羊城杯wp babyre

代码逻辑还是很清晰的，坑的地方就是在最后一个异或那里，题目已经给出了最后一个字符是0xC4了，这样我以为可以倒着求，发现写完算法，缺了十几位，

from Crypto.Cipher import AES
from hashlib import md5
input=[0 for i in range(32)]
input[31]=0xC4
res=[0xBD, 0xAD, 0xB4, 0x84, 0x10, 0x63, 0xB3, 0xE1, 0xC6, 0x84, 0x2D, 0x6F, 0xBA, 0x88, 0x74, 0xC4, 0x90, 0x32, 0xEA, 0x2E, 0xC6, 0x28, 0x65, 0x70, 0xC9, 0x75, 0x78, 0xA0, 0x0B, 0x9F, 0xA6, 0x00, 0x30, 0xE4, 0xD2, 0xC3, 0xEF, 0x75, 0xED, 0xA8, 0xE1, 0xA1, 0x73, 0x81, 0xE2, 0xE9, 0xAB, 0xC8, 0xBF, 0xCA, 0x52, 0xE8, 0xED, 0x6B, 0xA2, 0x39, 0x86, 0x21, 0xD0, 0xF6, 0x50, 0x3E, 0xF3]
res=res[:32]
ans=[]
def sou(input,deep):
if deep==0:
x=input.copy()
ans.append(x)
return
else:
for i in range(256):
if((2*(i^0x13)+7)^(i%9+input[deep]+2))&0xff==res[deep-1]:
input[deep-1]=i
sou(input,deep-1)
sou(input,31)
for tmp in ans:
for i in range(31, -1, -1):
for j in range(int(i/4)):
tmp[i] ^= tmp[j]
aes = AES.new(b"th1s1sth3n1c3k3y", mode=AES.MODE_ECB)
res = aes.decrypt(bytes(tmp))
if res.startswith(b"GWHT{"):
print(res)
print(md5(res[5:-1]).hexdigest())

posted @ 2020-09-14 17:01  YenKoc  阅读(92)  评论(0编辑  收藏