题目 买不到TI4的门票觉得人生好灰暗。。ACTF2014crypto200.tar ————割———— 解压以后是一个加密脚本,注意key是未知的,所以先研究算法想办法推出加密的key。 已知明文msg01和密文msg01.enc。 研究算法发现对明文加密时只用到上一位的密文以及key[i%len(key)]即key中的一个字符,并且是按位加密。 于是可以从msg01第一位开始遍历0-9a-zA-Z,与msg01.enc匹配就可以得到key的第一位,然后以此类推就能推出全部的key 代码如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
g2 = open('msg01.enc.ord', 'rb')
key = ''
c = ''
str = ''
t = chr(0)
i = 0
find = 0
ckey = g2.read(1)
realkey=''
for p in f:
    for k1 in range(0, 256):
        k1 = chr(k1)
        find=0
        c = chr(( ord(p) + (ord(k1) ^ ord(t)) + i**i ) & 0xff)
        if c == ckey:
            print 'get %d is %c' % (i, k1)
            realkey += k1
            find = 1
            break
    if find ==0:
        print 'cant find NO.', i
        break
    t = p
    i += 1
    ckey = g2.read(1)
print repr(realkey)
g.close()
运行得到key ![](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAbEAAADlCAIAAABS2l6zAAAQ+0lEQVR4nO3dPbKjuhqFYcbFgJgGVTe5qRNGQU7cTILEQ3ByZ6Ab8PNJQgJJBnUbvU/tOtWHbWOM7bXF33L1v9V//vvihx9++Cn8p9Iz8c93FAD8ODIRAASZCADi6Zn4Huuqraru9f7bSwLgF5xkYrXaT78sE9+vuqoPMus9dlXbLj/dqN3w8+rW6f3ku3N8Jk7N9nDrTz1+wu8P4HcdZaIefNa/M2bi59X1g/x7i7/Pq9uiSp9+ualpuxeRCJQhdNvZCsHDTHy/6kojeTc028RmcN74aLyo1DxmnIeKn7Fut6xUauor/X+1O5jjxKmp2kp+zsePQ39f2gL451yfiUNjJd6Sc/p0Y2h4tu2sk4SyQvAz1s7RnJ6Jy7/bxpGdHr7ZAnio80yM259oBdz2v3bwDY07II+8x07LwanRd/NNfXWaiUO/DA/rMXDvIoNEoDRXjxPfr7rSxmFGJlrWHAzMxH3qfcZajr109fm28+dV6xvObVW57mI84uENADzOHZnoGyd6tlkDMtEcIXpu4BzQeY47D80Si7V3w1g/hgOgFCnHnY8ycb+r0LU/Uan3q97+x/zNztBbp+Ds+Dac1cG5OMvBFu/jMkgEipRyfqLvpMV1nnJ4uW6a2n3cubK3sL3HnfdnC67xN/XrFH94Ofcnrj/+IDZ3VgIoxs3XsRxsMgPAv+f6TIzYKgaAf8wtmRh+DjYA/FOe3gEBADHIRAAQZCIACDIRAMTTM5FOWQAx7jhnO9IlnbK+C12iM9E4r9x1eTaAJ4u+tu/ggr/ERTjLxKF3dsrqpTX3dMrGlJgBeIboDoiATMzSKaumpm2bLQbv6JQlE4HyJPbiHGTinZ2y2njQanu9o1OWTATKk9gp60xJpe7rlF13HW77DRMyMbZTlkwEyvM7nbLzbY3vY4nMxNhOWTIRKE9KJjoDMWCcmN4pK2S/Ydr+xEVApyyZCJTo8uPOl3fKTo12no3eLxt03Dm5U9Z+KgCKEH1+orUBvMtEdXWnrBr69przEyM6ZbfFIhOBstApCwCCTlkAEHTKAoB4egcEAMQgEwFAkIkAIMhEABBPz8SETllOSwQK9tOdskop/5XO653JRADhfrhTVn3GeslKfybesDwAHuz6/sRcnbKruHFiQKfsnIkvx7ICeLyf7ZSVacGZGNgpO6c01+IARUrslPXuT8zWKSu/Cc7EwE5Z31MAUICrx4nZOmU3EdvOYZ2yZCJQsDsyMU+n7CrpuPNRpyyZCBTshztlF4nn4vg7ZclEoGB3nJ+Yq1NWzsWZf86+eyCwU5ZMBApGpywACDplAUDQKQsA4ukdEAAQg0wEAEEmAoAgEwFAPD0T6U8EECPlnO3tV9dkYmqn7EnX7Hqj6EwEULDoa/vyZ6KnU/bz6jxdswCQKrED4vDavrydsofT0ztlGVcCRUrJxPnfvkzM3Sk7P2jvGScmdsqSiUChUjpljzIxf6fssmPRVQChruiUBVCS6HGiszTMzMS8nbJTf/QdVd93ygIoSUom6mLGidd3yh6NENdbfNspC6Aklx93ztcp6+iX3fu+UxZASRLPT/SOE5XK1Sk7NUahrOdbnr/vlAVQEjplAUDQKQsAgk5ZABBP74AAgBhkIgAIMhEABJkIAOLpmUh/IoAY0edsn1zbl4BOWQD/jOhr+/bXtNydiZ5OWe90AEiW3ovjz8RHdMq+HMsK4PG+6sVxZuLf6JT1jxMTO2W1p8C1OEBJojtlff/+83c6ZY+6ZpW6olOWSgigJInfx3KYiXk7ZQ+nX9ApSyYCJflqf2LkOPH6Ttnz6d93ypKJQEm+Ou7sOhcnW6est2vW8H2nLJkIlCSlU/b4GEuuTlnvdMP3nbJkIlASOmUBQNApCwCCTlkAEE/vgACAGGQiAAgyEQAEmQgA4umZmNCfyAmJQMFSztn+syuG+CoTUztlN0Pfui/sU2QigDjR1/b98XcpJi5Caqfscu8lMT2ZeMPyAHiw3+6UXf73M9ah48TgTlnp7CEggYIkZuLBtnO+TtmpX/IxMBMjOmWl34zLcICipHTKHm07Z+uU1cvBAjMxrlOW6xKBEt3Rn5ijU9Y48LL+1OO+DDGtU5YLE4FCPaJTNmJ/4uKsU7ZqBnYlAiX63U5ZTXwmhnXKDk3F9jNQlh/ulBWx+xMjOmWHho1ooCR0ygKAoFMWAASdsgAgnt4BAQAxyEQAEGQiAAgyEQDE0zMxoT8RQMGiz9m2Llq+IBOTO2Wn3rze2XnxcmomcvgcKNLl1/bFS+6U3brCLmdd1Mc1fkAxojsgDqas88zVKRuSiQmdsmpodgtClSJQiOsz8S90yh74plP2dCKAx4nulD3JxGydssran9jtS7+USuqUdV+QyGWKQBESx4nOlFQqX6esY/r5MZbwTlnGiUCh7sjE7J2yaq4Lcw0VEzpl2Z8IFCzlu0yPMjFfp+zn1Uk4urtmVVKnrOK4M1Cu9O+892SiytYpe941q5I6Ze1l4vxEoCB0ygKAoFMWAASdsgAgnt4BAQAxyEQAEGQiAAgyEQDE0zMxuT9xO5eS4+ZASVLO2fadyJ24CMmdskopNTXrr+rRVQKRmImcRAQU6pc7ZT9j3bbN5LvfFzjVHChVdAdEQCZm6pQdes/Y0LxDWqcsJ1gCZbo+E3N1yk5N29VdTH9iYKds3CIBeJSUTtmj/YnZOmXNDef32LljMaFTNnSRADzQ1ePEbJ2ydmHi1Dj3LSZ0ykYuEoAnuSMT83TKWiEYkonisFOWTATKdflx52ydssa/w757wJztwb5FMhEo1R3nJ2bqlDV/5dsKTuqUJROBUtEpCwCCTlkAEHTKAoB4egcEAMQgEwFAkIkAIMhEABBPz8TkTlkARfrdTllpk60OamUTMtG+NJuTiYCC/HKnrGFqfHVh3y2PfnkigMf74U5Z3dB7sjKhU3aX0VzpB5Tjdztl9clWb5gmoVN2vzyEIlCM6E5ZPRwdmZitU1bjHSSqpE5ZMhEoWPQ4UU9DTyZm6ZTdSKOi+w7RnbJkIlCwlEz0TVQqZ6fs7PPqDr+pKqFTlv2JQMHSjzt7zsXJ1ymr1NkgUSV1ynLcGShY+vmJ+xuv88zWKTs1vq+6l1nHd8pyfiJQMDplAUDQKQsAgk5ZABBP74AAgBhkIgAIMhEABJkIAOLpmUinLIAYQZnoPGfbcx1LvMROWWXWynquZiETAcSIzsTTrrBoiZ2yxpXOvl5FAIiS3hXmz8Q8nbJT07bN1hDmu/A5oVPWWipOsQRKcn69c+w4MVunrD42HHrPhc8JnbJzIK434lIcoChXZ2LOTtnPWEftT0zrlKUpDChJUFdYZCbm6ZQ1vpTqPXYB287hnbL6yHBoyESgGCeZqPt6nHhpp6z1HSy+r2T5vlOWcSJQksuPO2frlJ2a1ty3GHSMRZutd98i+xOBcoUed7ai8PD8xKydsin7E487Zc0lYowIFIVOWQAQdMoCgKBTFgDE0zsgACAGmQgAgkwEAEEmAoB4eibSnwggRkqnrHNKeiamd8quxRDaBS37O0dn4nLgnMv7gBKl92xny8SATlmjQ+xb71dd1XXtbjwD8GzRnbIB48QsnbKfsdav57uwU3ZJQK0Oh0wEihHdn3iaiZk6Za0QDOnFCeyUXZdHlotMBIpxdSbm65Sdmlbr1p766jQToztl1xgnE4FiRHfKBmRink5Zs2e76+orO2XX5Zk3oMlEoBjRnbJfjBMv7ZS15jF27mMs33bKvl+13XgG4MEuPxcnW6esfhPPhrNK6pS1Mno5MEQmAkX45U7ZqT8plFVJnbK7cevQkIlAKeiUBQBBpywACDplAUA8vQMCAGKQiQAgyEQAEGQiAIinZyKdsgBipPcn+s/ZjhR8bd/QW6dna52y+4tblpmTiQAiRGei7993Z+Lati2ZOPRGv+xlnbIAChbdKRuQidd3yi51OEaP7NS0bbPF4IWdstZScYolUJLE/sSDTLy+U3bqHd3aVonshZ2ycyCuN+JSHKAo6Zno3p94eaesPgD8MhOjO2UDFg/As/zrnbLGl/atP/X4ScnEiE5ZfWSofTELgKdL6ZT1bUordXOn7AX7ExfBnbKME4GyXH7c+fJOWY35XX1Bx50TOmXZnwgULLpT1jd4/HNbp6ywvr809vzEwE5Zc4kYIwJFoVMWAASdsgAg6JQFAPH0DggAiEEmAoAgEwFAkIkAIMhEABD/QKcsAPwzbuqUnfqqbetRJthdDicFsFPTttVS6iBXq+gzDKNd6dKeXfJy/XzGWlorpiblcSNNvb5sQ788ejPNy++6IDxS5Ot47fxd74TtKR+8Pex34/zuWtpEXt3xapEXsXK9J833w+l6nhpnVYnvcd3vGX35vb+aFyPT5273ef9l0Z2yB+NHfb5jvVtHQy+dDdq1yj5T03X1epv32AWs8bG25/l5dfMLPDXLO3WsEzMxdj76u//z6tKyONrQWx+5bTlPP/x7+/U5P0TU6xjNM/+pkXfU9nIs3mN38ldn6tf76t0hIX8q9JWwPe7B+yFhPfsf2vGM7OW3Rh77j8n9nzvl/Lz/rOs7ZWdjrbfWKKXM18Z8W2t/iuUFm5pufK13MV8bx+13nWLW+3J771oz6V6f9e9hP8l85P3d7oYY+3e8e3lcbxH9Q6j/TbafgnlfbbzZudfDNv09ds00/2qe8/aR/ry6/rU9hPbB2IaTvoXZf+dDzOsY/bz88/dNXGLI+nugPW4/rJm4rh8H53ow7f9I7N8PvvW8DbusJW+rtm96x3pbM1Ebk/bT7n21LYA+QjRW9a2fO/1XvhX7axIz8XR/omMbwXxttv81ig+HvpW/5934Xv6rvza+2yvfuGZdHsdf7/ljMM9h6JcbmB8ta57ObHUsz268tjHGEdrN9EGB/vdffxP7xkoyfVlRU193/fIPub2e9doyT9sTtDo2zseJ6vx1jH1evvnPN+zd2TovpzxZrZxdGVt2/tflYD0sXHnqzET3et49a+328nfLfO9tmei+gf2MTseJ6pbPnYrZJ/DvS+yUPR0nOjhfm937bNsCMl6V7bXx314lZaLzhZT57G5gz8e3PHJHbYdXMylfJjq6c7fnos3B+PvsnD719TjPdqy78W1kojOLrYdOzETfekh4XkeZuM3c/HyuN5BXZz9mPM1E/3qYOTeK3eNE53pef7uf4rv9Mi7T0ueyTLz0c/cwKZ2yl2Ti8uqevjbbxkjGTNymn28rHWSBZzk9nwF9jOO3+/u8nz7Wfd+0/aA+r65r+m0xvI9bGeO42Ew8ex3jn1fAtrO9f1DP3Pm+vkz07iA7Wg8z59q4OxP7prd3RHi2nb3P7v7P3cNk/C5TeyNoeaXNHcn6e9217eO/vfGr3b7kuEycPwCu37q2nd3LY+0g199q+thQ3370DFq1+Wjr8GD6so/cnL93fLqtwPfY2eNE1/qMfh3jnpd//s6OdTtzZTva2EfWtu7lWfvZD9fDMtG1v+zmTNzOHzCfS/Ixlns+dw8T3SnrnHKeiQf77F3bLNsf/+Utoo8jDrZxBse+avO0CeeGm2tbaZeqnvn4l8d6ytv7UqZ346vXd7qbp31IFjgf1zdd/8xs+4C2hZ+PRejrVi/m7RvzOOx+fUa+jtHP6+hY2e60G31NvvUbmKciVW3b9ObH2zH/o/XgGjk63w/+9Wy/3+a7HLwu27k49mfBcy6Odc6QHCTJ8Ll7Fq5j8TjY8QTguchEm33WK4CSkIkAIMhEABBkIgAIMhEABJkIAIJMBACR0inrm/i3nwsAfItMBACR2CnLdw8AeKT/A6P2yOvdijX6AAAAAElFTkSuQmCC) 因为key是循环取的,所以key='DoNotTryToGuessWhatDoesD3AdCa7ThinkOf' 之后写一个解密脚本解密msg02.enc即可
g = open('msg02.enc', 'rb').read()
f = open('msgtest02', 'wb')
key = 'DoNotTryToGuessWhatDoesD3AdCa7ThinkOf'
i = 0
t = chr(0)
p = ''
str = ''
for c in g:
    p =chr( (ord(c) - i**i - (ord(key\[i % len(key)\]) ^ ord(t)) ) & 0xff )
    t = p
    i += 1
    str += p
    f.write(p)
print str
f.close()