这题看起来特别的麻烦,我们先来一步步分析。题目用同一个加密脚本加密了两份文件,一份是plain加密得到的cipher,另一个是flag加密得到的flagencode,再看看加密的方式,前一部分是通过lfsr的密钥key与plain前一部分按位异或得到的,后一部分是通过,lfsr生成的密钥流与plain的后一部分按位异或得到的,感觉就是特别的繁琐了。于是,我们的思路是先通过cipher与plain按位异或得到key值先,然后我们可以知道LFSR中的key与mask位数是相同的,看了一下mask的位数是二进制64位,那么key的位数就是16进制16位,也就是8位ASCII字符,于是我们设置异或的长度为8个字符,当然也可以设置更多
cipher="72472201E3C0AC877A27C18729749FDA185C1DF902500AEB425C5B6A53574B4A00508546094A90A2F1547780FD401E8C2983A70F22931F0BCC0EBE6EC83B1284BF2023AEBE59B1CBD2D9C395E9C76D42DF65C470C23C92E65F66504F3025B5F660E772096A172CDD"
c=cipher.decode('hex')
#print c
plain="sdgfjkahblskdjxbvfskljdfbguisldfbvghkljsdfbghsjkldhbgjklsdbgvlkjsdgbkljb sdkljfhwelo;sdfghioeurthgbnjl k"
a=""
for i in range(0, 8):
a+=chr(ord(c[i])^ord(plain[i]))
print a
通过这样即可得到密钥key,也可以带入原脚本验证
cipher="72472201E3C0AC877A27C18729749FDA185C1DF902500AEB425C5B6A53574B4A00508546094A90A2F1547780FD401E8C2983A70F22931F0BCC0EBE6EC83B1284BF2023AEBE59B1CBD2D9C395E9C76D42DF65C470C23C92E65F66504F3025B5F660E772096A172CDD"
c=cipher.decode('hex')
#print c
plain="sdgfjkahblskdjxbvfskljdfbguisldfbvghkljsdfbghsjkldhbgjklsdbgvlkjsdgbkljb sdkljfhwelo;sdfghioeurthgbnjl k"
a=""
for i in range(0, 8):
a+=chr(ord(c[i])^ord(plain[i]))
print a
可以发现与给的cipher的后一部分相同,可以认为得到的key是正确的,于是我们可以生成lfsr产生的密钥流,生成位数设置位flagencode的位数
R = bytes_to_long(a)
tmptext=""
#for i in range(len(a), len(plain)):
for i in range(len(a), 1213):
tmp=0
for j in range(8):
(R,out)=lfsr(R,mask)
tmp=(tmp << 1)^out
tmptext+=chr(tmp)
print 2,tmptext
这里要注意,一定要初始话R的值
于是我们可以开始求解flag,先将前一部分与key按位异或
flagencode
flagencode2=flagencode1.decode('hex')
print len(flagencode2)
#print flagencode2
flag=""
for i in range(0, 8):
flag+=chr(ord(a[i])^ord(flagencode2[i]))
print flag
#In compu
后半部分通过将flagencrypt与密钥流按位异或即可,整题脚本给出
import os,random,sys,string
from hashlib import sha256
import gmpy2
from Crypto.Util.number import *
import base64
mask = 0b1101100000000000000000000000000000000000000000000000000000000000
cipher="72472201E3C0AC877A27C18729749FDA185C1DF902500AEB425C5B6A53574B4A00508546094A90A2F1547780FD401E8C2983A70F22931F0BCC0EBE6EC83B1284BF2023AEBE59B1CBD2D9C395E9C76D42DF65C470C23C92E65F66504F3025B5F660E772096A172CDD"
c=cipher.decode('hex')
#print c
plain="sdgfjkahblskdjxbvfskljdfbguisldfbvghkljsdfbghsjkldhbgjklsdbgvlkjsdgbkljb sdkljfhwelo;sdfghioeurthgbnjl k"
a=""
for i in range(0, 8):
a+=chr(ord(c[i])^ord(plain[i]))
print a
def lfsr(R, mask):
output = (R << 1) & 0xffffffffffffffff
i=(R&mask)&0xffffffffffffffff
lastbit=0
while i!=0:
lastbit^=(i&1)
i=i>>1
output^=lastbit
return (output,lastbit)
R = bytes_to_long(a)
t=""
for i in range(len(a), len(plain)):
tmp=0
for j in range(8):
(R,out)=lfsr(R,mask)
tmp=(tmp << 1)^out
t+=long_to_bytes((tmp^ord(plain[i])))
print 1,t
R = bytes_to_long(a)
tmptext=""
#for i in range(len(a), len(plain)):
for i in range(len(a), 1213):
tmp=0
for j in range(8):
(R,out)=lfsr(R,mask)
tmp=(tmp << 1)^out
tmptext+=chr(tmp)
print 2,tmptext
flagencode
flagencode2=flagencode1.decode('hex')
print len(flagencode2)
#print flagencode2
flag=""
for i in range(0, 8):
flag+=chr(ord(a[i])^ord(flagencode2[i]))
print flag
#In compu
for i in range(len(a), 1213):
flag+=long_to_bytes(ord(tmptext[i-len(a)])^ord(flagencode2[i]))
print 3,flag
#3 In computing, a linear-feedback shift register (LFSR) is a shift register whose input bit is a linear function of its previous state.
#The most commonly used linear function of single bits is exclusive-or (XOR). Thus, an LFSR is most often a shift register whose input bit is driven by the XOR of some bits of the overall shift register value.
#The initial value of the LFSR is called the seed, and because the operation of the register is deterministic, the stream of values produced by the register is completely determined by its current (or previous) state. Likewise, because the register has a finite number of possible states, it must eventually enter a repeating cycle. However, an LFSR with a well-chosen feedback function can produce a sequence of bits that appears random and has a very long cycle.
#Applications of LFSRs include generating pseudo-random numbers, pseudo-noise sequences, fast digital counters, and whitening sequences. Both hardware and software implementations of LFSRs are common.
#The mathematics of a cyclic redundancy check, used to provide a quick check against transmission errors, are closely related to those of an LFSR.
#Congratulations! flag is afctf{read_is_hard_but_worthy}