CTF-BUUCTF-CRPTO-[WUSTCTF2020]B@se

1题目

密文：MyLkTaP3FaA7KOWjTmKkVjWjVzKjdeNvTnAjoH9iZOIvTeHbvD==
JASGBWcQPRXEFLbCDIlmnHUVKTYZdMovwipatNOefghq56rs****kxyz012789+/

oh holy shit, something is missing...

2，两个==号和标题暴露了真实面面，base64的变种，自定义加密字符，爆破缺少的字符。

从网上找了个base64解密的脚本，修改一下进行爆破：

#!/usr/bin/env python
# -*- coding:utf-8 -*-
''''
密文：MyLkTaP3FaA7KOWjTmKkVjWjVzKjdeNvTnAjoH9iZOIvTeHbvD==
JASGBWcQPRXEFLbCDIlmnHUVKTYZdMovwipatNOefghq56rs****kxyz012789+/

oh holy shit, something is missing...
'''

import  itertools
def My_base64_decode(inputs,s):
    
    bin_str = []
    for i in inputs:
        if i != '=':
            x = str ( bin ( s.index ( i ) ) ).replace ( '0b', '' )
            bin_str.append ( '{:0>6}'.format ( x ) )

    outputs = ""
    nums = inputs.count ( '=' )
    while bin_str:
        temp_list = bin_str[:4]
        temp_str = "".join ( temp_list )
        # print(temp_str)

        if (len ( temp_str ) % 8 != 0):
            temp_str = temp_str[0:-1 * nums * 2]

        for i in range ( 0, int ( len ( temp_str ) / 8 ) ):
            outputs += chr ( int ( temp_str[i * 8:(i + 1) * 8], 2 ) )
        bin_str = bin_str[4:]

    return outputs

cipher='MyLkTaP3FaA7KOWjTmKkVjWjVzKjdeNvTnAjoH9iZOIvTeHbvD=='
s1 ='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
s='JASGBWcQPRXEFLbCDIlmnHUVKTYZdMovwipatNOefghq56rs****kxyz012789+/'

#查找缺少字符
missstr=''
for i  in s1:
    if i not in s:
        missstr+=i
#print(missstr)
# ju34

#列出缺少字符可能的排列组合
missstrs=[]
for i in itertools.permutations(missstr, 4):
    missstrs.append(''.join(i))
print(missstrs)
#列出可能的flag
for i in  missstrs:
    s='JASGBWcQPRXEFLbCDIlmnHUVKTYZdMovwipatNOefghq56rs'+i+'kxyz012789+/'
    flag=My_base64_decode(cipher,s)
    print(flag)

3从 列出的结果中找到flag