国产xxxx99真实实拍_久久不雅视频_高清韩国a级特黄毛片_嗯老师别我我受不了了小说

資訊專(zhuān)欄INFORMATION COLUMN

2019 “掘安杯” write up

Jochen / 1441人閱讀

摘要:前言肝了一天,最后打了第三,記錄下。同一樣,它也將輸入的字符串或數(shù)據(jù)編碼成全是碼的可打印字符串。

前言

肝了一天,最后打了第三,記錄下。
我逆向真的好菜啊~~~~

Reverse baby_reverse

加密函數(shù)如下

int __fastcall encode(const char *a1, __int64 a2)
{
  char v3[32]; // [rsp+10h] [rbp-70h]
  char v4[32]; // [rsp+30h] [rbp-50h]
  char v5[36]; // [rsp+50h] [rbp-30h]
  int v6; // [rsp+74h] [rbp-Ch]
  int v7; // [rsp+78h] [rbp-8h]
  int i; // [rsp+7Ch] [rbp-4h]

  v7 = 18;
  i = 0;
  v6 = 0;
  if ( strlen(a1) != 18 )
    return puts("Your Length is Wrong");
  puts("flag{This_1s_f4cker_flag}");
  for ( i = 0; i < v7; i += 3 )
  {
    v5[i] = v7 ^ (a1[i] + 6);
    v4[i + 1] = (a1[i + 1] - 6) ^ v7;
    v3[i + 2] = a1[i + 2] ^ 6 ^ v7;
    *(_BYTE *)(a2 + i) = v5[i];
    *(_BYTE *)(a2 + i + 1LL) = v4[i + 1];
    *(_BYTE *)(a2 + i + 2LL) = v3[i + 2];
  }
  return a2;
}

很簡(jiǎn)單得加密函數(shù)
一共分為三組

key = "bIwhroo8cwqgwrxusi"
flag = ""
for i in range(0,18,3):
  flag += chr((ord(key[i])^18) - 6) + chr((ord(key[i+1])^18) + 6) + chr(ord(key[i+2])^6^18)
print flag
#jactf{w0w_is_flag}
Replace

加密函數(shù)如下

v2 = a1;
  if ( a2 != 35 )
    return -1;
  v4 = 0;
  while ( 1 )
  {
    v5 = *(_BYTE *)(v4 + v2);
    v6 = (v5 >> 4) % 16;
    v7 = (16 * v5 >> 4) % 16;
    v8 = byte_402150[2 * v4];
    if ( v8 < 48 || v8 > 57 )
      v9 = v8 - 87;
    else
      v9 = v8 - 48;
    v10 = byte_402151[2 * v4];
    v11 = 16 * v9;
    if ( v10 < 48 || v10 > 57 )
      v12 = v10 - 87;
    else
      v12 = v10 - 48;
    if ( (unsigned __int8)byte_4021A0[16 * v6 + v7] != ((v11 + v12) ^ 0x19) )
      break;
    if ( ++v4 >= 35 )
      return 1;
  }
  return -1;

這是爆破的思路

import string
byte_402150 = [0x32, 0x61, 0x34, 0x39, 0x66, 0x36, 0x39, 0x63, 0x33, 0x38, 0x33, 0x39, 0x35, 0x63, 0x64, 0x65, 0x39, 0x36, 0x64, 0x36, 0x64, 0x65, 0x39, 0x36, 0x64, 0x36, 0x66, 0x34, 0x65, 0x30, 0x32, 0x35, 0x34, 0x38, 0x34, 0x39, 0x35, 0x34, 0x64, 0x36,0x31, 0x39, 0x35, 0x34, 0x34, 0x38, 0x64, 0x65, 0x66, 0x36, 0x65, 0x32, 0x64, 0x61, 0x64, 0x36, 0x37, 0x37, 0x38, 0x36, 0x65, 0x32, 0x31, 0x64, 0x35, 0x61, 0x64,0x61, 0x65, 0x36, 0x00]
byte_4021A0 = [0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 
  0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, 0xCA, 0x82, 0xC9, 0x7D, 
  0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 
  0x72, 0xC0, 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 
  0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, 0x04, 0xC7, 
  0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 
  0xEB, 0x27, 0xB2, 0x75, 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 
  0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, 
  0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 
  0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, 0xD0, 0xEF, 0xAA, 0xFB, 
  0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 
  0x9F, 0xA8, 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 
  0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, 0xCD, 0x0C, 
  0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 
  0x64, 0x5D, 0x19, 0x73, 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 
  0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB, 
  0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 
  0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, 0xE7, 0xC8, 0x37, 0x6D, 
  0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 
  0xAE, 0x08, 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 
  0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A, 0x70, 0x3E, 
  0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 
  0x86, 0xC1, 0x1D, 0x9E, 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 
  0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, 
  0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 
  0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16]
flag=""
v4=0
dic=string.ascii_lowercase+string.ascii_uppercase+string.digits+"{}_!%^&"
while(v4<35):
  v8 = byte_402150[2*v4]
  if (v8 < 48 or v8 > 57):
    v9 = v8 - 87
  else:
    v9 = v8 -48
  v10 = byte_402150[2*v4+1]
  v11 = 16 * v9
  if(v10 < 48 or v10 >57):
    v12 = v10 -87
  else:
    v12 = v10 -48
  for i in dic:
    v6 = (ord(i)>>4)%16
    v7 = (16*ord(i)>>4)%16
    if(byte_4021A0[16*v6 + v7]==(v11+v12)^0x19):
      flag += i
      break

  v4 += 1
print flag
#flag{Th1s_1s_Simple_Rep1ac3_Enc0d3}

貼一下大佬用z3解的腳本

#-*-coding:utf-8 -*-

#flag{Th1s_1s_Simple_Rep1ac3_Enc0d3}
list_flag = [51, 80, 239, 133, 33, 32, 69, 199, 143, 207, 199, 143, 207, 237, 249, 60, 81, 80, 77, 207, 0, 77, 81, 199, 239, 251, 195, 207, 110, 159, 251, 4, 67, 195, 255]
byte_4021A0 = [99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118, 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192, 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21, 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117, 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132, 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210, 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115, 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187]
from z3 import *

def z3_solve(res_flag,byte_4021A0,flag1):

    solve_flag = Solver()
    flag2 = []
    for i in range(35):
        flag2.append(BitVec("v"+str(i),8))
    for i in range(35):
        solve_flag.add(( (16 * ((flag2[i] >> 4) % 16))+(16 * flag2[i] >> 4) % 16)== flag1[i])
    check_flag = solve_flag.check()
    print check_flag,type(check_flag)
    res_model = solve_flag.model()
    flag_final = ""
    for i in range(35):
        flag_chr =("%s"%(res_model[flag2[i]]))
        flag_final  = flag_final + chr(int(flag_chr))
    print flag_final
def res_find(list_flag,byte_4021A0):
    list_find = []
    for i in list_flag:
        res = byte_4021A0.index(i)
        list_find.append(res)
    return list_find
if __name__ == "__main__":

    res = res_find(list_flag,byte_4021A0)
    # for i in res:
    #     print i
    z3_solve(list_flag,byte_4021A0,res)
    print "Finish
"
Misc 真的不是圖片

題目給了一張圖片,binwalk一下

pumpkin9@pumpkin9:/mnt/c/Users/Desktop/juean$ binwalk Misc-JASEC.png

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             PNG image, 824 x 639, 8-bit/color RGB, non-interlaced
91            0x5B            Zlib compressed data, compressed
140598        0x22536         End of Zip archive, footer length: 22

題目中有zip,和正常壓縮包圖片對(duì)比一下
emmm
反正是少了個(gè)zip頭了


可以發(fā)現(xiàn) 50 4B 03 04 被替換成了ja66

pumpkin9@pumpkin9:/mnt/c/Users/Desktop/juean$ binwalk Misc-JASEC.png

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             PNG image, 824 x 639, 8-bit/color RGB, non-interlaced
91            0x5B            Zlib compressed data, compressed
137859        0x21A83         Zip archive data, at least v2.0 to extract, compressed size: 2605, uncompressed size: 11258, name: subject.zip
140598        0x22536         End of Zip archive, footer length: 22

然后foremost分離
ja66解壓縮

import base64
flag = ""
for i in range(0,32):
    f = open("./"+str(i)+"/"+str(i)+".txt","r")
    flag += f.read()
print base64.b64decode(flag)
#jactf{64se64_1s_50_c001}
what 題目描述

=E4=BD=9B=E6=9B=B0=EF=BC=9A=E6=A2=B5=E5=83=A7=E5=A5=A2=E6=A5=9E=E5=A5=A2=E5=90=89=E8=8B=A5=E5=A5=A2=E4=B8=8D=E5=B8=9D=E5=86=A5=E5=A4=9C=E6=98=AF=E7=BC=BD=E6=9C=8B=E7=BC=BD=E7=9C=9F=E7=89=B9=E4=BF=B1=E4=B8=8A=E7=BD=B0=E8=83=BD=E7=9A=A4=E5=AE=A4=E9=98=BF=E8=AB=B3=E6=98=8E=E4=B8=80=E5=88=87=E5=91=90=E9=99=A4=E6=A2=B5=E5=A7=AA=E7=BC=BD=E5=A9=86=E5=91=90=E4=BA=A6=E5=8F=83=E4=BE=84=E5=91=BC=E7=9A=A4=E4=B8=96=E5=93=86=E7=89=B9=E5=93=86=E6=95=85=E5=8B=9D=E8=AB=B3=E7=88=8D=E8=AC=B9=E6=99=BA=E7=9A=A4=E5=8F=83=E5=AD=95=E9=80=9D=E8=AB=B3=E8=AC=B9=E6=BC=AB=E6=AD=BB=E5=8D=B3=E4=BE=84=E9=99=A4=E5=93=86=E9=80=9D=E4=BE=84=E6=98=AF=E5=A5=A2=E5=96=9D=E7=A4=99=E8=B1=86=E8=AB=B3=E6=A5=9E=E7=84=A1=E4=BF=B1=E8=80=85=E5=93=86=E5=BA=A6=E8=80=85=E3=80=82=E8=AB=B3=E7=9C=9F=E5=86=A5=E8=A8=B6=E4=BE=84=E5=8B=9D=E7=AB=9F=E8=97=9D=E5=A5=A2=E4=B8=8D=E4=BC=8A=E7=9A=A4=E8=AC=B9=E6=B6=85=E5=AD=95=E7=84=A1=E4=BB=96=E7=BE=85=E5=A4=A7=E5=BE=97=E9=97=8D=E5=93=86=E5=96=9D=E8=80=B6=E5=83=A7=E7=84=A1=E7=BE=AF=E6=BB=85=E9=99=A4=E5=88=A9=E7=BC=BD=E5=A4=9A=E6=A2=B5=E5=A4=B7=E6=A2=B5=E6=A0=97=E7=BC=BD=E8=80=85=E5=AD=95=E8=AB=B3=E7=9B=A7=E7=9A=A4=E4=B8=89=E7=BD=B0=E5=AF=AB=E8=80=81=E6=A2=B5=E8=80=B6=E5=AE=A4=E5=B8=9D=E6=A2=B5=E5=AF=AB=E7=BE=AF=E6=95=B8=E6=A2=B5=E7=9B=A1=E4=BE=84=E6=A0=97=E4=BE=84=E8=97=90=E4=BF=B1=E4=B8=96=E8=AB=B3=E4=B8=8A=E8=AB=B3=E5=A7=AA=E6=95=B8=E5=AE=A4=E5=A9=86=E7=BD=B0=E6=A7=83=E5=A5=A2=E8=A8=B6=E5=93=86=E5=A4=9A=E9=80=9D=E8=97=90=E9=81=93=E6=A2=B5=E6=A5=9E=E6=A2=B5=E5=8D=97=E4=BE=84=E8=BF=A6=E5=91=90=E7=9F=A5=E6=9C=8B=E6=A5=9E=E4=BE=84=E9=9B=A2=E5=91=90=E6=B2=99=E5=91=90=E6=99=BA=E9=81=AE=E5=A4=A7=E5=AE=A4=E7=A5=9E=E5=86=A5=E8=BC=B8=E6=AE=BF=E7=BC=BD=E6=A7=83=E6=A2=B5=E6=80=9B=E6=81=90=E8=88=8D=E7=9F=A5=E7=9A=A4=E8=BF=A6=E5=A5=A2=E8=88=AC=E8=AB=B3=E7=88=8D=E5=AF=AB=E6=BC=AB=E4=BC=8A=E4=BF=B1=E6=A0=97=E5=93=86=E4=BB=96=E4=BA=A6=E7=BC=BD=E6=A5=9E=E6=80=9B=E5=86=A5=E5=91=BC=E5=88=87=E4=BF=B1=E8=8F=A9=E8=88=8D=E5=91=90=E5=AF=A6=E6=A0=97=E5=A5=A2=E6=B3=A2=E6=91=A9=E8=AB=B3=E9=81=93=E7=BC=BD=E7=91=9F=E5=93=86=E5=AF=A6=E7=9A=A4=E7=88=8D=E5=8B=9D=E8=96=A9=E7=BD=B0=E8=AB=B8=E5=A5=A2=E8=88=AC=E8=AB=A6=E7=BD=B0=E6=98=8E=E7=BC=BD=E8=AB=A6=E5=B0=BC=E5=93=86=E6=A5=9E=E4=BD=9B=E4=BF=B1=E9=86=AF=E8=AB=B3=E6=BB=85=E5=BA=A6=E5=93=86=E6=89=80=E6=A7=83=E5=A7=AA=E9=BA=BC=E6=89=80=E6=81=90=E8=AB=B3=E4=BB=96=E4=BE=84=E5=AF=AB=E7=91=9F=E4=BE=84=E6=89=80=E5=BE=97=E9=9A=B8=E5=93=86=E9=97=8D=E5=91=90=E6=8F=90=E7=9B=A7=E5=86=A5=E5=92=92=E5=A5=A2=E6=9B=B0=E5=91=90=E6=B2=99=E6=80=AF=E8=88=AC=E5=8D=97=E6=80=AF=E5=9C=B0=E7=BC=BD=E5=96=9D=E5=86=A5=E6=83=B3=E5=91=90=E7=9B=A7=E7=BD=B0=E8=AC=B9=E5=91=BC=E8=B7=8B=E7=BC=BD=E4=B8=8A=E5=A8=91=E8=AB=A6=E6=AD=BB=E4=BE=84=E8=BF=A6

解題過(guò)程

Quoted-Printable也是MIME郵件中常用的編碼方式之一。同Base64一樣,它也將輸入的字符串或數(shù)據(jù)編碼成全是ASCII碼的可打印字符串。
quopri
quopri.decodestring()解碼可得

佛曰:梵僧奢楞奢吉若奢不帝冥夜是缽朋缽真特俱上罰能皤室阿諳明一切吶除梵姪缽婆吶亦參侄呼皤世哆特哆故勝諳爍謹(jǐn)智皤參孕逝諳謹(jǐn)漫死即侄除哆逝侄是奢喝礙豆諳楞無(wú)俱者哆度者。諳真冥訶侄勝竟藝奢不伊皤謹(jǐn)涅孕無(wú)他羅大得闍哆喝耶僧無(wú)羯滅除利缽多梵夷梵栗缽者孕諳盧皤三罰寫(xiě)老梵耶室帝梵寫(xiě)羯數(shù)梵盡侄栗侄藐俱世諳上諳姪數(shù)室婆罰槃奢訶哆多逝藐道梵楞梵南侄迦吶知朋楞侄離吶沙吶智遮大室神冥輸?shù)罾彉勮筲蚩稚嶂壬莅阒O爍寫(xiě)漫伊俱栗哆他亦缽楞怛冥呼切俱菩舍吶實(shí)栗奢波摩諳道缽瑟哆實(shí)皤爍勝薩罰諸奢般諦罰明缽諦尼哆楞佛俱醯諳滅度哆所槃姪麼所恐諳他侄寫(xiě)瑟侄所得隸哆闍吶提盧冥咒奢曰吶沙怯般南怯地缽喝冥想?yún)缺R罰謹(jǐn)呼跋缽上娑諦死侄迦

參悟佛所言的真意
公正友善自由公正民主公正和諧法治自由公正公正法治友善平等公正愛(ài)國(guó)公正平等法治愛(ài)國(guó)公正敬業(yè)公正友善愛(ài)國(guó)平等誠(chéng)信平等法治敬業(yè)法治平等公正公正公正誠(chéng)信平等平等友善敬業(yè)法治民主法治富強(qiáng)法治友善法治
社會(huì)主義核心價(jià)值觀解碼得flag
jactf{hexin_yufo_qp}

小梳子

生成字典爆破

crunch 11 11 -t 138364%%%%% -o/root/桌面/test.txt
aircrack-ng -w /root/桌面/test.txt Tenda_D07D90-01.cap
Crypto 貝斯家族三英戰(zhàn)群魔

直接上腳本

$ python base.py ciphertext_ea88a4d420c804686a8899608e06130f.txt
1
using base16 decode sucess.....
2
using base16 decode failuer.....
using base32 decode sucess.....
3
using base16 decode failuer.....
using base32 decode failuer.....
using base64 decode sucess.....
4
using base16 decode sucess.....
5
using base16 decode failuer.....
using base32 decode sucess.....
6
using base16 decode failuer.....
using base32 decode failuer.....
using base64 decode sucess.....
7
using base16 decode sucess.....
8
using base16 decode failuer.....
using base32 decode sucess.....
9
using base16 decode failuer.....
using base32 decode failuer.....
using base64 decode sucess.....
10
using base16 decode sucess.....
11
using base16 decode failuer.....
using base32 decode sucess.....
12
using base16 decode failuer.....
using base32 decode failuer.....
using base64 decode sucess.....
13
using base16 decode failuer.....
using base32 decode failuer.....
using base64 decode failuer.....
jactf{4(b64_32_16)}
羅馬帝國(guó)的奠基者

根據(jù)凱撒加密方式和flag格式可得

a = "h^_o`[pZi^i`"
b = ""

for j in range(0,90):
  b= ""
  for i in range(len(a)):
    b += chr(ord(a[i])+i+2)
  print b
絕密情報(bào) 題目描述
WzI2NDAzMjMxMEwsIDQ5NTA2MzczNDFMLCA0MTg5MTM3MjM1TCwgMzUwMzY3NTkwNkwsIDExOTMyNzJMLCAzNzQ1MzA5NjhMLCA1MTg5MjgxNTMxTCwgMjUxNDIwMDI3MkwsIDQ0NTQzMDU1ODFMLCA2NDEwNzg1OTdMLCA0Mzk1OTMxNjU5TCwgMjcxNjQyNjU5OUwsIDQzNzUzOTE5NEwsIDM0NDgwMTM1OTZMLCAzMDcyMDcyMDlMLCA0NzUwODIwNjA2TCwgMzI1MDQwNzk5M0wsIDg1MzkwNTIwOUwsIDIxMDk3OTExNTlMLCAyNzE2NDI2NTk5TCwgMjEwNzg5OTU1NEwsIDQzOTU5MzE2NTlMLCAyNzk0Mzg0NTk4TCwgMjEwOTc5MTE1OUwsIDUyOTc3NzkwOTRMLCAxNDYwODc0Mjg2TCwgMTQ2MDg3NDI4NkwsIDc5NDkzMTY3OUwsIDc5NDkzMTY3OUwsIDU0NDcwNTE2MjJMLCA4NTM5MDUyMDlMLCAzMTk4MzQwMjE4TCwgMTE5MzI3MkwsIDE5MTIzMjMxMDFMLCA1Mjk3Nzc5MDk0TCwgMzA3MjA3MjA5TCwgMzIzMTU3MjYwOEwsIDMxOTgzNDAyMThMLCA1MTg5MjgxNTMxTCwgNTI3ODg5NTQ4TCwgNDk1MDYzNzM0MUwsIDI4MzkzNjY4MDVMLCAxMTE2NDU3MzU0TCwgNTI3ODg5NTQ4TCwgNTI5Nzc3OTA5NEwsIDMyNTA0MDc5OTNMLCA0NDU0MzA1NTgxTCwgNjUxMDM5MkwsIDMyNTA0MDc5OTNMLCAxNDYwODc0Mjg2TCwgMTA1OTAzNTEyOUwsIDMyMDAzNTk2MTJMLCA4NTM5MDUyMDlMLCAzMDcyMDcyMDlMLCAxNTY3NzkxMDFMLCAyMTQ1MzAxMzI4TCwgNTI3ODg5NTQ4TCwgMTA1OTAzNTEyOUwsIDU0NjgwMjUwNzJMLCAzNDQ4MDEzNTk2TCwgMjEwNzg5OTU1NEwsIDQxODkxMzcyMzVMLCAzNTAzNjc1OTA2TCwgMjY1MzQzNjExM0xd
而且小菜昨天偷聽(tīng)到了一部分關(guān)于情報(bào)的絕密資料,如下:N=5520780427 , e = 134257,你能幫小菜解出這段情報(bào)嗎?
解題過(guò)程
import base64,libnum

enc = "WzI2NDAzMjMxMEwsIDQ5NTA2MzczNDFMLCA0MTg5MTM3MjM1TCwgMzUwMzY3NTkwNkwsIDExOTMyNzJMLCAzNzQ1MzA5NjhMLCA1MTg5MjgxNTMxTCwgMjUxNDIwMDI3MkwsIDQ0NTQzMDU1ODFMLCA2NDEwNzg1OTdMLCA0Mzk1OTMxNjU5TCwgMjcxNjQyNjU5OUwsIDQzNzUzOTE5NEwsIDM0NDgwMTM1OTZMLCAzMDcyMDcyMDlMLCA0NzUwODIwNjA2TCwgMzI1MDQwNzk5M0wsIDg1MzkwNTIwOUwsIDIxMDk3OTExNTlMLCAyNzE2NDI2NTk5TCwgMjEwNzg5OTU1NEwsIDQzOTU5MzE2NTlMLCAyNzk0Mzg0NTk4TCwgMjEwOTc5MTE1OUwsIDUyOTc3NzkwOTRMLCAxNDYwODc0Mjg2TCwgMTQ2MDg3NDI4NkwsIDc5NDkzMTY3OUwsIDc5NDkzMTY3OUwsIDU0NDcwNTE2MjJMLCA4NTM5MDUyMDlMLCAzMTk4MzQwMjE4TCwgMTE5MzI3MkwsIDE5MTIzMjMxMDFMLCA1Mjk3Nzc5MDk0TCwgMzA3MjA3MjA5TCwgMzIzMTU3MjYwOEwsIDMxOTgzNDAyMThMLCA1MTg5MjgxNTMxTCwgNTI3ODg5NTQ4TCwgNDk1MDYzNzM0MUwsIDI4MzkzNjY4MDVMLCAxMTE2NDU3MzU0TCwgNTI3ODg5NTQ4TCwgNTI5Nzc3OTA5NEwsIDMyNTA0MDc5OTNMLCA0NDU0MzA1NTgxTCwgNjUxMDM5MkwsIDMyNTA0MDc5OTNMLCAxNDYwODc0Mjg2TCwgMTA1OTAzNTEyOUwsIDMyMDAzNTk2MTJMLCA4NTM5MDUyMDlMLCAzMDcyMDcyMDlMLCAxNTY3NzkxMDFMLCAyMTQ1MzAxMzI4TCwgNTI3ODg5NTQ4TCwgMTA1OTAzNTEyOUwsIDU0NjgwMjUwNzJMLCAzNDQ4MDEzNTk2TCwgMjEwNzg5OTU1NEwsIDQxODkxMzcyMzVMLCAzNTAzNjc1OTA2TCwgMjY1MzQzNjExM0xd"

enc = base64.b64decode(enc)
enc_list = eval(enc)
flag = ""
print enc_list
d = 3960784897
n = 5520780427
for i in range(len(enc_list)):
    m = pow(enc_list[i],d,n)
    flag += chr(m)
print flag
#U2FsdGVkX1/8DKBmhvO87/SOLaawwxvAdHLB9AV62nC6LhXzhatpvBcg6tlK7Fs5

des 解密下即可
jactf{So_easy_RSA_and_DES}

貝葉斯 題目

一共給了兩個(gè)文件
encode.txt

int main()
{
    string P("*****************");
    string C("*****************");
    int len = C.length();
    for (int k = 0; k < len; k ++) {
        int where = des_find(P, C[k]);
        where = ((where * a) + b) mod x;
        cout << P[where];
    }
    return 0;
}

int des_find(string p, int m)
{
    for (int i = 0; i < p.length(); i++) {
        if (m == p[i]) {
            return  i;
        }
    }
}

題目.txt

現(xiàn)已知某間諜使用的密碼本(這可是貝葉斯設(shè)計(jì)的密碼本)如下:"elFXRVJUWVVJT1B4Y3Zibm1hc2RmQVNERkdISktMZ2hqa2xfcXdaWENWQk5NZXJ0e3l1aW9wfTAxMjM0OTg3NjU="
現(xiàn)獲取到了他們的加密算法,同時(shí)劫獲了一段數(shù)據(jù)密文:"gf9C{YQ34KHN3sOwhCz3RzH3CKj3Ndpm1Bt7"
你能破譯出明文數(shù)據(jù)嗎?
解題過(guò)程
#include 
#include 
#define PSIZE 65   //宏定義密碼表大小
using namespace std;
int gcd(int m, int n);
int init_gcd(int m, int n);
int des_find(string p, int m);

int main()
{
  string P("zQWERTYUIOPxcvbnmasdfASDFGHJKLghjkl_qwZXCVBNMert{yuiop}0123498765");             
  string M("gf9C{YQ34KHN3sOwhCz3RzH3CKj3Ndpm1Bt7");   //明文空間,與已知密文
  string C;  //存放解密明文
  int i = 2;   //求解所有互素的數(shù)
  int a1;  //存放逆元
  for (i; i < PSIZE; i++)
  {
    if (gcd(i, PSIZE) == 1)
    {  //說(shuō)明此時(shí)的i與28互素
      /***求解此時(shí)的i的逆元***/
      a1 = init_gcd(i, PSIZE);
      for (int j = 0; j < PSIZE; j++)   //控制b的遍歷
      {
        cout << "此時(shí):a=" << i << " b=" << j << " a的逆元為:" << a1 << "   "";
        for (int k = 0; k < M.length(); k++) {     //每一個(gè)漢字站兩個(gè)字節(jié),所以要用兩個(gè)數(shù)組空間來(lái)存
          int where = des_find(P, M[k]);   //匹配密文在明文空間的位置
          where = ((where - j)*a1) % PSIZE;
          if (where < 0) {
            where += PSIZE;
          }
          cout << P[where];
        }
        cout << """ << endl;
      }
    }
  }
  return 0;
}
int gcd(int b, int a)    //求互素
{
  int temp;
  if (a < b)//判斷大小
  {
    temp = a;
    a = b;
    b = temp;
  }
  if (b == 0) return a;
  else return gcd(b, a%b);//遞歸
}

int init_gcd(int m, int n)   //擴(kuò)展歐幾里得算法
{
  int i = 2;
  for (i; i < 28; i++)
  {
    if ((m*i) % n == 1)
    {
      return i;
    }
  }
}

int des_find(string p, int m)   //位置匹配函數(shù)
{
  for (int i = 0; i < p.length(); i ++) {
    //cout<

接下來(lái)的計(jì)劃
總結(jié)下base家族
wasm
貝葉斯
關(guān)于字符向進(jìn)制轉(zhuǎn)化的算法與逆向
pyc 文件格式
des加密ebc cbc

文章版權(quán)歸作者所有,未經(jīng)允許請(qǐng)勿轉(zhuǎn)載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除。

轉(zhuǎn)載請(qǐng)注明本文地址:http://specialneedsforspecialkids.com/yun/43561.html

相關(guān)文章

  • 2019安杯write up

    摘要:前言肝了一天,最后打了第三,記錄下。同一樣,它也將輸入的字符串或數(shù)據(jù)編碼成全是碼的可打印字符串。 前言 肝了一天,最后打了第三,記錄下。我逆向真的好菜啊~~~~ Reverse baby_reverse 加密函數(shù)如下 int __fastcall encode(const char *a1, __int64 a2) { char v3[32]; // [rsp+10h] [rbp-...

    eternalshallow 評(píng)論0 收藏0
  • 2019 PlaidCTF write up

    摘要:題目先屯一份打完取證回來(lái)慢慢的復(fù)現(xiàn) 題目先屯一份打完取證回來(lái)慢慢的復(fù)現(xiàn)~~ Reverse i can count - 50pts Lets do this together. You do know how to count, dont you? The .Wat ness - 250pts The .Wat ness is open for testing! http://wat...

    zone 評(píng)論0 收藏0

發(fā)表評(píng)論

0條評(píng)論

最新活動(dòng)
閱讀需要支付1元查看
<