-
-
[分享]CTF2019第十题writeup
-
发表于: 2019-3-12 12:32 2825
-
接下来就是编写解密函数了,代码如下:
public static string a(string A_0, string A_1) { byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1"); byte[] bytes2 = Encoding.UTF8.GetBytes(A_0); byte[] bytes3 = new PasswordDeriveBytes(A_1, null).GetBytes(32); ICryptoTransform transform = new RijndaelManaged { Mode = CipherMode.CBC }.CreateEncryptor(bytes3, bytes); MemoryStream memoryStream = new MemoryStream(); CryptoStream cryptoStream = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write); cryptoStream.Write(bytes2, 0, bytes2.Length); cryptoStream.FlushFinalBlock(); byte[] inArray = memoryStream.ToArray(); memoryStream.Close(); cryptoStream.Close(); return Convert.ToBase64String(inArray); }
using System; using System.Text; using System.Security.Cryptography; using System.IO; public class Test { public static void Main() { Console.WriteLine(Test.Decode("4RTlF9Ca2+oqExJwx68FiA==")); } public static string Decode(string data) { byte[] byIV = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1"); byte[] byKey = new PasswordDeriveBytes("Kanxue2019", null).GetBytes(32); byte[] byEnc; try { byEnc = Convert.FromBase64String(data); } catch { return null; } ICryptoTransform cryptoProvider = new RijndaelManaged{ Mode = CipherMode.CBC }.CreateDecryptor(byKey, byIV); byte[] resultArray = cryptoProvider.TransformFinalBlock(byEnc,0,byEnc.Length); return UTF8Encoding.UTF8.GetString(resultArray); } }
- 先打开,是console程序,通过EXEInfo查到是.NET程序,载入dnSpy
- 代码不多,做了混淆,但是基本能看明白,也可以通过de4dot脱之
- 主要流程就是将输入的串进行一系列操作,然后和
4RTlF9Ca2+oqExJwx68FiA==
比较,一致则pass - 由于对c#不是很熟,搜索了代码中用到的几个函数,大概明白了是加解密,主要函数在这:
public static string a(string A_0, string A_1) { byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1"); byte[] bytes2 = Encoding.UTF8.GetBytes(A_0); byte[] bytes3 = new PasswordDeriveBytes(A_1, null).GetBytes(32); ICryptoTransform transform = new RijndaelManaged { Mode = CipherMode.CBC }.CreateEncryptor(bytes3, bytes); MemoryStream memoryStream = new MemoryStream(); CryptoStream cryptoStream = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write); cryptoStream.Write(bytes2, 0, bytes2.Length); cryptoStream.FlushFinalBlock(); byte[] inArray = memoryStream.ToArray(); memoryStream.Close(); cryptoStream.Close(); return Convert.ToBase64String(inArray); }
- 搜索了一下,就是通过DES加密,key和iv就是bytes3和bytes
-
接下来就是编写解密函数了,代码如下:
using System; using System.Text; using System.Security.Cryptography; using System.IO; public class Test { public static void Main() { Console.WriteLine(Test.Decode("4RTlF9Ca2+oqExJwx68FiA==")); } public static string Decode(string data) { byte[] byIV = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1"); byte[] byKey = new PasswordDeriveBytes("Kanxue2019", null).GetBytes(32); byte[] byEnc; try { byEnc = Convert.FromBase64String(data); } catch { return null; } ICryptoTransform cryptoProvider = new RijndaelManaged{ Mode = CipherMode.CBC }.CreateDecryptor(byKey, byIV); byte[] resultArray = cryptoProvider.TransformFinalBlock(byEnc,0,byEnc.Length); return UTF8Encoding.UTF8.GetString(resultArray); } }
- 最后结果为:
Kanxue2019Q1CTF
--- END ---
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏
他的文章
- [分享]CTF2019第六题writeup 2788
- [分享]CTF2019第十题writeup 2826
- [分享]CTF2019第一题writeup 3442
看原图
赞赏
雪币:
留言: