解题列表

根据提示一步一步走，经过猜测，测试出app.py

经过仔细研读代码，找到密钥

编写python代码拿到flag

复制代码

key = 'secret_key9828'
flag='d9d1c4d9e0d6c29e9aad71696565d99bc8d892a8979ec7a69b9a6868a095c8d89dac91d19ba9716f63b5'
new=bytearray()
flag=bytes.fromhex(flag)
for i in range(len(flag)):
    decrypt=flag[i]-ord(key[i%len(key)])
    new.append(decrypt)
print(new)

打开之后，经过翻找得到flag

使用分析工具CTF-NetA-V0.3.0一把梭

在cyberchef解密即可

from Cryptodome.Cipher import AES
b = {
'7': ['3', '4', '5', '6', '7', '8', '9', 'a', 'b'],
'4': ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b'],
'a': ['a', 'b', 'c', 'd', 'e', 'f'],
'e': ['c', 'd'],
'b': ['9', 'a', 'b', 'c', 'd'],
'3': ['1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd'],
'5': ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a'],
'6': ['4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd'],
'c': ['0', '1', '2', '3'],
'f': ['7'],
'd': ['c', 'd', 'e'],
'1': ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd',
'e'],
'9': ['0', '1', '2', '3', '4', '5', '6'],
'0': ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd',
'e', 'f']
}
gift = 64698960125130294692475067384121553664
key1_hex = "74aeb356c6eb74f364cd316497c0f714"
cipher =
b'6\xbf\x9b\xb1\x93\x14\x82\x9a\xa4\xc2\xaf\xd0L\xad\xbb5\x0e|>\x8c|\xf0^dl~X\xc
7R\xcaZ\xab\x16\xbe r\xf6Pl\xe0\x93\xfc)\x0e\x93\x8e\xd3\xd6'
char_to_num = {f"{i:x}": i for i in range(16)}
b_numeric = {}
for k in b:
k_num = char_to_num[k]
b_numeric[k_num] = [char_to_num[c] for c in b[k]]
key1_digits = [char_to_num[c] for c in key1_hex]
gift_bin = bin(gift)[2:].zfill(128)
18 / 21gift_nibbles = [int(gift_bin[i*4 : (i+1)*4], 2) for i in range(32)]
candidates = []
for i in range(32):
k = key1_digits[i]
g = gift_nibbles[i]
user_candidates = b_numeric.get(k, list(range(16)))
valid_candidates = [c for c in user_candidates if (c & k) == g]
candidates.append(valid_candidates)
def solve():
used = [False] * 16
mapping = {}
def backtrack(pos):
if pos == 32:
key0_digits = [mapping[k] for k in key1_digits]
key0_hex = "".join(f"{c:x}" for c in key0_digits)
try:
aes0 = AES.new(bytes.fromhex(key0_hex), AES.MODE_CBC,
bytes.fromhex(key1_hex))
aes1 = AES.new(bytes.fromhex(key1_hex), AES.MODE_CBC,
bytes.fromhex(key0_hex))
plaintext = aes0.decrypt(aes1.encrypt(cipher))
if b"flag{" in plaintext:
print("Found valid key0:", key0_hex)
print("Flag:", plaintext.decode())
return True
except:
pass
return False
k = key1_digits[pos]
if k in mapping:
return backtrack(pos + 1)
for c in candidates[pos]:
if not used[c]:
valid = True
for future_pos in range(pos+1, 32):
future_k = key1_digits[future_pos]
if future_k == k:
19 / 21future_g = gift_nibbles[future_pos]
if (c & future_k) != future_g:
valid = False
break
if not valid:
continue
used[c] = True
mapping[k] = c
if backtrack(pos + 1):
return True
del mapping[k]
used[c] = False
return False
sorted_positions = sorted(range(32), key=lambda x: len(candidates[x]))
return backtrack(0)
if not solve():
print("No valid mapping found.")

复制代码

block = [0x00, 0x05, 0x83, 0x80, 0x8E, 0x2B, 0x00, 0x83, 0x2F, 0xAA, 0x2B, 0x81, 0xA8, 0xA5]
v17 = [0x13, 0x39, 0xBE, 0xBE, 0xB4, 0x38, 0xB8, 0xBA, 0xBB, 0xB4, 0x3E, 0x90, 0x3A, 0xBA, 0xB4]
v16 = [0x8B, 0x89, 0x22, 0x88, 0x8B, 0x20, 0x09, 0x22, 0x88, 0x08, 0x8D, 0x88, 0xAF]

key1 = 0x99 ^ 0xFF
key2 = 0xDD ^ 0x99
key3 = 0xFF ^ 0xDD

def left_shift(byte):
    return ((byte << 1) | (byte >> 7)) & 0xFF

def xor_operation(data, length, key):
    result = []
    for i in range(length):
        new_byte = key ^ left_shift(data[i])
        result.append(new_byte)
    return result

result1 = xor_operation(block, 14, key1)
result2 = xor_operation(v17, 15, key2)
result3 = xor_operation(v16, 13, key3)
flag = ''.join(map(chr, result1 + result2 + result3))
print(flag)