-
-
[原创]2019看雪CTF 团队赛 第十题 初入好望角WP
-
发表于: 2019-3-19 01:18
-
cm是.net程序,直接用dnSpy打开,定位到处理输入的方法。
1 2 3 4 5 6 7 8 9 | private static void a(string[] A_0){ Console.WriteLine("Please Input Serial:"); if (a.a(Console.ReadLine(), "Kanxue2019") == "4RTlF9Ca2+oqExJwx68FiA==") { Console.WriteLine("Congratulations! : )"); Console.ReadLine(); }} |
查看a.a方法
1 2 3 4 5 6 7 8 9 | private static void a(string[] A_0){ Console.WriteLine("Please Input Serial:"); if (a.a(Console.ReadLine(), "Kanxue2019") == "4RTlF9Ca2+oqExJwx68FiA==") { Console.WriteLine("Congratulations! : )"); Console.ReadLine(); }} |
查看a.a方法
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | public static string a(string A_0, string A_1){ byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1"); byte[] bytes2 = Encoding.UTF8.GetBytes(A_0); byte[] bytes3 = new PasswordDeriveBytes(A_1, null).GetBytes(32); ICryptoTransform transform = new RijndaelManaged { Mode = CipherMode.CBC }.CreateEncryptor(bytes3, bytes); MemoryStream memoryStream = new MemoryStream(); CryptoStream cryptoStream = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write); cryptoStream.Write(bytes2, 0, bytes2.Length); cryptoStream.FlushFinalBlock(); byte[] inArray = memoryStream.ToArray(); memoryStream.Close(); cryptoStream.Close(); return Convert.ToBase64String(inArray);} |
cm先对输入的字符做aes cbc加密,密钥为PasswordDeriveBytes("Kanxue2019", null).GetBytes(32)的返回值,iv为Kanxue2019CTF-Q1,最后再base64编码。
结合调试可以判断是aes256加密,也可以提取出密钥
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | public static string a(string A_0, string A_1){ byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1"); byte[] bytes2 = Encoding.UTF8.GetBytes(A_0); byte[] bytes3 = new PasswordDeriveBytes(A_1, null).GetBytes(32); ICryptoTransform transform = new RijndaelManaged { Mode = CipherMode.CBC }.CreateEncryptor(bytes3, bytes); MemoryStream memoryStream = new MemoryStream(); CryptoStream cryptoStream = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write); cryptoStream.Write(bytes2, 0, bytes2.Length); cryptoStream.FlushFinalBlock(); byte[] inArray = memoryStream.ToArray(); memoryStream.Close(); cryptoStream.Close(); return Convert.ToBase64String(inArray);} |
cm先对输入的字符做aes cbc加密,密钥为PasswordDeriveBytes("Kanxue2019", null).GetBytes(32)的返回值,iv为Kanxue2019CTF-Q1,最后再base64编码。
结合调试可以判断是aes256加密,也可以提取出密钥
|
|
|---|---|
