-
-
[分享]CTF2019第十题writeup
-
发表于:
2019-3-12 12:32
2820
-
接下来就是编写解密函数了,代码如下:
public static string a(string A_0, string A_1)
{
byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1");
byte[] bytes2 = Encoding.UTF8.GetBytes(A_0);
byte[] bytes3 = new PasswordDeriveBytes(A_1, null).GetBytes(32);
ICryptoTransform transform = new RijndaelManaged
{
Mode = CipherMode.CBC
}.CreateEncryptor(bytes3, bytes);
MemoryStream memoryStream = new MemoryStream();
CryptoStream cryptoStream = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write);
cryptoStream.Write(bytes2, 0, bytes2.Length);
cryptoStream.FlushFinalBlock();
byte[] inArray = memoryStream.ToArray();
memoryStream.Close();
cryptoStream.Close();
return Convert.ToBase64String(inArray);
}
using System;
using System.Text;
using System.Security.Cryptography;
using System.IO;
public class Test
{
public static void Main()
{ Console.WriteLine(Test.Decode("4RTlF9Ca2+oqExJwx68FiA=="));
}
public static string Decode(string data)
{
byte[] byIV = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1");
byte[] byKey = new PasswordDeriveBytes("Kanxue2019", null).GetBytes(32);
byte[] byEnc;
try
{
byEnc = Convert.FromBase64String(data);
}
catch
{
return null;
}
ICryptoTransform cryptoProvider = new RijndaelManaged{
Mode = CipherMode.CBC
}.CreateDecryptor(byKey, byIV);
byte[] resultArray = cryptoProvider.TransformFinalBlock(byEnc,0,byEnc.Length);
return UTF8Encoding.UTF8.GetString(resultArray);
}
}
- 先打开,是console程序,通过EXEInfo查到是.NET程序,载入dnSpy
- 代码不多,做了混淆,但是基本能看明白,也可以通过de4dot脱之
- 主要流程就是将输入的串进行一系列操作,然后和
4RTlF9Ca2+oqExJwx68FiA==比较,一致则pass
- 由于对c#不是很熟,搜索了代码中用到的几个函数,大概明白了是加解密,主要函数在这:
public static string a(string A_0, string A_1)
{
byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1");
byte[] bytes2 = Encoding.UTF8.GetBytes(A_0);
byte[] bytes3 = new PasswordDeriveBytes(A_1, null).GetBytes(32);
ICryptoTransform transform = new RijndaelManaged
{
Mode = CipherMode.CBC
}.CreateEncryptor(bytes3, bytes);
MemoryStream memoryStream = new MemoryStream();
CryptoStream cryptoStream = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write);
cryptoStream.Write(bytes2, 0, bytes2.Length);
cryptoStream.FlushFinalBlock();
byte[] inArray = memoryStream.ToArray();
memoryStream.Close();
cryptoStream.Close();
return Convert.ToBase64String(inArray);
}
- 搜索了一下,就是通过DES加密,key和iv就是bytes3和bytes
-
接下来就是编写解密函数了,代码如下:
using System;
using System.Text;
using System.Security.Cryptography;
using System.IO;
public class Test
{
public static void Main()
{ Console.WriteLine(Test.Decode("4RTlF9Ca2+oqExJwx68FiA=="));
}
public static string Decode(string data)
{
byte[] byIV = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1");
byte[] byKey = new PasswordDeriveBytes("Kanxue2019", null).GetBytes(32);
byte[] byEnc;
try
{
byEnc = Convert.FromBase64String(data);
}
catch
{
return null;
}
ICryptoTransform cryptoProvider = new RijndaelManaged{
Mode = CipherMode.CBC
}.CreateDecryptor(byKey, byIV);
byte[] resultArray = cryptoProvider.TransformFinalBlock(byEnc,0,byEnc.Length);
return UTF8Encoding.UTF8.GetString(resultArray);
}
}
- 最后结果为:
Kanxue2019Q1CTF
--- END ---
先打开,是console程序,通过EXEInfo查到是.NET程序,载入dnSpy代码不多,做了混淆,但是基本能看明白,也可以通过de4dot脱之
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
