[AFCTF2018]你听过一次一密么?
作者:互联网
[AFCTF2018]你听过一次一密么?
附件:
Problem.txt
25030206463d3d393131555f7f1d061d4052111a19544e2e5d
0f020606150f203f307f5c0a7f24070747130e16545000035d
1203075429152a7020365c167f390f1013170b1006481e1314
0f4610170e1e2235787f7853372c0f065752111b15454e0e09
081543000e1e6f3f3a3348533a270d064a02111a1b5f4e0a18
0909075412132e247436425332281a1c561f04071d520f0b11
4116111b101e2170203011113a69001b475206011552050219
041006064612297020375453342c17545a01451811411a470e
021311114a5b0335207f7c167f22001b44520c15544801125d
06140611460c26243c7f5c167f3d015446010053005907145d
0f05110d160f263f3a7f4210372c03111313090415481d49
题目描述“一次一密(One-Time-Pad)”特意去了解了一下。又去找了一下大佬的WP,发现还有Many-Time-Pad (MTP).
再搜索 Many-Time-Pad,居然找到了many-time-pad-attack 脚本,python2的脚本,然而并没有运行起来QAQ
#!/usr/bin/python
## OTP - Recovering the private key from a set of messages that were encrypted w/ the same private key (Many time pad attack) - crypto100-many_time_secret @ alexctf 2017
# Original code by jwomers: https://github.com/Jwomers/many-time-pad-attack/blob/master/attack.py)
import string
import collections
import sets, sys
# 11 unknown ciphertexts (in hex format), all encrpyted with the same key
c1='25030206463d3d393131555f7f1d061d4052111a19544e2e5d'
c2='0f020606150f203f307f5c0a7f24070747130e16545000035d'
c3='1203075429152a7020365c167f390f1013170b1006481e1314'
c4='0f4610170e1e2235787f7853372c0f065752111b15454e0e09'
c5='081543000e1e6f3f3a3348533a270d064a02111a1b5f4e0a18'
c6='0909075412132e247436425332281a1c561f04071d520f0b11'
c7='4116111b101e2170203011113a69001b475206011552050219'
c8='041006064612297020375453342c17545a01451811411a470e'
c9='021311114a5b0335207f7c167f22001b44520c15544801125d'
c10='06140611460c26243c7f5c167f3d015446010053005907145d'
c11='0f05110d160f263f3a7f4210372c03111313090415481d49'
ciphers = [c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11]
# The target ciphertext we want to crack
#target_cipher = "0529242a631234122d2b36697f13272c207f2021283a6b0c7908"
# XORs two string
def strxor(a, b): # xor two strings (trims the longer input)
return "".join([chr(ord(x) ^ ord(y)) for (x, y) in zip(a, b)])
def target_fix(target_cipher):
# To store the final key
final_key = [None]*150
# To store the positions we know are broken
known_key_positions = set()
# For each ciphertext
for current_index, ciphertext in enumerate(ciphers):
counter = collections.Counter()
# for each other ciphertext
for index, ciphertext2 in enumerate(ciphers):
if current_index != index: # don't xor a ciphertext with itself
for indexOfChar, char in enumerate(strxor(ciphertext.decode('hex'), ciphertext2.decode('hex'))): # Xor the two ciphertexts
# If a character in the xored result is a alphanumeric character, it means there was probably a space character in one of the plaintexts (we don't know which one)
if char in string.printable and char.isalpha(): counter[indexOfChar] += 1 # Increment the counter at this index
knownSpaceIndexes = []
# Loop through all positions where a space character was possible in the current_index cipher
for ind, val in counter.items():
# If a space was found at least 7 times at this index out of the 9 possible XORS, then the space character was likely from the current_index cipher!
if val >= 7: knownSpaceIndexes.append(ind)
#print knownSpaceIndexes # Shows all the positions where we now know the key!
# Now Xor the current_index with spaces, and at the knownSpaceIndexes positions we get the key back!
xor_with_spaces = strxor(ciphertext.decode('hex'),' '*150)
for index in knownSpaceIndexes:
# Store the key's value at the correct position
final_key[index] = xor_with_spaces[index].encode('hex')
# Record that we known the key at this position
known_key_positions.add(index)
# Construct a hex key from the currently known key, adding in '00' hex chars where we do not know (to make a complete hex string)
final_key_hex = ''.join([val if val is not None else '00' for val in final_key])
# Xor the currently known key with the target cipher
output = strxor(target_cipher.decode('hex'),final_key_hex.decode('hex'))
print "Fix this sentence:"
print ''.join([char if index in known_key_positions else '*' for index, char in enumerate(output)])+"\n"
# WAIT.. MANUAL STEP HERE
# This output are printing a * if that character is not known yet
# fix the missing characters like this: "Let*M**k*ow if *o{*a" = "cure, Let Me know if you a"
# if is too hard, change the target_cipher to another one and try again
# and we have our key to fix the entire text!
#sys.exit(0) #comment and continue if u got a good key
target_plaintext = "cure, Let Me know if you a"
print "Fixed:"
print target_plaintext+"\n"
key = strxor(target_cipher.decode('hex'),target_plaintext)
print "Decrypted msg:"
for cipher in ciphers:
print strxor(cipher.decode('hex'),key)
print "\nPrivate key recovered: "+key+"\n"
for i in ciphers:
target_fix(i)
没有python2环境,于是找了个在线python2(国外的网站)带入运行得到:
Fix this sentence:
Dear Frie*d**T*is tim* G*
Fixed:
Dear Friend IT is time Go
Decrypted msg:
Dear Friend IT is time Go
nderstood muIm!stake anjo
sed One timiIp)d encrypz&
n scheme, I,e)rd that g;
is the only,n+ryption c*
hod that is,a<hematicab#
proven to n &ot crackk+
ever if the,e1 is kept.<
cure, Let MiIk&ow if yo{o
gree with miIt' use thi}o
ncryption soe%e always
Private key recovered: afctf{OPT_16I&t3rest1ni2
Fix this sentence:
nderstood*m**m*stake *nj*
Fixed:
Dear Friend IT is time Go
Decrypted msg:
nderstood muIm!stake anjo
Dear Friend IT is time Go
Yd` \x&u'd<II(~'$qo?}>W&
D!wc;Wpc-n@y\(hcakd,pnJ;
Cr$t;W=io"pyW*h~1ke"jnN*
Bn` 'Z|r!'zyX=rb,~x$g/O#
qvo%Ws&u!);'usa|~,g%F+
Owars[{&u&ly\0:n2?g(t:<
ItveQcunD<IR'upavjm}!Vo
MsaesEtrind<IM&:r2z,9l'Po
Dbvy#Ftionz:\$' s{,}=
Private key recovered: Kggt5IRVU8*6p'n43z95 D2
Fix this sentence:
sed One t*m**p*d encr*pz*
Fixed:
Dear Friend IT is time Go
Decrypted msg:
sed One timiIp)d encrypz&
Yd` \x&u'd<II(~'$qo?}>W&
Dear Friend IT is time Go
Y v1Mz,='@eA 7enb~hpZr
^s%&M7&kpeJ"*5ncprp^c
_oar@v=1nzeE5e6({~v1_j
pw=Myieh)'/b'eyx~;Vb
Rv` OAqieoleA8-:6:azl$u
Tuw7C[,e'D IO/b$esl?e?F&
Pr`7O_~=y'd IP.-&6*kt9@&
Ycw+\~&'z&A,hs$v}~e#
Private key recovered: Vff& SXEX866m/y`7yk->T{
Fix this sentence:
n scheme,*I**e*rd tha* g*
Fixed:
Dear Friend IT is time Go
Decrypted msg:
n scheme, I,e)rd that g;
D!wc;Wpc-n@y\(hcakd,pnJ;
Y v1Mz,='@eA 7enb~hpZr
Dear Friend IT is time Go
C62e F?c'"T D_"inpthc C~
B*v1<K~xi'^ LP5srmaueraBw
5`~>Fq,=!
bD/tc csmrkK
O3wchJy,=&H JT8;~s jiath
I0`tdSi=n`eZ/t` ig,ho[;
M7wthTvx!n@eE.;bse!xyi];
D&`h8Wvc'n^cIT,~7alvmhs
Private key recovered: K#qe.XP\s~x/o$rerx nIf
Fix this sentence:
is the on*y**n*ryptio* c*
Fixed:
Dear Friend IT is time Go
Decrypted msg:
is the only,n+ryption c*
Cr$t;W=io"pyW*h~1ke"jnN*
^s%&M7&kpeJ"*5ncprp^c
C62e F?c'"T D_"inpthc C~
Dear Friend IT is time Go
Ey%&<K3r+kn A[7so=atkhaFf
f3i>F<&m=bI-t~pcrchkOn
H`$thJ4&jx G_:;c# kg{t
y
Nc3cdc"PeQ-t}pif"ro_*
Jd$chT;rc"peN,;#e vciY*
Cu38W;ie"ncD_.~*1lwcrs
Private key recovered: Lp"r.XV_],sss-o9"esv:nMw
Fix this sentence:
hod that *s**a*hemati*ab*
Fixed:
Dear Friend IT is time Go
Decrypted msg:
hod that is,a<hematicab#
Bn` 'Z|r!'zyX=rb,~x$g/O#
_oar@v=1nzeE5e6({~v1_j
B*v1<K~xi'^ LP5srmaueraBw
Ey%&<K3r+kn A[7so=atkhaFf
Dear Friend IT is time Go
zw="K}=1h7bA:nbmvoee*Ng
I|` tGu=1or OP-!>5vav5p
Ow7x_x1'Ze^:nam|{$.^#
Kx`7tYzi-'zeA;!c>p=pn(X#
Biw+$Zzr+'dcLP9d6,yje2
Private key recovered: Mlf&2U\MX&s{|:u%?pnp7/L~
Fix this sentence:
proven t* ** *ot cra*kk*
Fixed:
Dear Friend IT is time Go
Decrypted msg:
proven to n &ot crackk+
qvo%Ws&u!);'usa|~,g%F+
pw=Myieh)'/b'eyx~;Vb
5`~>Fq,=!
bD/tc csmrkK
f3i>F<&m=bI-t~pcrchkOn
zw="K}=1h7bA:nbmvoee*Ng
Dear Friend IT is time Go
cvovJziei!bG7&ns7piv?x
`axzP,e! ' ip ~},$W+
gvxvTu=y!)'!&rsr;xn"Q+
vad&Wu&!7!D#c'a{lm8
Private key recovered: spi0XSE^u1s= r4rrhx7%Ev
Fix this sentence:
ever if t*e**e* is ke*t.*
Fixed:
Dear Friend IT is time Go
Decrypted msg:
ever if the,e1 is kept.<
Owars[{&u&ly\0:n2?g(t:<
Rv` OAqieoleA8-:6:azl$u
O3wchJy,=&H JT8;~s jiath
H`$thJ4&jx G_:;c# kg{t
y
I|` tGu=1or OP-!>5vav5p
cvovJziei!bG7&ns7piv?x
Dear Friend IT is time Go
Bfve,X,e&LeZ7&ms=d(l;<
Faae X}=y&leE6io 1"|}=<
Opvyp[}&&rcJT4,:28uil'I
Private key recovered: @ugtfT[EY0s}x7=)!1q|$:a
Fix this sentence:
cure, Let*M**k*ow if *o{*
Fixed:
Dear Friend IT is time Go
Decrypted msg:
cure, Let MiIk&ow if yo{o
ItveQcunD<IR'upavjm}!Vo
Tuw7C[,e'D IO/b$esl?e?F&
I0`tdSi=n`eZ/t` ig,ho[;
Nc3cdc"PeQ-t}pif"ro_*
Ow7x_x1'Ze^:nam|{$.^#
`axzP,e! ' ip ~},$W+
Bfve,X,e&LeZ7&ms=d(l;<
Dear Friend IT is time Go
@bvr,WxynD IK!&qsx/9t&Ao
Isan|WcnZ&Z#c$aqx,e<
Private key recovered: Fvpcjq\E66v r7rx|9-!U2
Fix this sentence:
gree with*m**t* use t*i}*
Fixed:
Dear Friend IT is time Go
Decrypted msg:
gree with miIt' use thi}o
MsaesEtrind<IM&:r2z,9l'Po
Pr`7O_~=y'd IP.-&6*kt9@&
M7wthTvx!n@eE.;bse!xyi];
Jd$chT;rc"peN,;#e vciY*
Kx`7tYzi-'zeA;!c>p=pn(X#
gvxvTu=y!)'!&rsr;xn"Q+
Faae X}=y&leE6io 1"|}=<
@bvr,WxynD IK!&qsx/9t&Ao
Dear Friend IT is time Go
MtvnpErrcnz&E",&2}>xt:
Private key recovered: BqgcfJTMY866i!=5!t:m<'S2
Fix this sentence:
ncryption*s**e*e alwa*s
Fixed:
Dear Friend IT is time Go
Decrypted msg:
ncryption soe%e always
Dbvy#Ftionz:\$' s{,}=
Ycw+\~&'z&A,hs$v}~e#
D&`h8Wvc'n^cIT,~7alvmhs
Cu38W;ie"ncD_.~*1lwcrs
Biw+$Zzr+'dcLP9d6,yje2
vad&Wu&!7!D#c'a{lm8
Opvyp[}&&rcJT4,:28uil'I
Isan|WcnZ&Z#c$aqx,e<
MtvnpErrcnz&E",&2}>xt:
Dear Friend IT is time G
Private key recovered: K`p6ITV_&0~x#x`3}mx-=
根据题目特性不难发现flag由好几部分组成
第一key
Private key recovered: afctf{OPT_16I&t3rest1ni2
第二key
Private key recovered: Kggt5IRVU8*6p'n43z95 D2
第三个key
Private key recovered: Vff& SXEX866m/y`7yk->T{
第四个key
Private key recovered: K#qe.XP\s~x/o$rerx nIf
第五个key
Private key recovered: Lp"r.XV_],sss-o9"esv:nMw
第六个key
Private key recovered: Mlf&2U\MX&s{|:u%?pnp7/L~
第七个key
Private key recovered: spi0XSE^u1s= r4rrhx7%Ev
第八个key
Private key recovered: @ugtfT[EY0s}x7=)!1q|$:a
第九个key
Private key recovered: Fvpcjq\E66v r7rx|9-!U2
第十个key
Private key recovered: BqgcfJTMY866i!=5!t:m<'S2
第十一个key
Private key recovered: K`p6ITV_&0~x#x`3}mx-=
得到:
afctf{OPT_16I&t3rest1ni2
Kggt5IRVU8*6p'n43z95 D2
Vff& SXEX866m/y`7yk->T{
K#qe.XP\s~x/o$rerx nIf
Lp"r.XV_],sss-o9"esv:nMw
Mlf&2U\MX&s{|:u%?pnp7/L~
spi0XSE^u1s= r4rrhx7%Ev
@ugtfT[EY0s}x7=)!1q|$:a
Fvpcjq\E66v r7rx|9-!U2
BqgcfJTMY866i!=5!t:m<'S2
K`p6ITV_&0~x#x`3}mx-=
毫无头绪23333,接着找WP
大佬采用修复语句的方式寻找flag!!!看得我一愣一愣的!!!
最后得到flag为:
afctf{OPT_1s_Int3rest1ng}
标签:index,AFCTF2018,一次,一密,hex,Private,key,time,recovered 来源: https://blog.csdn.net/m0_52727862/article/details/119043250