网鼎杯-朱雀组-Misc-小明的bb86

0x00 题目源码

#!/usr/bin/python3
import sys
from random import *
#from secret import flag

flag = "a1234567890123456789"

HACK=False
NUMS=20
rd2=lambda:randint(0,1)
getBase=lambda lens=NUMS:[rd2() for i in range(lens)]
getBins=lambda strings:[list(map(int,list(bin(ord(i))[2:].rjust(8,'0')))) for i in strings]

def inits():
    while True:
        a_base,b_base=getBase(),getBase()
        check=[1 if a_base[i] == b_base[i] else 0 for i in range(NUMS)]
        if sum(check) > 8:
            break
    print('check ',check)
    return a_base,b_base,check

def hack(hack_base,a_base,data):
    res=[]
    assert len(hack_base) == len(a_base) == len(data)
    for i in range(len(a_base)):
        if hack_base[i] != a_base[i]:
            data[i]=rd2()
    return data

def qb(x,y):
    assert len(x)==len(y)
    tmp=[['0','1'],['o','l']]
    return [tmp[x[i]][y[i]] for i in range(len(x))]

def comm(a_base,b_base,check,hack_base=None):
    bf,index=getBins(flag),0
    for i in bf:
        x=0
        m=[]
        for j in check:
            if j and x<8:
                m.append(i[x])
                x+=1
            else:
                m.append(rd2())
        enc=qb(a_base,m)
        print("len of m:", len(m))
        if HACK:
            hack_m=hack(hack_base,a_base,m)
            hack_enc=qb(hack_base,hack_m)
            print ('hack->',''.join(hack_enc))
        x=0
        c=''
        for j in range(NUMS):
            if check[j] and x<8:
                c+=str(m[j])
                x+=1
        if chr(int(c,2)) == flag[index]:
            print("Received the %d char successfully."%index)
            index+=1
        else:
            print("Received the %d char error, maybe have hack"%index)
            break

if __name__ == '__main__':
    #print(getBins(flag))
    a_base,b_base,check=inits()
    try:
        print('Do you want to monitor communication? (y/n)',end=' ')
        if input()[0] == 'y':
            sys.stdout.flush()
            hack_base=list(map(int,input("Please input your base(use ',' to split): ").split(',')))
            assert len(hack_base)==NUMS
            for i in hack_base:
                assert i in [0,1]
            HACK=True
        else:
            hack_base=None
            print("Good boy~")
    except:
        print("Oh~~ bad boooooooooy")
        sys.exit(0)
    print('hackse',hack_base)
    comm(a_base,b_base,check,hack_base)

0x01 源码分析

1. 小函数
   rd2：生成随机的0或者1
   getBase：生成长度为NUMS的01字符串
   getBins：将字符串中的每个字符，编码为8个比特的01串（ascii码值的二进制表示）
2. def inits()函数
   随机生成01序列的a_base[20]和b_base[20]
   check=[1 if a_base[i] == b_base[i] else 0 for i in range(NUMS)]
   上一行可以优化为check[i]=a_base[i] ^ b_base[i] ^ 1
   其中check中1的位数大于等于8
3. def hack(hack_base,a_base,data)函数
   hack_base[i] == a_base[i]时，data[i]不变，否则data[i]变成随机的01
4. def qb(x,y)函数
   就是一个编码函数，通过输出的01ol可以确定出来x[i]和y[i]的值
5. def comm(a_base,b_base,check,hack_base=None)
   编码函数，将flag的每个字符ch散列到长度为NUMS的01串中，相应于check中前8个1的位置放置ch[i]，其他位置为rand 0 1，生成m。其中，check的前8个1的位置为有效位。
   例如，当chek=[0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1]
   那么第2,5,9,10,11,13,14,16位为有效位。
   在HACK模式下：
   hack_m=hack(hack_base,a_base,m) //在有效位，如果hack_base[i] != a_base[i]，m会被修改，导致解密失败
   hack_enc=qb(hack_base,hack_m)//只是为了输出，通过输出的01ol来反推hack_base和hack_m
   print ('hack->',''.join(hack_enc))

0x02 结论

针对每一个有效位，如果hack_base与a_base的值相同，那么m就不会被修改，即可解密成功，根据输出即可解密flag的ch[i]。有效位为8位，因此，碰撞空间为2**8=256
a_base随机生成，本来考虑当a_base确定后，去穷举hack_base。但是，一旦a_base确定后，只能试一次，程序即运行结束，无法穷举hack_base。
那就固定hack_base，穷举a_base，也即通过多次调用nc xxxx xx，经过O(256)量级的穷举，总有一次会使得hack_base==a_base的有效位，输出hack_enc即可解密。
为了方便解密，令hack_base=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
穷举a_base的脚本（半手工，因为pwn需要手动停），本人运行了几十次，成功获取了flag

from pwn import *
#sh = process('./pwn')
sh=remote("47.94.21.141","21325")
payload = "0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0"
print sh.readline()
sh.recvuntil(") ")
sh.sendline("y")
sh.sendline(payload)
sh.interactive()
exit(0)

优化后的批量脚本：

from pwn import *

payload = "0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0"

for i in range(0, 256):
    print "trying[", i , "]"
    #sh = process('./haha.py')
    sh=remote("xxxx","4444")

    print sh.readline()
    sh.recvuntil(") ")
    sh.sendline("y")

    sh.sendline(payload)
    #sh.interactive()
    res = sh.recvall()
    print res
    if("Received the 19 char successful" in res):
        print res
        break

    sh.close()

当碰撞成功后，获得了42个01字符串，解密脚本如下：

check = [1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0]

ss = ["00001110001100000110",
"01101010011010001010",
"01011011000001111110",
"01111011001101111100",
"01111011110100111010",
"01101010001011010101",
"01111011000000101100",
"00110111100011100100",
"01101011000010110011",
"00111111001010010110",
"01000010101010111111",
"00100110100100000011",
"00000111100100111000",
"01110110011010101110",
"01010111100011001000",
"01010011101011100101",
"01111010001110010111",
"00010111110010011000",
"00000011011000101110",
"01010010101011000001",
"01010111101001000111",
"00000011101101010000",
"01101110001110001110",
"00000110011010100101",
"00011011000010110000",
"01110010110010101011",
"01001010001100011010",
"01011110000010100101",
"00110010011000111001",
"00101110001010101011",
"01011011000010110000",
"01000110110010100000",
"01010010100101000001",
"00110110101000100001",
"01000010100110000001",
"01010110110000010011",
"01011110001011000100",
"01100011100001001100",
"00100011101101001011",
"01000111100000001001",
"01110011110010001111",
"01101111111000100111"]


NUMS = 20
res = ""
print len(ss)
for item in ss:
    x = 0
    c = ''
    for j in range(NUMS):
        if check[j] and x < 8:
            c += str(item[j])
            x += 1
    res += chr(int(c, 2))
    print res

获得flag

flag{da1ad523-05f8-446f-a9fa-ea92528d0608}