2023NepCTF-RE部分题解

2023NepCTF-RE部分题解

九龙拉棺

过反调试

很容易发现

void __stdcall sub_401700() 

里面有tea的痕迹
接出来发现只是前半部分

#include <stdio.h>
#include <stdint.h>
#include"defs.h"
#include <stdio.h>

#include <stdio.h>  
#include <stdint.h>  

//加密函数  
void encrypt(uint32_t* v, uint32_t* k) {
    uint32_t v0 = v[0], v1 = v[1], sum = 0, i;           /* set up */
    uint32_t delta = 0x9e3779b9;                     /* a key schedule constant */
    uint32_t k0 = k[0], k1 = k[1], k2 = k[2], k3 = k[3];   /* cache key */
    for (i = 0; i < 32; i++) {                       /* basic cycle start */
        sum += delta;
        v0 += ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1);
        v1 += ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3);
    }                                              /* end cycle */
    v[0] = v0; v[1] = v1;
}
//解密函数  
void decrypt(uint32_t* v, uint32_t* k) {
    uint32_t v0 = v[0], v1 = v[1], sum = 0xC6EF3720, i;//0xc6ef3720  /* set up */
    uint32_t delta = 0x61C88647;                     /* a key schedule constant */
    uint32_t k0 = k[0], k1 = k[1], k2 = k[2], k3 = k[3];   /* cache key */
    for (i = 0; i < 32; i++) {                         /* basic cycle start */
        v1 -= ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3);
        v0 -= ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1);
        sum += delta;
    }                                              /* end cycle */
    v[0] = v0; v[1] = v1;
}
int main() {


    uint32_t enc[17] = {
    0x88AFD2D6, 0x3FBE45A7, 0x27AAD1B9, 0x8CB3E51E, 0x09348FFA, 0xE19F3C42, 0xFFDD0D86, 0xEDB97383,
    0x12C4C0BF, 0x1B67BD19, 0xF7A514D6, 0x18F95254, 0xAB100CB0, 0x00CBA137, 0x02A91712, 0xC58D0D9E,0
    };
    int sum = 0;
    uint32_t v[2] = { 1,2 }, k[4] = { 1,2,3,4 };

    for (int i = 0; i < 16; i += 2)
    {
        decrypt(&enc[i], k);
    }
    puts((char*)enc);//NepCTF{c9cdnwdi3iu41m0pv3x7kllzu8pdq6mt9n2nwjdp6kat8ent4dhn5r158
    return 0;
}

卡在找后半段flag校验的地方很久,

这里其实有优先级
按创建顺序开始
tea后面的函数是根据密文直接校验的结果进行判断

慢慢看

void __usercall StartAddress(int a1@<ebp>)

里面

断点下在这,明显在内存看到MZ标识
这里使用idapython没把数据提取出来
纯shift+f12拉出来的

#include <stdio.h>
#include <stdint.h>
#include"defs.h"
#include <stdio.h>


//加密函数  
void encrypt(uint32_t* v, uint32_t* k) {
    uint32_t v0 = v[0], v1 = v[1], sum = 0, i;           /* set up */
    uint32_t delta = 0x9e3779b9;                     /* a key schedule constant */
    uint32_t k0 = k[0], k1 = k[1], k2 = k[2], k3 = k[3];   /* cache key */
    for (i = 0; i < 32; i++) {                       /* basic cycle start */
        sum += delta;
        v0 += ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1);
        v1 += ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3);
    }                                              /* end cycle */
    v[0] = v0; v[1] = v1;
}
//解密函数  
void decrypt(uint32_t* v, uint32_t* k) {
    uint32_t v0 = v[0], v1 = v[1], sum = 0xC6EF3720, i;//0xc6ef3720  /* set up */
    uint32_t delta = 0x61C88647;                     /* a key schedule constant */
    uint32_t k0 = k[0], k1 = k[1], k2 = k[2], k3 = k[3];   /* cache key */
    for (i = 0; i < 32; i++) {                         /* basic cycle start */
        v1 -= ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3);
        v0 -= ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1);
        sum += delta;
    }                                              /* end cycle */
    v[0] = v0; v[1] = v1;
}
int main() {
    

    uint32_t enc[17] = {
   0 };

    enc[0] = 0x1DC74989;
    enc[1] = 0xD979AF77;
    enc[2] = 0x888D136D;
    enc[3] = 0x8E26DB7F;
    enc[4] = 0xC10C3CC9;
    enc[5] = 0xC3845D40;
    enc[6] = 0xC6E04459;
    enc[7] = 0xA2EBDF07;
    enc[8] = 0xD484388D;
    enc[9] = 0x12F956A2;
    enc[10] = 0x5ED7EE59;
    enc[11] = 0x43137F85;
    enc[12] = 0xEF43F9F0;
    enc[13] = 0xB29683AA;
    enc[14] = 0x8E3640B4;
    enc[15] = 0xc2d36177;
    int sum = 0;
    uint32_t v[2] = { 1,2 }, k[4] = { 18,52,86,120 };
    
    for (int i = 0; i < 16; i += 2)
    {
        decrypt(&enc[i],k);
    }
    puts((char*)enc);
    return 0;
}

后64位flag
拼凑一下

Review

这里有反调试,patch就好

需要对aes的key进行爆破,有2位根据相等位置生成,xxtea加密后,有个异常处理,里面进行~操作

from Crypto.Cipher import AES
from ctypes import *


def MX(z, y, total, key, p, e):
  temp1 = (z.value >> 5 ^ y.value << 2) + (y.value >> 3 ^ z.value << 4)
  temp2 = (total.value ^ y.value) + (key[(p & 3) ^ e.value] ^ z.value)

  return c_uint32(temp1 ^ temp2)


def encrypt(n, v, key):
  delta = 0x9e3779b9
  rounds = 6 + 52 // n

  total = c_uint32(0)
  z = c_uint32(v[n - 1])
  e = c_uint32(0)

  while rounds > 0:
    total.value += delta
    e.value = (total.value >> 2) & 3
    for p in range(n - 1):
      y = c_uint32(v[p + 1])
      v[p] = c_uint32(v[p] + MX(z, y, total, key, p, e).value).value
      z.value = v[p]
    y = c_uint32(v[0])
    v[n - 1] = c_uint32(v[n - 1] + MX(z, y, total, key, n - 1, e).value).value
    z.value = v[n - 1]
    rounds -= 1

  return v


def decrypt(n, v, key):
  delta = 0x9e3779b9
  rounds = 6 + 52 // n

  total = c_uint32(rounds * delta)
  y = c_uint32(v[0])
  e = c_uint32(0)

  while rounds > 0:
    e.value = (total.value >> 2) & 3
    for p in range(n - 1, 0, -1):
      z = c_uint32(v[p - 1])
      v[p] = c_uint32((v[p] - MX(z, y, total, key, p, e).value)).value
      y.value = v[p]
    z = c_uint32(v[n - 1])
    v[0] = c_uint32(v[0] - MX(z, y, total, key, 0, e).value).value
    y.value = v[0]
    total.value -= delta
    rounds -= 1

  return v

Aeskey=[  0x19, 0x28, 0x6E, 0x04, 0x19, 0x28, 0x6E, 0x04, 0x46, 0x55,
  0xC8, 0x04, 0x46, 0x55, 0xC8, 0x04]

for i in range(47):
  v17=i+4
  Aeskey[3]=v17
  Aeskey[11]=v17
  enc = [0xF4, 0x9C, 0xDD, 0x41, 0x03, 0xDD, 0x5A, 0x13, 0x2E, 0x55, 0x97, 0x9E, 0xFF, 0xD5, 0x08, 0xD9, 0xF6, 0xD1,
         0x09, 0x8C, 0x68, 0x9E, 0x92, 0xFF, 0x75, 0x0F, 0x80, 0x95, 0x4B, 0x16, 0xB9, 0xC6, 0x7F, 0x54, 0x2E, 0x20,
         0x35, 0xFC, 0x1B, 0x46, 0x14, 0xAA, 0xDA, 0x5E, 0x4F, 0xBD, 0x59, 0x71]
  aes = AES.new(bytes(Aeskey), AES.MODE_ECB)  # 创建一个aes对象
  den_text = aes.decrypt(bytes(enc))  # 解密密文
  x=[i for i in den_text]
  for i in range(len(x)):
    x[i] = ~x[i]
    x[i]&=0xff

  enc1 = [int.from_bytes(x[i*4:i*4+4],'little') for i in range(12)]
  xxteakey = [0x00000019, 0x00000000, 0x0000006E, 0x00000003]
  m=decrypt(12,enc1,xxteakey)
  import libnum
  try:
    x=[libnum.n2s(i).decode()[::-1] for i in m]
    for i in x:
      print(i,end='')#NepCTF{tEA_with_AES_by_mixing_antiDebug_hahaHah}
  except :
    pass
# flag='NepCTF{'+'11112222'*5+'}'
# print(flag)
#NepCTF{1111222211112222111122221111222211112222}

eeeeerte

0xA3, 0xD7, 0x09, 0x83, 0xF8, 0x48, 0xF6, 0xF4, 0xB3, 0x21, 0x15, 0x78, 0x99, 0xB1, 0xAF, 0xF9, 0xE7, 0x2D, 0x4D, 0x8A, 0xCE, 0x4C, 0xCA, 0x2E, 0x52, 0x95, 0xD9, 0x1E, 0x4E, 0x38, 0x44, 0x28, 0x0A, 0xDF, 0x02, 0xA0, 0x17, 0xF1, 0x60, 0x68, 0x12, 0xB7, 0x7A, 0xC3, 0xE9, 0xFA, 0x3D, 0x53, 0x96, 0x84, 0x6B, 0xBA, 0xF2, 0x63, 0x9A, 0x19, 0x7C, 0xAE, 0xE5, 0xF5, 0xF7, 0x16, 0x6A, 0xA2, 0x39, 0xB6, 0x7B, 0x0F, 0xC1, 0x93, 0x81, 0x1B, 0xEE, 0xB4, 0x1A, 0xEA, 0xD0, 0x91, 0x2F, 0xB8, 0x55, 0xB9, 0xDA, 0x85, 0x3F, 0x41, 0xBF, 0xE0, 0x5A, 0x58, 0x80, 0x5F, 0x66, 0x0B, 0xD8, 0x90, 0x35, 0xD5, 0xC0, 0xA7, 0x33, 0x06, 0x65, 0x69, 0x45, 0x00, 0x94, 0x56, 0x6D, 0x98, 0x9B, 0x76, 0x97, 0xFC, 0xB2, 0xC2, 0xB0, 0xFE, 0xDB, 0x20, 0xE1, 0xEB, 0xD6, 0xE4, 0xDD, 0x47, 0x4A, 0x1D, 0x42, 0xED, 0x9E, 0x6E, 0x49, 0x3C, 0xCD, 0x43, 0x27, 0xD2, 0x07, 0xD4, 0xDE, 0xC7, 0x67, 0x18, 0x89, 0xCB, 0x30, 0x1F, 0x8D, 0xC6, 0x8F, 0xAA, 0xC8, 0x74, 0xDC, 0xC9, 0x5D, 0x5C, 0x31, 0xA4, 0x70, 0x88, 0x61, 0x2C, 0x9F, 0x0D, 0x2B, 0x87, 0x50, 0x82, 0x54, 0x64, 0x26, 0x7D, 0x03, 0x40, 0x34, 0x4B, 0x1C, 0x73, 0xD1, 0xC4, 0xFD, 0x3B, 0xCC, 0xFB, 0x7F, 0xAB, 0xE6, 0x3E, 0x5B, 0xA5, 0xAD, 0x04, 0x23, 0x9C, 0x14, 0x51, 0x22, 0xF0, 0x29, 0x79, 0x71, 0x7E, 0xFF, 0x8C, 0x0E, 0xE2, 0x0C, 0xEF, 0xBC, 0x72, 0x75, 0x6F, 0x37, 0xA1, 0xEC, 0xD3, 0x8E, 0x62, 0x8B, 0x86, 0x10, 0xE8, 0x08, 0x77, 0x11, 0xBE, 0x92, 0x4F, 0x24, 0xC5, 0x32, 0x36, 0x9D, 0xCF, 0xF3, 0xA6, 0xBB, 0xAC, 0x5E, 0x6C, 0xA9, 0x13, 0x57, 0x25, 0xB5, 0xE3, 0xBD, 0xA8, 0x3A, 0x01, 0x05, 0x59, 0x2A, 0x46

根据常量数组识别出skipjack
这里让易语言画图没反应手撸

address=0x00401426
end_address=0x0040295C
foud=[0x68, 0x01, 0x03, 0x00, 0x80, 0x6A, 0x00]
call_select=[   0x68, 0x35, 0x00, 0x01, 0x16, 0x68, 0x01, 0x00, 0x01, 0x52,
  0xE8,]
map_sit=[]
def get_point(a3,a4):
    Point=[]
    Point.append(a4 + 10)
    Point.append(a3 + 10)
    Point.append(a4)
    Point.append(a3)


    Point.append(a4+20)
    Point.append(a3+10)
    Point.append(a4+10)
    Point.append(a3)

    Point.append(a4+30)
    Point.append(a3+10)
    Point.append(a4+20)
    Point.append(a3)

    Point.append(a4+40)
    Point.append(a3+10)
    Point.append(a4+30)
    Point.append(a3)

    return Point

while address<=end_address:
      if idc.get_bytes(address,len(foud))==bytes(foud):
            address+=len(foud)+1
            map_sit.append(ord(idc.get_bytes(address,1)))
      elif idc.get_bytes(address,len(call_select))==bytes(call_select) and ord(idc.get_bytes(address+12,1))==0x3c :
            address-=10
            address+=1
            a3=0
            a4=0
            a4=ord(idc.get_bytes(address,1))
            address += 5
            a3=ord(idc.get_bytes(address,1))
            map_sit+=get_point(a3,a4)
            address+=4
            address+=len(call_select)
            print(hex(address))

      address+=1
print(map_sit)
map_sit=[20, 20, 10, 10, 30, 20, 20, 10, 40, 20, 30, 10, 30, 30, 20, 20, 30, 50, 20, 40, 40, 40, 30, 30, 40, 50, 30, 40, 50, 50, 40, 40, 20, 90, 10, 80, 20, 100, 10, 90, 20, 110, 10, 100, 30, 100, 20, 90, 150, 40, 140, 30, 160, 30, 150, 20, 160, 40, 150, 30, 160, 50, 150, 40, 110, 150, 100, 140, 120, 140, 110, 130, 120, 150, 110, 140, 130, 150, 120, 140, 140, 150, 130, 140, 150, 150, 140, 140, 150, 140, 140, 130, 150, 160, 140, 150, 120, 210, 110, 200, 130, 200, 120, 190, 130, 210, 120, 200, 140, 210, 130, 200, 50, 20, 40, 10, 60, 20, 50, 10, 70, 20, 60, 10, 80, 20, 70, 10, 60, 50, 50, 40, 70, 50, 60, 40, 80, 50, 70, 40, 90, 50, 80, 40, 20, 70, 10, 60, 30, 70, 20, 60, 40, 70, 30, 60, 50, 70, 40, 60, 60, 70, 50, 60, 70, 70, 60, 60, 80, 70, 70, 60, 90, 70, 80, 60, 40, 100, 30, 90, 50, 100, 40, 90, 60, 100, 50, 90, 70, 100, 60, 90, 30, 150, 20, 140, 40, 150, 30, 140, 50, 150, 40, 140, 60, 150, 50, 140, 40, 170, 30, 160, 50, 170, 40, 160, 60, 170, 50, 160, 70, 170, 60, 160, 20, 210, 10, 200, 30, 210, 20, 200, 40, 210, 30, 200, 50, 210, 40, 200, 60, 210, 50, 200, 70, 210, 60, 200, 80, 210, 70, 200, 90, 210, 80, 200, 130, 100, 120, 90, 140, 100, 130, 90, 150, 100, 140, 90, 160, 100, 150, 90, 30, 130, 20, 120, 30, 140, 20, 130, 40, 130, 30, 120, 50, 130, 40, 120, 60, 130, 50, 120, 60, 140, 50, 130, 60, 140, 50, 140, 30, 170, 20, 160, 30, 180, 20, 170, 30, 190, 20, 180, 40, 190, 30, 180, 120, 30, 110, 20, 120, 40, 110, 30, 120, 50, 110, 40, 130, 50, 120, 40, 110, 200, 100, 190, 110, 210, 100, 200, 110, 220, 100, 210, 120, 220, 110, 210, 50, 180, 40, 170, 60, 180, 50, 170, 60, 190, 50, 180, 70, 190, 60, 180, 140, 30, 130, 20, 140, 40, 130, 30, 140, 50, 130, 40, 150, 30, 140, 20, 120, 80, 110, 70, 130, 80, 120, 70, 140, 80, 130, 70, 140, 90, 130, 80, 140, 220, 130, 210, 150, 220, 140, 210, 150, 210, 140, 200, 150, 200, 140, 190]



import numpy as np
import matplotlib.pyplot as plt
import matplotlib.patches as patches

# 替换为您的数字数组
data = map_sit

# 创建一个新的绘图
fig, ax = plt.subplots()

# 遍历每个矩形的数据

# 遍历每个矩形的数据
for i in range(0, len(data), 4):
    rect = patches.Rectangle((data[i], data[i+1]), data[i+2] - data[i], data[i+3] - data[i+1], linewidth=1, edgecolor='r', facecolor='none')
    ax.add_patch(rect)

# 设置坐标轴范围
ax.set_xlim(0, 300)
ax.set_ylim(0, 300)

# 显示图像
plt.show()

拿到key
直接逆

import base64

FTABLE = (0xa3, 0xd7, 0x09, 0x83, 0xf8, 0x48, 0xf6, 0xf4,
		  0xb3, 0x21, 0x15, 0x78, 0x99, 0xb1, 0xaf, 0xf9,
		  0xe7, 0x2d, 0x4d, 0x8a, 0xce, 0x4c, 0xca, 0x2e,
		  0x52, 0x95, 0xd9, 0x1e, 0x4e, 0x38, 0x44, 0x28,
		  0x0a, 0xdf, 0x02, 0xa0, 0x17, 0xf1, 0x60, 0x68,
		  0x12, 0xb7, 0x7a, 0xc3, 0xe9, 0xfa, 0x3d, 0x53,
		  0x96, 0x84, 0x6b, 0xba, 0xf2, 0x63, 0x9a, 0x19,
		  0x7c, 0xae, 0xe5, 0xf5, 0xf7, 0x16, 0x6a, 0xa2,
		  0x39, 0xb6, 0x7b, 0x0f, 0xc1, 0x93, 0x81, 0x1b,
		  0xee, 0xb4, 0x1a, 0xea, 0xd0, 0x91, 0x2f, 0xb8,
		  0x55, 0xb9, 0xda, 0x85, 0x3f, 0x41, 0xbf, 0xe0,
		  0x5a, 0x58, 0x80, 0x5f, 0x66, 0x0b, 0xd8, 0x90,
		  0x35, 0xd5, 0xc0, 0xa7, 0x33, 0x06, 0x65, 0x69,
		  0x45, 0x00, 0x94, 0x56, 0x6d, 0x98, 0x9b, 0x76,
		  0x97, 0xfc, 0xb2, 0xc2, 0xb0, 0xfe, 0xdb, 0x20,
		  0xe1, 0xeb, 0xd6, 0xe4, 0xdd, 0x47, 0x4a, 0x1d,
		  0x42, 0xed, 0x9e, 0x6e, 0x49, 0x3c, 0xcd, 0x43,
		  0x27, 0xd2, 0x07, 0xd4, 0xde, 0xc7, 0x67, 0x18,
		  0x89, 0xcb, 0x30, 0x1f, 0x8d, 0xc6, 0x8f, 0xaa,
		  0xc8, 0x74, 0xdc, 0xc9, 0x5d, 0x5c, 0x31, 0xa4,
		  0x70, 0x88, 0x61, 0x2c, 0x9f, 0x0d, 0x2b, 0x87,
		  0x50, 0x82, 0x54, 0x64, 0x26, 0x7d, 0x03, 0x40,
		  0x34, 0x4b, 0x1c, 0x73, 0xd1, 0xc4, 0xfd, 0x3b,
		  0xcc, 0xfb, 0x7f, 0xab, 0xe6, 0x3e, 0x5b, 0xa5,
		  0xad, 0x04, 0x23, 0x9c, 0x14, 0x51, 0x22, 0xf0,
		  0x29, 0x79, 0x71, 0x7e, 0xff, 0x8c, 0x0e, 0xe2,
		  0x0c, 0xef, 0xbc, 0x72, 0x75, 0x6f, 0x37, 0xa1,
		  0xec, 0xd3, 0x8e, 0x62, 0x8b, 0x86, 0x10, 0xe8,
		  0x08, 0x77, 0x11, 0xbe, 0x92, 0x4f, 0x24, 0xc5,
		  0x32, 0x36, 0x9d, 0xcf, 0xf3, 0xa6, 0xbb, 0xac,
		  0x5e, 0x6c, 0xa9, 0x13, 0x57, 0x25, 0xb5, 0xe3,
		  0xbd, 0xa8, 0x3a, 0x01, 0x05, 0x59, 0x2a, 0x46)


# G işlemi
def g(key, k, w):
	g1 = 0xFF & (w >> 8)
	g2 = 0xFF & w

	g3 = FTABLE[g2 ^ key[(4 * k + 0) % 10]] ^ g1
	g4 = FTABLE[g3 ^ key[(4 * k + 1) % 10]] ^ g2
	g5 = FTABLE[g4 ^ key[(4 * k + 2) % 10]] ^ g3
	g6 = FTABLE[g5 ^ key[(4 * k + 3) % 10]] ^ g4

	return ((g5 << 8) + g6)


# G işleminin tersi
def ginv(key, k, w):
	g5 = 0xFF & (w >> 8)
	g6 = 0xFF & w

	g4 = FTABLE[g5 ^ key[(4 * k + 3) % 10]] ^ g6
	g3 = FTABLE[g4 ^ key[(4 * k + 2) % 10]] ^ g5
	g2 = FTABLE[g3 ^ key[(4 * k + 1) % 10]] ^ g4
	g1 = FTABLE[g2 ^ key[(4 * k + 0) % 10]] ^ g3

	return ((g1 << 8) + g2)


def skip(key, buf, encrypt):
	# Gruplara ayırma
	w1 = (buf[0] << 8) + buf[1]
	w2 = (buf[2] << 8) + buf[3]
	w3 = (buf[4] << 8) + buf[5]
	w4 = (buf[6] << 8) + buf[7]

	if encrypt:
		k, step = 0, 1

		for t in range(2):
			# A işlemi
			for i in range(8):
				gw1 = g(key, k, w1)
				w1, w2, w3, w4 = gw1 ^ w4 ^ (k + step), gw1, w2, w3
				k += step
			# B işlemi
			for i in range(8):
				gw1 = g(key, k, w1)
				w1, w2, w3, w4 = w4, gw1, w1 ^ w2 ^ (k + step), w3
				k += step

	else:
		k, step = 32, -1

		for t in range(2):
			# B^-1
			for i in range(8):
				gw2 = ginv(key, k + step, w2)
				w1, w2, w3, w4 = gw2, gw2 ^ w3 ^ k, w4, w1
				k += step
			# B
			for i in range(8):
				w1, w2, w3, w4 = ginv(key, k + step, w2), w3, w4, w1 ^ w2 ^ k
				k += step

	return bytes((w1 >> 8, w1 & 0xFF, w2 >> 8, w2 & 0xFF,
				  w3 >> 8, w3 & 0xFF, w4 >> 8, w4 & 0xFF))


class Skipjack:
	# Class bir anahtar ile oluşturulur
	def __init__(self, key):
		if len(key) != 10:
			raise ValueError("key must be 10 bytes in length")
		else:
			self._key = bytearray(key, 'utf-8')

	# Şifreleme Fonksiyonu
	def encrypt(self, value):
		pad = bytearray(8 - len(value))  # 8 karakterden az şifreleme için padding
		buf = bytearray(value, 'utf-8') + pad
		enc = skip(self._key, buf, True)
		print(enc)
		return enc

	def decrypt(self, value):
		pad = bytearray(8 - len(value))
		buf = value + pad
		dec = skip(self._key, buf, False)
		#print(dec)
		return dec
import base64

enc='xmxO93Sn8YjfoWqaFS6poLf6n1q7bWrIyXbLAdcSjygWfs/jAVc4leFrTDZYdFoL'
enc=base64.b64decode(enc)
enc1=[int.from_bytes(enc[i*8:i*8+8],'little') for i in range(len(enc)//8)]
enc1=[bytes(enc[i*8:i*8+8]) for i in range(len(enc)//8)]
import libnum
# example
CT = 0x33221100ddccbbaa
KEY = [ord(i) for i in "NITORI2413"]
sj = Skipjack("NITORI2413")
for i in enc1:
	m=sj.decrypt(i)
	print(m.decode(),end='')#NepCTF{3456789TQKA2,Jack_was_skipped_by_EPL}

待复现

posted @ 2023-08-14 21:52  雨后初霁  阅读(269)  评论(0编辑  收藏  举报