攻防世界_misc_Py-Py-Py

环境

Py-Py-Py,stegosaurus隐写

Flag{HiD3_Pal0ad_1n_Python}

wp

反编译代码分析,这段代码实现了一个简单的加密和解密功能,并用于验证用户输入的 flag 是否正确。

修改执行解密代码,如下

import hashlib
import time
import base64

fllag = "9474yeUMWODKruX7OFzD9oekO28+EqYCZHrUjWNm92NSU+eYXOPsRPEFrNMs7J+4qautoqOrvq28pLU="

def crypto(string, op='encode', public_key='ddd', expirytime=0):
  ckey_lenth = 4
  public_key = public_key and public_key or ""
  key = hashlib.md5(public_key.encode()).hexdigest()
  keya = hashlib.md5(key[0:16].encode()).hexdigest()
  keyb = hashlib.md5(key[16:32].encode()).hexdigest()
  keyc = ckey_lenth and (
      op == "decode" and string[0:ckey_lenth] or hashlib.md5(str(time.time()).encode()).hexdigest()[
                                                 32 - ckey_lenth:32]) or ""
  cryptkey = keya + hashlib.md5((keya + keyc).encode()).hexdigest()
  key_lenth = len(cryptkey)

  if op == "decode":
    # 解码时直接使用字节数据
    string = base64.b64decode(string[4:])
  else:
    # 编码时生成字符串
    string = "0000000000" + hashlib.md5((string + keyb).encode()).hexdigest()[0:16] + string
    string = string.encode()  # 转换为字节数据

  string_lenth = len(string)
  result = b"" if op == "decode" else ""
  box = list(range(256))
  randkey = []
  for i in range(255):
    randkey.append(ord(cryptkey[i % key_lenth]))

  for i in range(255):
    j = 0
    j = (j + box[i] + randkey[i]) % 256
    tmp = box[i]
    box[i] = box[j]
    box[j] = tmp

  for i in range(string_lenth):
    a = j = 0
    a = (a + 1) % 256
    j = (j + box[a]) % 256
    tmp = box[a]
    box[a] = box[j]
    box[j] = tmp
    if op == "decode":
      result += bytes([string[i] ^ box[(box[a] + box[j]) % 256]])
    else:
      result += chr(string[i] ^ box[(box[a] + box[j]) % 256])

  if op == "decode":
    if result[0:10] == b"0000000000" or int(result[0:10]) - int(time.time()) > 0:
      if result[10:26] == hashlib.md5(result[26:] + keyb.encode()).hexdigest()[0:16].encode():
        return result[26:].decode()
    return
  else:
    return keyc + base64.b64encode(result.encode()).decode()


if __name__ == "__main__":
  decrypted_flag = crypto(fllag, "decode")
  print("Decrypted flag:", decrypted_flag)

运行,得到提示Decrypted flag: The challenge is Steganography存在隐写术

尝试stegosaurus隐写即可

stegosaurus -x 58cadd8d8269455ebc94690fd777c34a.pyc
posted @ 2025-01-23 17:28  ra1nbowsea  阅读(203)  评论(0)    收藏  举报