[BSidesSF2020]decrypto-1
[BSidesSF2020]decrypto-1
題目
Kerckhoffs’s principle states that “A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.” So here’s our unbreakable cipher.
import sys import json import hashlibclass Crypto:def __init__(self, key):if not isinstance(key, bytes):raise TypeError('key must be of type bytes!')self.key = keyself._buf = bytes()self._out = open("/dev/stdout", "wb")def _extend_buf(self):self._buf += self.keydef get_bytes(self, nbytes):while len(self._buf) < nbytes:self._extend_buf()ret, self._buf = self._buf[:nbytes], self._buf[nbytes:]return retdef encrypt(self, buf):if not isinstance(buf, bytes):raise TypeError('buf must be of type bytes!')stream = self.get_bytes(len(buf))return bytes(a ^ b for a, b in zip(buf, stream))def set_outfile(self, fname):self._out = open(fname, "wb")def encrypt_file(self, fname):buf = open(fname, "rb").read()self._out.write(self.encrypt(buf))class JSONCrypto(Crypto):def encrypt_file(self, fname):buf = open(fname, "r").read().strip()h = hashlib.sha256(buf.encode('utf-8')).hexdigest()data = {"filename": fname,"hash": h,"plaintext": buf,}outbuf = json.dumps(data, sort_keys=True, indent=4)self._out.write(self.encrypt(outbuf.encode("utf-8")))def main(argv):if len(argv) not in (3, 4):print("%s <key> <infile> [outfile]" % sys.argv[0])returnargv.pop(0)key = argv.pop(0)inf = argv.pop(0)crypter = JSONCrypto(key.encode("utf-8"))if sys.argv:crypter.set_outfile(argv.pop(0))crypter.encrypt_file(inf)if __name__ == '__main__':main(sys.argv)flag.txt.enc
:TL\Z\QETVRQ SIH fGNV\\\ETV[UVQU ] A_]UC^ QWZC _RY@QYRU_[@^^[CfGNVDQ ] U@VE-d2OM N8 _@boFbC 1SMM[L:解題
科克霍夫斯原理聲明“密碼系統(tǒng)應(yīng)該是安全的,即使系統(tǒng)的所有內(nèi)容,除了密鑰,都是公共知識(shí)。”所以這里是我們的牢不可破的密碼。
牢不可破的密碼,那就可能是一次一密了。
先讀程序:
sys.argv[]是一個(gè)從程序外部獲取參數(shù)的橋梁,因?yàn)槲覀儚耐獠咳〉玫膮?shù)可以是多個(gè),所以獲得的是一個(gè)列表,也就是說(shuō)sys.argv其實(shí)可以看作是一個(gè)列表,所以才能用[]提取其中的元素。其第一個(gè)元素是程序本身,sys.argv[0]表示代碼本身文件路徑,隨后才依次是外部給予的參數(shù)。
pop() 函數(shù)用于移除列表中的一個(gè)元素(默認(rèn)最后一個(gè)元素),并且返回該元素的值。
hash.hexdigest() 返回摘要,作為十六進(jìn)制數(shù)據(jù)字符串值。
json.dumps()將一個(gè)Python數(shù)據(jù)結(jié)構(gòu)轉(zhuǎn)換為JSON對(duì)象,indent:參數(shù)根據(jù)數(shù)據(jù)格式縮進(jìn)顯示,讀起來(lái)更加清晰,skipkeys:默認(rèn)值是False,如果dict的keys內(nèi)的數(shù)據(jù)不是python的基本類型(str,unicode,int,long,float,bool,None),設(shè)置為False時(shí),就會(huì)報(bào)TypeError的錯(cuò)誤。此時(shí)設(shè)置成True,則會(huì)跳過(guò)這類key 。
解題代碼:
import json data = {"filename": 'flag.txt',"hash": 'h',} outbuf = json.dumps(data, sort_keys=True, indent=4) cipher_pre=open('flag.txt.enc','rb').read() for i in range(43):print(chr(cipher_pre[i]^ord(outbuf[i])))#得到key key='n0t4=l4g' for i in range(8):key+=key#使key足夠長(zhǎng). flag='' for i in range(len(cipher_pre)):flag+=chr(ord(key[i])^cipher_pre[i]) print(flag)運(yùn)行得到:
{"filename": "flag.txt","hash": "2f98b8afa014bf955533a3e72cee0417413ff744e25f2b5b5838f5741cd69547","plaintext": "CTF{plz_dont_r0ll_ur_own_crypto}" }答案
flag{plz_dont_r0ll_ur_own_crypto}
總結(jié)
以上是生活随笔為你收集整理的[BSidesSF2020]decrypto-1的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: [CISCN2018]oldstream
- 下一篇: [羊城杯 2020]Power