cryptohack wp day (2)

Cryglz發表於2023-05-05

接著昨天的題目

第五題

image
看題目,一道簡單的xor題,就是將“label中每個字元與13進行異或處理”,直接上程式碼:

s="label"
result = ""
for i in s:
    result+=chr(ord(i)^13)
print(result)

或者按照題目所說,用pwntools庫中的xor函式來進行異或操作,具體操作如下:

from pwn import xor

s1 = "label"
s2 = 13
result = xor(s1,s2)
print(result)

第六題


按照題目所給:

KEY1 = a6c8b6733c9b22de7bc0253266a3867df55acde8635e19c73313
KEY2 ^ KEY1 = 37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e
KEY2 ^ KEY3 = c1545756687e7573db23aa1c3452a098b71a7fbf0fddddde5fc1
FLAG ^ KEY1 ^ KEY3 ^ KEY2 = 04ee9855208a2cd59091d04767ae47963170d1660df7f56f5faf

對其進行分析:(KEY2 ^ KEY1) ^ KEY1 = KEY2 ^ (KEY1 ^ KEY1) = KEY2 ^ 0 = KEY2
同理:KEY2 ^ (KEY2 ^ KEY3) = (KEY2 ^ KEY2) ^ KEY3 = 0 ^ KEY3 = KEY3
即:(FLAG ^ KEY1 ^ KEY3 ^ KEY2) ^ KEY1 ^ KEY3 ^ KEY2 = FLAG
程式碼如下:

from pwn import xor
from binascii import unhexlify

k1 = 'a6c8b6733c9b22de7bc0253266a3867df55acde8635e19c73313'
k21 = '37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e'
k23 = 'c1545756687e7573db23aa1c3452a098b71a7fbf0fddddde5fc1'
fk123 = '04ee9855208a2cd59091d04767ae47963170d1660df7f56f5faf'

k2 = xor(unhexlify(k21),unhexlify(k1))
print(k2)
k3 = xor(unhexlify(k23),k2)
print(k3)
flag = xor(unhexlify(fk123),unhexlify(k1),unhexlify(k23))
print(flag.decode())

第七題

透過題目我們能知道這道題是將flag透過與一個簡單的位元組進行異或操作,我們可以透過遍歷這個位元組從而拿到flag
程式碼如下:

s = '73626960647f6b206821204f21254f7d694f7624662065622127234f726927756d'
decode_s = bytes.fromhex(s)#根據題目提示,先進行16進位制解碼
print(decode_s)
#接下來遍歷可能的異或
for i in range(256):
        flag = ''.join(chr(j^i) for j in decode_s)

        print(str(i) + ":" + flag)

在一堆亂碼中找到flag

第八題


一般他給的注意就是解題的關鍵,題目說注意題目格式,且只給了密文,猜測前面幾個位元組與“crypto{”有關,先解碼在進行異或試試,如下,解出key:

s = '0e0b213f26041e480b26217f27342e175d0e070a3c5b103e2526217f27342e175d0e077e263451150104'
decode_s = bytes.fromhex(s)#根據題目提示,先進行16進位制解碼
print(decode_s)
k = "crypto{"
key = ""
for i in range(7):
        key +=(chr(ord(k[i])^decode_s[i]))
print(key)

解的key為:myXORke,由於直接異或操作flag錯誤,猜測key為:myXORkey,結果對了,ctf題中需要猜測的地方還是挺多的。。。。

from pwn import xor
key = key + "y"
flag = xor(decode_s,key.encode())
print(flag)