-
-
[原创]CTF2019第十题---初入好望角WriteUp
-
发表于: 2019-3-15 17:15
-
由于程序是.net语言开发,因此使用DnSpy打开程序,启动程序后,使程序断在入口点处。
在这里可以看到代码
代码逻辑很简单,将输入的字符串进行加密处理后,与字符串**4RTlF9Ca2+oqExJwx68FiA==**比较。
算法中的bytes和bytes3为固定值,bytes2为输入的值。
由于之前对C#语言并不是很了解,因此猜测算法中,是使用bytes和bytes3为密钥,使用CryptoStream加密bytes2,最后将加密后的字节数组进行Base64加密。
因此解密算法的思路为:
1、首先将
**4RTlF9Ca2+oqExJwx68FiA==**字符串解密为十六进制字符串;
2、使用CryptoStream解密,得出flag。
使用C#编写解密脚本如下:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Security.Cryptography;
using System.IO;
namespace ConsoleApplication1
{
class Program
{
static void Main(string[] args)
{
byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1");
byte[] bytes3 = new PasswordDeriveBytes("Kanxue2019", null).GetBytes(32);
//string key_base64 = "4RTlF9Ca2+oqExJwx68FiA==";
//StringBuilder key = new StringBuilder();
//foreach (byte b in Convert.FromBase64String(key_base64).ToArray())
//{
// //Format as hex
// key.AppendFormat("{0:X2}", b);
//}
//Console.WriteLine("{0}", key.ToString());
string ret1 = "E114E517D09ADBEA2A131270C7AF0588";
ICryptoTransform transform = new RijndaelManaged
{
Mode = CipherMode.CBC
}.CreateDecryptor(bytes3, bytes);
byte[] inputByteArray = new byte[ret1.Length / 2];
for (int x = 0; x < ret1.Length / 2; x++)
{
int i = (Convert.ToInt32(ret1.Substring(x * 2, 2), 16));
inputByteArray[x] = (byte)i;
}
MemoryStream memoryStream = new MemoryStream();
CryptoStream cryptoStream = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write);
cryptoStream.Write(inputByteArray, 0, inputByteArray.Length);
cryptoStream.FlushFinalBlock();
byte[] inArray = memoryStream.ToArray();
memoryStream.Close();
cryptoStream.Close();
string returnStr = "";
for (int i = 0; i < inArray.Length; i++)
{
returnStr += inArray[i].ToString("X2");
}
Console.WriteLine("{0}", returnStr);
}
}
}结果得到的是十六进制字符串,将结果转换为字符串即可。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Security.Cryptography;
using System.IO;
namespace ConsoleApplication1
{
class Program
{
static void Main(string[] args)
{
byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1");
byte[] bytes3 = new PasswordDeriveBytes("Kanxue2019", null).GetBytes(32);
//string key_base64 = "4RTlF9Ca2+oqExJwx68FiA==";
//StringBuilder key = new StringBuilder();
//foreach (byte b in Convert.FromBase64String(key_base64).ToArray())
//{
// //Format as hex
// key.AppendFormat("{0:X2}", b);
//}
//Console.WriteLine("{0}", key.ToString());
string ret1 = "E114E517D09ADBEA2A131270C7AF0588";
ICryptoTransform transform = new RijndaelManaged
{
Mode = CipherMode.CBC
}.CreateDecryptor(bytes3, bytes);
byte[] inputByteArray = new byte[ret1.Length / 2];
for (int x = 0; x < ret1.Length / 2; x++)
{
int i = (Convert.ToInt32(ret1.Substring(x * 2, 2), 16));
inputByteArray[x] = (byte)i;
}
MemoryStream memoryStream = new MemoryStream();
CryptoStream cryptoStream = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write);
cryptoStream.Write(inputByteArray, 0, inputByteArray.Length);
cryptoStream.FlushFinalBlock();
byte[] inArray = memoryStream.ToArray();
memoryStream.Close();
cryptoStream.Close();
string returnStr = "";
for (int i = 0; i < inArray.Length; i++)
{
returnStr += inArray[i].ToString("X2");
}
Console.WriteLine("{0}", returnStr);
}
}
}结果得到的是十六进制字符串,将结果转换为字符串即可。
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
最后于 2019-3-15 22:46
被SnowMzn编辑
,原因:
|
|
|---|---|
