buuctf babyaes

from Crypto.Cipher import AES
import os
from flag import flag
from Crypto.Util.number import *


def pad(data):
    return data + b"".join([b'\x00' for _ in range(0, 16 - len(data))])


def main():
    flag_ = pad(flag)
    key = os.urandom(16) * 2
    iv = os.urandom(16)
    print(bytes_to_long(key) ^ bytes_to_long(iv) ^ 1)
    aes = AES.new(key, AES.MODE_CBC, iv)
    enc_flag = aes.encrypt(flag_)
    print(enc_flag)


if __name__ == "__main__":
    main()
# 3657491768215750635844958060963805125333761387746954618540958489914964573229
# b'>]\xc1\xe5\x82/\x02\x7ft\xf1B\x8d\n\xc1\x95i'

AES加密算法全称是Advanced Encryption Standard（高级加密标准），是最为常见的对称加密算法之一。

根据源码：

1. key=os.urandom(2)*16

2. iv=os.urandom(16) 

可知key是256bits，iv是128bits。所以异或的结果高16为bytes、128位bits不变，key又是两个bytes重复16次所以，它的高128位bits和低128位bits是一样的

然后再把key异或x就得到了iv

解题一：

from Crypto.Util.number import *
from Crypto.Cipher import AES
import os

enc_flag = b'>]\xc1\xe5\x82/\x02\x7ft\xf1B\x8d\n\xc1\x95i'
out = 3657491768215750635844958060963805125333761387746954618540958489914964573229
out = long_to_bytes(out)
key = out[:16 ] *2
# print(key)
iv = (bytes_to_long(out[16:]) ) ^(bytes_to_long(key[16:]))
iv = long_to_bytes(iv)
# print(iv)
aes =AES.new(key ,AES.MODE_CBC ,iv)
flag = aes.decrypt(enc_flag)
print(flag)

解题二：

from Crypto.Cipher import AES
from Crypto.Util.number import*

x=3657491768215750635844958060963805125333761387746954618540958489914964573229
c=b'>]\xc1\xe5\x82/\x02\x7ft\xf1B\x8d\n\xc1\x95i'
x=long_to_bytes(x)
key=x[:16]*2
iv=bytes_to_long(x)^bytes_to_long(key)
iv=long_to_bytes(iv)
aes=AES.new(key,AES.MODE_CBC,iv)#iv,key的类型为bytes
flag=aes.decrypt(c)
print(flag)