import base64, urllib.parsedefe():key ="HereIsFlagggg"flag ="xxxxxxxxxxxxxxxxxxx"s_box =list(range(256))j =0# 打亂s_box 和flag無關for i inrange(256):j =(j + s_box[i]+ord(key[i %len(key)]))%256s_box[i], s_box[j]= s_box[j], s_box[i]res =[]i = j =0for s in flag:i = i +1j =(j + s_box[i])%256s_box[i], s_box[j]= s_box[j], s_box[i]t =(s_box[i]+ s_box[j])%256k = s_box[t]res.append(chr(ord(s)^ k))enc ="".join(res)#原來這里有個b64加密再解密 就等于沒變 所以改了一下 enc = urllib.parse.quote(enc)print(enc)defd():enc ="%C2%A6n%C2%87Y%1Ag%3F%C2%A01.%C2%9C%C3%B7%C3%8A%02%C3%80%C2%92W%C3%8C%C3%BA"enc = urllib.parse.unquote(enc)#倒著往回做唄key ="HereIsFlagggg"s_box =list(range(256))j =0r=[]# 獲得s_boxfor i inrange(256):j =(j + s_box[i]+ord(key[i %len(key)]))%256s_box[i], s_box[j]= s_box[j], s_box[i]i,j=0,0for s in enc:i = i +1j =(j + s_box[i])%256s_box[i], s_box[j]= s_box[j], s_box[i]t =(s_box[i]+ s_box[j])%256k = s_box[t]r.append(chr(ord(s)^k))#基本直接復制就行 異或的逆運算就是再異或一次print("".join(r))if __name__ =='__main__':e()d()
腳本運行得到結果
NSSCTF{REAL_EZ_RC4}
簡簡單單的邏輯 先上腳本
defe():flag ='xxxxxxxxxxxxxxxxxx'list=[47,138,127,57,117,188,51,143,17,84,42,135,76,105,28,169,25]result =''for i inrange(len(list)):key =(list[i]>>4)+((list[i]&0xf)<<4)a =hex(ord(flag[i])^ key)result +=str(a)[2:].zfill(2)#分析得知 這是16進制補全兩位 所以是一個flag字符對應兩位print(result)defd():list=[47,138,127,57,117,188,51,143,17,84,42,135,76,105,28,169,25]result ="bcfba4d0038d48bd4b00f82796d393dfec"nums =[]#截取 轉換 得到原來十進制for i inrange(0,len(result),2):nums.append("0x"+ result[i:i+2])for index inrange(len(nums)):nums[index]=int(nums[index],16)#直接加密里面復制key的計算 然后再異或一次即可for i inrange(len(list)):key =(list[i]>>4)+((list[i]&0xf)<<4)print(chr(nums[i]^key),end="")if __name__ =='__main__':# e()d()
這看腳本就行了
NSSCTF{EZEZ_RERE}
非常簡單的邏輯題
defe():flag ='xxxxxxxxxxxxxxxxxxxxx's ='wesyvbniazxchjko1973652048@$+-&*<>'result =''for i inrange(len(flag)):s1 =ord(flag[i])//17s2 =ord(flag[i])%17#就 沒啥好講的 一點點拆開打斷點調試就能看懂計算過程#還是flag一個字符轉換對應result的兩個字符a = s[(s1 + i)%34]b = s[-(s2 + i +1)%34]result += a + bprint(result)defd():result ='v0b9n1nkajz@j0c4jjo3oi1h1i937b395i5y5e0e$i's ='wesyvbniazxchjko1973652048@$+-&*<>'#套這么多層循環 主要是我不知道 取余怎么更方便的算回去for x inrange(-5,5):for y inrange(-5,5):r =""for j inrange(0,len(result),2):a = result[j]b = result[j +1]#根據數學知識可得(s1 =int(s.index(a)+34* x - j /2)s2 =-1*int(s.index(b)+34* y + j /2+1)#去除沒啥意義的結果if32< s1 *17+ s2 <130:r +=chr(s1 *17+ s2)else:breakiflen(r)==len('xxxxxxxxxxxxxxxxxxxxx'):print(r)if __name__ =='__main__':# e()d()
NSSCTF{Fake_RERE_QAQ}
fakerondom
import randomdefe():flag ='xxxxxxxxxxxxxxxxxxxx'#別的都不重要 就是這個隨機數種子#同樣的隨機數種子生成的一定是相同的數字random.seed(1)l =[]for i inrange(4):l.append(random.getrandbits(8))result =[]for i inrange(len(l)):random.seed(l[i])for n inrange(5):result.append(ord(flag[i *5+ n])^ random.getrandbits(8))print(result)defd():result =[201,8,198,68,131,152,186,136,13,130,190,112,251,93,212,1,31,214,116,244]random.seed(1)ran=[]t=[]for x inrange(4):ran.append(random.getrandbits(8))l=ran[0:4]for i inrange(len(l)):random.seed(l[i])for n inrange(5):#異或題最好寫了 基本原樣復制代碼就行print(chr(result[i *5+ n]^ random.getrandbits(8)),end="")if __name__ =='__main__':e()d()
NSSCTF{FakeE_random}
fakebase
defe():flag ='xxxxxxxxxxxxxxxxxxx's_box ='qwertyuiopasdfghjkzxcvb123456#$'tmp =''for i in flag:x =bin(ord(i))tmp +=str(x)[2:].zfill(8)b1 =int(tmp,2)s =''while b1 //31!=0:c = b1 %31s += s_box[c]b1 = b1 //31print(b1)print(s)defd():s ="u#k4ggia61egegzjuqz12jhfspfkay"# s="j3d4h1$6ggrouxktrgky5sxv6bk6i5"#測試s_box ='qwertyuiopasdfghjkzxcvb123456#$'l =[]for x in s:l.append(s_box.index(x))l=l[::-1]for n inrange(0,31):for x in l:n=x+31*nt=str(bin(n))[2:]for j inrange(0,len(t),8):#這題最讓我迷惑 我覺得我寫的是對的#但是拿上面的加密結果再解密出來的ascii值總差一倍#但最后一個字符的ascii值又是對應的 所以只能除以2看看#所以就 現在挺迷茫的 print(chr(int(int(t[j:j+8],2)/2)),end="")print()if __name__ =='__main__':# e()d()
NSSCTF{WHAt_BASe31}
strcpy(Str2,"{34sy_r3v3rs3}");printf("please put your flag:");scanf("%s", Str1);for( i =0; i <=665;++i ){if( Str1[i]==101)Str1[i]=51;}for( i =0; i <=665;++i ){if( Str1[i]==97)Str1[i]=52;}if(strcmp(Str1, Str2))printf("you are wrong,see again!");elseprintf("you are right!");system("pause");return0;
defcaesar(plaintext):str_list =list(plaintext)i =0while i <len(plaintext):ifnot str_list[i].isalpha():str_list[i]= str_list[i]else:a ="A"if str_list[i].isupper()else"a"str_list[i]=chr((ord(str_list[i])-ord(a)+5)%26+ord(a)or5)i = i +1return''.join(str_list)if __name__ =='__main__':small =[chr(i)for i inrange(97,123)]big =[chr(i)for i inrange(65,91)]alpha = small + bigdic ={}for flag in alpha:str= caesar(flag)dic[str]= flagstr="SXXHYK{dtzmfajpstbhfjxfw}"for x instr:if x.isalpha():print(dic[x], end="")else:print(x, end="")
分析代碼知道 這是個靜態加密 所以直接先把所有字母對應的密文加到字典里面 然后一一對應
NSSCTF{youhaveknowcaesar}
ez_rsa 為數不多我會寫的rsa了
工具算個d 然后再md5加密即可 d=104550CB8E2144921 pigpig 看名字就知道了 所以不想寫 traditional
inp="震坤艮 震艮震 坤巽坤 坤巽震 震巽兌 震艮震 震離艮 震離艮"
dic={"震":"100","離":"101","兌":"110","乾":"111","坤":"000","艮":"001","坎":"010","巽":"011"}
results=""for result in inp:if result in dic.keys():results+= dic[result][::-1]+""else:results+=" "print(results)
results=results.split()for index inrange(0,len(results)):print(chr(int(results[index],2)), end="")
import re
if __name__ =='__main__':withopen("a.txt","r")asfile:s =file.read()s = s.split("\n")for index inrange(0,len(s)):s[index]= s[index].split(",")[1]if s[index]=="224":s[index]="0"else:s[index]="1"s="".join(s)zero_one=re.findall(".{8}",s)r=[]for x in zero_one:r.append(chr(int(x,2)))print("".join(r[::-1]))
