攻防世界MISC_Aesop_secret

环境

题目下载，AES解密

U2FsdGVkX19QwGkcgD0fTjZxgijRzQOGbCWALh4sRDec2w6xsY/ux53Vuj/AMZBDJ87qyZL5kAf1fmAH4Oe13Iu435bfRBuZgHpnRjTBn5+xsDHONiR3t0+Oa8yG/tOKJMNUauedvMyN4v4QKiFunw==

flag{DugUpADiamondADeepDarkMine}

发现gif逐帧分解，发现字符串ISCC

原始gif二进制后面跟着一堆AES密文，AES解密两次即可在线AES解密

python

import base64
import hashlib
from Cryptodome.Cipher import AES
from Cryptodome.Util.Padding import unpad
# 提供的密文和密码
cipher_text = "U2FsdGVkX18OvTUlZubDnmvk2lSAkb8Jt4Zv6UWpE7Xb43f8uzeFRUKGMo6QaaNFHZriDDV0EQ/qt38Tw73tbQ=="
password = "ISCC"
# 1. Base64 解码
cipher_data = base64.b64decode(cipher_text)
# 2. 检查 "Salted__" 前缀并提取 salt 和实际密文
assert cipher_data[:8] == b"Salted__"
salt = cipher_data[8:16]
encrypted_text = cipher_data[16:]
# 3. 生成密钥和 IV（OpenSSL 的 EVP_BytesToKey 算法）
def evp_bytes_to_key(password, salt, key_len, iv_len):
    # 密钥和 IV 初始值
    key_iv = b''
    # 密钥和 IV 的目标长度
    total_len = key_len + iv_len
    # 当前数据缓冲区
    data = password.encode('utf-8') + salt
    while len(key_iv) < total_len:
        # 计算哈希值
        hash = hashlib.md5(data).digest()
        key_iv += hash
        data = hash + password.encode('utf-8') + salt
    # 返回前 key_len 字节作为密钥，接下来的 iv_len 字节作为 IV
    return key_iv[:key_len], key_iv[key_len:total_len]
# 生成 32 字节的密钥和 16 字节的 IV（AES-256-CBC）
key, iv = evp_bytes_to_key(password, salt, 32, 16)
key_hex=key.hex()
iv_hex=key.hex()
print("key_hex=",key_hex)
print("iv_hex=",iv_hex)
# 4. 解密
cipher = AES.new(key, AES.MODE_CBC, iv)
decrypted_data = unpad(cipher.decrypt(encrypted_text), AES.block_size)
# 输出解密后的明文
print("解密后的明文:", decrypted_data.decode('utf-8'))