摘要:前言肝了一天,最后打了第三,記錄下。同一樣,它也將輸入的字符串或數(shù)據(jù)編碼成全是碼的可打印字符串。
前言
肝了一天,最后打了第三,記錄下。
我逆向真的好菜啊~~~~
加密函數(shù)如下
int __fastcall encode(const char *a1, __int64 a2) { char v3[32]; // [rsp+10h] [rbp-70h] char v4[32]; // [rsp+30h] [rbp-50h] char v5[36]; // [rsp+50h] [rbp-30h] int v6; // [rsp+74h] [rbp-Ch] int v7; // [rsp+78h] [rbp-8h] int i; // [rsp+7Ch] [rbp-4h] v7 = 18; i = 0; v6 = 0; if ( strlen(a1) != 18 ) return puts("Your Length is Wrong"); puts("flag{This_1s_f4cker_flag}"); for ( i = 0; i < v7; i += 3 ) { v5[i] = v7 ^ (a1[i] + 6); v4[i + 1] = (a1[i + 1] - 6) ^ v7; v3[i + 2] = a1[i + 2] ^ 6 ^ v7; *(_BYTE *)(a2 + i) = v5[i]; *(_BYTE *)(a2 + i + 1LL) = v4[i + 1]; *(_BYTE *)(a2 + i + 2LL) = v3[i + 2]; } return a2; }
很簡單得加密函數(shù)
一共分為三組
key = "bIwhroo8cwqgwrxusi" flag = "" for i in range(0,18,3): flag += chr((ord(key[i])^18) - 6) + chr((ord(key[i+1])^18) + 6) + chr(ord(key[i+2])^6^18) print flag #jactf{w0w_is_flag}Replace
加密函數(shù)如下
v2 = a1; if ( a2 != 35 ) return -1; v4 = 0; while ( 1 ) { v5 = *(_BYTE *)(v4 + v2); v6 = (v5 >> 4) % 16; v7 = (16 * v5 >> 4) % 16; v8 = byte_402150[2 * v4]; if ( v8 < 48 || v8 > 57 ) v9 = v8 - 87; else v9 = v8 - 48; v10 = byte_402151[2 * v4]; v11 = 16 * v9; if ( v10 < 48 || v10 > 57 ) v12 = v10 - 87; else v12 = v10 - 48; if ( (unsigned __int8)byte_4021A0[16 * v6 + v7] != ((v11 + v12) ^ 0x19) ) break; if ( ++v4 >= 35 ) return 1; } return -1;
這是爆破的思路
import string byte_402150 = [0x32, 0x61, 0x34, 0x39, 0x66, 0x36, 0x39, 0x63, 0x33, 0x38, 0x33, 0x39, 0x35, 0x63, 0x64, 0x65, 0x39, 0x36, 0x64, 0x36, 0x64, 0x65, 0x39, 0x36, 0x64, 0x36, 0x66, 0x34, 0x65, 0x30, 0x32, 0x35, 0x34, 0x38, 0x34, 0x39, 0x35, 0x34, 0x64, 0x36,0x31, 0x39, 0x35, 0x34, 0x34, 0x38, 0x64, 0x65, 0x66, 0x36, 0x65, 0x32, 0x64, 0x61, 0x64, 0x36, 0x37, 0x37, 0x38, 0x36, 0x65, 0x32, 0x31, 0x64, 0x35, 0x61, 0x64,0x61, 0x65, 0x36, 0x00] byte_4021A0 = [0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75, 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8, 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73, 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB, 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08, 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A, 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16] flag="" v4=0 dic=string.ascii_lowercase+string.ascii_uppercase+string.digits+"{}_!%^&" while(v4<35): v8 = byte_402150[2*v4] if (v8 < 48 or v8 > 57): v9 = v8 - 87 else: v9 = v8 -48 v10 = byte_402150[2*v4+1] v11 = 16 * v9 if(v10 < 48 or v10 >57): v12 = v10 -87 else: v12 = v10 -48 for i in dic: v6 = (ord(i)>>4)%16 v7 = (16*ord(i)>>4)%16 if(byte_4021A0[16*v6 + v7]==(v11+v12)^0x19): flag += i break v4 += 1 print flag #flag{Th1s_1s_Simple_Rep1ac3_Enc0d3}
貼一下大佬用z3解的腳本
#-*-coding:utf-8 -*- #flag{Th1s_1s_Simple_Rep1ac3_Enc0d3} list_flag = [51, 80, 239, 133, 33, 32, 69, 199, 143, 207, 199, 143, 207, 237, 249, 60, 81, 80, 77, 207, 0, 77, 81, 199, 239, 251, 195, 207, 110, 159, 251, 4, 67, 195, 255] byte_4021A0 = [99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118, 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192, 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21, 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117, 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132, 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210, 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115, 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187] from z3 import * def z3_solve(res_flag,byte_4021A0,flag1): solve_flag = Solver() flag2 = [] for i in range(35): flag2.append(BitVec("v"+str(i),8)) for i in range(35): solve_flag.add(( (16 * ((flag2[i] >> 4) % 16))+(16 * flag2[i] >> 4) % 16)== flag1[i]) check_flag = solve_flag.check() print check_flag,type(check_flag) res_model = solve_flag.model() flag_final = "" for i in range(35): flag_chr =("%s"%(res_model[flag2[i]])) flag_final = flag_final + chr(int(flag_chr)) print flag_final def res_find(list_flag,byte_4021A0): list_find = [] for i in list_flag: res = byte_4021A0.index(i) list_find.append(res) return list_find if __name__ == "__main__": res = res_find(list_flag,byte_4021A0) # for i in res: # print i z3_solve(list_flag,byte_4021A0,res) print "Finish "Misc 真的不是圖片
題目給了一張圖片,binwalk一下
pumpkin9@pumpkin9:/mnt/c/Users/Desktop/juean$ binwalk Misc-JASEC.png DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 PNG image, 824 x 639, 8-bit/color RGB, non-interlaced 91 0x5B Zlib compressed data, compressed 140598 0x22536 End of Zip archive, footer length: 22
題目中有zip,和正常壓縮包圖片對比一下
emmm
反正是少了個zip頭了
可以發(fā)現(xiàn) 50 4B 03 04 被替換成了ja66
pumpkin9@pumpkin9:/mnt/c/Users/Desktop/juean$ binwalk Misc-JASEC.png DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 PNG image, 824 x 639, 8-bit/color RGB, non-interlaced 91 0x5B Zlib compressed data, compressed 137859 0x21A83 Zip archive data, at least v2.0 to extract, compressed size: 2605, uncompressed size: 11258, name: subject.zip 140598 0x22536 End of Zip archive, footer length: 22
然后foremost分離
ja66解壓縮
import base64 flag = "" for i in range(0,32): f = open("./"+str(i)+"/"+str(i)+".txt","r") flag += f.read() print base64.b64decode(flag) #jactf{64se64_1s_50_c001}what 題目描述
=E4=BD=9B=E6=9B=B0=EF=BC=9A=E6=A2=B5=E5=83=A7=E5=A5=A2=E6=A5=9E=E5=A5=A2=E5=90=89=E8=8B=A5=E5=A5=A2=E4=B8=8D=E5=B8=9D=E5=86=A5=E5=A4=9C=E6=98=AF=E7=BC=BD=E6=9C=8B=E7=BC=BD=E7=9C=9F=E7=89=B9=E4=BF=B1=E4=B8=8A=E7=BD=B0=E8=83=BD=E7=9A=A4=E5=AE=A4=E9=98=BF=E8=AB=B3=E6=98=8E=E4=B8=80=E5=88=87=E5=91=90=E9=99=A4=E6=A2=B5=E5=A7=AA=E7=BC=BD=E5=A9=86=E5=91=90=E4=BA=A6=E5=8F=83=E4=BE=84=E5=91=BC=E7=9A=A4=E4=B8=96=E5=93=86=E7=89=B9=E5=93=86=E6=95=85=E5=8B=9D=E8=AB=B3=E7=88=8D=E8=AC=B9=E6=99=BA=E7=9A=A4=E5=8F=83=E5=AD=95=E9=80=9D=E8=AB=B3=E8=AC=B9=E6=BC=AB=E6=AD=BB=E5=8D=B3=E4=BE=84=E9=99=A4=E5=93=86=E9=80=9D=E4=BE=84=E6=98=AF=E5=A5=A2=E5=96=9D=E7=A4=99=E8=B1=86=E8=AB=B3=E6=A5=9E=E7=84=A1=E4=BF=B1=E8=80=85=E5=93=86=E5=BA=A6=E8=80=85=E3=80=82=E8=AB=B3=E7=9C=9F=E5=86=A5=E8=A8=B6=E4=BE=84=E5=8B=9D=E7=AB=9F=E8=97=9D=E5=A5=A2=E4=B8=8D=E4=BC=8A=E7=9A=A4=E8=AC=B9=E6=B6=85=E5=AD=95=E7=84=A1=E4=BB=96=E7=BE=85=E5=A4=A7=E5=BE=97=E9=97=8D=E5=93=86=E5=96=9D=E8=80=B6=E5=83=A7=E7=84=A1=E7=BE=AF=E6=BB=85=E9=99=A4=E5=88=A9=E7=BC=BD=E5=A4=9A=E6=A2=B5=E5=A4=B7=E6=A2=B5=E6=A0=97=E7=BC=BD=E8=80=85=E5=AD=95=E8=AB=B3=E7=9B=A7=E7=9A=A4=E4=B8=89=E7=BD=B0=E5=AF=AB=E8=80=81=E6=A2=B5=E8=80=B6=E5=AE=A4=E5=B8=9D=E6=A2=B5=E5=AF=AB=E7=BE=AF=E6=95=B8=E6=A2=B5=E7=9B=A1=E4=BE=84=E6=A0=97=E4=BE=84=E8=97=90=E4=BF=B1=E4=B8=96=E8=AB=B3=E4=B8=8A=E8=AB=B3=E5=A7=AA=E6=95=B8=E5=AE=A4=E5=A9=86=E7=BD=B0=E6=A7=83=E5=A5=A2=E8=A8=B6=E5=93=86=E5=A4=9A=E9=80=9D=E8=97=90=E9=81=93=E6=A2=B5=E6=A5=9E=E6=A2=B5=E5=8D=97=E4=BE=84=E8=BF=A6=E5=91=90=E7=9F=A5=E6=9C=8B=E6=A5=9E=E4=BE=84=E9=9B=A2=E5=91=90=E6=B2=99=E5=91=90=E6=99=BA=E9=81=AE=E5=A4=A7=E5=AE=A4=E7=A5=9E=E5=86=A5=E8=BC=B8=E6=AE=BF=E7=BC=BD=E6=A7=83=E6=A2=B5=E6=80=9B=E6=81=90=E8=88=8D=E7=9F=A5=E7=9A=A4=E8=BF=A6=E5=A5=A2=E8=88=AC=E8=AB=B3=E7=88=8D=E5=AF=AB=E6=BC=AB=E4=BC=8A=E4=BF=B1=E6=A0=97=E5=93=86=E4=BB=96=E4=BA=A6=E7=BC=BD=E6=A5=9E=E6=80=9B=E5=86=A5=E5=91=BC=E5=88=87=E4=BF=B1=E8=8F=A9=E8=88=8D=E5=91=90=E5=AF=A6=E6=A0=97=E5=A5=A2=E6=B3=A2=E6=91=A9=E8=AB=B3=E9=81=93=E7=BC=BD=E7=91=9F=E5=93=86=E5=AF=A6=E7=9A=A4=E7=88=8D=E5=8B=9D=E8=96=A9=E7=BD=B0=E8=AB=B8=E5=A5=A2=E8=88=AC=E8=AB=A6=E7=BD=B0=E6=98=8E=E7=BC=BD=E8=AB=A6=E5=B0=BC=E5=93=86=E6=A5=9E=E4=BD=9B=E4=BF=B1=E9=86=AF=E8=AB=B3=E6=BB=85=E5=BA=A6=E5=93=86=E6=89=80=E6=A7=83=E5=A7=AA=E9=BA=BC=E6=89=80=E6=81=90=E8=AB=B3=E4=BB=96=E4=BE=84=E5=AF=AB=E7=91=9F=E4=BE=84=E6=89=80=E5=BE=97=E9=9A=B8=E5=93=86=E9=97=8D=E5=91=90=E6=8F=90=E7=9B=A7=E5=86=A5=E5=92=92=E5=A5=A2=E6=9B=B0=E5=91=90=E6=B2=99=E6=80=AF=E8=88=AC=E5=8D=97=E6=80=AF=E5=9C=B0=E7=BC=BD=E5=96=9D=E5=86=A5=E6=83=B3=E5=91=90=E7=9B=A7=E7=BD=B0=E8=AC=B9=E5=91=BC=E8=B7=8B=E7=BC=BD=E4=B8=8A=E5=A8=91=E8=AB=A6=E6=AD=BB=E4=BE=84=E8=BF=A6
解題過程Quoted-Printable也是MIME郵件中常用的編碼方式之一。同Base64一樣,它也將輸入的字符串或數(shù)據(jù)編碼成全是ASCII碼的可打印字符串。
quopri
quopri.decodestring()解碼可得
佛曰:梵僧奢楞奢吉若奢不帝冥夜是缽朋缽真特俱上罰能皤室阿諳明一切吶除梵姪缽婆吶亦參侄呼皤世哆特哆故勝諳爍謹(jǐn)智皤參孕逝諳謹(jǐn)漫死即侄除哆逝侄是奢喝礙豆諳楞無俱者哆度者。諳真冥訶侄勝竟藝奢不伊皤謹(jǐn)涅孕無他羅大得闍哆喝耶僧無羯滅除利缽多梵夷梵栗缽者孕諳盧皤三罰寫老梵耶室帝梵寫羯數(shù)梵盡侄栗侄藐俱世諳上諳姪數(shù)室婆罰槃奢訶哆多逝藐道梵楞梵南侄迦吶知朋楞侄離吶沙吶智遮大室神冥輸?shù)罾彉勮筲蚩稚嶂壬莅阒O爍寫漫伊俱栗哆他亦缽楞怛冥呼切俱菩舍吶實(shí)栗奢波摩諳道缽瑟哆實(shí)皤爍勝薩罰諸奢般諦罰明缽諦尼哆楞佛俱醯諳滅度哆所槃姪麼所恐諳他侄寫瑟侄所得隸哆闍吶提盧冥咒奢曰吶沙怯般南怯地缽喝冥想?yún)缺R罰謹(jǐn)呼跋缽上娑諦死侄迦
參悟佛所言的真意
公正友善自由公正民主公正和諧法治自由公正公正法治友善平等公正愛國公正平等法治愛國公正敬業(yè)公正友善愛國平等誠信平等法治敬業(yè)法治平等公正公正公正誠信平等平等友善敬業(yè)法治民主法治富強(qiáng)法治友善法治
社會主義核心價值觀解碼得flag
jactf{hexin_yufo_qp}
生成字典爆破
crunch 11 11 -t 138364%%%%% -o/root/桌面/test.txt aircrack-ng -w /root/桌面/test.txt Tenda_D07D90-01.capCrypto 貝斯家族三英戰(zhàn)群魔
直接上腳本
$ python base.py ciphertext_ea88a4d420c804686a8899608e06130f.txt 1 using base16 decode sucess..... 2 using base16 decode failuer..... using base32 decode sucess..... 3 using base16 decode failuer..... using base32 decode failuer..... using base64 decode sucess..... 4 using base16 decode sucess..... 5 using base16 decode failuer..... using base32 decode sucess..... 6 using base16 decode failuer..... using base32 decode failuer..... using base64 decode sucess..... 7 using base16 decode sucess..... 8 using base16 decode failuer..... using base32 decode sucess..... 9 using base16 decode failuer..... using base32 decode failuer..... using base64 decode sucess..... 10 using base16 decode sucess..... 11 using base16 decode failuer..... using base32 decode sucess..... 12 using base16 decode failuer..... using base32 decode failuer..... using base64 decode sucess..... 13 using base16 decode failuer..... using base32 decode failuer..... using base64 decode failuer..... jactf{4(b64_32_16)}羅馬帝國的奠基者
根據(jù)凱撒加密方式和flag格式可得
a = "h^_o`[pZi^i`" b = "" for j in range(0,90): b= "" for i in range(len(a)): b += chr(ord(a[i])+i+2) print b絕密情報 題目描述
WzI2NDAzMjMxMEwsIDQ5NTA2MzczNDFMLCA0MTg5MTM3MjM1TCwgMzUwMzY3NTkwNkwsIDExOTMyNzJMLCAzNzQ1MzA5NjhMLCA1MTg5MjgxNTMxTCwgMjUxNDIwMDI3MkwsIDQ0NTQzMDU1ODFMLCA2NDEwNzg1OTdMLCA0Mzk1OTMxNjU5TCwgMjcxNjQyNjU5OUwsIDQzNzUzOTE5NEwsIDM0NDgwMTM1OTZMLCAzMDcyMDcyMDlMLCA0NzUwODIwNjA2TCwgMzI1MDQwNzk5M0wsIDg1MzkwNTIwOUwsIDIxMDk3OTExNTlMLCAyNzE2NDI2NTk5TCwgMjEwNzg5OTU1NEwsIDQzOTU5MzE2NTlMLCAyNzk0Mzg0NTk4TCwgMjEwOTc5MTE1OUwsIDUyOTc3NzkwOTRMLCAxNDYwODc0Mjg2TCwgMTQ2MDg3NDI4NkwsIDc5NDkzMTY3OUwsIDc5NDkzMTY3OUwsIDU0NDcwNTE2MjJMLCA4NTM5MDUyMDlMLCAzMTk4MzQwMjE4TCwgMTE5MzI3MkwsIDE5MTIzMjMxMDFMLCA1Mjk3Nzc5MDk0TCwgMzA3MjA3MjA5TCwgMzIzMTU3MjYwOEwsIDMxOTgzNDAyMThMLCA1MTg5MjgxNTMxTCwgNTI3ODg5NTQ4TCwgNDk1MDYzNzM0MUwsIDI4MzkzNjY4MDVMLCAxMTE2NDU3MzU0TCwgNTI3ODg5NTQ4TCwgNTI5Nzc3OTA5NEwsIDMyNTA0MDc5OTNMLCA0NDU0MzA1NTgxTCwgNjUxMDM5MkwsIDMyNTA0MDc5OTNMLCAxNDYwODc0Mjg2TCwgMTA1OTAzNTEyOUwsIDMyMDAzNTk2MTJMLCA4NTM5MDUyMDlMLCAzMDcyMDcyMDlMLCAxNTY3NzkxMDFMLCAyMTQ1MzAxMzI4TCwgNTI3ODg5NTQ4TCwgMTA1OTAzNTEyOUwsIDU0NjgwMjUwNzJMLCAzNDQ4MDEzNTk2TCwgMjEwNzg5OTU1NEwsIDQxODkxMzcyMzVMLCAzNTAzNjc1OTA2TCwgMjY1MzQzNjExM0xd解題過程
而且小菜昨天偷聽到了一部分關(guān)于情報的絕密資料,如下:N=5520780427 , e = 134257,你能幫小菜解出這段情報嗎?
import base64,libnum enc = "WzI2NDAzMjMxMEwsIDQ5NTA2MzczNDFMLCA0MTg5MTM3MjM1TCwgMzUwMzY3NTkwNkwsIDExOTMyNzJMLCAzNzQ1MzA5NjhMLCA1MTg5MjgxNTMxTCwgMjUxNDIwMDI3MkwsIDQ0NTQzMDU1ODFMLCA2NDEwNzg1OTdMLCA0Mzk1OTMxNjU5TCwgMjcxNjQyNjU5OUwsIDQzNzUzOTE5NEwsIDM0NDgwMTM1OTZMLCAzMDcyMDcyMDlMLCA0NzUwODIwNjA2TCwgMzI1MDQwNzk5M0wsIDg1MzkwNTIwOUwsIDIxMDk3OTExNTlMLCAyNzE2NDI2NTk5TCwgMjEwNzg5OTU1NEwsIDQzOTU5MzE2NTlMLCAyNzk0Mzg0NTk4TCwgMjEwOTc5MTE1OUwsIDUyOTc3NzkwOTRMLCAxNDYwODc0Mjg2TCwgMTQ2MDg3NDI4NkwsIDc5NDkzMTY3OUwsIDc5NDkzMTY3OUwsIDU0NDcwNTE2MjJMLCA4NTM5MDUyMDlMLCAzMTk4MzQwMjE4TCwgMTE5MzI3MkwsIDE5MTIzMjMxMDFMLCA1Mjk3Nzc5MDk0TCwgMzA3MjA3MjA5TCwgMzIzMTU3MjYwOEwsIDMxOTgzNDAyMThMLCA1MTg5MjgxNTMxTCwgNTI3ODg5NTQ4TCwgNDk1MDYzNzM0MUwsIDI4MzkzNjY4MDVMLCAxMTE2NDU3MzU0TCwgNTI3ODg5NTQ4TCwgNTI5Nzc3OTA5NEwsIDMyNTA0MDc5OTNMLCA0NDU0MzA1NTgxTCwgNjUxMDM5MkwsIDMyNTA0MDc5OTNMLCAxNDYwODc0Mjg2TCwgMTA1OTAzNTEyOUwsIDMyMDAzNTk2MTJMLCA4NTM5MDUyMDlMLCAzMDcyMDcyMDlMLCAxNTY3NzkxMDFMLCAyMTQ1MzAxMzI4TCwgNTI3ODg5NTQ4TCwgMTA1OTAzNTEyOUwsIDU0NjgwMjUwNzJMLCAzNDQ4MDEzNTk2TCwgMjEwNzg5OTU1NEwsIDQxODkxMzcyMzVMLCAzNTAzNjc1OTA2TCwgMjY1MzQzNjExM0xd" enc = base64.b64decode(enc) enc_list = eval(enc) flag = "" print enc_list d = 3960784897 n = 5520780427 for i in range(len(enc_list)): m = pow(enc_list[i],d,n) flag += chr(m) print flag #U2FsdGVkX1/8DKBmhvO87/SOLaawwxvAdHLB9AV62nC6LhXzhatpvBcg6tlK7Fs5
des 解密下即可
jactf{So_easy_RSA_and_DES}
一共給了兩個文件
encode.txt
int main() { string P("*****************"); string C("*****************"); int len = C.length(); for (int k = 0; k < len; k ++) { int where = des_find(P, C[k]); where = ((where * a) + b) mod x; cout << P[where]; } return 0; } int des_find(string p, int m) { for (int i = 0; i < p.length(); i++) { if (m == p[i]) { return i; } } }
題目.txt
現(xiàn)已知某間諜使用的密碼本(這可是貝葉斯設(shè)計的密碼本)如下:"elFXRVJUWVVJT1B4Y3Zibm1hc2RmQVNERkdISktMZ2hqa2xfcXdaWENWQk5NZXJ0e3l1aW9wfTAxMjM0OTg3NjU="解題過程
現(xiàn)獲取到了他們的加密算法,同時劫獲了一段數(shù)據(jù)密文:"gf9C{YQ34KHN3sOwhCz3RzH3CKj3Ndpm1Bt7"
你能破譯出明文數(shù)據(jù)嗎?
#include#include #define PSIZE 65 //宏定義密碼表大小 using namespace std; int gcd(int m, int n); int init_gcd(int m, int n); int des_find(string p, int m); int main() { string P("zQWERTYUIOPxcvbnmasdfASDFGHJKLghjkl_qwZXCVBNMert{yuiop}0123498765"); string M("gf9C{YQ34KHN3sOwhCz3RzH3CKj3Ndpm1Bt7"); //明文空間,與已知密文 string C; //存放解密明文 int i = 2; //求解所有互素的數(shù) int a1; //存放逆元 for (i; i < PSIZE; i++) { if (gcd(i, PSIZE) == 1) { //說明此時的i與28互素 /***求解此時的i的逆元***/ a1 = init_gcd(i, PSIZE); for (int j = 0; j < PSIZE; j++) //控制b的遍歷 { cout << "此時:a=" << i << " b=" << j << " a的逆元為:" << a1 << " ""; for (int k = 0; k < M.length(); k++) { //每一個漢字站兩個字節(jié),所以要用兩個數(shù)組空間來存 int where = des_find(P, M[k]); //匹配密文在明文空間的位置 where = ((where - j)*a1) % PSIZE; if (where < 0) { where += PSIZE; } cout << P[where]; } cout << """ << endl; } } } return 0; } int gcd(int b, int a) //求互素 { int temp; if (a < b)//判斷大小 { temp = a; a = b; b = temp; } if (b == 0) return a; else return gcd(b, a%b);//遞歸 } int init_gcd(int m, int n) //擴(kuò)展歐幾里得算法 { int i = 2; for (i; i < 28; i++) { if ((m*i) % n == 1) { return i; } } } int des_find(string p, int m) //位置匹配函數(shù) { for (int i = 0; i < p.length(); i ++) { //cout<
接下來的計劃
總結(jié)下base家族
wasm
貝葉斯
關(guān)于字符向進(jìn)制轉(zhuǎn)化的算法與逆向
pyc 文件格式
des加密ebc cbc
文章版權(quán)歸作者所有,未經(jīng)允許請勿轉(zhuǎn)載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除。
轉(zhuǎn)載請注明本文地址:http://specialneedsforspecialkids.com/yun/31205.html
摘要:前言肝了一天,最后打了第三,記錄下。同一樣,它也將輸入的字符串或數(shù)據(jù)編碼成全是碼的可打印字符串。 前言 肝了一天,最后打了第三,記錄下。我逆向真的好菜啊~~~~ Reverse baby_reverse 加密函數(shù)如下 int __fastcall encode(const char *a1, __int64 a2) { char v3[32]; // [rsp+10h] [rbp-...
摘要:題目先屯一份打完取證回來慢慢的復(fù)現(xiàn) 題目先屯一份打完取證回來慢慢的復(fù)現(xiàn)~~ Reverse i can count - 50pts Lets do this together. You do know how to count, dont you? The .Wat ness - 250pts The .Wat ness is open for testing! http://wat...
閱讀 1438·2021-09-28 09:44
閱讀 2501·2021-09-28 09:36
閱讀 1144·2021-09-08 09:35
閱讀 1982·2019-08-29 13:50
閱讀 810·2019-08-29 13:29
閱讀 1130·2019-08-29 13:15
閱讀 1724·2019-08-29 13:00
閱讀 2988·2019-08-26 16:16