIDMxOTgzNDAyMThMLCA1MTg5MjgxNTMxTCwgNTI3ODg5NTQ4TCwgNDk1MDYzNzM0MUwsIDI4MzkzNjY4MDVMLCAxMTE2NDU3MzU0TCwgNTI3ODg5NTQ4TCwgNTI5Nzc3OTA5NEwsIDMyNTA0MDc5OTNMLCA0NDU0MzA1NTgxTCwgNjUxMDM5MkwsIDMyNTA0MDc5OTNMLCAxNDYwODc0Mjg2TCwgMTA1OTAzNTEyOUwsIDMyMDAzNTk2MTJMLCA4NTM5MDUyMDlMLCAzMDcyMDcyMDlMLCAxNTY3NzkxMDFMLCAyMTQ1MzAxMzI4TCwgNTI3ODg5NTQ4TCwgMTA1OTAzNTEyOUwsIDU0NjgwMjUwNzJMLCAzNDQ4MDEzNTk2TCwgMjEwNzg5OTU1NEwsIDQxODkxMzcyMzVMLCAzNTAzNjc1OTA2TCwgMjY1MzQzNjExM0xd解题过程
而且小菜昨天偷听到了一部分关于情报的绝密资料,如下:N=5520780427 , e = 134257,你能帮小菜解出这段情报吗?
import base64,libnum enc = "WzI2NDAzMjMxMEwsIDQ5NTA2MzczNDFMLCA0MTg5MTM3MjM1TCwgMzUwMzY3NTkwNkwsIDExOTMyNzJMLCAzNzQ1MzA5NjhMLCA1MTg5MjgxNTMxTCwgMjUxNDIwMDI3MkwsIDQ0NTQzMDU1ODFMLCA2NDEwNzg1OTdMLCA0Mzk1OTMxNjU5TCwgMjcxNjQyNjU5OUwsIDQzNzUzOTE5NEwsIDM0NDgwMTM1OTZMLCAzMDcyMDcyMDlMLCA0NzUwODIwNjA2TCwgMzI1MDQwNzk5M0wsIDg1MzkwNTIwOUwsIDIxMDk3OTExNTlMLCAyNzE2NDI2NTk5TCwgMjEwNzg5OTU1NEwsIDQzOTU5MzE2NTlMLCAyNzk0Mzg0NTk4TCwgMjEwOTc5MTE1OUwsIDUyOTc3NzkwOTRMLCAxNDYwODc0Mjg2TCwgMTQ2MDg3NDI4NkwsIDc5NDkzMTY3OUwsIDc5NDkzMTY3OUwsIDU0NDcwNTE2MjJMLCA4NTM5MDUyMDlMLCAzMTk4MzQwMjE4TCwgMTE5MzI3MkwsIDE5MTIzMjMxMDFMLCA1Mjk3Nzc5MDk0TCwgMzA3MjA3MjA5TCwgMzIzMTU3MjYwOEwsIDMxOTgzNDAyMThMLCA1MTg5MjgxNTMxTCwgNTI3ODg5NTQ4TCwgNDk1MDYzNzM0MUwsIDI4MzkzNjY4MDVMLCAxMTE2NDU3MzU0TCwgNTI3ODg5NTQ4TCwgNTI5Nzc3OTA5NEwsIDMyNTA0MDc5OTNMLCA0NDU0MzA1NTgxTCwgNjUxMDM5MkwsIDMyNTA0MDc5OTNMLCAxNDYwODc0Mjg2TCwgMTA1OTAzNTEyOUwsIDMyMDAzNTk2MTJMLCA4NTM5MDUyMDlMLCAzMDcyMDcyMDlMLCAxNTY3NzkxMDFMLCAyMTQ1MzAxMzI4TCwgNTI3ODg5NTQ4TCwgMTA1OTAzNTEyOUwsIDU0NjgwMjUwNzJMLCAzNDQ4MDEzNTk2TCwgMjEwNzg5OTU1NEwsIDQxODkxMzcyMzVMLCAzNTAzNjc1OTA2TCwgMjY1MzQzNjExM0xd" enc = base64.b64decode(enc) enc_list = eval(enc) flag = "" print enc_list d = 3960784897 n = 5520780427 for i in range(len(enc_list)): m = pow(enc_list[i],d,n) flag += chr(m) print flag #U2FsdGVkX1/8DKBmhvO87/SOLaawwxvAdHLB9AV62nC6LhXzhatpvBcg6tlK7Fs5
des 解密下即可
jactf{So_easy_RSA_and_DES}
一共给了两个文件
encode.txt
int main() { string P("*****************"); string C("*****************"); int len = C.length(); for (int k = 0; k < len; k ++) { int where = des_find(P, C[k]); where = ((where * a) + b) mod x; cout << P[where]; } return 0; } int des_find(string p, int m) { for (int i = 0; i < p.length(); i++) { if (m == p[i]) { return i; } } }
题目.txt
现已知某间谍使用的密码本(这可是贝叶斯设计的密码本)如下:"elFXRVJUWVVJT1B4Y3Zibm1hc2RmQVNERkdISktMZ2hqa2xfcXdaWENWQk5NZXJ0e3l1aW9wfTAxMjM0OTg3NjU="解题过程
现获取到了他们的加密算法,同时劫获了一段数据密文:"gf9C{YQ34KHN3sOwhCz3RzH3CKj3Ndpm1Bt7"
你能破译出明文数据吗?
#include#include #define PSIZE 65 //宏定义密码表大小 using namespace std; int gcd(int m, int n); int init_gcd(int m, int n); int des_find(string p, int m); int main() { string P("zQWERTYUIOPxcvbnmasdfASDFGHJKLghjkl_qwZXCVBNMert{yuiop}0123498765"); string M("gf9C{YQ34KHN3sOwhCz3RzH3CKj3Ndpm1Bt7"); //明文空间,与已知密文 string C; //存放解密明文 int i = 2; //求解所有互素的数 int a1; //存放逆元 for (i; i < PSIZE; i++) { if (gcd(i, PSIZE) == 1) { //说明此时的i与28互素 /***求解此时的i的逆元***/ a1 = init_gcd(i, PSIZE); for (int j = 0; j < PSIZE; j++) //控制b的遍历 { cout << "此时:a=" << i << " b=" << j << " a的逆元为:" << a1 << " ""; for (int k = 0; k < M.length(); k++) { //每一个汉字站两个字节,所以要用两个数组空间来存 int where = des_find(P, M[k]); //匹配密文在明文空间的位置 where = ((where - j)*a1) % PSIZE; if (where < 0) { where += PSIZE; } cout << P[where]; } cout << """ << endl; } } } return 0; } int gcd(int b, int a) //求互素 { int temp; if (a < b)//判断大小 { temp = a; a = b; b = temp; } if (b == 0) return a; else return gcd(b, a%b);//递归 } int init_gcd(int m, int n) //扩展欧几里得算法 { int i = 2; for (i; i < 28; i++) { if ((m*i) % n == 1) { return i; } } } int des_find(string p, int m) //位置匹配函数 { for (int i = 0; i < p.length(); i ++) { //cout<
接下来的计划
总结下base家族
wasm
贝叶斯
关于字符向进制转化的算法与逆向
pyc 文件格式
des加密ebc cbc
文章版权归作者所有,未经允许请勿转载,若此文章存在违规行为,您可以联系管理员删除。
转载请注明本文地址:https://www.ucloud.cn/yun/31205.html
摘要:前言肝了一天,最后打了第三,记录下。同一样,它也将输入的字符串或数据编码成全是码的可打印字符串。 前言 肝了一天,最后打了第三,记录下。我逆向真的好菜啊~~~~ Reverse baby_reverse 加密函数如下 int __fastcall encode(const char *a1, __int64 a2) { char v3[32]; // [rsp+10h] [rbp-...
摘要:题目先屯一份打完取证回来慢慢的复现 题目先屯一份打完取证回来慢慢的复现~~ Reverse i can count - 50pts Lets do this together. You do know how to count, dont you? The .Wat ness - 250pts The .Wat ness is open for testing! http://wat...
阅读 1437·2021-09-28 09:44
阅读 2500·2021-09-28 09:36
阅读 1143·2021-09-08 09:35
阅读 1981·2019-08-29 13:50
阅读 809·2019-08-29 13:29
阅读 1129·2019-08-29 13:15
阅读 1723·2019-08-29 13:00
阅读 2987·2019-08-26 16:16