解题列表

根据提示一步一步走，经过猜测，测试出app.py

经过仔细研读代码，找到密钥

编写python代码拿到flag

复制代码

key = 'secret_key9828'
flag='d9d1c4d9e0d6c29e9aad71696565d99bc8d892a8979ec7a69b9a6868a095c8d89dac91d19ba9716f63b5'
new=bytearray()
flag=bytes.fromhex(flag)
for i in range(len(flag)):
    decrypt=flag[i]-ord(key[i%len(key)])
    new.append(decrypt)
print(new)

打开之后，经过翻找得到flag

使用分析工具CTF-NetA-V0.3.0一把梭

在cyberchef解密即可

from Cryptodome.Cipher import AES
b = {
'7': $'3', '4', '5', '6', '7', '8', '9', 'a', 'b'$ ,
'4': $'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b'$ ,
'a': $'a', 'b', 'c', 'd', 'e', 'f'$ ,
'e': $'c', 'd'$ ,
'b': $'9', 'a', 'b', 'c', 'd'$ ,
'3': $'1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd'$ ,
'5': $'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a'$ ,
'6': $'4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd'$ ,
'c': $'0', '1', '2', '3'$ ,
'f': $'7'$ ,
'd': $'c', 'd', 'e'$ ,
'1': $'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e'$ ,
'9': $'0', '1', '2', '3', '4', '5', '6'$ ,
'0': $'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'$
}
gift = 64698960125130294692475067384121553664
key1_hex = "74aeb356c6eb74f364cd316497c0f714"
cipher =
b'6\xbf\x9b\xb1\x93\x14\x82\x9a\xa4\xc2\xaf\xd0L\xad\xbb5\x0e|>\x8c|\xf0^dl~X\xc
7R\xcaZ\xab\x16\xbe r\xf6Pl\xe0\x93\xfc)\x0e\x93\x8e\xd3\xd6'
char_to_num = {f"{i:x}": i for i in range(16)}
b_numeric = {}
for k in b:
k_num = char_to_num $k$
b_numeric $k_num$ = $char_to_num\[c$ for c in b $k$ ]
key1_digits = $char_to_num\[c$ for c in key1_hex]
gift_bin = bin(gift) $2:$ .zfill(128)
18 / 21gift_nibbles = $int(gift_bin\[i\*4 : (i+1)\*4$ , 2) for i in range(32)]
candidates = \[\]
for i in range(32):
k = key1_digits $i$
g = gift_nibbles $i$
user_candidates = b_numeric.get(k, list(range(16)))
valid_candidates = $c for c in user_candidates if (c \& k) == g$
candidates.append(valid_candidates)
def solve():
used = $False$ * 16
mapping = {}
def backtrack(pos):
if pos == 32:
key0_digits = $mapping\[k$ for k in key1_digits]
key0_hex = "".join(f"{c:x}" for c in key0_digits)
try:
aes0 = AES.new(bytes.fromhex(key0_hex), AES.MODE_CBC,
bytes.fromhex(key1_hex))
aes1 = AES.new(bytes.fromhex(key1_hex), AES.MODE_CBC,
bytes.fromhex(key0_hex))
plaintext = aes0.decrypt(aes1.encrypt(cipher))
if b"flag{" in plaintext:
print("Found valid key0:", key0_hex)
print("Flag:", plaintext.decode())
return True
except:
pass
return False
k = key1_digits $pos$
if k in mapping:
return backtrack(pos + 1)
for c in candidates $pos$ :
if not used $c$ :
valid = True
for future_pos in range(pos+1, 32):
future_k = key1_digits $future_pos$
if future_k == k:
19 / 21future_g = gift_nibbles $future_pos$
if (c & future_k) != future_g:
valid = False
break
if not valid:
continue
used $c$ = True
mapping $k$ = c
if backtrack(pos + 1):
return True
del mapping $k$
used $c$ = False
return False
sorted_positions = sorted(range(32), key=lambda x: len(candidates $x$ ))
return backtrack(0)
if not solve():
print("No valid mapping found.")

复制代码

block = [0x00, 0x05, 0x83, 0x80, 0x8E, 0x2B, 0x00, 0x83, 0x2F, 0xAA, 0x2B, 0x81, 0xA8, 0xA5]
v17 = [0x13, 0x39, 0xBE, 0xBE, 0xB4, 0x38, 0xB8, 0xBA, 0xBB, 0xB4, 0x3E, 0x90, 0x3A, 0xBA, 0xB4]
v16 = [0x8B, 0x89, 0x22, 0x88, 0x8B, 0x20, 0x09, 0x22, 0x88, 0x08, 0x8D, 0x88, 0xAF]

key1 = 0x99 ^ 0xFF
key2 = 0xDD ^ 0x99
key3 = 0xFF ^ 0xDD

def left_shift(byte):
    return ((byte << 1) | (byte >> 7)) & 0xFF

def xor_operation(data, length, key):
    result = []
    for i in range(length):
        new_byte = key ^ left_shift(data[i])
        result.append(new_byte)
    return result

result1 = xor_operation(block, 14, key1)
result2 = xor_operation(v17, 15, key2)
result3 = xor_operation(v16, 13, key3)
flag = ''.join(map(chr, result1 + result2 + result3))
print(flag)