CTF-Streamgame2-writeup

Streamgame2

题目信息:

附件:

streamgame2.py

from flag import flag
assert flag.startswith("flag{")
assert flag.endswith("}")
assert len(flag)==27
 
def lfsr(R,mask):
    output = (R << 1) & 0xffffff
    i=(R&mask)&0xffffff
    lastbit=0
    while i!=0:
        lastbit^=(i&1)
        i=i>>1
    output^=lastbit
    return (output,lastbit)
 
 
 
R=int(flag[5:-1],2)
mask=0x100002
 
f=open("key","ab")
for i in range(12):
    tmp=0
    for j in range(8):
        (R,out)=lfsr(R,mask)
        tmp=(tmp << 1)^out
    f.write(chr(tmp))
f.close()

key

CTF-Streamgame2-writeup

解题思路:

1.观察py文件,可知flag的长度为27格式为flag{xxxx}其中xxxx为19位的二进制串
2.观察py文件,可知key文件是该脚本的输出,脚本中每轮循环输出1个字节,共输出12字节的数据
3.由于xxxx只有21位,考虑直接爆破

附件:

def lfsr(R,mask):
    output = (R << 1) & 0xffffff
    i=(R&mask)&0xffffff
    lastbit=0
    while i!=0:
        lastbit^=(i&1)
        i=i>>1
    output^=lastbit
    return (output,lastbit)

with open("key","rb") as f:
    filek = f.read(12)
    res = bytes()
    for a in range(2**21):
        R=a
        mask=0x100002
        for i in range(12):
            tmp=0
            for j in range(8):
                (R,out)=lfsr(R,mask)
                tmp=(tmp << 1)^out
            res += tmp.to_bytes(length=1,byteorder='big',signed=False)
        print(a,res,filek)
        if res == filek:
            break
        else:
            res = bytes()

FLAG

flag{110111100101001101001}

作者:damedane-qiuqiu

上一篇:CTF-Streamgame1-writeup


下一篇:ctf-pwn-patchelf-用题目给的libc运行二进制文件