美文网首页强网杯2017
强网杯2017Misc-random

强网杯2017Misc-random

作者: pi2ply | 来源:发表于2017-09-12 18:34 被阅读55次
    首先把pyo反编译成py文件

    pyo文件,是python编译优化后的字节码文件
    可以用uncompyle这个工具来反编译
    有pip的情况下直接pip install uncompyle6就可以下载好
    然后输入 uncompyle6 in.pyo out.py 可以得到反编译结果

    # uncompyle6 version 2.11.5
    # Python bytecode 2.7 (62211)
    # Decompiled from: Python 2.7.12 (default, Nov 19 2016, 06:48:10) 
    # [GCC 5.4.0 20160609]
    # Embedded file name: encrypt.py
    # Compiled at: 2017-07-11 02:19:27
    from random import randint
    from math import floor, sqrt
    _ = ''
    __ = '_'
    ____ = [ ord(___) for ___ in __ ]
    _____ = randint(65, max(____)) * 255
    for ___ in range(len(__)):
        _ += str(int(floor(float(_____ + ____[___]) / 2 + sqrt(_____ * ____[___])) % 255)) + ' '
    
    print _
    # okay decompiling encrypt.pyo
    File 'encrypt.py' doesn't exist. Skipped
    # 
    # Successfully decompiled file
    
    
    为了代码的可读性把变量名标识成容易理解的单词:
    from random import randint
    from math import floor, sqrt
    ciphertext = ''
    plaintext = 'abcde'
    array = [ ord(x) for x in plaintext ]
    
    key = randint(65, max(array)) * 255  #65-127
    
    for x in range(len(plaintext)):
        ciphertext += str(int(floor(float(key + array[x]) / 2 + sqrt(key * array[x])) % 255)) + ' '
    
    print ciphertext
    
    

    观察发现,虽然Key随机生成,但是它的生成范围为(65, max(array)),而array为可显明文的十进制ASCII值,也就是说key的最大生成范围为(65, 127),而以上代码是逐个字符进行加密,且每次都是使用同一个密钥key,在已知密文的情况下我们可以考虑使用蛮力攻击爆破明文。计算次数为:
    19 (明文长度) * (127 - 65)(可能明文) * (127 - 65)(可能密钥) = 70360
    --(参考官方wp)

    爆破脚本↓
    from random import randint
    from math import floor, sqrt
    import string
    
    data=[208,140,149,236,189,77,193,104,202,184,97,236,148,202,244,199,77,122,113]
    prints = string.printable
    
    for key in range(65,128):
        flag=''
        key = key * 255
        for i in range(19):
            for char in prints:
                if ord(char) > 64:
                    a = int(floor(float(key + ord(char)) / 2 + sqrt( key * ord(char))) % 255)
                
                    if a == data[i]:
                        flag+=char
        if len(flag)==19:
            print flag
    

    相关文章

      网友评论

        本文标题:强网杯2017Misc-random

        本文链接:https://www.haomeiwen.com/subject/npocsxtx.html