pwn.college Cryptography level5
0x01
个人感觉Cryptography中最难的一道 浅浅记录了一下
0x02
这道是AES的ECB模式的攻击
思路来源(建议看)
0x03
思路: 原flag密文分组
| cipher text | cipher text | cipher text | cipher text |
输入后flag密文分组 input text = a * 6+1 (a * 6 正好为 ‘\x10’ * 0x10)
| input text + cipher text | cipher text | cipher text | cipher text | last btye of flag + pad text |
现在知道|last btye of flag + pad text|的分组
下次输入
| input text | cipher text | cipher text | cipher text | cipher text |
让input text占一个分组,且内容为:
pad(‘\n’,16) (flag最后一个字符都是‘\n’)
对比发现 |last btye of flag + pad text| == |input text|
说明flag最后一个字符就是’\n’
后面的字符 以此类推
直接写个脚本爆破(这里面有一点点小细节)
这次我是先理清思路,然后开始写代码,一次成功(战斗,爽!) by the way ios的无边记 挺好用
0x04
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
import base64
from Crypto.Util.Padding import pad
from pwn import *
p = process('/challenge/run')
flag = bytearray()
p.recvuntil(b'ciphertext (hex):')
for i in range(1,59):
pad_text = base64.b64encode(b'a'*(6+i))
p.sendline(pad_text)
p.recvuntil(b'ciphertext (hex):')
recvline = p.recvline()
print('recvline: ',recvline)
target = recvline.split(b' ')[-2-int(i/16)]
print('target: ',target)
for c in range(0,256):
force_text = pad(bytearray([c]) + flag,16)
print(force_text)
input = base64.b64encode(force_text[:16])
p.sendline(input)
p.recvuntil(b'ciphertext (hex):')
recvline = p.recvline()
print('recvline: ',recvline)
cmp = recvline.split(b' ')[1]
print("cmp: ",cmp)
if(cmp == target):
flag = bytearray([c]) + flag
print(flag)
break
print('flag: ',flag)
This post is licensed under CC BY 4.0 by the author.