#https://qiita.com/takdcloose/items/fe9b9cac417676103b17 程式碼跑範例 import base64 from Crypto.Cipher import AES BUFF = 256 BLOCK_SIZE = 16 def to_blocks(txt): return [txt[i*BLOCK_SIZE:(i+1)*BLOCK_SIZE] for i in range(len(txt)//BLOCK_SIZE)] def xor(b1, b2=None): if isinstance(b1, list) and b2 is None: assert len(set([len(b) for b in b1])) == 1, 'xor() - Invalid input size' assert all([isinstance(b, bytes) for b in b1]), 'xor() - Invalid input type' x = [len(b) for b in b1][0]*b'\x00' for b in b1: x = xor(x, b) return x assert isinstance(b1, bytes) and isinstance(b2, bytes), 'xor() - Invalid input type' return bytes([a ^ b for a, b in zip(b1, b2)]) # firstly, i'll make an arbitrary key2 enc_m = 'qal7b3mi7fEvSccj+NcaYtqU4i4io4qT1g88K9wY2nQ=' enc_m = base64.b64decode(enc_m) iv= enc_m[:BLOCK_SIZE] ctxt = enc_m[BLOCK_SIZE:] key2 = xor(to_blocks(ctxt)) # Secondly, get iv2 enc_flag = '36X0Ug8ZEIvrRDeus6c3GBynEY7La36H0/A1Bqoy87go8FyYOeRQOuN7b0fXJXMYqWZ9lo9MWkS8EaN9/8Tl7A==' enc_flag = base64.b64decode(enc_flag) iv2= enc_flag[:BLOCK_SIZE] #ctxt = enc_flag[BLOCK_SIZE:] # Next, culculate newly iv2,key2 using ctxt, key2 and iv2 above #iv2 = AES.new(key2, AES.MODE_ECB).decrypt(iv2) key2 = xor(to_blocks(ctxt)) # Now we have iv2 and key2. let's decrypt the flag enc_flag = '36X0Ug8ZEIvrRDeus6c3GBynEY7La36H0/A1Bqoy87go8FyYOeRQOuN7b0fXJXMYqWZ9lo9MWkS8EaN9/8Tl7A==' enc_flag = base64.b64decode(enc_flag) ctxt = enc_flag[BLOCK_SIZE:] b1 = xor(AES.new(key2, AES.MODE_ECB).decrypt(ctxt[:BLOCK_SIZE]) , iv2) curr = xor(b1, ctxt[:BLOCK_SIZE]) b2 = xor(AES.new(key2, AES.MODE_ECB).decrypt(ctxt[BLOCK_SIZE:BLOCK_SIZE*2]) , curr) curr = xor(b2, ctxt[BLOCK_SIZE:BLOCK_SIZE*2]) b3 = xor(AES.new(key2, AES.MODE_ECB).decrypt(ctxt[BLOCK_SIZE*2:BLOCK_SIZE*3]) , curr) print(b1+b2+b3) |
#https://reveng-ctf.com/crypto/pwn2win-androids-encryption.html#step-by-step 程式碼跑範例 import base64 from Crypto.Cipher import AES BUFF = 256 BLOCK_SIZE = 16 def to_blocks(txt): return [txt[i*BLOCK_SIZE:(i+1)*BLOCK_SIZE] for i in range(len(txt)//BLOCK_SIZE)] def xor(b1, b2=None): if isinstance(b1, list) and b2 is None: assert len(set([len(b) for b in b1])) == 1, 'xor() - Invalid input size' assert all([isinstance(b, bytes) for b in b1]), 'xor() - Invalid input type' x = [len(b) for b in b1][0]*b'\x00' for b in b1: x = xor(x, b) return x assert isinstance(b1, bytes) and isinstance(b2, bytes), 'xor() - Invalid input type' return bytes([a ^ b for a, b in zip(b1, b2)]) def encrypt(txt, key, iv): global key2, iv2 assert len(key) == BLOCK_SIZE, f'Invalid key size' assert len(iv) == BLOCK_SIZE, 'Invalid IV size' assert len(txt) % BLOCK_SIZE == 0, 'Invalid plaintext size' bs = len(key) blocks = to_blocks(txt) ctxt = b'' aes = AES.new(key, AES.MODE_ECB) curr = iv for block in blocks: ctxt += aes.encrypt(xor(block, curr)) curr = xor(ctxt[-bs:], block) iv2 = AES.new(key2, AES.MODE_ECB).decrypt(iv2) key2 = xor(to_blocks(ctxt)) return str(base64.b64encode(iv+ctxt), encoding='utf8') response1 = 'qal7b3mi7fEvSccj+NcaYtqU4i4io4qT1g88K9wY2nQ=' iv_plus_ctext = base64.b64decode(response1) ctext = iv_plus_ctext[16:] # IV is 16 bytes long key2 = xor(to_blocks(ctext)) enc_flag = '36X0Ug8ZEIvrRDeus6c3GBynEY7La36H0/A1Bqoy87go8FyYOeRQOuN7b0fXJXMYqWZ9lo9MWkS8EaN9/8Tl7A==' enc_flag = base64.b64decode(enc_flag) iv2 = enc_flag[:16] c1 = enc_flag[16:32] c2 = enc_flag[32:48] c3 = enc_flag[48:64] aes = AES.new(key2, AES.MODE_ECB) p1 = xor(aes.decrypt(c1),iv2) p2 = xor(aes.decrypt(c2),xor(c1,p1)) p3 = xor(aes.decrypt(c3),xor(c2,p2)) print(p1+p2+p3) |
CTF (2)
└Misc (3)
└Crypto (6)
└Revers (0)
└Pwn (0)
└Web (1)
└picoCTF 2018 (48)
└AIS3 2020 pre-exam (2)
Telegraf/Prometheus/Grafana (1)
未分類 (3)colann 給 colann:
【繪圖創作】【科嵐實驗室】九週年! 2024/4/1 https://home.gamer.com.tw/creationDetail.php?sn=5909407看更多我要大聲說昨天23:46