å‰å›ž ã¯ã€picoCTF ã® picoCTF 2024 ã®ã†ã¡ã€Forensics ã‚’ã‚„ã£ã¦ã¿ã¾ã—ãŸã€‚å…¨8å•ã®ã†ã¡ã€æœ€å¾Œã® 2å•ã¯è§£ã‘ã¾ã›ã‚“ã§ã—ãŸã€‚
今回ã¯ã€å¼•ã続ãã€picoCTF ã® picoCTF 2024 ã®ã†ã¡ã€Cryptography ã¨ã„ã†ã‚«ãƒ†ã‚´ãƒªã®å…¨5å•ã‚’ã‚„ã£ã¦ã„ããŸã„ã¨æ€ã„ã¾ã™ã€‚Easy ㌠1å•ã€Medium ㌠3å•ã€Hard ㌠1å•ã§ã™ã€‚
ãã‚Œã§ã¯ã€ã‚„ã£ã¦ã„ãã¾ã™ã€‚
ã¯ã˜ã‚ã«
「セã‚ュリティã€ã®è¨˜äº‹ä¸€è¦§ã§ã™ã€‚良ã‹ã£ãŸã‚‰å‚考ã«ã—ã¦ãã ã•ã„。
ã‚»ã‚ュリティã®è¨˜äº‹ä¸€è¦§
picoCTF ã®å…¬å¼ã‚µã‚¤ãƒˆã¯ä»¥ä¸‹ã§ã™ã€‚英語ã®ã‚µã‚¤ãƒˆã§ã™ãŒã€ã‚·ãƒ³ãƒ—ルã§åˆ†ã‹ã‚Šã‚„ã™ã„ã®ã§å›°ã‚‰ãšã«é€²ã‚ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚
picoctf.com
ãã‚Œã§ã¯ã€ã‚„ã£ã¦ã„ãã¾ã™ã€‚
picoCTF 2024:Cryptography
ãƒã‚¤ãƒ³ãƒˆã®ä½Žã„é †ã«ã‚„ã£ã¦ã„ãã¾ã™ã€‚
interencdec(50ãƒã‚¤ãƒ³ãƒˆï¼‰
Easy ã®å•é¡Œã§ã™ã€‚ファイルãŒ1ã¤ï¼ˆenc_flag)ダウンãƒãƒ¼ãƒ‰ã§ãã¾ã™ã€‚
interencdecå•é¡Œ
ファイルを開ãã¨ã€YidkM0JxZGtwQlRYdHFhR3g2YUhsZmF6TnFlVGwzWVROclh6ZzVNR3N5TXpjNWZRPT0nCg== ã¨æ›¸ã‹ã‚Œã¦ã„ã¾ã™ã€‚Base64 ã£ã½ã„ã®ã§ã€ãƒ‡ã‚³ãƒ¼ãƒ‰ã—ã¦ã¿ã¾ã™ã€‚
ã†ãƒ¼ã‚“ã€é•ã†ã‚ˆã†ã§ã™ã€‚もㆠ1回 Base64 ã§ãƒ‡ã‚³ãƒ¼ãƒ‰ã™ã‚‹ã¨ã„ã„æ„Ÿã˜ã«ãªã‚Šã¾ã—ãŸã€‚
$ cat enc_flag | base64 -d
b'd3BqdkpBTXtqaGx6aHlfazNqeTl3YTNrXzg5MGsyMzc5fQ=='
$ echo -n 'd3BqdkpBTXtqaGx6aHlfazNqeTl3YTNrXzg5MGsyMzc5fQ==' | base64 -d
wpjvJAM{jhlzhy_k3jy9wa3k_890k2379}
ã‚ã¨ã¯ã€ã‚·ãƒ¼ã‚¶ãƒ¼æš—å·ã§ã™ã‹ã。ã§ã¯ã€ASCIIコードã®æ•°å€¤ã‚’求ã‚ã¾ã™ã€‚7 を減算ã™ã‚Œã°è‰¯ã•ãã†ã§ã™ã€‚
>>> ord('C'), ord('T'), ord('F')
(67, 84, 70)
>>> ord('J'), ord('A'), ord('M')
(74, 65, 77)
picoCTF{caesar_d6cr2pt6d_123d5602} ã ã¨æ€ã£ãŸã®ã§ã™ãŒã€é•ã„ã¾ã—ãŸã€‚
Base64ã®ãƒ‡ã‚³ãƒ¼ãƒ‰
ã¡ã‚‡ã£ã¨é©å½“ã ã£ãŸã®ã§ã€ã‚‚ã†ã¡ã‚‡ã£ã¨çœŸé¢ç›®ã«è€ƒãˆã¾ã™ã€‚enc_flag ã«æ›¸ã‹ã‚Œã¦ã„ã‚‹æ–‡å—列ã¯ã€70æ–‡å—㨠== ã§ã™ã€‚== 㯠4æ–‡å—アライメントã«ä¸è¶³ã—ã¦ã„ãŸã ã‘ãªã®ã§æ°—ã«ã—ãªã„ã§ã„ã„ã§ã™ã€‚Base64 㯠6bit ã‚’ 1æ–‡å—ã§è¡¨ã™ã®ã§ã€ãƒ‡ã‚³ãƒ¼ãƒ‰ã™ã‚‹ã¨ã€70æ–‡å—×6bit=420bit ã«ãªã‚Šã¾ã™ãŒã€å…ƒã®æ–‡å—㯠8bit ãªã®ã§ã€416bit 㧠4bit 㯠0 ãŒè¶³ã•ã‚ŒãŸã ã‘ã§ã™ã€‚最後ã®æ–‡å—㯠g ã§ã€ã“ã‚Œã¯ã€2進数㧠100000 を変æ›ã—ãŸã‚‚ã®ãªã®ã§ã€ã“ã®å¾Œã‚ã® 4ã¤ã® 0 ã¯è¶³ã•ã‚ŒãŸã ã‘ã§æ°—ã«ã—ãªã„ã§ã„ã„ã§ã™ã€‚416bit 㯠52æ–‡å—ã«ãªã‚Šã¾ã™ã€‚ã—ã‹ã—ã€b'd3BqdkpBTXtqaGx6aHlfazNqeTl3YTNrXzg5MGsyMzc5fQ==' 㯠51æ–‡å—ã—ã‹ã‚ã‚Šã¾ã›ã‚“。
ã†ãƒ¼ã‚“ã€å›°ã£ãŸã®ã§ã€è‡ªåˆ†ã§ base64 をデコードã™ã‚‹ãƒ—ãƒã‚°ãƒ©ãƒ を作りã¾ã—ãŸã€‚
def base64_decode_manual( ss ):
print( f"len(ss)={len(ss)}" )
table = {
'A': "000000", 'B': "000001", 'C': "000010", 'D': "000011",
'E': "000100", 'F': "000101", 'G': "000110", 'H': "000111",
'I': "001000", 'J': "001001", 'K': "001010", 'L': "001011",
'M': "001100", 'N': "001101", 'O': "001110", 'P': "001111",
'Q': "010000", 'R': "010001", 'S': "010010", 'T': "010011",
'U': "010100", 'V': "010101", 'W': "010110", 'X': "010111",
'Y': "011000", 'Z': "011001", 'a': "011010", 'b': "011011",
'c': "011100", 'd': "011101", 'e': "011110", 'f': "011111",
'g': "100000", 'h': "100001", 'i': "100010", 'j': "100011",
'k': "100100", 'l': "100101", 'm': "100110", 'n': "100111",
'o': "101000", 'p': "101001", 'q': "101010", 'r': "101011",
's': "101100", 't': "101101", 'u': "101110", 'v': "101111",
'w': "110000", 'x': "110001", 'y': "110010", 'z': "110011",
'0': "110100", '1': "110101", '2': "110110", '3': "110111",
'4': "111000", '5': "111001", '6': "111010", '7': "111011",
'8': "111100", '9': "111101", '+': "111110", '/': "111111",
}
ret = ""
for cc in ss:
if cc == "=":
break
ret += table[cc]
lst = []
idx = 0
while idx + 8 <= len(ret):
lst.append( int(ret[idx:idx+8], base=2) )
idx += 8
assert int(ret[idx:], base=2) == 0, f"ret[idx:]={ret[idx:]}"
ret = ""
for ii, nn in enumerate(lst):
if nn < 0x20 or nn >= 0x7F:
print( f"ii={ii}, nn={nn:02X}" )
else:
ret += chr(nn)
print( f"len(ret)={len(ret)}, ret={ret}" )
base64_decode_manual( "YidkM0JxZGtwQlRYdHFhR3g2YUhsZmF6TnFlVGwzWVROclh6ZzVNR3N5TXpjNWZRPT0nCg==" )
base64_decode_manual( "d3BqdkpBTXtqaGx6aHlfazNqeTl3YTNrXzg5MGsyMzc5fQ" )
実行ã—ã¦ã¿ã¾ã™ã€‚ãªã‚‹ã»ã©ã€æœ€å¾Œã® 1æ–‡å—ã¯æ”¹è¡Œã‚³ãƒ¼ãƒ‰ã ã£ãŸã‚ˆã†ã§ã™ã€‚
$ python tmp.py
len(ss)=72
ii=51, nn=0A
len(ret)=51, ret=b'd3BqdkpBTXtqaGx6aHlfazNqeTl3YTNrXzg5MGsyMzc5fQ=='
len(ss)=46
len(ret)=34, ret=wpjvJAM{jhlzhy_k3jy9wa3k_890k2379}
シーザー暗å·
シーザー暗å·ã®ã¨ã“ã‚ã¯ã€å®Ÿè£…ãŒé–“é•ãˆã¦ã„ã¾ã—ãŸã€‚æ•°å—ã¨è¨˜å·ã¯ãã®ã¾ã¾ã«ã—ã¦ãŠãã®ãŒæ™®é€šã‚‰ã—ã„ã§ã™ã€‚
def str2int( ss, offset=0, num_disable=False ):
lst = []
for cc in ss:
if cc == ' ':
lst.append( ord(cc) )
elif ('0' <= cc <= '9') and not num_disable:
mm = (ord(cc) - ord('0') + offset) % (ord('9') - ord('0') + 1)
lst.append( mm + ord('0') )
elif 'A' <= cc <= 'Z':
mm = (ord(cc) - ord('A') + offset) % (ord('Z') - ord('A') + 1)
lst.append( mm + ord('A') )
elif 'a' <= cc <= 'z':
mm = (ord(cc) - ord('a') + offset) % (ord('z') - ord('a') + 1)
lst.append( mm + ord('a') )
else:
lst.append( ord(cc) )
print( f"str2int={lst}" )
print( f"str2int={[hex(ii) for ii in lst]}" )
return lst
def int2chr( lst ):
ss = ""
lst_ret = []
for ii in lst:
ss += chr(ii)
lst_ret.append( chr(ii) )
print( f"int2chr={ss}" )
return lst_ret
lst = str2int( "wpjvJAM{jhlzhy_k3jy9wa3k_890k2379}", -7, num_disable=True )
lst_ret = int2chr( lst )
実行ã—ã¾ã™ã€‚
$ python tmp.py
str2int=[112, 105, 99, 111, 67, 84, 70, 123, 99, 97, 101, 115, 97, 114, 95, 100, 51, 99, 114, 57, 112, 116, 51, 100, 95, 56, 57, 48, 100, 50, 51, 55, 57, 125]
str2int=['0x70', '0x69', '0x63', '0x6f', '0x43', '0x54', '0x46', '0x7b', '0x63', '0x61', '0x65', '0x73', '0x61', '0x72', '0x5f', '0x64', '0x33', '0x63', '0x72', '0x39', '0x70', '0x74', '0x33', '0x64', '0x5f', '0x38', '0x39', '0x30', '0x64', '0x32', '0x33', '0x37', '0x39', '0x7d']
int2chr=picoCTF{caesar_d3cr9pt3d_890d2379}
picoCTF{caesar_d3cr9pt3d_890d2379} ã§ã—ãŸã€‚
Custom encryption(100ãƒã‚¤ãƒ³ãƒˆï¼‰
Medium ã®å•é¡Œã§ã™ã€‚æš—å·åŒ–ã•ã‚ŒãŸãƒ•ã‚¡ã‚¤ãƒ«ï¼ˆenc_flag)ã¨ã€Pythonスクリプト(custom_encryption.py)ãŒãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã§ãã¾ã™ã€‚
Custom encryptionå•é¡Œ
enc_flag ã®ä¸èº«ã¯ã€ä»¥ä¸‹ã§ã™ã€‚
a = 97
b = 22
cipher is: [151146, 1158786, 1276344, 1360314, 1427490, 1377108, 1074816, 1074816, 386262, 705348, 0, 1393902, 352674, 83970, 1141992, 0, 369468, 1444284, 16794, 1041228, 403056, 453438, 100764, 100764, 285498, 100764, 436644, 856494, 537408, 822906, 436644, 117558, 201528, 285498]
Pythonスクリプトã¯ä»¥ä¸‹ã§ã™ã€‚
is_prime(p) ã¯ã€å¼•æ•°ã§æŒ‡å®šã—㟠p ãŒã€ç´ æ•°ã ã£ãŸã‚‰ True ã‚’è¿”ã—ã€ç´ æ•°ã˜ã‚ƒãªã‹ã£ãŸã‚‰ False ã‚’è¿”ã™ã‚ˆã†ã§ã™ã€‚
randint(a, b) ã¯ã€a <= x <= b ã®ç¯„囲ã§æ•´æ•°ã®ä¹±æ•°ã‚’è¿”ã—ã¾ã™ã€‚
generator(g, x, p) ã¯ã€g ã‚’ xä¹—ã—ã¦ã€p ã§å‰²ã£ãŸä½™ã‚Šã‚’è¿”ã—ã¾ã™ã€‚
dynamic_xor_encrypt(plaintext, text_key) ã¯ã€paintext を末尾ã‹ã‚‰é †ç•ªã«å–り出ã—ã¦ã€å¤‰æ•°char ã«æ ¼ç´ã—ã¾ã™ã€‚ループã®ä¸ã§ã¯ã€text_key ã‚’å‰ã‹ã‚‰é †ç•ªã«å–り出ã—ã¦ã€å¤‰æ•°key_char ã«æ ¼ç´ã—ã¾ã™ã€‚変数char ã¨ã€å¤‰æ•°key_char ã‚’ XOR ã—ã¦ã€ASCIIコードã§æ–‡å—を作りã€ã“ã‚Œã¾ã§ä½œã£ãŸã‚‚ã®ã¨é€£çµã—ã¦ã€çµæžœã‚’è¿”ã—ã¾ã™ã€‚
encrypt(plaintext, key) ã¯ã€plaintext ã‚’å‰ã‹ã‚‰é †ç•ªã«æ–‡å—ã‚’å–り出ã—ã¦ã€æ•´æ•°ã«ç›´ã—ã¦ã€key 㨠311 ã‚’ã‹ã‘ã¦ãƒªã‚¹ãƒˆã«æ ¼ç´ã—ã¦ã„ãã€ãã®ãƒªã‚¹ãƒˆã‚’è¿”ã—ã¾ã™ã€‚
from random import randint
import sys
def generator(g, x, p):
return pow(g, x) % p
def encrypt(plaintext, key):
cipher = []
for char in plaintext:
cipher.append(((ord(char) * key*311)))
return cipher
def is_prime(p):
v = 0
for i in range(2, p + 1):
if p % i == 0:
v = v + 1
if v > 1:
return False
else:
return True
def dynamic_xor_encrypt(plaintext, text_key):
cipher_text = ""
key_length = len(text_key)
for i, char in enumerate(plaintext[::-1]):
key_char = text_key[i % key_length]
encrypted_char = chr(ord(char) ^ ord(key_char))
cipher_text += encrypted_char
return cipher_text
def test(plain_text, text_key):
p = 97
g = 31
if not is_prime(p) and not is_prime(g):
print("Enter prime numbers")
return
a = randint(p-10, p)
b = randint(g-10, g)
print(f"a = {a}")
print(f"b = {b}")
u = generator(g, a, p)
v = generator(g, b, p)
key = generator(v, a, p)
b_key = generator(u, b, p)
shared_key = None
if key == b_key:
shared_key = key
else:
print("Invalid key")
return
semi_cipher = dynamic_xor_encrypt(plain_text, text_key)
cipher = encrypt(semi_cipher, shared_key)
print(f'cipher is: {cipher}')
if __name__ == "__main__":
message = sys.argv[1]
test(message, "trudeau")
復å·ã—ã¦ã€plain_text を得られれã°ã„ã„ã‚ã‘ã§ã™ãŒã€enc_flag ã«ã¯ aã€bã€cipher ãŒã‚ã‚Šã€pã€g ã¯å›ºå®šå€¤ã§ã€text_key も固定ã®æ–‡å—列ã§ã™ã€‚
æ„šç›´ã«ã‚„ã‚‹ã¨ã™ã‚‹ã¨ã€encrypt関数ã®é€†ã®åƒãã‚’ã™ã‚‹ decrypt関数を実装ã—ã¾ã™ã€‚shared_key 㯠aã€b ã¨å›ºå®šå€¤ã§æ±‚ã¾ã‚Šãã†ãªã®ã§ã€decrypt関数ãŒå®Ÿè¡Œã§ããã†ã§ã™ã€‚çµæžœã¨ã—ã¦ã€semi_cipher ãŒæ±‚ã¾ã‚Šã¾ã™ã€‚
次ã¯ã€dynamic_xor_encrypt関数ã®é€†ã®åƒãã‚’ã™ã‚‹ dynamic_xor_decrypt関数を実装ã—ã¾ã™ã€‚ã¾ãã€ä½•ã¨ã‹ã§ããã†ãªæ°—ãŒã—ã¾ã™ã€‚ã“れ㧠plain_text ãŒå¾—られãã†ã§ã™ã€‚
ã“ã®ã‚„ã‚Šæ–¹ã§ã„ã„ã‚“ã§ã—ょã†ã‹ã€‚100ãƒã‚¤ãƒ³ãƒˆãªã®ã§ã€ãã“ã¾ã§ã²ãã£ãŸå•é¡Œã§ã¯ãªã„ã‹ãªã€ã¨æ€ã„ã¾ã—ãŸã€‚ã§ã¯å®Ÿè£…ã—ã¦ã„ãã¾ã™ã€‚
from random import randint
import sys
def generator(g, x, p):
return pow(g, x) % p
def decrypt(cipher, key):
plaintext = []
for ii, num in enumerate(cipher):
assert num % (key * 311) == 0, f"fatal: ii={ii}, num={num}"
tmp = num // key // 311
plaintext.append( chr(tmp) )
return ''.join( plaintext )
def dynamic_xor_decrypt(semi_cipher, text_key):
plain_text = ""
key_length = len(text_key)
for ii, cc in enumerate(semi_cipher):
key_char = text_key[ii % key_length]
decrypted_char = chr( ord(cc) ^ ord(key_char) )
plain_text += decrypted_char
return plain_text[::-1]
if __name__ == "__main__":
cipher = [151146, 1158786, 1276344, 1360314, 1427490, 1377108, 1074816, 1074816, 386262, 705348, 0, 1393902, 352674, 83970, 1141992, 0, 369468, 1444284, 16794, 1041228, 403056, 453438, 100764, 100764, 285498, 100764, 436644, 856494, 537408, 822906, 436644, 117558, 201528, 285498]
p = 97
g = 31
a = 97
b = 22
u = generator(g, a, p)
v = generator(g, b, p)
key = generator(v, a, p)
b_key = generator(u, b, p)
shared_key = None
if key == b_key:
shared_key = key
else:
raise
print( f"shared_key={shared_key}" )
semi_cipher = decrypt( cipher, shared_key )
print( f"semi_cipher={semi_cipher}" )
plain_text = dynamic_xor_decrypt(semi_cipher, "trudeau")
print( f"plain_text={plain_text}" )
実行ã—ã¾ã™ã€‚ãŠã€å‡ºæ¥ã¾ã—ãŸã€‚
$ python tmp.py
shared_key=54
semi_cipher= ELQUR@@*SDV>3 1
plain_text=picoCTF{custom_d2cr0pt6d_e4530597}
picoCTF{custom_d2cr0pt6d_e4530597} ã§ã—ãŸã€‚
C3(200ãƒã‚¤ãƒ³ãƒˆï¼‰
Medium ã®å•é¡Œã§ã™ã€‚æš—å·æ–‡ã®ãƒ•ã‚¡ã‚¤ãƒ«ï¼ˆciphertext)ã¨ã€ã‚¨ãƒ³ã‚³ãƒ¼ãƒ€ã® Pythonスクリプト(convert.py)ãŒãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã§ãã¾ã™ã€‚
C3å•é¡Œ
ã¾ãšã€æš—å·æ–‡ã‹ã‚‰è¦‹ã¦ã¿ã¾ã™ã€‚ã ã„ã¶é•·ã„ã§ã™ã€‚
DLSeGAGDgBNJDQJDCFSFnRBIDjgHoDFCFtHDgJpiHtGDmMAQFnRBJKkBAsTMrsPSDDnEFCFtIbEDtDCIbFCFtHTJDKerFldbFObFCFtLBFkBAAAPFnRBJGEkerFlcPgKkImHnIlATJDKbTbFOkdNnsgbnJRMFnRBNAFkBAAAbrcbTKAkOgFpOgFpOpkBAAAAAAAiClFGIPFnRBaKliCgClFGtIBAAAAAAAOgGEkImHnIl
次ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ€ã® Pythonスクリプトを見ã¦ã¿ã¾ã™ã€‚
最åˆã«æ¨™æº–入力ã‹ã‚‰æ”¹è¡Œæ–‡å—å«ã‚ã¦ã€è¤‡æ•°è¡Œã®æ–‡å—列をå—ã‘å–ã‚Šã€chars ã«æ ¼ç´ã—ã¾ã™ã€‚
chars ã‚’å‰ã‹ã‚‰é †ç•ªã« 1æ–‡å—ãšã¤å–り出ã—ã¦ã€lookup1 ã®ä¸ã§ä¸€è‡´ã™ã‚‹æ–‡å—ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã‚’å–å¾—ã—ã¾ã™ã€‚ã¡ãªã¿ã«ã€index関数ã¯è¦‹ã¤ã‹ã‚‰ãªã‹ã£ãŸå ´åˆã¯ -1 ã‚’è¿”ã—ã¾ã™ãŒã€ãã†ã„ã†çŠ¶æ³ãŒã‚ã£ã¦ã‚‚å‹•ããã†ã§ã™ã€‚
ãã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã‹ã‚‰ prev(å‰å›žå€¤ï¼‰ã‚’引ã„ã¦ã€40 ã§å‰²ã£ãŸä½™ã‚Šã‚’ out ã«æ ¼ç´ã—ã¦ã„ãã¾ã™ã€‚ã¡ãªã¿ã«ã€lookup1 㨠lookup2 ã¯ã¨ã‚‚ã« 40æ–‡å—ã§ã™ã€‚
最後㫠out を標準出力ã«å‡ºåŠ›ã—ã¾ã™ã€‚
import sys
chars = ""
from fileinput import input
for line in input():
chars += line
lookup1 = "\n \"#()*+/1:=[]abcdefghijklmnopqrstuvwxyz"
lookup2 = "ABCDEFGHIJKLMNOPQRSTabcdefghijklmnopqrst"
out = ""
prev = 0
for char in chars:
cur = lookup1.index(char)
out += lookup2[(cur - prev) % 40]
prev = cur
sys.stdout.write(out)
å•é¡Œæ–‡ã«ã¯æ˜Žç¢ºã«æ›¸ã‹ã‚Œã¦ã¾ã›ã‚“ã§ã—ãŸãŒã€ãƒ‡ã‚³ãƒ¼ãƒ€ãƒ¼ã‚’実装ã™ã‚Œã°ã„ã„ã‚“ã§ã—ょã†ã‹ã€‚å…ˆã»ã©ã®ã€ŒCustom encryptionã€ã‚ˆã‚Šç°¡å˜ã«è¦‹ãˆã¾ã™ãŒã€å‰å›žå€¤ã¨ã„ã†ã®ãŒã‚ã‚‹ã®ã§ã€å®Ÿã¯ã‚„ã£ã‹ã„ã‹ã‚‚ã—ã‚Œã¾ã›ã‚“。
æš—å·æ–‡ï¼ˆciphertext)ã¯ã€237æ–‡å—ã‚ã‚Šã¾ã™ã€‚ã¨ã„ã†ã“ã¨ã¯ã€å…¥åŠ›ã‚‚ 237æ–‡å—ã ã£ãŸã¨ã„ã†ã“ã¨ã«ãªã‚Šã¾ã™ã€‚ã¾ãšã€1æ–‡å—ç›®ãŒå…¥åŠ›ã•ã‚Œã¦ã€cur ã« 0 ã‹ã‚‰ 39 ã¾ã§ã®å€¤ãŒå…¥ã‚Šã€lookup2 ã‹ã‚‰ cur ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã§æ–‡å—を抽出ã™ã‚‹ã¨ã€D ã ã£ãŸã¨ã„ã†ã“ã¨ã§ã™ã€‚ã¨ã„ã†ã“ã¨ã¯ã€cur 㯠3 ã ã£ãŸã®ã§ã€å…¥åŠ›ã¯ # ã ã£ãŸã¨ã„ã†ã“ã¨ã«ãªã‚Šã¾ã™ã€‚prev ã«ã¯ 3 ãŒå…¥ã‚Šã¾ã™ã€‚ã†ãƒ¼ã‚“ã€å‰ã‹ã‚‰ã‚„ã‚Œã°å‡ºæ¥ã‚‹ã‚“ã˜ã‚ƒãªã„ã§ã—ょã†ã‹ã€‚
ã§ã¯å®Ÿè£…ã—ã¦ã„ãã¾ã™ã€‚
import sys
chars = ""
from fileinput import input
for line in input():
chars += line
lookup1 = "\n \"#()*+/1:=[]abcdefghijklmnopqrstuvwxyz"
lookup2 = "ABCDEFGHIJKLMNOPQRSTabcdefghijklmnopqrst"
prev = 0
out = ""
for ii, cc in enumerate(chars):
cur = lookup2.index( cc )
out += lookup1[(cur + prev) % 40]
prev = cur + prev
sys.stdout.write(out)
実行ã—ã¾ã™ã€‚ãªã‚“ã‹ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ãŒå‡ºã¦ãã¾ã—ãŸã€‚ãªã‚‹ã»ã©ã€ãƒªãƒ€ã‚¤ãƒ¬ã‚¯ãƒˆã—ã¦ã‚½ãƒ¼ã‚¹ï¼ˆtmp2.py)ã«è½ã¨ã—ã¾ã™ã€‚
$ python tmp.py < ../picoCTF/picoCTF2024_Cryptography/C3/ciphertext > tmp2.py
chars = ""
from fileinput import input
for line in input():
chars += line
b = 1 / 1
for i in range(len(chars)):
if i == b * b * b:
print chars[i]
b += 1 / 1
ã§ã¯ã€ä»Šåº¦ã¯ã€tmp2.py を実行ã—ã¦ã¿ã¾ã™ã€‚ã‚ã€Python2 ãªã®ã§ã€print ã®ã¨ã“ã‚ã ã‘ç›´ã—ã¦å®Ÿè¡Œã—ã¾ã™ã€‚ã§ã‚‚ã€ä½•ã‚’入力ã™ã‚Œã°ã„ã„ã®ã§ã—ょã†ã‹ã€‚コメントを見るã¨ã€ã‚¢ã‚¹ã‚ãƒ¼é †ã« 40æ–‡å—を入力ã™ã‚‹ã¨ã„ã†ã“ã¨ã§ã—ょã†ã‹ã€‚
アスã‚ãƒ¼é †ã¯ã€ã©ã“ã‹ã‚‰å…¥åŠ›ã™ã‚‹ã‚“ã§ã—ょã†ã‹ã€‚ã¨ã‚Šã‚ãˆãšã€è‹±æ–‡å—ã«é™å®šã—ã¦å…¥åŠ›ã—ã¦ã¿ã¾ã—ãŸãŒãƒ€ãƒ¡ã§ã—ãŸã€‚スペース ã‹ã‚‰ G ã¾ã§å…¥åŠ›ã—ãŸãƒ•ã‚¡ã‚¤ãƒ«ã‚’入力ã—ã¦ã¿ã¾ã—ãŸãŒãƒ€ãƒ¡ã§ã—ãŸã€‚
$ echo -n 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmn' | python tmp2.py
b=1.0, len(chars)=40
B
I
b
分ã‹ã‚Šã¾ã›ã‚“。考ãˆã¦ã‚‚分ã‹ã‚‰ãªã•ãã†ãªã®ã§ã‚®ãƒ–アップã§ã™ã€‚
writeupを見るã¨ã€ã“ã® tmp2.py 自体を入力ã™ã‚‹ã¨ã„ã†ã“ã¨ã¿ãŸã„ã§ã™ã€‚selfinput ã¨ã¯ã€ãã†ã„ã†æ„味ãªã‚“ã§ã™ãã€ãªã‚‹ã»ã©ã€‚writeup を書ã‹ã‚ŒãŸäººã‚‚「エスパーæˆåˆ†ãŒçµæ§‹ã‚ã‚Šã€ã¨æ›¸ã‹ã‚Œã¦ã„ã¾ã—ãŸãŒã€æ—©ã‚ã«ã‚®ãƒ–アップã—ã¦è‰¯ã‹ã£ãŸã§ã™ã€‚
Python2 ã®ç’°å¢ƒã¯ç„¡ã„ã®ã§ã€Python3 ã«æ›¸ãç›´ã—ãŸã‚‚ã®ã¨åˆ¥ã«ã‚½ãƒ¼ã‚¹ãƒ•ã‚¡ã‚¤ãƒ«ã‚’用æ„ã—ã¾ã™ã€‚
$ python tmp.py < ../picoCTF/picoCTF2024_Cryptography/C3/ciphertext > tmp3.py
$ python tmp2.py < tmp3.py
b=1.0, len(chars)=237
a
d
l
i
b
s
picoCTF{adlibs} ã§ã—ãŸã€‚
rsa_oracle(300ãƒã‚¤ãƒ³ãƒˆï¼‰
Medium ã®å•é¡Œã§ã™ã€‚æš—å·æ–‡ã®ãƒ•ã‚¡ã‚¤ãƒ«ï¼ˆsecret.enc)ã¨ã€ãƒ‘スワードã®ãƒ•ã‚¡ã‚¤ãƒ«ï¼ˆpassword.enc)ãŒãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã§ãã¾ã™ã€‚ã¾ãŸã€ã‚µãƒ¼ãƒãŒèµ·å‹•ã§ãるよã†ã§ã™ã€‚
rsa_oracleå•é¡Œ
æš—å·æ–‡ã®ãƒ•ã‚¡ã‚¤ãƒ«ã¨ãƒ‘スワードã®ãƒ•ã‚¡ã‚¤ãƒ«ã‚’確èªã—ã¾ã™ã€‚æš—å·æ–‡ã¯ 64byte ã®ãƒã‚¤ãƒŠãƒªãƒ•ã‚¡ã‚¤ãƒ«ã§ã€ãƒ‘スワード㯠154æ–‡å—ã§ã—ãŸã€‚
$ hexdump -C secret.enc
00000000 53 61 6c 74 65 64 5f 5f 67 d6 dd c5 30 27 20 5e |Salted__g...0' ^|
00000010 e9 ba 04 09 6c 01 f4 9e 68 06 93 a3 0e 69 ba 9f |....l...h....i..|
00000020 b3 70 18 32 ce 88 99 3f b7 4c 63 7d 35 0f da a7 |.p.2...?.Lc}5...|
00000030 a9 ed 48 82 7c 55 56 3b f5 fc 68 40 e3 3d b3 ea |..H.|UV;..h@.=..|
00000040
$ cat password.enc
2575135950983117315234568522857995277662113128076071837763492069763989760018604733813265929772245292223046288098298720343542517375538185662305577375746934
サーãƒã‚’èµ·å‹•ã—ã¦ã¿ã¾ã™ã€‚E ã‹ D を入力ã™ã‚‹ã¨æš—å·åŒ–ã¨å¾©å·ã‚’ã‚„ã£ã¦ãれるよã†ã§ã™ã€‚æš—å·åŒ–ã¯å‡ºæ¥ã¦ã‚‹ã‚ˆã†ã«è¦‹ãˆã¾ã™ãŒã€ãƒ‘スワードを入れã¦ã€å¾©å·ã•ã›ã¾ã—ãŸãŒã€ã€Œç¬‘ã€ã„ã„試ã¿ã§ã™ãã€è§£èªã¯ç„¡ç†ã§ã™ãã€‚å‰µé€ åŠ›ã‚’ç™ºæ®ã—ã¦é ‘å¼µã£ã¦ãã ã•ã„ã€ã¨ç¬‘ã‚ã‚Œã¾ã—ãŸï¼ˆç¬‘)。
$ nc titan.picoctf.net 54320
*****************************************
****************THE ORACLE***************
*****************************************
what should we do for you?
E --> encrypt D --> decrypt.
E
enter text to encrypt (encoded length must be less than keysize): aaa
aaa
encoded cleartext as Hex m: 616161
ciphertext (m ^ e mod n) 4443234402154812773385501834340003636914383861160506214643463504676790998210270710730017166210361998872964038946757473353651450587613192159232519828813975
what should we do for you?
E --> encrypt D --> decrypt.
D
Enter text to decrypt: 2575135950983117315234568522857995277662113128076071837763492069763989760018604733813265929772245292223046288098298720343542517375538185662305577375746934
Lol, good try, can't decrypt that for you. Be creative and good luck
what should we do for you?
E --> encrypt D --> decrypt.
^C
ã¡ã‚‡ã£ã¨ã€ã“ã“ã‹ã‚‰ã©ã†ã—ã¦ã„ã„ã‹åˆ†ã‹ã‚Šã¾ã›ã‚“。ギブアップã§ã™ã€‚Crypto ã¯ã€ä»Šã¯ã€åˆæ©çš„ãªå•é¡Œã—ã‹å‡ºæ¥ãªã„よã†ã§ã™ã€‚
flag_printer(500ãƒã‚¤ãƒ³ãƒˆï¼‰
ã¾ã 解ã‘ã‚‹æ°—ãŒã—ãªã„ã®ã§ã€å¾Œæ—¥ã«ã—ã¾ã™ã€‚
flag_printerå•é¡Œ
ã“ã‚Œã§ã€Cryptography ã¯çµ‚了ã§ã™ã€‚
ãŠã‚ã‚Šã«
今回ã¯ã€picoCTF ã® picoCTF 2024 ã®ã†ã¡ã€Cryptography ã¨ã„ã†ã‚«ãƒ†ã‚´ãƒªã®å…¨5å•ã«æŒ‘戦ã—ã¾ã—ãŸãŒã€ã¨ã¦ã‚‚難ã—ã‹ã£ãŸã§ã™ã€‚ã“ã‚Œã§ã€ä¸€é€šã‚Šã€picoCTF 2024 ã¯ã‚„ã£ã¦ã¿ãŸæ„Ÿã˜ã§ã™ã€‚ã¾ã ã¾ã ã€å…¨ç„¶ã§ã™ãã€é ‘張りã¾ã™ã€‚
最後ã«ãªã‚Šã¾ã—ãŸãŒã€ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ã‚°ãƒ«ãƒ¼ãƒ—ã®ãƒ©ãƒ³ã‚ングã«å‚åŠ ä¸ã§ã™ã€‚
気楽ã«ãƒãƒãƒƒã¨ã‚ˆã‚ã—ããŠé¡˜ã„ã„ãŸã—ã¾ã™ðŸ™‡
今回ã¯ä»¥ä¸Šã§ã™ï¼
最後ã¾ã§ãŠèªã¿ã„ãŸã ãã€ã‚ã‚ŠãŒã¨ã†ã”ã–ã„ã¾ã—ãŸã€‚
