2020. 4. 18. 05:55ㆍ0x07 CTF/[스스로 푼 것]
대회 끝나고 풀긴 했지만, 나름 재밌게 풀었다.
1. Concept
XOR Encrypt -> XOR Decrypt
2. Source Code Analysis
from random import choice, randint
from string import ascii_letters
from itertools import cycle
key = ''.join([choice(ascii_letters) for i in range(randint(8, 16))])
with open("flag.txt", "r") as file:
flag = file.read()
key_gen = cycle(key)
data = []
for i in range(len(flag)):
data.append(chr(ord(flag[i]) ^ ord(next(key_gen))))
with open("flag.enc", "w+") as file:
file.write(''.join(data))
* Module : ascii_letters , cycle, choice , randint
* 8~16 자리의 랜덤데이터를 통해 key를 생성
처음 본 모듈 : cycle
cycle iterable에서 요소를 반환하고 각각의 복사본을 저장하는 반복자를 만든다. |
3. Encrypt Data
4. Decrypt
* CTF Format : hexCTF{
0x22 ^ 'h' = ? 이런 조건이 성립한다고 가정
#-*-coding:utf-8-*-
# format
# hexCTF{
# enc :
# 22 11 15 19 2E 05 31 18 32 3A 11 1F 39 1B 2F 23 0D 35 2B 13 04 36 13 30 3E 02 24 2F 0C 1D 33 1B 2F 23 0F 28 29 1D 02 2F 09 3E
# key의 마지막인지는 모르겠지만 C가 들어가게 됨
import time
from random import choice, randint
from string import ascii_letters
from itertools import cycle, product
chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
enc = "\x22\x11\x15\x19\x2E\x05\x31\x18\x32\x3A\x11\x1F\x39\x1B\x2F"
enc += "\x23\x0D\x35\x2B\x13\x04\x36\x13\x30\x3E"
enc += "\x02\x24\x2F\x0C\x1D\x33\x1B\x2F\x23\x0F\x28\x29\x1D\x02\x2F\x09\x3E"
key = "\x4a\x74\x6d\x5a\x7a\x43\x4a\x41\x42\x42\x42\x50"
fixed_key = "\x4a\x74\x6d\x5a\x7a\x43\x4a" # 7bytes
print("[+] Searching ... ")
fp = open("./flag.txt",'w')
# 2개 하니까 딱 맞춰지네
for length in range(2, 3): # length
to_attempt = product(chars, repeat=length)
for attempt in to_attempt:
key = fixed_key
brute = ''.join(attempt)
key += brute
#print(key)
time.sleep(0.025)
key_gen = cycle(key)
tmp = []
for i in range (len(enc)): # same length to flag
a = ord(enc[i])
b = ord(next(key_gen))
tmp.append(chr(a^b))
# print("aa= " + ord(enc[i]) ^ ord(next(key_gen)))
#tmp.append(ord(enc[i]))^ord(next(key_gen))
#print (type(str(''.join(tmp))))
dat = ''.join(tmp)
print(dat)
fp.writelines(dat)
#time.sleep(0.3)
tmp =[]
#print (tmp) # ['J', 't', 'm', 'Z', 'z', 'C', 'J'] # 이건 확실하고
print("[+] FINISH Let's go Find FLAG !")
fp.close()
# \x4a
풀고나서, 다른 사람은 어떻게 푼지 봤는데 문제에서 주어진 코드를 참고하여 푼 것을 확인하였다. 나 같은 경우는 product를 이용하였는데 상대적으로 코드의 속도가 느리다. brute force 할 때 product 사용을 자제해야겠다.
다른 분이 푼 코드 (ctftime 참고)
# another player code
from random import choice, randint
from string import ascii_letters
from itertools import cycle
##key = ''.join([choice(ascii_letters) for i in range(randint(8, 16))])
##print(key)
##
##flag = '{REDACTEd}'
####with open("flag.txt", "r") as file:
#### flag = file.read()
##
##key_gen = cycle(key) # cycle('ABCD') -> A B C D A B C D ...
##
##data = []
##for i in range(len(flag)):
## data.append(chr(ord(flag[i]) ^ ord(next(key_gen))))
##
##with open("flag.enc", "w+") as file:
## file.write(''.join(data))
with open("./flag.enc", "r") as file:
flag_enc = file.read()
print(flag_enc)
flag_start = 'hexCTF{'
##data = []
##for i in range(len(flag_start)):
## data.append(chr(ord(flag_enc[i]) ^ ord(flag_start[i])))
##
##print(data) # ['J', 't', 'm', 'Z', 'z', 'C', 'J']
for a in ascii_letters:
for u in ascii_letters:
key = ['J', 't', 'm', 'Z', 'z', 'C', 'J']
key.append(a)
key.append(u)
key_gen = cycle(key)
data = ''
for i in range(len(flag_enc)):
data += (chr(ord(flag_enc[i]) ^ ord(next(key_gen))))
print(data)
#if data[-1:] == '}' and '\\' not in data and '^' not in data:
# print(data + ' || ' + ''.join(key))
# hexCTF{supercaliaragilisticexpialidocious}
'0x07 CTF > [스스로 푼 것]' 카테고리의 다른 글
AeroCTF2021 Dummyper (0) | 2021.03.02 |
---|---|
[REV] COMPEST - CreeptiCity (0) | 2020.09.12 |
ISITDTU CTF Reversing inter (0) | 2018.08.03 |
ISITDTU CTF Reversing cool (0) | 2018.07.30 |
ISITDTU CTF Reversing Embeedding (0) | 2018.07.30 |