-
-
[原创]CTF2019第十题---初入好望角WriteUp
-
发表于: 2019-3-15 17:15 2817
-
由于程序是.net语言开发,因此使用DnSpy打开程序,启动程序后,使程序断在入口点处。
在这里可以看到代码
代码逻辑很简单,将输入的字符串进行加密处理后,与字符串**4RTlF9Ca2+oqExJwx68FiA==**比较。
算法中的bytes和bytes3为固定值,bytes2为输入的值。
由于之前对C#语言并不是很了解,因此猜测算法中,是使用bytes和bytes3为密钥,使用CryptoStream加密bytes2,最后将加密后的字节数组进行Base64加密。
因此解密算法的思路为:
1、首先将
**4RTlF9Ca2+oqExJwx68FiA==**字符串解密为十六进制字符串;
2、使用CryptoStream解密,得出flag。
使用C#编写解密脚本如下:
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; using System.Security.Cryptography; using System.IO; namespace ConsoleApplication1 { class Program { static void Main(string[] args) { byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1"); byte[] bytes3 = new PasswordDeriveBytes("Kanxue2019", null).GetBytes(32); //string key_base64 = "4RTlF9Ca2+oqExJwx68FiA=="; //StringBuilder key = new StringBuilder(); //foreach (byte b in Convert.FromBase64String(key_base64).ToArray()) //{ // //Format as hex // key.AppendFormat("{0:X2}", b); //} //Console.WriteLine("{0}", key.ToString()); string ret1 = "E114E517D09ADBEA2A131270C7AF0588"; ICryptoTransform transform = new RijndaelManaged { Mode = CipherMode.CBC }.CreateDecryptor(bytes3, bytes); byte[] inputByteArray = new byte[ret1.Length / 2]; for (int x = 0; x < ret1.Length / 2; x++) { int i = (Convert.ToInt32(ret1.Substring(x * 2, 2), 16)); inputByteArray[x] = (byte)i; } MemoryStream memoryStream = new MemoryStream(); CryptoStream cryptoStream = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write); cryptoStream.Write(inputByteArray, 0, inputByteArray.Length); cryptoStream.FlushFinalBlock(); byte[] inArray = memoryStream.ToArray(); memoryStream.Close(); cryptoStream.Close(); string returnStr = ""; for (int i = 0; i < inArray.Length; i++) { returnStr += inArray[i].ToString("X2"); } Console.WriteLine("{0}", returnStr); } } }
结果得到的是十六进制字符串,将结果转换为字符串即可。
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; using System.Security.Cryptography; using System.IO; namespace ConsoleApplication1 { class Program { static void Main(string[] args) { byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1"); byte[] bytes3 = new PasswordDeriveBytes("Kanxue2019", null).GetBytes(32); //string key_base64 = "4RTlF9Ca2+oqExJwx68FiA=="; //StringBuilder key = new StringBuilder(); //foreach (byte b in Convert.FromBase64String(key_base64).ToArray()) //{ // //Format as hex // key.AppendFormat("{0:X2}", b); //} //Console.WriteLine("{0}", key.ToString()); string ret1 = "E114E517D09ADBEA2A131270C7AF0588"; ICryptoTransform transform = new RijndaelManaged { Mode = CipherMode.CBC }.CreateDecryptor(bytes3, bytes); byte[] inputByteArray = new byte[ret1.Length / 2]; for (int x = 0; x < ret1.Length / 2; x++) { int i = (Convert.ToInt32(ret1.Substring(x * 2, 2), 16)); inputByteArray[x] = (byte)i; } MemoryStream memoryStream = new MemoryStream(); CryptoStream cryptoStream = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write); cryptoStream.Write(inputByteArray, 0, inputByteArray.Length); cryptoStream.FlushFinalBlock(); byte[] inArray = memoryStream.ToArray(); memoryStream.Close(); cryptoStream.Close(); string returnStr = ""; for (int i = 0; i < inArray.Length; i++) { returnStr += inArray[i].ToString("X2"); } Console.WriteLine("{0}", returnStr); } } }
结果得到的是十六进制字符串,将结果转换为字符串即可。
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
最后于 2019-3-15 22:46
被SnowMzn编辑
,原因:
赞赏
他的文章
看原图
赞赏
雪币:
留言: