IJCTF 2020 | Space - crypto-writeup-public

from hashlib import md5
from base64 import b64decode
from base64 import b64encode
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
from random import randrange
import string

alphabet = string.ascii_lowercase + string.ascii_uppercase + string.digits
iv = md5(b"ignis").digest()

flag = "ijctf{i am not the real flag :)}"
message = b"Its dangerous to solve alone, take this" + b"\x00"*9 

keys = []
for i in range(4):
    key = alphabet[randrange(0,len(alphabet))] + alphabet[randrange(0,len(alphabet))]
    keys.append(key.encode() + b'\x00'*14)

for key in keys:
    cipher = AES.new(key, AES.MODE_CBC, IV=iv)
    flag = cipher.encrypt(flag)
    
for key in keys:
    cipher = AES.new(key, AES.MODE_CBC, IV=iv)
    message = cipher.encrypt(message)

print(f"flag= {b64encode(flag)}")
print(f"message= {b64encode(message)}")

これに加えて、次が与えられている

Here is your message: NeNpX4+pu2elWP+R2VK78Dp0gbCZPeROsfsuWY1Knm85/4BPwpBNmClPjc3xA284
And here is your flag: N2YxBndWO0qd8EwVeZYDVNYTaCzcI7jq7Zc3wRzrlyUdBEzbAx997zAOZi/bLinVj3bKfOniRzmjPgLsygzVzA==

ひとめ中間一致攻撃なのでやるだけ

from Crypto.Cipher import AES
from hashlib import md5
from base64 import *
import string

message = b"Its dangerous to solve alone, take this" + b"\x00"*9 
cipher = b64decode(b"NeNpX4+pu2elWP+R2VK78Dp0gbCZPeROsfsuWY1Knm85/4BPwpBNmClPjc3xA284")

iv = md5(b"ignis").digest()
alphabet = string.ascii_lowercase + string.ascii_uppercase + string.digits

table = {}

for i, c1 in enumerate(alphabet):
    print(f"[+] {i+1}/{len(alphabet)}")
    for c2 in alphabet:
        k1 = (c1 + c2).encode() + b"\0" * 14
        aes1 = AES.new(key=k1, mode=AES.MODE_CBC, IV=iv)
        cipher1 = aes1.encrypt(message)
        for c3 in alphabet:
            for c4 in alphabet:
                k2 = (c3 + c4).encode() + b"\0" * 14
                aes2 = AES.new(key=k2, mode=AES.MODE_CBC, IV=iv)
                cipher2 = aes2.encrypt(cipher1)

                table[cipher2] = (k1, k2)


for i, c1 in enumerate(alphabet):
    print(f"[+] {i+1}/{len(alphabet)}")
    for c2 in alphabet:
        k1 = (c1 + c2).encode() + b"\0" * 14
        aes1 = AES.new(key=k1, mode=AES.MODE_CBC, IV=iv)
        message1 = aes1.decrypt(cipher)
        for c3 in alphabet:
            for c4 in alphabet:
                k2 = (c3 + c4).encode() + b"\0" * 14
                aes2 = AES.new(key=k2, mode=AES.MODE_CBC, IV=iv)
                message2 = aes2.decrypt(message1)

                if message2 in table:
                    print("k1, k2: ", table[message2])
                    print("k3, k4: ", (k1, k2))

from Crypto.Cipher import AES
from hashlib import md5
from base64 import *
import string

k1, k2 =  (b'kh\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', b'7w\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
k3, k4 =  (b'Y5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', b'aX\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
keys = [k1, k2, k4, k3]

cipher = b64decode(b"N2YxBndWO0qd8EwVeZYDVNYTaCzcI7jq7Zc3wRzrlyUdBEzbAx997zAOZi/bLinVj3bKfOniRzmjPgLsygzVzA==")
# cipher = b64decode(b"NeNpX4+pu2elWP+R2VK78Dp0gbCZPeROsfsuWY1Knm85/4BPwpBNmClPjc3xA284")
iv = md5(b"ignis").digest()

for k in keys[::-1]:
    aes = AES.new(key=k, mode=AES.MODE_CBC, IV=iv)
    cipher = aes.decrypt(cipher)
    print(repr(cipher))