一、搭建环境
(其实没啥用,可以帮助理解代码逻辑吧)
在当前文件夹下使用命令:
python2 -m SimpleHTTPServer
python3 -m http.server
二、题目主要代码逻辑:
<!DOCTYPE html>
<html>
<body>
<script>
function Leaf(k, p) {
var s = [], j = 0, x, res = '';
for (var i = 0; i < 256; i++) {
s[i] = i;
}
for (i = 0; i < 256; i++) {
j = (j + s[i] + k.charCodeAt(i % k.length)) % 256;
x = s[i];
s[i] = s[j];
s[j] = x;
}
i = 0;
j = 0;
for (var y = 0; y < p.length; y++) {
i = (i + 1) % 256;
j = (j + s[i]) % 256;
x = s[i];
s[i] = s[j];
s[j] = x;
res += String.fromCharCode(p.charCodeAt(y) ^ s[(s[i] + s[j]) % 256]);
}
return res;
}
form.addEventListener("submit", (ev) => {
ev.preventDefault();
var date = document.getElementById('date').value;
var enc = ['¦', 'p', ':', 'Ü','\x92', 'Ã', '\x97', 'ó', '\x1A', 'ß', '\b', 'Ö', 'A', ' ', '5', '\x90', '{', '\x06', 'Ô', '÷', 's', '_', '\x1D', ':', 'I', 'L', 'C', 'X', 'Ñ', '¹', 'O', '\x99', '\x85', '3', 'à', 'i', '|'];
flag = Leaf(date, enc.join(''));
if ( flag.substring(0, 5) == "VNCTF" && date.length == 8 && date.su
bstring(0,4) == '2023' )){
Galaxy('Neko.jpg', 50);
alert(flag);
} else{
Galaxy('Fish.jpg', 50);
alert("鱼怎么抓痒?");}
})
</script>
</body>
</html>
获取一个日期,使用RC4加密(Leaf函数),将date作为RC4的密钥key,enc作为明文(对称加密算法,感觉叫法无所谓),经过RC4算法,的到flag,只要输入正确的日期就能alert出正确的flag。
(
RC4加密算法的特征:
①使用变量s,指s盒,s盒中的,且s盒对应的s数组的长度为256
②在加密过程中,RC4算法通过对S盒的不断更新和元素的交换来生成伪随机序列,对应Leaf函数中的也有使用临时变量x进行s盒元素交换的地方
③最后使用刚刚生成的伪随机序列对明文进行按位异或运算,得到密文
)
三、exp.py
import datetime
# enc = ['¦', 'p', ':', 'Ü','\x92', 'Ã', '\x97', 'ó', '\x1A', 'ß', '\b', 'Ö', 'A', ' ', '5', '\x90', '{', '\x06', 'Ô', '÷', 's', '_', '\x1D', ':', 'I', 'L', 'C', 'X', 'Ñ', '¹', 'O', '\x99', '\x85', '3', 'à', 'i', '|']
enc = ['¦', 'p', ':', 'Ü','\x92', 'Ã', '\x97', 'ó', '\x1A', 'ß', '\b', 'Ö', 'A', ' ', '5', '\x90', '{', '\x06', 'Ô', '÷', 's', '_', '\x1D', ':', 'I', 'L', 'C', 'X', 'Ñ', '¹', 'O', '\x99', '\x85', '3', 'à', 'i', '|']
for m in range(1, 13):
for d in range(1, 32):
try:
key = '2023{:02d}{:02d}'.format(m, d)
s = list(range(256))
j = 0
for i in range(256):
j = (j + s[i] + ord(key[i % len(key)])) % 256
s[i], s[j] = s[j], s[i]
i = j = 0
res = ''
for c in enc:
i = (i + 1) % 256
j = (j + s[i]) % 256
s[i], s[j] = s[j], s[i]
res += chr(ord(c) ^ s[(s[i] + s[j]) % 256])
if 'flag' in res:
print('Found key:', key)
print('Plaintext:', res)
break
except:
pass
另一种使用Cypto库的方法
from Crypto.Cipher import ARC4
# enc = [b'\xa6', b'p', b':', b'\xdc', b'\x92', b'\xc3', b'\x97', b'\xf3', b'\x1a', b'\xdf', b'\x08', b'\xd6', b'A', b' ', b'5', b'\x90', b'{', b'\x06', b'\xd4', b'\xf7', b's', b'_', b':', b'I', b'L', b'C', b'X', b'\xd1', b'\xb9', b'O', b'\x99', b'\x85', b'3', b'\xe0', b'i', b'|']
enc = ['¦', 'p', ':', 'Ü','\x92', 'Ã', '\x97', 'ó', '\x1A', 'ß', '\b', 'Ö', 'A', ' ', '5', '\x90', '{', '\x06', 'Ô', '÷', 's', '_', '\x1D', ':', 'I', 'L', 'C', 'X', 'Ñ', '¹', 'O', '\x99', '\x85', '3', 'à', 'i', '|']
enc = bytes([ord(c) for c in enc])
for m in range(1, 13):
for d in range(1, 32):
try:
key = '2023{:02d}{:02d}'.format(m, d)
cipher = ARC4.new(key.encode())
res = cipher.decrypt(enc)
if b'flag{' in res:
print('Found key:', key)
print('Plaintext:', res)
break
except:
pass
ps:ARC4的方法只能接受字节串变量