-
-
[原创]CTF2019第十题---初入好望角WriteUp
-
发表于: 2019-3-15 17:15
-
由于程序是.net语言开发,因此使用DnSpy打开程序,启动程序后,使程序断在入口点处。
在这里可以看到代码
代码逻辑很简单,将输入的字符串进行加密处理后,与字符串**4RTlF9Ca2+oqExJwx68FiA==**比较。
算法中的bytes和bytes3为固定值,bytes2为输入的值。
由于之前对C#语言并不是很了解,因此猜测算法中,是使用bytes和bytes3为密钥,使用CryptoStream加密bytes2,最后将加密后的字节数组进行Base64加密。
因此解密算法的思路为:
1、首先将
**4RTlF9Ca2+oqExJwx68FiA==**字符串解密为十六进制字符串;
2、使用CryptoStream解密,得出flag。
使用C#编写解密脚本如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 | using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using System.Security.Cryptography;using System.IO;namespace ConsoleApplication1{ class Program { static void Main(string[] args) { byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1"); byte[] bytes3 = new PasswordDeriveBytes("Kanxue2019", null).GetBytes(32); //string key_base64 = "4RTlF9Ca2+oqExJwx68FiA=="; //StringBuilder key = new StringBuilder(); //foreach (byte b in Convert.FromBase64String(key_base64).ToArray()) //{ // //Format as hex // key.AppendFormat("{0:X2}", b); //} //Console.WriteLine("{0}", key.ToString()); string ret1 = "E114E517D09ADBEA2A131270C7AF0588"; ICryptoTransform transform = new RijndaelManaged { Mode = CipherMode.CBC }.CreateDecryptor(bytes3, bytes); byte[] inputByteArray = new byte[ret1.Length / 2]; for (int x = 0; x < ret1.Length / 2; x++) { int i = (Convert.ToInt32(ret1.Substring(x * 2, 2), 16)); inputByteArray[x] = (byte)i; } MemoryStream memoryStream = new MemoryStream(); CryptoStream cryptoStream = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write); cryptoStream.Write(inputByteArray, 0, inputByteArray.Length); cryptoStream.FlushFinalBlock(); byte[] inArray = memoryStream.ToArray(); memoryStream.Close(); cryptoStream.Close(); string returnStr = ""; for (int i = 0; i < inArray.Length; i++) { returnStr += inArray[i].ToString("X2"); } Console.WriteLine("{0}", returnStr); } }} |
结果得到的是十六进制字符串,将结果转换为字符串即可。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 | using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using System.Security.Cryptography;using System.IO;namespace ConsoleApplication1{ class Program { static void Main(string[] args) { byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1"); byte[] bytes3 = new PasswordDeriveBytes("Kanxue2019", null).GetBytes(32); //string key_base64 = "4RTlF9Ca2+oqExJwx68FiA=="; //StringBuilder key = new StringBuilder(); //foreach (byte b in Convert.FromBase64String(key_base64).ToArray()) //{ // //Format as hex // key.AppendFormat("{0:X2}", b); //} //Console.WriteLine("{0}", key.ToString()); string ret1 = "E114E517D09ADBEA2A131270C7AF0588"; ICryptoTransform transform = new RijndaelManaged { Mode = CipherMode.CBC }.CreateDecryptor(bytes3, bytes); byte[] inputByteArray = new byte[ret1.Length / 2]; for (int x = 0; x < ret1.Length / 2; x++) { int i = (Convert.ToInt32(ret1.Substring(x * 2, 2), 16)); inputByteArray[x] = (byte)i; } MemoryStream memoryStream = new MemoryStream(); CryptoStream cryptoStream = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write); cryptoStream.Write(inputByteArray, 0, inputByteArray.Length); cryptoStream.FlushFinalBlock(); byte[] inArray = memoryStream.ToArray(); memoryStream.Close(); cryptoStream.Close(); string returnStr = ""; for (int i = 0; i < inArray.Length; i++) { returnStr += inArray[i].ToString("X2"); } Console.WriteLine("{0}", returnStr); } }} |
结果得到的是十六进制字符串,将结果转换为字符串即可。
最后于 2019-3-15 22:46
被SnowMzn编辑
,原因:
|
|
|---|---|
