i-soonctf2019

Author Avatar
Xzhah 11月 30, 2019
  • 在其它设备中阅读本文章

[TOC]

Re

crackme

SM4算法,密钥为where_are_u_now?,密文经过魔改base64编码后进行对比验证。

求SM4密文脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
table ='yzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/abcdefghijklmnopqrstuvwx'
def tb64encode(s):
tmp = b64encode(s)

ans = ''

for i in tmp:
ans += table[b64.index(i)]
print ans
return ans

def tb64decode(s):
ans = ''
for i in s:
#print i
ans += b64[table.index(i)]
print ans
return base64.b64decode(ans+'==')
print tb64decode('U1ATIOpkOyWSvGm/YOYFR4').encode('hex')

然后SM4解密得flag

1.png

flag:SM4foRExcepioN?!

Easy_Encryption

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
v3=[0x20,0x1F,0x1E,0x1D,0x1C,0x1B,0x1A,0x19,0x18,0x17,0x16,0x15,0x14,0x13,0x12,0x11,

0x10,0x0F,0x0E,0x0D,0x0C,0x0B,0x0A,0x09,0x08,0x07,0x00,0x01,0x02,0x03,0x04,0x05,

0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,0x13,0x14,0x15,

0x16,0x17,0x18,0x19,0x31,0x30,0x2F,0x2E,0x2D,0x2C,0x2B,0x2A,0x29,0x28,0x36,0x32]

j=0

a2=''

for i in 'artqkoehqpkbihv':

tmp=ord(i)-97

guess1=tmp+97-v3[j]

print chr(guess1)

if(97<=guess1 and guess1 <=122):

a2+=chr(guess1)

j=j+1

continue

if(97<=guess1+26 and guess1+26 <=122):

a2+=chr(guess1+26)

j=j+1

continue

if(97<=guess1+226 and guess1+226 <=122):

a2+=chr(guess1+2*26)

j=j+1

continue

if(97<=guess1+326 and guess1+326 <=122):

a2+=chr(guess1+3*26)

j=j+1

continue

print a2

flag:umpnineissogood

game

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
flag='4693641762894685722843556137219876255986'
#print len(flag)
flag1=[]

for i in range(len(flag)):
tmp=ord(flag[i])+20
flag1.append(tmp&0xf3 | (0xffffffff^tmp)&0xc)
#for i in flag1:
#print chr(i)
for i in range(0,len(flag),2):
tmp=flag1[i]
flag1[i]=flag1[i+1]
flag1[i+1]=tmp
for i in range(len(flag)/2):
tmp=flag1[i+20]
flag1[i+20]=flag1[i]
flag1[i]=tmp
flag2=''
for i in flag1:
flag2+=chr(i)
print flag2
'KDEEIFGKIJ@AFGEJAEF@FDKADFGIJFA@FDE@JG@J'

flag:KDEEIFGKIJ@AFGEJAEF@FDKADFGIJFA@FDE@JG@J