from hashlib import md5 from base64 import b64decode from base64 import b64encode from Crypto.Cipher import AES from Crypto.Random import get_random_bytes from random import randrange import string alphabet = string.ascii_lowercase + string.ascii_uppercase + string.digits iv = md5(b"ignis").digest() flag = "ijctf{i am not the real flag :)}" message = b"Its dangerous to solve alone, take this" + b"\x00"*9 keys = [] for i in range(4): key = alphabet[randrange(0,len(alphabet))] + alphabet[randrange(0,len(alphabet))] keys.append(key.encode() + b'\x00'*14) for key in keys: cipher = AES.new(key, AES.MODE_CBC, IV=iv) flag = cipher.encrypt(flag) for key in keys: cipher = AES.new(key, AES.MODE_CBC, IV=iv) message = cipher.encrypt(message) print(f"flag= {b64encode(flag)}") print(f"message= {b64encode(message)}")
これに加えて、 次が与えられている
Here is your message: NeNpX4+pu2elWP+R2VK78Dp0gbCZPeROsfsuWY1Knm85/4BPwpBNmClPjc3xA284 And here is your flag: N2YxBndWO0qd8EwVeZYDVNYTaCzcI7jq7Zc3wRzrlyUdBEzbAx997zAOZi/bLinVj3bKfOniRzmjPgLsygzVzA==
ひとめ 中間一致攻撃 なのでやるだけ
from Crypto.Cipher import AES from hashlib import md5 from base64 import * import string message = b"Its dangerous to solve alone, take this" + b"\x00"*9 cipher = b64decode(b"NeNpX4+pu2elWP+R2VK78Dp0gbCZPeROsfsuWY1Knm85/4BPwpBNmClPjc3xA284") iv = md5(b"ignis").digest() alphabet = string.ascii_lowercase + string.ascii_uppercase + string.digits table = {} for i, c1 in enumerate(alphabet): print(f"[+] {i+1}/{len(alphabet)}") for c2 in alphabet: k1 = (c1 + c2).encode() + b"\0" * 14 aes1 = AES.new(key=k1, mode=AES.MODE_CBC, IV=iv) cipher1 = aes1.encrypt(message) for c3 in alphabet: for c4 in alphabet: k2 = (c3 + c4).encode() + b"\0" * 14 aes2 = AES.new(key=k2, mode=AES.MODE_CBC, IV=iv) cipher2 = aes2.encrypt(cipher1) table[cipher2] = (k1, k2) for i, c1 in enumerate(alphabet): print(f"[+] {i+1}/{len(alphabet)}") for c2 in alphabet: k1 = (c1 + c2).encode() + b"\0" * 14 aes1 = AES.new(key=k1, mode=AES.MODE_CBC, IV=iv) message1 = aes1.decrypt(cipher) for c3 in alphabet: for c4 in alphabet: k2 = (c3 + c4).encode() + b"\0" * 14 aes2 = AES.new(key=k2, mode=AES.MODE_CBC, IV=iv) message2 = aes2.decrypt(message1) if message2 in table: print("k1, k2: ", table[message2]) print("k3, k4: ", (k1, k2))
from Crypto.Cipher import AES from hashlib import md5 from base64 import * import string k1, k2 = (b'kh\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', b'7w\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') k3, k4 = (b'Y5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', b'aX\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') keys = [k1, k2, k4, k3] cipher = b64decode(b"N2YxBndWO0qd8EwVeZYDVNYTaCzcI7jq7Zc3wRzrlyUdBEzbAx997zAOZi/bLinVj3bKfOniRzmjPgLsygzVzA==") # cipher = b64decode(b"NeNpX4+pu2elWP+R2VK78Dp0gbCZPeROsfsuWY1Knm85/4BPwpBNmClPjc3xA284") iv = md5(b"ignis").digest() for k in keys[::-1]: aes = AES.new(key=k, mode=AES.MODE_CBC, IV=iv) cipher = aes.decrypt(cipher) print(repr(cipher))