目录
tea,xtea,xxtea
在逆向过程中,常常会遇到tea加密,本文将系统地总结一下tea,xtea,xxtea
tea
简介
TEA加密算法是一种分组密码算法,其明文密文块为64比特,密钥长度为128比特。TEA算法利用不断增加的Delta(黄金分割率)值作为变化,使得每轮的加密是不同,该加密算法的迭代次数可以改变,建议的迭代次数为32轮。
值得一提的是Delta值一般为0x9E3779B9(-0x61C88647),这是判定TEA加密的特征之一
代码实现
#include <stdint.h>
void encrypt (uint32_t* v, uint32_t* k) {
uint32_t v0=v[0], v1=v[1], sum=0, i; /* set up */
uint32_t delta=0x9e3779b9; /* a key schedule constant */
uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */
for (i=0; i < 32; i++) { /* basic cycle start */
sum += delta;
v0 += ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
v1 += ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
} /* end cycle */
v[0]=v0; v[1]=v1;
}
void decrypt (uint32_t* v, uint32_t* k) {
uint32_t v0=v[0], v1=v[1], sum=0xC6EF3720, i; /* set up */
uint32_t delta=0x9e3779b9; /* a key schedule constant */
uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */
for (i=0; i<32; i++) { /* basic cycle start */
v1 -= ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
v0 -= ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
sum -= delta;
} /* end cycle */
v[0]=v0; v[1]=v1;
}
示例
#include <stdio.h>
#include <stdint.h>
void encrypt (uint32_t* v, uint32_t* k) {
uint32_t sum = 0;
uint32_t v0 = v[0], v1 = v[1];
uint32_t delta = 0x9e3779b9;
uint32_t k0 = k[0], k1 = k[1], k2 = k[2], k3 = k[3];
for (int i=0; i<32; i++) {
sum += delta;
v0 += ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
v1 += ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
}
v[0]=v0;
v[1]=v1;
}
void decrypt (uint32_t* v, uint32_t* k) {
uint32_t v0 = v[0], v1 = v[1];
uint32_t delta = 0x9e3779b9;
uint32_t sum = delta * 32;
uint32_t k0 = k[0], k1 = k[1], k2 = k[2], k3 = k[3];
for (int i=0; i<32; i++) {
v1 -= ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
v0 -= ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
sum -= delta;
}
v[0]=v0;
v[1]=v1;
}
int main(){
uint32_t v[2] = {0x3e8947cb,0xcc944639};
uint32_t k[4]= {0x1122,0x2233,0x3344,0x4455};
printf("Data is : %x %x\n", v[0], v[1]);
encrypt(v, k);
printf("Encrypted data is : %x %x\n", v[0], v[1]);
decrypt(v, k);
printf("Decrypted data is : %x %x\n", v[0], v[1]);
return 0;
}
/*
Data is : 3e8947cb cc944639
Encrypted data is : 35ef37b1 464adcc9
Decrypted data is : 3e8947cb cc944639
*/
xtea
简介
XTEA是TEA的扩展,与TEA相比,XTEA使用更长的密钥和更多的迭代轮数,从而提高了安全性。XTEA使用128位密钥和64位块大小,而TEA使用64位密钥和64位块大小。
代码实现
#include <stdint.h>
/* take 64 bits of data in v[0] and v[1] and 128 bits of key[0] - key[3] */
void encrypt(unsigned int num_rounds, uint32_t v[2], uint32_t const key[4]) {
unsigned int i;
uint32_t v0=v[0], v1=v[1], sum=0, delta=0x9E3779B9;
for (i=0; i < num_rounds; i++) {
v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);
sum += delta;
v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]);
}
v[0]=v0; v[1]=v1;
}
void decrypt(unsigned int num_rounds, uint32_t v[2], uint32_t const key[4]) {
unsigned int i;
uint32_t v0=v[0], v1=v[1], delta=0x9E3779B9, sum=delta*num_rounds;
for (i=0; i < num_rounds; i++) {
v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]);
sum -= delta;
v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);
}
v[0]=v0; v[1]=v1;
}
示例
#include <stdio.h>
#include <stdint.h>
/* take 64 bits of data in v[0] and v[1] and 128 bits of key[0] - key[3] */
void encrypt(unsigned int num_rounds, uint32_t v[2], uint32_t const key[4]) {
unsigned int i;
uint32_t v0=v[0], v1=v[1], sum=0, delta=0x9E3779B9;
for (i=0; i < num_rounds; i++) {
v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);
sum += delta;
v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]);
}
v[0]=v0; v[1]=v1;
}
void decrypt(unsigned int num_rounds, uint32_t v[2], uint32_t const key[4]) {
unsigned int i;
uint32_t v0=v[0], v1=v[1], delta=0x9E3779B9, sum=delta*num_rounds;
for (i=0; i < num_rounds; i++) {
v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]);
sum -= delta;
v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);
}
v[0]=v0; v[1]=v1;
}
int main(){
uint32_t v[3]={0x61657478,0x5f73695f,0x0};
uint32_t v1[2]={0x79736165,0x0};
uint32_t const k[4]={0X95C4C,0X871D,0X1A7B7,0X12C7C7};
unsigned int r=32;//num_rounds建议取值为32
// v为要加密的数据是两个32位无符号整数
// k为加密解密密钥,为4个32位无符号整数,即密钥长度为128位
printf("Data is:%s%s\n",(char*)v,(char*)v1);
encrypt(r, v, k);
encrypt(r, v1, k);
printf("Encrypted data is:%u %u %u\n",v[0],v[1],v1[0]);
decrypt(r, v, k);
decrypt(r, v1, k);
printf("Decrypted data is:%s%s\n",(char*)v,(char*)v1);
return 0;
}
/*
Data is:xtea_is_easy
Encrypted data is:543258208 1827651953 369487673
Decrypted data is:xtea_is_easy
*/
xxtea
简介
XXTEA使用更复杂的运算方式,它的块大小可以是任意的,密钥也可以是任意长度的。在加密时,XXTEA会对明文进行分块,然后每个块都会进行加密,加密后的结果再进行拼接,最终形成密文。在解密时,XXTEA会对密文进行分块,然后每个块都会进行解密,解密后的结果再进行拼接,最终形成明文。
代码实现
#include <stdint.h>
#include <string.h>
#define DELTA 0x9E3779B9
#define MX (z >> 5 ^ y << 2) + (y >> 3 ^ z << 4) ^ (sum ^ y) + (k[(p & 3) ^ e] ^ z)
void xxtea_encrypt(uint32_t *v, uint32_t len, uint32_t *k) {
uint32_t n = len - 1;
uint32_t y, z, sum = 0, e, p, q;
q = 6 + 52 / len;
while (q-- > 0) {
sum += DELTA;
e = sum >> 2 & 3;
for (p = 0; p < n; p++) {
y = v[p + 1];
z = v[p] += MX;
}
y = v[0];
z = v[n] += MX;
}
}
void xxtea_decrypt(uint32_t *v, uint32_t len, uint32_t *k) {
uint32_t n = len - 1;
uint32_t y, z, sum, e, p, q;
q = 6 + 52 / len;
sum = q * DELTA;
while (sum != 0) {
e = sum >> 2 & 3;
for (p = n; p > 0; p--) {
z = v[p - 1];
y = v[p] -= MX;
}
z = v[n];
y = v[0] -= MX;
sum -= DELTA;
}
}
示例
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#define DELTA 0x9E3779B9
#define MX (z >> 5 ^ y << 2) + (y >> 3 ^ z << 4) ^ (sum ^ y) + (k[(p & 3) ^ e] ^ z)
void xxtea_encrypt(uint32_t *v, uint32_t len, uint32_t *k) {
uint32_t n = len - 1;
uint32_t y, z, sum = 0, e, p, q;
q = 6 + 52 / len;
while (q-- > 0) {
sum += DELTA;
e = sum >> 2 & 3;
for (p = 0; p < n; p++) {
y = v[p + 1];
z = v[p] += MX;
}
y = v[0];
z = v[n] += MX;
}
}
void xxtea_decrypt(uint32_t *v, uint32_t len, uint32_t *k) {
uint32_t n = len - 1;
uint32_t y, z, sum, e, p, q;
q = 6 + 52 / len;
sum = q * DELTA;
while (sum != 0) {
e = sum >> 2 & 3;
for (p = n; p > 0; p--) {
z = v[p - 1];
y = v[p] -= MX;
}
z = v[n];
y = v[0] -= MX;
sum -= DELTA;
}
}
int main() {
// The message to encrypt and decrypt
char message[] = "xxtea_is_easy_too";
// The secret key for encryption and decryption
char key[] = "secret_key";
// Calculate the required lengths for the data and key
size_t message_len = strlen(message);
size_t key_len = strlen(key);
// Calculate the number of uint32_t values required to store the data and key
size_t data_len = (message_len + 3) / 4;
size_t key_data_len = (key_len + 3) / 4;
// Allocate memory for the uint32_t arrays for the data and key
uint32_t *data = calloc(data_len, sizeof(uint32_t));
uint32_t *key_data = calloc(key_data_len, sizeof(uint32_t));
// Copy the data and key into the uint32_t arrays
memcpy(data, message, message_len);
memcpy(key_data, key, key_len);
// Encrypt the data using the key
xxtea_encrypt(data, data_len, key_data);
// Print the encrypted data
printf("Encrypted data: ");
for (size_t i = 0; i < message_len; i++) {
printf("%02x", ((uint8_t*)data)[i]);
}
printf("\n");
// Decrypt the data using the key
xxtea_decrypt(data, data_len, key_data);
// Print the decrypted data
printf("Decrypted data: %s\n", (char*)data);
// Free the allocated memory
free(data);
free(key_data);
return 0;
}
/*
Original data:
xxtea_is_easy_too
Encrypted data:
1C178B4E 4A63ABD4 7B734D34 4B7B858C
Decrypted data:
78787465 615F6973 5F656173 795F746F
6F
可以看到,原始数据为字符串"xxtea_is_easy_too",经过XXTEA加密后得到了一组十六进制的密文,然后再将这个密文进行解密后,得到了原始数据。
需要注意的是,解密后的结果多出了一个0x6F,这是因为在加密时,为了填充满64位的数据块,加密函数对数据进行了填充。在解密时,需要将填充的字节去掉。在本例中,填充的是一个字节0x0F,因此在解密时会多出一个0x6F。
*/
逆向中TEA系列加密的识别
解决逆向题大部分出现TEA的场合都是 识别算法->编写对应解密程序
分析二进制文件中的算法的时候有几个识别的特征
- 可能存在针对64bit以及128bit数字的操作(输入的msg和key) ,一般会用无符号的32位的数组表示
- 存在先进行位移,然后异或的类似操作((z>>5^y<<2) 这类混合变换)(z>>5^y<<2)就是xxtea加密了,存在(v0 << 4) 和 (v0 >> 5)移位就是tea和xtea加密了
- 前面一个复杂的混合变换的结果可能会叠加到另一个值上,两者相互叠加(Feistel 结构)
- 获取密钥的时候,会使用某一个常量值作为下标(key[(sum>>11) & 3])存在轮换的方式获得密钥 就是xtea或者xxtea了
- 会在算法开始定义一个delta,并且这个值不断的参与算法,但是从来不会受到输入的影响(delta数值如果没有魔改就是0x9e3779b9)如果出现了0x9e3779b9这个数字一般就能确定是TEA加密系列
例题
[GDOUCTF2023]tea
查壳是64位无壳,ida64直接查看字符串
交叉引用一下you are right,定位到关键函数
__int64 sub_140016230()
{
char *v0; // rdi
__int64 i; // rcx
char v3[32]; // [rsp+0h] [rbp-20h] BYREF
char v4; // [rsp+20h] [rbp+0h] BYREF
int v5; // [rsp+24h] [rbp+4h]
int v6; // [rsp+44h] [rbp+24h]
int v7[12]; // [rsp+68h] [rbp+48h] BYREF
_DWORD v8[16]; // [rsp+98h] [rbp+78h] BYREF
int v9[31]; // [rsp+D8h] [rbp+B8h] BYREF
int j; // [rsp+154h] [rbp+134h]
int k; // [rsp+174h] [rbp+154h]
int l; // [rsp+194h] [rbp+174h]
v0 = &v4;
for ( i = 102i64; i; --i )
{
*(_DWORD *)v0 = -858993460;
v0 += 4;
}
sub_14001137F(&unk_140023009);
v5 = 32;
v6 = 0;
v7[0] = 1234;
v7[1] = 5678;
v7[2] = 9012;
v7[3] = 3456;
memset(v8, 0, 0x28ui64);
v9[15] = 0;
v9[23] = 0;
sub_1400113E8();
for ( j = 0; j < 10; ++j )
sub_1400111FE("%x", &v8[j]); // 读入16进制数组v8
sub_140011339(v7); // v7 = [2233,4455,6677,8899]
sub_140011145(v8, v9); // v8赋值给v9
sub_1400112B7(v8, v7); // xtea加密v8,v7为key
v6 = sub_140011352(v8);
// 判断v8是否等于[0x1A800BDA,0xF7A6219B,0x491811D8,0xF2013328,0x156C365B,
//0x3C6EAAD8,0x84D4BF28,0xF11A7EE7,0x3313B252,0xDD9FE279]
if ( v6 )
{
sub_140011195("you are right\n");
for ( k = 0; k < 10; ++k )
{
for ( l = 3; l >= 0; --l )
sub_140011195("%c", (unsigned __int8)((unsigned int)v9[k] >> (8 * l)));// 输出flag
}
}
else
{
sub_140011195("fault!\nYou can go online and learn the tea algorithm!");
}
sub_140011311(v3, &unk_14001AE90);
return 0i64;
}
简单分析如上,重点看一下xtea加密函数
__int64 __fastcall sub_140011900(__int64 a1, __int64 a2)
{
__int64 result; // rax
int v3; // [rsp+44h] [rbp+24h]
int i; // [rsp+64h] [rbp+44h]
unsigned int v5; // [rsp+84h] [rbp+64h]
unsigned int v6; // [rsp+C4h] [rbp+A4h]
result = sub_14001137F(&unk_140023009);
for ( i = 0; i <= 8; ++i )
{
v5 = 0;
v6 = 256256256 * i;
v3 = i + 1;
do
{
++v5;
*(_DWORD *)(a1 + 4i64 * i) += v6 ^ (*(_DWORD *)(a1 + 4i64 * v3)
+ ((*(_DWORD *)(a1 + 4i64 * v3) >> 5) ^ (16 * *(_DWORD *)(a1 + 4i64 * v3)))) ^ (v6 + *(_DWORD *)(a2 + 4i64 * (v6 & 3)));
*(_DWORD *)(a1 + 4i64 * v3) += (v6 + *(_DWORD *)(a2 + 4i64 * ((v6 >> 11) & 3))) ^ (*(_DWORD *)(a1 + 4i64 * i)
+ ((*(_DWORD *)(a1 + 4i64 * i) >> 5) ^ (16 * *(_DWORD *)(a1 + 4i64 * i))));
v6 += 256256256;
}
while ( v5 <= 0x20 );
result = (unsigned int)(i + 1);
}
return result;
}
32次迭代的变体xtea加密,可以看出来delta值被魔改了,是v6=256256256
exp
def xtea_decrypt(data,key):
for j in range(8,-1,-1):
i = 0
delta = 256256256
sum = delta * (32 + j)
n = j + 1
while i <= 32:
i += 1
data[n] = (data[n] - (((key[(sum >> 11) & 3]) + sum) ^ (((data[j] << 4) ^ (data[j] >> 5)) + data[j]))) & 0xffffffff
data[j] = (data[j] - (((key[sum & 3] + sum) ^ ((data[n] << 4) ^ (data[n] >> 5)) + data[n]) ^ sum)) & 0xffffffff
sum -= delta
return data
v8 = [0x1A800BDA,0xF7A6219B,0x491811D8,0xF2013328,0x156C365B,
0x3C6EAAD8,0x84D4BF28,0xF11A7EE7,0x3313B252,0xDD9FE279]
key = [2233,4455,6677,8899]
flag = xtea_decrypt(v8,key)
for i in range(10):
for j in range(3,-1,-1):
print(chr((flag[i] >> (j * 8)) & 0xFF), end='')
有个地方要特别注意的就是读入的v8是16进制无符号32位整数
如果不进行& 0xffffffff,运行结果是乱码
这耗费了我好多时间检查,问题出在C和Python对无符号整数的处理方式不同。在C中,当无符号整数溢出时,它会回绕到0。但是,在Python中,当整数溢出时,它们会自动升级为长整数。所以需要通过& 0xffffffff来保证解密出来是无符号32位整数。
最终运行结果HZCTF{hzCtf_94_re666fingcry5641qq}
根据题目要求flagNSSCTF{hzCtf_94_re666fingcry5641qq}
Python中PIL库中的Image类
逆向中可能会遇到有关图像的问题,总结了一些Python的PIL库中的Image类的一些函数,通过这些函数可以对数据进行一系列操从而得到我们想要的图片
| 函数 | 参数 | 作用 | 使用举例 |
|---|---|---|---|
| new | mode, size, color | 新建图像 | Image.new('RGB', (200, 100), 'red') |
| open | image_name | 加载图像 | img = Image.open('cat.jpg') |
| save | file_name, file_format | 保存图像 | img.save('picture.jpg') |
| crop | (left, upper, right, lower) | 裁剪图片 | crop_img = img.crop((420, 150, 860 , 560)) |
| paste | im, (x, y) | 粘贴图片方法 | img.paste(crop_img, (0, 0)) |
| resize | (width, height) | 调整图片大小 | resized_img = img.resize((width, height)) |
| thumbnail | (width, height) | 制作缩略图,等比例缩放图片大小 | img.thumbnail((w//3, h//3)) |
| rotate | angle | 围绕其中心逆时针旋转给定的度数。返回此图像的副本。 | rotate_img = img.rotate(30) |
| show | 无 | 显示此图像。此方法主要用于调试目的。 | img.show() |
| copy | 无 | 复制图像。返回一个新的Image对象。 | copy_img = img.copy() |
| crop | (left, upper, right, lower) 矩形元组参数。返回一个新的Image对象。对原图没有影响。 | 裁剪图片。 | crop_img = img.crop((420, 150, 860 , 560)) |
| transpose | method,通过FLIP_LEFT_RIGHT和FLIP_TOP_BOTTOM可以分别实现水平竖直镜像翻转 | 创建并返回此图像的转置副本。 | img.transpose(Image.FLIP_LEFT_RIGHT) |
| filter | filter | 对此图像应用图像增强滤镜。返回一个新的Image对象。 | img.filter(ImageFilter.BLUR) |
| convert | mode | 转换图像模式。返回一个新的Image对象。 | img.convert('L') |
| getpixel | xy | 返回给定位置的像素值。 | img.getpixel((0,0)) |
| putpixel | xy, value | 修改给定位置的像素值。 | img.putpixel((0,0), value) |
| point | lut, mode | 将查找表应用于图像。返回一个新的Image对象。 | img.point(lut) |
| split | 无 | 将图像拆分为单独的波段。返回一个元组,其中包含单独的波段。 | r, g, b = img.split() |
| merge | mode, bands | 将单独的波段合并为单个多波段图像。返回一个新的Image对象。 | img = Image.merge('RGB', (r, g, b)) |
| load | 无 | 分配存储并加载图像数据。返回一个像素访问对象。 | px = img.load() |
例题
[CTFShow愚人杯]easy_re
32位无壳,拖进IDA看看
int __cdecl main(int argc, const char **argv, const char **envp)
{
int v3; // ebx
int v4; // ecx
unsigned int v5; // edi
unsigned int v6; // kr00_4
int v8; // [esp-4h] [ebp-414h]
int v9; // [esp+10h] [ebp-400h]
int v10; // [esp+18h] [ebp-3F8h] BYREF
int v11; // [esp+1Ch] [ebp-3F4h] BYREF
char v12[1004]; // [esp+20h] [ebp-3F0h] BYREF
sub_401460();
sub_401700(v12);
sub_401460();
std::istream::operator>>(std::cin, &v10);
std::istream::operator>>(std::cin, &v11);
v3 = v10 % 299;
v4 = v11 % 299;
v5 = 0;
v9 = v11 % 299;
v6 = strlen(v12);
if ( v6 )
{
do
{
v8 = dword_403AA0[300 * v3 + v4] ^ v12[v5];
v3 = (v8 + v3) % 299;
v9 = (v8 + v9) % 300;
std::ostream::operator<<(std::cout, v8);
sub_401460();
v4 = v9;
++v5;
}
while ( v5 < v6 );
}
sub_401460();
return 0;
}
只看得出来是个300*300的一个数组
记住403AA0地址是从28A0到5A6E3
尝试用x32dbg看看
也就是说用两个300以内数字去加密一段话
可以得到后面一大串的数字,尝试直接枚举出这两个key
利用flag的base64值是'ZmxhZ'来判断
from base64 import *
from pwn import u32
def decrypt(k1,k2,cipher):
tk1,tk2 = k1,k2
m = []
for v8 in cipher[::-1]:
k1 = (k1-v8)%299
k2 = (k2-v8)%300
m.append(d_3aa0[300*k1+k2] ^ v8)
base64_text = bytes(m[::-1])
if base64_text[:5]==b'ZmxhZ':
flag=b64decode(base64_text).decode('utf-8')
print(base64_text,tk1,tk2,'\n',flag)
flag=''
data = open('re1.exe', 'rb').read()[0x28a0: 0x5a6e0]
d_3aa0 = [u32(data[i:i+4]) for i in range(0, len(data), 4)]
a = [90,171,198,235,229,43,246,92,198,203,233,228,6,128,215,68,201,4,220,214,169,245,208,199,112,170,119,251,244,58,237,4,70,231,200,45,186,137,247,225,243,13,145,139,190,146,194,242,253,56,239,5,41,225,105,51,247,79,170,231,88,64,224,138,222,220,229,88,43,117,236,189,228,205,150,65,26,205,232,141,116,149,185,89,212,251,16,215,205,17,238,22,245,77,220,198,224,248,223,209,205,167,223,210,165,247,190,3,5,246,243,228,181,33,42,207,174,138,244,118,192,22,219,60,80,229,144,219,133,211,221,229,190,58,151,240,183,207,221,60,77,217,220,74,105,220,221,165,85,174,43,183,188,190,252,255,130,137,189,201,239,181,150,143,214,203,26,211,103,222,105,87,214,179,83,185,104,206,229,172,221,117,163,57,106,200,46,165,193,135,243,166,168,209,144,52,210,12,58,10,103,5,211,55,172,76,88,250,136,245,167,139,241,26,92,97,139,241,137,27,53,211,251,191,240,173,14,231,241,242,255,122,144,97,234,36,175,155,253,35,156,229,19,166,191,140,195,218,130,35,200,178,245,41,162,243,214,222,87,83,195,144,55,159,208,241,193,233,204,228,196,105,84,58,220,226,1,47,248,138,177,124,236,53,210,79,250,106,27,244,251,203,210,103,213,218,183,4,40,28,12,175,52,224,203,89,176,174,175,233,43,20,103,152,201,4,148,76,241,103,135,139,136,246,80,184,255,194,149,239,206,207,246,166,20,63,202,199,177,214,60,99,74,211,219,94,247,193,40,212,197,175,30,244,41,24,113,27,249,213,225,55,188,193,165,220,174,252,105,154,74,126,174,255,110,169,103,44,246,255,98,251,211,87,171,62,67,250,69,149,18,77,159,137,168,231,187,97,174,115,243,44,128,151,90,246,83,11,138,67,184,22,53,228,230,252,76,112,20,136,131,90,233,248,67,207,61,212,113,62,239,203,201,66,83,179,16,209,253,63,206,208,101,150,196,145,101,220,22,79,241,69,237,219,97,87,20,22,240,244,218,7,237,42,14,8,38,115,141,102,206,191,142,55,196,200,142,98,16,129,53,52,50,197,53,219,2,66,152,192,245,243,69,26,132,240,164,90,246,200,53,89,221,119,139,76,47,132,53,47,249,26,53,141,113,69,76,152,121,193,53,176,97,135,205,206,237,108,251,38,216,108,12,220,209,194,26,243,217,231,36,117,235,106,205,43,254,75,209,141,239,200,5,183,219,166,113,9,16,154,116,144,238,208,245,136,173,16,103,107,114,17,208,181,196,98,212,133,211,252]
for k1 in range(299):
for k2 in range(300):
decrypt(k1,k2,a)
运行结果
提示研究一下加密矩阵,尝试把d_3aa0中的元素输出来发现很像RGB值,尝试转化成图片。最后输出
flagctfshow{d244daeb-7182-4c98-bec6-0c99329ab71f}
exp
from base64 import *
from pwn import u32
def decrypt(k1,k2, cipher):
tk1,tk2 = k1,k2
m = []
for v8 in cipher[::-1]:
k1 = (k1-v8)%299
k2 = (k2-v8)%300
m.append(d_3aa0[300*k1+k2] ^ v8)
base64_text = bytes(m[::-1])
if base64_text[:5]==b'ZmxhZ':
flag=b64decode(base64_text).decode('utf-8')
print(base64_text,tk1,tk2,'\n',flag)
flag=''
data = open('re1.exe', 'rb').read()[0x28a0: 0x5a6e0]
d_3aa0 = [u32(data[i:i+4]) for i in range(0, len(data), 4)]
a = [90,171,198,235,229,43,246,92,198,203,233,228,6,128,215,68,201,4,220,214,169,245,208,199,112,170,119,251,244,58,237,4,70,231,200,45,186,137,247,225,243,13,145,139,190,146,194,242,253,56,239,5,41,225,105,51,247,79,170,231,88,64,224,138,222,220,229,88,43,117,236,189,228,205,150,65,26,205,232,141,116,149,185,89,212,251,16,215,205,17,238,22,245,77,220,198,224,248,223,209,205,167,223,210,165,247,190,3,5,246,243,228,181,33,42,207,174,138,244,118,192,22,219,60,80,229,144,219,133,211,221,229,190,58,151,240,183,207,221,60,77,217,220,74,105,220,221,165,85,174,43,183,188,190,252,255,130,137,189,201,239,181,150,143,214,203,26,211,103,222,105,87,214,179,83,185,104,206,229,172,221,117,163,57,106,200,46,165,193,135,243,166,168,209,144,52,210,12,58,10,103,5,211,55,172,76,88,250,136,245,167,139,241,26,92,97,139,241,137,27,53,211,251,191,240,173,14,231,241,242,255,122,144,97,234,36,175,155,253,35,156,229,19,166,191,140,195,218,130,35,200,178,245,41,162,243,214,222,87,83,195,144,55,159,208,241,193,233,204,228,196,105,84,58,220,226,1,47,248,138,177,124,236,53,210,79,250,106,27,244,251,203,210,103,213,218,183,4,40,28,12,175,52,224,203,89,176,174,175,233,43,20,103,152,201,4,148,76,241,103,135,139,136,246,80,184,255,194,149,239,206,207,246,166,20,63,202,199,177,214,60,99,74,211,219,94,247,193,40,212,197,175,30,244,41,24,113,27,249,213,225,55,188,193,165,220,174,252,105,154,74,126,174,255,110,169,103,44,246,255,98,251,211,87,171,62,67,250,69,149,18,77,159,137,168,231,187,97,174,115,243,44,128,151,90,246,83,11,138,67,184,22,53,228,230,252,76,112,20,136,131,90,233,248,67,207,61,212,113,62,239,203,201,66,83,179,16,209,253,63,206,208,101,150,196,145,101,220,22,79,241,69,237,219,97,87,20,22,240,244,218,7,237,42,14,8,38,115,141,102,206,191,142,55,196,200,142,98,16,129,53,52,50,197,53,219,2,66,152,192,245,243,69,26,132,240,164,90,246,200,53,89,221,119,139,76,47,132,53,47,249,26,53,141,113,69,76,152,121,193,53,176,97,135,205,206,237,108,251,38,216,108,12,220,209,194,26,243,217,231,36,117,235,106,205,43,254,75,209,141,239,200,5,183,219,166,113,9,16,154,116,144,238,208,245,136,173,16,103,107,114,17,208,181,196,98,212,133,211,252]
for k1 in range(299):
for k2 in range(300):
decrypt(k1,k2,a)
from PIL import Image
img = Image.new('RGB', (300, 300))
pixels = img.load()
for i in range(299):
for j in range(300):
pixels[i, j] = d_3aa0[i * 300 + j]
img = img.transpose(Image.FLIP_LEFT_RIGHT).rotate(90)
img.save('a.png')
img.show()
其他
np.fromstring和reshape都是NumPy中常用的数组操作函数。
np.fromstring
np.fromstring函数用于从字符串或字节序列中创建NumPy数组。它将输入字符串或字节序列解析为一组数字,并返回一个NumPy数组。该函数的参数包括:要解析的字符串或字节序列、用于解析数字的数据类型和用于分隔数字的分隔符。
例如,下面的代码使用np.fromstring函数从一个字符串中创建一个NumPy数组:
import numpy as np
s = "1 2 3 4 5"
a = np.fromstring(s, dtype=int, sep=' ')
print(a)
输出:
[1 2 3 4 5]
reshape
reshape函数用于改变数组的形状。它将一个NumPy数组重新排列为一个具有不同行数和列数的新数组。该函数的参数包括:要重排的数组、一个包含新形状的元组或整数列表。
例如,下面的代码创建一个二维数组,然后使用reshape函数将其重新排列为一个具有不同行数和列数的新数组:
import numpy as np
a = np.array([[1, 2], [3, 4], [5, 6], [7, 8]])
b = a.reshape((2, 4))
print(b)
输出:
[[1 2 3 4]
[5 6 7 8]]
reshape函数可以用于改变数组的维度和形状,但必须保证原始数组中元素的总数与新数组中元素的总数相同。因此,如果重排数组的形状会改变元素的数量,将会引发错误。
参考
- [1] TEA系列加密解密
- [2] 维基百科TEA
- [3] CTFShow第三届愚人杯官方WP
- [4] [ctfshow 2023 愚人杯] crypto,rev,pwn_石氏是时试的博客