2022西湖论剑碎碎念

呃啊啊啊啊啊

md好难啊

先是船新的知识点: 天堂之门 附两篇学习链接:天堂之门技术 天堂之门 (Heaven's Gate) C语言实现 以后会写的。。。

nm完全不会啊,看了还是不会,也就知道这玩意巨牛逼,能够直接打断你动调的狗腿,把我埋了吧啊啊啊啊啊

碎碎念搞啥格式。。。。

下午发现多了个babyre

确实baby,但也没出啊啊啊啊

nmd中间这坨什么啊

前面后面都搞定了,就剩中间依托答辩

第一个验证解密:

1
2
3
4
5
6
7
8
9
10
11
12
13
enc1 = '162304651523346214431471150310701503207116032063140334661543446114434066142304661563446615430464'
Enc1 = []
for i in enc1:
    Enc1.append(ord(i) - ord('0'))
flag1 = ''

for i in range(0, len(Enc1), 8):
    a = (Enc1[i] << 5) + (Enc1[i + 1] << 2) + (Enc1[i + 2] >> 1)
    b = ((Enc1[i + 2] & 1) << 7) + (Enc1[i + 3] << 4) + (Enc1[i + 4] << 1) + (Enc1[i + 5] >> 2)
    c = ((Enc1[i + 5] & 2) << 6) + (Enc1[i + 6] << 3) + Enc1[i + 7]
    flag1 += chr(a) + chr(b) + chr(c)
    print(a)
print(flag1)

最后一个rc4秘钥爆破:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
def init_box(key):
    s_box = list(range(256))
    j = 0
    for i in range(256):
        j = (j + s_box[i] + ord(key[i % len(key)])) % 256
        s_box[i], s_box[j] = s_box[j], s_box[i]
    return s_box
def check(res):
    enc = [0x3F, 0x95, 0xBB, 0xF2, 0x57, 0xF1, 0x7A, 0x5A, 0x22, 0x61, 0x51, 0x43, 0xA2, 0xFA, 0x9B, 0x6F, 0x44, 0x63,
           0xC0,
           0x08, 0x12, 0x65, 0x5C, 0x8A, 0x8C, 0x4C, 0xED, 0x5E, 0xCA, 0x76, 0xB9, 0x85, 0xAF, 0x05, 0x38, 0xED, 0x42,
           0x3E,
           0x42, 0xDF, 0x5D, 0xBE, 0x05, 0x8B, 0x35, 0x6D, 0xF3, 0x1C, 0xCF, 0xF8, 0x6A, 0x73, 0x25, 0xE4, 0xB7, 0xB9,
           0x36,
           0xFB, 0x02, 0x11, 0xA0, 0xF0, 0x57, 0xAB, 0x21, 0xC6, 0xC7, 0x46, 0x99, 0xBD, 0x1E, 0x61, 0x5E, 0xEE, 0x55,
           0x18,
           0xEE, 0x03, 0x29, 0x84, 0x7F, 0x94, 0x5F, 0xB4, 0x6A, 0x29, 0xD8, 0x6C, 0xE4, 0xC0, 0x9D, 0x6B, 0xCC, 0xD5,
           0x94,
           0x5C, 0xDD, 0xCC, 0xD5, 0x3D, 0xC0, 0xEF, 0x0C, 0x29, 0xE5, 0xB0, 0x93, 0xF1, 0xB3, 0xDE, 0xB0, 0x70]
    for i in range(16,len(enc)):
        if res[i] != enc[i]:
            return 0
    return 1
def rc_4(plain,box):
    res = []
    i = j =0
    for s in plain:
        i = (i + 1) % 256
        j = (j + box[i]) % 256
        box[i], box[j] = box[j], box[i]
        t = (box[i] + box[j]) % 256
        k = box[t]
        res.append((s ^ k)&0xff)
    return check(res)
ra = '0123456789'
right = '-'
m = [0x31, 0x34, 0x30, 0x33, 0x30, 0x30, 0x36, 0x30, 0x31, 0x34,
     0x30, 0x33, 0x30, 0x30, 0x36, 0x30, 0x31, 0x36, 0x32, 0x33,
     0x30, 0x34, 0x36, 0x35, 0x31, 0x35, 0x32, 0x33, 0x33, 0x34,
     0x36, 0x32, 0x31, 0x34, 0x34, 0x33, 0x31, 0x34, 0x37, 0x31,
     0x31, 0x35, 0x30, 0x33, 0x31, 0x30, 0x37, 0x30, 0x31, 0x35,
     0x30, 0x33, 0x32, 0x30, 0x37, 0x31, 0x31, 0x36, 0x30, 0x33,
     0x32, 0x30, 0x36, 0x33, 0x31, 0x34, 0x30, 0x33, 0x33, 0x34,
     0x36, 0x36, 0x31, 0x35, 0x34, 0x33, 0x34, 0x34, 0x36, 0x31,
     0x31, 0x34, 0x34, 0x33, 0x34, 0x30, 0x36, 0x36, 0x31, 0x34,
     0x32, 0x33, 0x30, 0x34, 0x36, 0x36, 0x31, 0x35, 0x36, 0x33,
     0x34, 0x34, 0x36, 0x36, 0x31, 0x35, 0x34, 0x33, 0x30, 0x34,
     0x36, 0x34]

k = 0
for i0 in ra:
    for i1 in ra:
        for i2 in ra:
            for i3 in ra:
                for i4 in ra:
                    for i5 in ra:
                        keyy = i0+i1+i2+i3+i4+i5
                        if rc_4(m, init_box(keyy)) == 1:
                            right = keyy
                            print(keyy)
                            exit(0)
                        else:
                            print("[{}] false {}".format(k,keyy))
                            k += 1
print(right)
image-20230202180351632
image-20230202180359281
image-20230202180404722

中间这什么jb。。。。

麻了。。。

2023.3.4更新:

md,中间是sha1。。。。