[SUCTF2019]MT 2021/9/23

复现了几道题,发现不怎么会,差不多忘光了。唉!

找到能稍微动的了手的题目好像都是异或,移位的,但过程又非常复杂。

东看西看,看了一篇文章(虽然看的不是很懂):
梅森旋转算法—MT

[SUCTF2019]MT

题目:

from Crypto.Random import random
from Crypto.Util import number
from flag import flag

def convert(m):
    m = m ^ m >> 13
    m = m ^ m << 9 & 2029229568
    m = m ^ m << 17 & 2245263360
    m = m ^ m >> 19
    return m

def transform(message):
    assert len(message) % 4 == 0
    new_message = ''
    for i in range(len(message) / 4):
        block = message[i * 4 : i * 4 +4]
        block = number.bytes_to_long(block)
        block = convert(block)
        block = number.long_to_bytes(block, 4)#产生4bytes字节串
        new_message += block
    return new_message

transformed_flag = transform(flag[5:-1].decode('hex')).encode('hex')
print 'transformed_flag:', transformed_flag
# transformed_flag: 641460a9e3953b1aaa21f3a2

思路:
利用移位并与自身异或这一运算的特点,可以依次推出原数的二进制数。不过要注意的是m = m ^ m << 9 & 2029229568相当于m = m ^ ((m << 9) & 2029229568)。

代码:

from Crypto.Util.number import *

def decrypt(c):
    #4
    c = c[:19] + bin(eval('0b' + c[19:]) ^ eval('0b' + c[:13]))[2:].zfill(13)
    #3
    f = bin(2245263360)[2:].zfill(32)
    c1 = c[-17:]
    c2 =  bin(eval('0b' + c[:-17]) ^ (eval('0b' + c1[-15:]) & eval('0b' + f[:-17])))[2:].zfill(15)
    c = c2 + c1
    #2
    f = bin(2029229568)[2:].zfill(32)
    c1 = c[-9:]
    f = f[:-9]
    c2 = bin(eval('0b' + c[-18:-9]) ^ (eval('0b' + c1) & eval('0b' + f[-9:])))[2:].zfill(9)
    f = f[:-9]
    c3 = bin(eval('0b' + c[-27:-18]) ^ (eval('0b' + c2) & eval('0b' + f[-9:])))[2:].zfill(9)
    f = f[:-9]
    c4 = bin(eval('0b' + c[:5]) ^ (eval('0b' + c3[-5:]) & eval('0b' + f[-5:])))[2:].zfill(5)
    c = c4 + c3 + c2 + c1
    #1
    c_1 = c[:13]
    c_2 = bin(eval('0b' + c_1) ^ eval('0b' + c[13:26]))[2:].zfill(13)
    c_3 = bin(eval('0b' + c_2[:6]) ^ eval('0b' + c[-6:]))[2:].zfill(6)
    c = c_1 + c_2 + c_3
    return c

message = '641460a9e3953b1aaa21f3a2'

m = ''
for i in range(0,len(message),8):
    txt = bin(eval('0x' + message[i:i+8]))[2:].zfill(32)
    m += decrypt(txt)

m = hex(eval('0b'+m))[2:]
    
print(m)
#84b45f89af22ce7e67275bdc

看网上还有另一种方法,利用它的循环性:明文不断的加密,最终的还是明文这一特点进行解密。目前还没了解,等我搞懂了在贴上去。

你可能感兴趣的:(crypto,CTF)