#!/usr/bin/env python
# -*- coding:utf-8 -*-
from Crypto.Cipher import AES
from Crypto import Random
def encrypt(data, password):
bs = AES.block_size
pad = lambda s: s + (bs - len(s) % bs) * chr(bs - len(s) % bs)
iv = "0102030405060708"
cipher = AES.new(password, AES.MODE_CBC, iv)
data = cipher.encrypt(pad(data))
return data
def decrypt(data, password):
unpad = lambda s : s[0:-ord(s[-1])]
iv = "0102030405060708"
cipher = AES.new(password, AES.MODE_CBC, iv)
data = cipher.decrypt(data)
return unpad(data)
def generate_passwd(key):
data_halt = "LvR7GrlG0A4WIMBrUwTFoA==".decode("base64")
rand_int = int(decrypt(data_halt, key).encode("hex"), 16)
round = 0x7DC59612
result = 1
a1 = 0
while a1 < round:
a2 = 0
while a2 < round:
a3 = 0
while a3 < round:
result = result * (rand_int % 0xB18E) % 0xB18E
a3 += 1
a2 += 1
a1 += 1
return encrypt(str(result), key)
if __name__ == '__main__':
key = raw_input("key:")
if len(key) != 32:
print "check key length!"
exit()
passwd = generate_passwd(key.decode("hex"))
flag = raw_input("flag:")
print "output:", encrypt(flag, passwd).encode("base64")
# key = md5(sha1("flag"))
# output = "u6WHK2bnAsvTP/lPagu7c/K3la0mrveKrXryBPF/LKFE2HYgRNLGzr1J1yObUapw"通过观察这条语句:result = result * (rand_int % 0xB18E) % 0xB18E
result不会超过0xB18E,于是采用爆破result方式生成passwd。
该程序使用了PyCrypto库,访问http://www.voidspace.org.uk/python/modules.shtml#pycrypto,下载并安装PyCrypto 2.6 for Python 2.7 64bit。
重写程序,爆破。
#!/usr/bin/env python
# -*- coding:utf-8 -*-
from Crypto.Cipher import AES
from Crypto import Random
from hashlib import md5, sha1
def encrypt(data, password):
bs = AES.block_size
pad = lambda s: s + (bs - len(s) % bs) * chr(bs - len(s) % bs)
iv = "0102030405060708"
cipher = AES.new(password, AES.MODE_CBC, iv)
data = cipher.encrypt(pad(data))
return data
def decrypt(data, password):
unpad = lambda s : s[0:-ord(s[-1])]
iv = "0102030405060708"
cipher = AES.new(password, AES.MODE_CBC, iv)
data = cipher.decrypt(data)
return unpad(data)
def generate_passwd(result, key):
'''
data_halt = "LvR7GrlG0A4WIMBrUwTFoA==".decode("base64")
rand_int = int(decrypt(data_halt, key).encode("hex"), 16)
round = 0x7DC59612
result = 1
a1 = 0
while a1 < round:
a2 = 0
while a2 < round:
a3 = 0
while a3 < round:
result = result * (rand_int % 0xB18E) % 0xB18E
a3 += 1
a2 += 1
a1 += 1
'''
return encrypt(str(result), key)
def Md5(input1):
m1 = md5()
m1.update(input1)
return m1.hexdigest()
def Sha1(input1):
m2 = sha1()
m2.update(input1)
return m2.hexdigest()
if __name__ == '__main__':
'''
key = raw_input("key:")
if len(key) != 32:
print "check key length!"
exit()
passwd = generate_passwd(key.decode("hex"))
flag = raw_input("flag:")
print "output:", encrypt(flag, passwd).encode("base64")
'''
key = Md5(Sha1("flag")).decode("hex")
output = "u6WHK2bnAsvTP/lPagu7c/K3la0mrveKrXryBPF/LKFE2HYgRNLGzr1J1yObUapw"
for result in range(0x0B18E):
passwd = generate_passwd(result, key)
flag = decrypt(output.decode("base64"), passwd)
if 'flag' in flag:
print flag
break
print 'ok'得到结果flag{552d3a0e567542d99694c4d61d1a652e}
