i-soonctf2019 | Stay foolish,stay hungry!

[TOC]

Re

crackme

SM4算法，密钥为where_are_u_now?,密文经过魔改base64编码后进行对比验证。

求SM4密文脚本

b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
table ='yzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/abcdefghijklmnopqrstuvwx'
def tb64encode(s):
	tmp = b64encode(s)

	ans = ''

	for i in tmp:
		ans += table[b64.index(i)]
	print ans
	return ans

def tb64decode(s):
	ans = ''
	for i in s:
		#print i
		ans += b64[table.index(i)]
	print ans
	return base64.b64decode(ans+'==')
print tb64decode('U1ATIOpkOyWSvGm/YOYFR4').encode('hex')

然后SM4解密得flag

flag:SM4foRExcepioN?!

Easy_Encryption

v3=[0x20,0x1F,0x1E,0x1D,0x1C,0x1B,0x1A,0x19,0x18,0x17,0x16,0x15,0x14,0x13,0x12,0x11,

0x10,0x0F,0x0E,0x0D,0x0C,0x0B,0x0A,0x09,0x08,0x07,0x00,0x01,0x02,0x03,0x04,0x05,

0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,0x13,0x14,0x15,

0x16,0x17,0x18,0x19,0x31,0x30,0x2F,0x2E,0x2D,0x2C,0x2B,0x2A,0x29,0x28,0x36,0x32]

j=0

a2=''

for i in 'artqkoehqpkbihv':

	tmp=ord(i)-97

	guess1=tmp+97-v3[j]

	print chr(guess1)

	if(97<=guess1 and guess1 <=122):

		a2+=chr(guess1)

		j=j+1

		continue

	if(97<=guess1+26 and guess1+26 <=122):

		a2+=chr(guess1+26)

		j=j+1

		continue

	if(97<=guess1+226 and guess1+226 <=122):

		a2+=chr(guess1+2*26)

		j=j+1

		continue

	if(97<=guess1+326 and guess1+326 <=122):

		a2+=chr(guess1+3*26)

		j=j+1

		continue

print a2

flag:umpnineissogood

game

flag='4693641762894685722843556137219876255986'
#print len(flag)
flag1=[]

for i in range(len(flag)):
	tmp=ord(flag[i])+20
	flag1.append(tmp&0xf3 | (0xffffffff^tmp)&0xc)
#for i in flag1:
	#print chr(i)
for i in range(0,len(flag),2):
	tmp=flag1[i]
	flag1[i]=flag1[i+1]
	flag1[i+1]=tmp
for i in range(len(flag)/2):
	tmp=flag1[i+20]
	flag1[i+20]=flag1[i]
	flag1[i]=tmp
flag2=''
for i in flag1:
	flag2+=chr(i)
print flag2
'KDEEIFGKIJ@AFGEJAEF@FDKADFGIJFA@FDE@JG@J'

flag:KDEEIFGKIJ@AFGEJAEF@FDKADFGIJFA@FDE@JG@J