攻防世界-hidden key

⭕ 考察内容

1、系统随机数与随机数种子
2、bytes()函数参考

3、all()函数参考

4、逆向思维

一、题目

from Crypto.Util.number import *
from secret import flag
import  random
import hashlib
import os

key=os.urandom(8)
def rand(rng):
    return rng - random.randrange(rng)
m=[]
random.seed(int(hashlib.md5(key).hexdigest(), 16))
for i in range(len(flag)):
    rand(256)
    xor=flag[i]^rand(256)
    m.append(xor)
print(m)
print(bytes_to_long(key)>>12)

# [140, 96, 112, 178, 38, 180, 158, 240, 179, 202, 251, 138, 188, 185, 23, 67, 163, 22, 150, 18, 143, 212, 93, 87, 209, 139, 92, 252, 55, 137, 6, 231, 105, 12, 65, 59, 223, 25, 179, 101, 19, 215]
# 2669175714787937

二、解题
思路：因为密钥只右移隐去12位，可以尝试恢复密钥，只需要2^12次循环即可，尝试遍历所有的密钥并逆着算法求解出flag，看看哪一个是有意义的明文

三、脚本

from Crypto.Util.number import long_to_bytes
import  random
import hashlib
import os

key0 = 2669175714787937<<12
m=[140, 96, 112, 178, 38, 180, 158, 240, 179, 202, 251, 138, 188, 185, 23, 67, 163, 22, 150, 18, 143, 212, 93, 87, 209, 139, 92, 252, 55, 137, 6, 231, 105, 12, 65, 59, 223, 25, 179, 101, 19, 215]
def rand(rng):
    return rng - random.randrange(rng)

for offset in range(2**12):
    result =[]
    key = long_to_bytes(key0+offset)
    random.seed(int(hashlib.md5(key).hexdigest(), 16))
    for i in range(len(m)):
        rand(256)
        f = m[i]^rand(256)
        result.append(f)
    if all(c < 256 for c in result):
        flag = bytes(result)
        if((flag.startswith(b'flag'))):
            print(flag)