-
-
[原创]第十题 write up by 青蛙mage
-
发表于: 2019-3-24 15:36 2207
-
推荐使用工具 dnSpy
if (a(console.readline,"Kanxue2019")== "4RTlF9Ca2+oqExJwx68FiA==") .............. //比较结果 是否相同 public static string a(string A_0, string A_1) { byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1"); byte[] bytes2 = Encoding.UTF8.GetBytes(A_0); byte[] bytes3 = new PasswordDeriveBytes(A_1, null).GetBytes(32);//这里有毒 ICryptoTransform transform = new RijndaelManaged //AES-Rijndael算法 { Mode = CipherMode.CBC // CBC 模式 }.CreateEncryptor(bytes3, bytes); MemoryStream memoryStream = new MemoryStream(); CryptoStream cryptoStream = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write); cryptoStream.Write(bytes2, 0, bytes2.Length); cryptoStream.FlushFinalBlock(); byte[] inArray = memoryStream.ToArray(); memoryStream.Close(); cryptoStream.Close(); return Convert.ToBase64String(inArray); }
通过工具自带的动态调试,得知byte3实际是.....
b'\x6D\xDE\xF7\xA4\x3C\x00\x4F\x7D\x69\x83\x04\x4B\x1E\x36\xA9\x34\x59\xF1\x8B\xC8\x37\xC4\x6E\xAF\x32\x11\x32\x73\x41\x63\xA0\xB4'
Python解密
import base64 from Crypto.Cipher import AES from binascii import b2a_hex, a2b_hex data = "4RTlF9Ca2+oqExJwx68FiA==" cipher_data=base64.b64decode(data) H = b'\xE1\x14\xE5\x17\xD0\x9A\xDB\xEA\x2A\x13\x12\x70\xC7\xAF\x05\x88' key= b'\x6D\xDE\xF7\xA4\x3C\x00\x4F\x7D\x69\x83\x04\x4B\x1E\x36\xA9\x34\x59\xF1\x8B\xC8\x37\xC4\x6E\xAF\x32\x11\x32\x73\x41\x63\xA0\xB4' IV=b'Kanxue2019CTF-Q1' aes=AES.new(key,AES.MODE_CBC,IV) r=aes.decrypt(H) print(r)
得出结果 Kanxue2019Q1CTF
赞赏
他的文章
- 【原创】第六题 WP 5730
- [原创]第三题 write up by 青蛙Mage 6712
- [原创]第十题 write up by 青蛙mage 2208
- [原创]第一题write up 2479
看原图
赞赏
雪币:
留言: