re | [GWCTF 2019]re3

re | [GWCTF 2019]re3

这几天都在看pwn,看点re换换心情。

image

一眼smc,都不需要动调了,直接patch掉

start = 0x402219
for i in range(231):
	addr = start + i
	patch_byte(addr, get_wide_byte(addr)^0x99)

然后看一下这个函数,做了加密和最终的比较:
image

加密的过程就是11轮这个玩意儿:
image

基本上就是按4*4对矩阵进行一个什么操作:

image

image

手撕了一遍以后发现其实是AES ECB。。。。
丢一下手撕AES撕到一半写的脚本,纪念一下:

aim = [0xBC, 0x0A, 0xAD, 0xC0, 0x14, 0x7C, 0x5E, 0xCC, 0xE0, 0xB1, 0x40, 0xBC, 0x9C, 0x51, 0xD5, 0x2B, 0x46, 0xB2, 0xB9, 0x43, 0x4D, 0xE5, 0x32, 0x4B, 0xAD, 0x7F, 0xB4, 0xB3, 0x9C, 0xDB, 0x4B, 0x5B]
print(len(aim))
b_arr256 = [0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 
  0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, 0xCA, 0x82, 0xC9, 0x7D, 
  0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 
  0x72, 0xC0, 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 
  0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, 0x04, 0xC7, 
  0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 
  0xEB, 0x27, 0xB2, 0x75, 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 
  0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, 
  0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 
  0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, 0xD0, 0xEF, 0xAA, 0xFB, 
  0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 
  0x9F, 0xA8, 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 
  0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, 0xCD, 0x0C, 
  0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 
  0x64, 0x5D, 0x19, 0x73, 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 
  0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB, 
  0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 
  0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, 0xE7, 0xC8, 0x37, 0x6D, 
  0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 
  0xAE, 0x08, 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 
  0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A, 0x70, 0x3E, 
  0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 
  0x86, 0xC1, 0x1D, 0x9E, 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 
  0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, 
  0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 
  0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16]
print(len(b_arr256))

def print_input(_input):
	for i in range(len(_input)):
		print(hex(_input[i]), end=' ')
		if (i+1) % 8 ==0:
			print()
	print()

def cry1(index, _input, key):
	for i in range(4):
		for j in range(4):
			# 这里ida伪代码给的不对
			# print(f'input[{i*4+j}] ^= key[{((index+i)*4)*4 + j}]')
			_input[i*4+j] ^= key[(index+i)*4 + j]
			
def box_change(_input):
	for i in range(4):
		for j in range(4):
			_input[4*j+i] = b_arr256[_input[4*j+i]]
			
def change(_input):
	v1 = _input
	v2 = _input[1]
	_input[1] = _input[5]
	v1[5] = v1[9]
	v1[9] = v1[13]
	_input[13] = v2
	v3 = _input[2]
	v1[2] = v1[10]
	_input[10] = v3
	v4 = _input[6]
	v1[6] = v1[14]
	_input[14] = v4
	v5 = _input[3]
	v1[3] = v1[15]
	v1[15] = v1[11]
	v1[11] = v1[7]
	result = _input
	_input[7] = v5

index = 0
tmp_input = '12345678901234567890123456789012'
tmp_input = list(tmp_input)
_input = []
for i in range(32):
	_input.append(ord(tmp_input[i]))
	
print(_input)

key = [0xcb,0x8d,0x49,0x35,0x21,0xb4,0x7a,0x4c,0xc1,0xae,0x7e,0x62,0x22,0x92,0x66,0xce,0x85,0xbe,0xc2,0xa6,0xa4,0x0a,0xb8,0xea,0x65,0xa4,0xc6,0x88,0x47,0x36,0xa0,0x46,0x82,0x5e,0x98,0x06,0x26,0x54,0x20,0xec,0x43,0xf0,0xe6,0x64,0x04,0xc6,0x46,0x22,0x32,0x04,0x0b,0xf4,0x14,0x50,0x2b,0x18,0x57,0xa0,0xcd,0x7c,0x53,0x66,0x8b,0x5e,0x09,0x39,0x53,0x19,0x1d,0x69,0x78,0x01,0x4a,0xc9,0xb5,0x7d,0x19,0xaf,0x3e,0x23,0x60,0x8b,0x75,0xcd,0x7d,0xe2,0x0d,0xcc,0x37,0x2b,0xb8,0xb1,0x2e,0x84,0x86,0x92,0x1f,0xcf,0x3a,0xfc,0x62,0x2d,0x37,0x30,0x55,0x06,0x8f,0x81,0x7b,0x82,0x09,0x13,0x4c,0xce,0x47,0xdd,0x2e,0xe3,0x70,0xed,0x7b,0xe5,0xff,0x6c,0x00,0x67,0xf6,0x7f,0x49,0x8c,0x95,0xbe,0x67,0x6f,0xe5,0x53,0x1c,0x8a,0x1a,0x3f,0x1c,0xed,0xec,0x40,0x07,0x42,0x9c,0x22,0x60,0x2d,0x79,0x71,0x7c,0xa7,0x63,0x4e,0x60,0x4a,0x8f,0x0e,0xe7,0x31,0x37,0xf2,0x87,0x1c,0x4e,0x83,0xfb,0xbb,0x2d,0xcd,0x9b,0xf1,0xa2,0xc3,0x7a,0xc5,0xfb,0xac,0x91,0x1f,0x3b,0x36,0x78,0x41,0xf8,0xdc,0xec,0xc9,0xdb,0x46,0x00,0x23,0x40,0x00,0x00,0x00,0x00,0x00]


cry1(0, _input,key)
print_input(_input)

box_change(_input)
print_input(_input)

change(_input)
print_input(_input)


直接丢exp了,不知道为什么这种题看了这么久==:

from Crypto.Cipher import AES
aim = [0xBC, 0x0A, 0xAD, 0xC0, 0x14, 0x7C, 0x5E, 0xCC, 0xE0, 0xB1, 0x40, 0xBC, 0x9C, 0x51, 0xD5, 0x2B, 0x46, 0xB2, 0xB9, 0x43, 0x4D, 0xE5, 0x32, 0x4B, 0xAD, 0x7F, 0xB4, 0xB3, 0x9C, 0xDB, 0x4B, 0x5B]
aim = b'\xbc\n\xad\xc0\x14|^\xcc\xe0\xb1@\xbc\x9cQ\xd5+F\xb2\xb9CM\xe52K\xad\x7f\xb4\xb3\x9c\xdbK['

key = [0xcb,0x8d,0x49,0x35,0x21,0xb4,0x7a,0x4c,0xc1,0xae,0x7e,0x62,0x22,0x92,0x66,0xce,0x85,0xbe,0xc2,0xa6,0xa4,0x0a,0xb8,0xea,0x65,0xa4,0xc6,0x88,0x47,0x36,0xa0,0x46,0x82,0x5e,0x98,0x06,0x26,0x54,0x20,0xec,0x43,0xf0,0xe6,0x64,0x04,0xc6,0x46,0x22,0x32,0x04,0x0b,0xf4,0x14,0x50,0x2b,0x18,0x57,0xa0,0xcd,0x7c,0x53,0x66,0x8b,0x5e,0x09,0x39,0x53,0x19,0x1d,0x69,0x78,0x01,0x4a,0xc9,0xb5,0x7d,0x19,0xaf,0x3e,0x23,0x60,0x8b,0x75,0xcd,0x7d,0xe2,0x0d,0xcc,0x37,0x2b,0xb8,0xb1,0x2e,0x84,0x86,0x92,0x1f,0xcf,0x3a,0xfc,0x62,0x2d,0x37,0x30,0x55,0x06,0x8f,0x81,0x7b,0x82,0x09,0x13,0x4c,0xce,0x47,0xdd,0x2e,0xe3,0x70,0xed,0x7b,0xe5,0xff,0x6c,0x00,0x67,0xf6,0x7f,0x49,0x8c,0x95,0xbe,0x67,0x6f,0xe5,0x53,0x1c,0x8a,0x1a,0x3f,0x1c,0xed,0xec,0x40,0x07,0x42,0x9c,0x22,0x60,0x2d,0x79,0x71,0x7c,0xa7,0x63,0x4e,0x60,0x4a,0x8f,0x0e,0xe7,0x31,0x37,0xf2,0x87,0x1c,0x4e,0x83,0xfb,0xbb,0x2d,0xcd,0x9b,0xf1,0xa2,0xc3,0x7a,0xc5,0xfb,0xac,0x91,0x1f,0x3b,0x36,0x78,0x41,0xf8,0xdc,0xec,0xc9,0xdb,0x46,0x00,0x23,0x40,0x00,0x00,0x00,0x00,0x00]
key = key[:16]
print(len(key))


def AESdecrypt(data, key):
    aes1 = AES.new(key, AES.MODE_ECB)
    decrypted = aes1.decrypt(data)
    return decrypted
    
    
a = AESdecrypt(aim, bytes(key))
print(a)



posted @ 2023-01-05 21:32  Mz1  阅读(59)  评论(0编辑  收藏  举报