安洵杯 2020easyaes

runwu2204 Lv6
  2023-07-17 16:50:12 2023-07-17 16:50:12 创建   2023-07-17 17:30:39 2023-07-17 17:30:39 更新     
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#!/usr/bin/python
from Crypto.Cipher import AES
import binascii
from Crypto.Util.number import bytes_to_long,long_to_bytes
from flag import flag
from key import key

iv = flag.strip(b'd0g3{').strip(b'}')

LENGTH = len(key)
assert LENGTH == 16

hint = os.urandom(4) * 8
print(bytes_to_long(hint)^bytes_to_long(key))

msg = b'Welcome to this competition, I hope you can have fun today!!!!!!'

def encrypto(message):
    aes = AES.new(key,AES.MODE_CBC,iv)
    return aes.encrypt(message)

print(binascii.hexlify(encrypto(msg))[-32:])

'''
56631233292325412205528754798133970783633216936302049893130220461139160682777
b'3c976c92aff4095a23e885b195077b66'
'''

这道题涉及AES的ECB加密

因为hint是4字节重复8次,共32字节,而key只有16字节,异或后只有后16字节改变了可以通过前16字节获取hint,再异或回去就可以获得key了

1
2
3

hint='{:<4X}'.format(56631233292325412205528754798133970783633216936302049893130220461139160682777)[:4*2]*8
key=long_to_bytes(a^int(hint,16))

根据这题,我们需要获取iv,根据CBC模式和ECB模式的转化可以获取

1
2
3
4
5
6
m=b'xxxxxxxxxxxxxxxxyyyyyyyyyyyyyyyy'
key=b'aEs_1s_SO0o_e4sY'
iv=b'D0g3D0g3D0g3D0g3'
aes=AES.new(key,AES.MODE_CBC,iv)
enc=aes.encrypt(m)
print(enc)

其等效于ECB模式的,第一步第一组明文异或初始向量,第二部第二组明文异或上一次的加密结果,以此类推

1
2
3
4
5
6
7
8
9
from Crypto.Cipher import AES
from Crypto.Util.strxor import strxor
m1=b'xxxxxxxxxxxxxxxx'
m2=b'yyyyyyyyyyyyyyyy'
aes=AES.new(key,AES.MODE_ECB)
enc1=aes.encrypt(strxor(m1,iv))
enc2=aes.encrypt(strxor(m2,enc1))
enc=enc1+enc2
print(enc)

此处msg有64字节,所以有4组,等效于ECB模式的

1
2
3
4
5
6
7
8
9
10
11
12
13
from Crypto.Cipher import AES
from Crypto.Util.strxor import strxor
msg = b'Welcome to this competition, I hope you can have fun today!!!!!!'
m1=msg[:16]
m2=msg[16:32]
m3=msg[32:48]
m4=msg[48:]
aes=AES.new(key,AES.MODE_ECB)
enc1=aes.encrypt(strxor(m1,iv))
enc2=aes.encrypt(strxor(m2,enc1))
enc3=aes.encrypt(strxor(m3,enc2))
enc4=aes.encrypt(strxor(m4,enc3))
enc=enc1+enc2+enc3+enc4

那我们可以直接从enc4递推回iv

1
2
3
4
5
6
7
8
9
10
11
12
13
14
from Crypto.Cipher import AES
from Crypto.Util.strxor import strxor
msg = b'Welcome to this competition, I hope you can have fun today!!!!!!'
m1=msg[:16]
m2=msg[16:32]
m3=msg[32:48]
m4=msg[48:]
enc4=b'3c976c92aff4095a23e885b195077b66'
enc4=long_to_bytes(int(enc4,16))#从16进制字符串转化回原字符串
aes=AES.new(key,AES.MODE_ECB)
enc3=strxor(aes.decrypt(enc4),m4)
enc2=strxor(aes.decrypt(enc3),m3)
enc1=strxor(aes.decrypt(enc2),m2)
iv=strxor(aes.decrypt(enc1),m1)

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
from Crypto.Cipher import AES
from Crypto.Util.number import bytes_to_long,long_to_bytes
msg = b'Welcome to this competition, I hope you can have fun today!!!!!!'
a=56631233292325412205528754798133970783633216936302049893130220461139160682777
enc4=b'3c976c92aff4095a23e885b195077b66'
enc4=long_to_bytes(int(enc4,16))
msgs=[bytes_to_long(msg[i:i+16]) for i in range(0,len(msg),16)]
hint='{:<4X}'.format(a)[:4*2]*8
key=long_to_bytes(a^int(hint,16))
aes=AES.new(key,AES.MODE_ECB)
enc=[0]*5
enc[4]=enc4
for i in range(3,-1,-1):
	enc[i]=long_to_bytes(bytes_to_long(aes.decrypt(enc[i+1]))^msgs[i])
print(enc[0])

  • 标题: 安洵杯 2020easyaes
  • 作者: runwu2204
  • 创建于 : 2023-07-17 16:50:12
  • 更新于 : 2023-07-17 17:30:39
  • 链接: https://runwu2204.github.io/2023/07/17/CTF WP/Crypto/安洵杯 2020easyaes/
  • 版权声明: 本文章采用 CC BY-NC-SA 4.0 进行许可。
评论
目录
安洵杯 2020easyaes