复现了几道题,发现不怎么会,差不多忘光了。唉!
找到能稍微动的了手的题目好像都是异或,移位的,但过程又非常复杂。
东看西看,看了一篇文章(虽然看的不是很懂):
梅森旋转算法—MT
[SUCTF2019]MT
题目:
from Crypto.Random import random
from Crypto.Util import number
from flag import flag
def convert(m):
m = m ^ m >> 13
m = m ^ m << 9 & 2029229568
m = m ^ m << 17 & 2245263360
m = m ^ m >> 19
return m
def transform(message):
assert len(message) % 4 == 0
new_message = ''
for i in range(len(message) / 4):
block = message[i * 4 : i * 4 +4]
block = number.bytes_to_long(block)
block = convert(block)
block = number.long_to_bytes(block, 4)#产生4bytes字节串
new_message += block
return new_message
transformed_flag = transform(flag[5:-1].decode('hex')).encode('hex')
print 'transformed_flag:', transformed_flag
# transformed_flag: 641460a9e3953b1aaa21f3a2
思路:
利用移位并与自身异或这一运算的特点,可以依次推出原数的二进制数。不过要注意的是m = m ^ m << 9 & 2029229568相当于m = m ^ ((m << 9) & 2029229568)。
代码:
from Crypto.Util.number import *
def decrypt(c):
#4
c = c[:19] + bin(eval('0b' + c[19:]) ^ eval('0b' + c[:13]))[2:].zfill(13)
#3
f = bin(2245263360)[2:].zfill(32)
c1 = c[-17:]
c2 = bin(eval('0b' + c[:-17]) ^ (eval('0b' + c1[-15:]) & eval('0b' + f[:-17])))[2:].zfill(15)
c = c2 + c1
#2
f = bin(2029229568)[2:].zfill(32)
c1 = c[-9:]
f = f[:-9]
c2 = bin(eval('0b' + c[-18:-9]) ^ (eval('0b' + c1) & eval('0b' + f[-9:])))[2:].zfill(9)
f = f[:-9]
c3 = bin(eval('0b' + c[-27:-18]) ^ (eval('0b' + c2) & eval('0b' + f[-9:])))[2:].zfill(9)
f = f[:-9]
c4 = bin(eval('0b' + c[:5]) ^ (eval('0b' + c3[-5:]) & eval('0b' + f[-5:])))[2:].zfill(5)
c = c4 + c3 + c2 + c1
#1
c_1 = c[:13]
c_2 = bin(eval('0b' + c_1) ^ eval('0b' + c[13:26]))[2:].zfill(13)
c_3 = bin(eval('0b' + c_2[:6]) ^ eval('0b' + c[-6:]))[2:].zfill(6)
c = c_1 + c_2 + c_3
return c
message = '641460a9e3953b1aaa21f3a2'
m = ''
for i in range(0,len(message),8):
txt = bin(eval('0x' + message[i:i+8]))[2:].zfill(32)
m += decrypt(txt)
m = hex(eval('0b'+m))[2:]
print(m)
#84b45f89af22ce7e67275bdc
看网上还有另一种方法,利用它的循环性:明文不断的加密,最终的还是明文这一特点进行解密。目前还没了解,等我搞懂了在贴上去。