美文网首页
CTF-CRYPTO #python#beale#套路

CTF-CRYPTO #python#beale#套路

作者: Watanuki | 来源:发表于2018-08-22 18:15 被阅读0次

    bill——flag{hippopotomonstrosesquippedaliophobiawow}

    描述

    Bill? No! I'm Beale! 查看页面有……(套路1:key是反色的)
    key='''fgal{0fa1d0799742c79f6077ab7a5d9e0686287430b0234c9b426bc619e1253e3338a51ea1cc0dab1a}
    cipher = ''' bvgk mrclrscv bzeuivu, tzmzc lerczverscv nv, ivuivjj lertbefncvuxvu yzj aluztzrip wfid vrty mrclrscv, nyvivsp czxyk yzkyvi nrxzex mfztv vevdzvj nrievu efn efn wzid mrclrscv erkzmv rjjvek nzkyze zj letfdwfikrscv nzkyflk svevwzkj fggivjjzfej drecp svtfdv uvizmzex lewzk hlrikvizex zejkzklkv lewzk tfejkirzevu jtritvcp mrclrscv bvgk uztkrkv vetflirxv ilcvi jvtliv, czsvikp jkrxv wleurdvekrccp tfddzk grikj crixv srisriflj sfuzvj vrk yrmv yzjkfip uzjrmfn ilcv lkkvicp zddvuzrkv fli treuzu tfejvek bzeuivu gligfjv fw nrekzex kzcc evn hlrikvizex urexvij aljkztv urexvij befne zejkzklkv czxyk tilvckp, aljk, rckvi, tyrexvu rggvrczex hlrikvizex xfmviedvekj nrievu sv yrirjj trgkzmv drecp sizex, aljk, czxyk jkrkvj, hlrikvizex yzjkfip fgvirkzfe ivjk jyrcc votzkvu evn, ivwljvu jvek kizrc uzjjfcmv xzmzex srisriflj vrty erkzmv kilkyj, jlsdzkkvu uzjkiztkj xzmzex uvjkifpvu dvitzcvjj lertbefncvuxvu vjkrsczjyvu ivjk yzxy dlckzkluv bzeuivu grpdvek erkzmv kylj wlcc bvgk mfztv xfmviedvek wzid aluztzrip hlrikvizex riv kizvu zevjkzdrscv fmvi dliuvi fev nzkyflk gvkzkzfevu vetflirxv ivwljvu zdgfjzex cvk aljk nyvivsp dliuvi uvtcriv efn dvitverizvj mfztv rggvrcvu fi, vmvip aljk, xzmzex gizetzgcvj, yfljvj cvxzjcrkliv kyifn kyre xlriuj zeuvgveuvek jlwwviretv ivczretv bvgk fw xfmviedvek, czsvikp kyv glsczt zj fww, dvitverizvj ivjgvtk xzmzex hlrikvizex hlrikvizex xfmviedvekj glsczjy hlrikvizex, czmvj yrj bzeuivu, mrclrscv lerczverscv evn dvrekzdv trjvj wfi, grikj vecrixzex reu hlrikvizex, wfiszuuve letfdwfikrscv jvgrirkv wrtkj aljkztv uzjrmfn fi trccvu bzeuivu alizjuztkzfe hlrikvizex, rnrp rjjldv sv, svve, glsczt aluxvj yfljvj xfmviedvekj wzid mfztv evxcvtkvu svknvve zdgfjzex jvcw kzvj wifd mfztv, leljlrc riv kizvu, rdflek cvxzjcrkv izxykj drep, zdgfjzex givjvek.

    分析

    1.搜了下BEALE,是一种加密方式,拿到数字列表后,依次读取书里单词的首位字母。
    2.这个时候脑子有点抽了开始研究给出的cipher和独立宣言的关系(),下了个独立宣言,尝试破解单字母替代,发现频率只能分析出第一位,然后开始写代码循环去猜测对照关系,写了好久……
    3.然后大佬忽然打断我说其实只是凯撒(),好的,拿出自己珍藏已久的区分大小写、跳过非字母的凯撒!顺便优雅的做了下英文判断!
    4.然后被fgal{}迷惑了,写了个fence解……但是答案一直不对。比赛结束后大佬说直接提交就可以了呀()
    开心点吧朋友们。

    人!间!不!值!得!

    def CaesarHack(text,key): #区分大小写,解密时输入负数key
        import string
        All = string.ascii_letters
        new = ''
        key = key % 26
        for i in range(len(text)):
            if text[i] in All:
                j = 0
                if ord(text[i])>= ord('a') :
                    j = ord(text[i])+key
                    if j > ord('z') :
                        j -= 26
                else:
                    j = ord(text[i])+key
                    if j > ord('Z') :
                        j -= 26
                print(j)
                new += chr(j)
            else:
                new += text[i]
        return new
        
    def str2dec(string):#16进制转10进制列表
        string = string[5:-1]
        print('1,',string)
        result = []
        for i in range(len(string)//2):
            result += [int(string[2*i:2*i+2],base=16)]
        print('2,',result)
        return result
        
    def sol(cipher,key): #bill
        a = cipher.split()
        result = ''
        for i in key:
            result += a[i][0]
        return(result)
        
    def Fen(x):#栅栏,返回结果flag{}
        x1 =''
        x2=''
        x3=''
        x4=''
        result = ''
        for i in range(len(x)):
            if i%4 ==0:x1+=x[i]
            elif i%4 ==1:x2+=x[i]
            elif i%4 ==2:x3+=x[i]
            elif i%4 ==3:x4+=x[i]
        for i in range(len(x)//4):
            result += x1[i]+x4[i]+x3[i]+x2[i]
        print('3',x)
        return result
    
    for i in range(26):
        #print(i)
        a = duli.lower().split()
        cae = CaesarHack(cipher,i)
        x1 = cae.split()
        if (x1[0] in a) or (x1[1] in a):#判断英文
            print(cae)
            break
    x = sol(cae,str2dec(key))
    #x = Fen('fgal{'+x+'}')
    print('end,flag{'+x+'}')
    
    
    看起来多像正确答案! 钟sir发来的……一看不就是我最后多了一步!

    总结

    1.不要沉迷编程……先把人想得简单点。
    2.但是也不要太相信人了!()
    3.明天的作业是把substitute破解的代码实现写出来。
    4.人间不值得

    补充

    把替代加密的破解写完了,但是有的解不出来……实在没招。发现这段文字还少个了Q,那么Q一定对应是Z了!()

    四个字母没跑出来 没关系我们可以手动出来!
    #!/usr/bin/env python
    # -*- coding: utf-8 -*-
    # ReplaceDecode by Yunkai.He 
    import WordPatternDict,GetWordPattern,re,pprint,ReplaceEncode
    
    def LetterReference(WordRefer,WordDict): #将新单词的预测字典加入字典WordDict中,重复key的value作交集处理
        
        for letter in WordRefer: 
            if letter in WordDict:#交集
                for i in WordDict[letter]:
                    if i not in WordRefer[letter]:
                        WordDict[letter].remove(i)
            else:
                WordDict[letter] = WordRefer[letter]
                    
    def WordReference(word,Candidate):  #将单词字符串与预测列表新生成无空value的字典WordRefer,重复key的value作并集处理
        WordRefer ={}
        for i in range(len(word)): #依次读取密文字符串每个字母word[i]
            WordRefer[word[i]] =[]
            for j in range(len(Candidate)): #依次读取可能对应的明文Candidate[j]
                if Candidate[j][i] not in WordRefer[word[i]]:  #并集
                    WordRefer[word[i]].append(Candidate[j][i])
        return  WordRefer
    def Simple(WordDict,SimpleDict): #根据可选数为1的预测进行一轮排除简化,已测试功能无误
        for letter in WordDict:
            if len(WordDict[letter]) == 1:
                SimpleDict[letter] = (WordDict[letter][0]) #只有一个则输出到SimpleDict中
                for i in WordDict:
                    for j in WordDict[i]:
                        if j == SimpleDict[letter]:
                            WordDict[i].remove(SimpleDict[letter]) #list赋值是动态链接,注意remove的效果影响   
    def main():
        EncodedString = '''bvgk mrclrscv bzeuivu, tzmzc lerczverscv nv, ivuivjj lertbefncvuxvu yzj aluztzrip wfid vrty mrclrscv, nyvivsp czxyk yzkyvi nrxzex mfztv vevdzvj nrievu efn efn wzid mrclrscv erkzmv rjjvek nzkyze zj letfdwfikrscv nzkyflk svevwzkj fggivjjzfej drecp svtfdv uvizmzex lewzk hlrikvizex zejkzklkv lewzk tfejkirzevu jtritvcp mrclrscv bvgk uztkrkv vetflirxv ilcvi jvtliv, czsvikp jkrxv wleurdvekrccp tfddzk grikj crixv srisriflj sfuzvj vrk yrmv yzjkfip uzjrmfn ilcv lkkvicp zddvuzrkv fli treuzu tfejvek bzeuivu gligfjv fw nrekzex kzcc evn hlrikvizex urexvij aljkztv urexvij befne zejkzklkv czxyk tilvckp, aljk, rckvi, tyrexvu rggvrczex hlrikvizex xfmviedvekj nrievu sv yrirjj trgkzmv drecp sizex, aljk, czxyk jkrkvj, hlrikvizex yzjkfip fgvirkzfe ivjk jyrcc votzkvu evn, ivwljvu jvek kizrc uzjjfcmv xzmzex srisriflj vrty erkzmv kilkyj, jlsdzkkvu uzjkiztkj xzmzex uvjkifpvu dvitzcvjj lertbefncvuxvu vjkrsczjyvu ivjk yzxy dlckzkluv bzeuivu grpdvek erkzmv kylj wlcc bvgk mfztv xfmviedvek wzid aluztzrip hlrikvizex riv kizvu zevjkzdrscv fmvi dliuvi fev nzkyflk gvkzkzfevu vetflirxv ivwljvu zdgfjzex cvk aljk nyvivsp dliuvi uvtcriv efn dvitverizvj mfztv rggvrcvu fi, vmvip aljk, xzmzex gizetzgcvj, yfljvj cvxzjcrkliv kyifn kyre xlriuj zeuvgveuvek jlwwviretv ivczretv bvgk fw xfmviedvek, czsvikp kyv glsczt zj fww, dvitverizvj ivjgvtk xzmzex hlrikvizex hlrikvizex xfmviedvekj glsczjy hlrikvizex, czmvj yrj bzeuivu, mrclrscv lerczverscv evn dvrekzdv trjvj wfi, grikj vecrixzex reu hlrikvizex, wfiszuuve letfdwfikrscv jvgrirkv wrtkj aljkztv uzjrmfn fi trccvu bzeuivu alizjuztkzfe hlrikvizex, rnrp rjjldv sv, svve, glsczt aluxvj yfljvj xfmviedvekj wzid mfztv evxcvtkvu svknvve zdgfjzex jvcw kzvj wifd mfztv, leljlrc riv kizvu, rdflek cvxzjcrkv izxykj drep, zdgfjzex givjvek.
    '''
        CipherList = re.split('[^A-Z]+', EncodedString.upper()) #通过正则匹配,分成大写字符单词列表
        Reference,WordDict,SimpleDict = {},{},{}
        for word in CipherList:#调用GetWordPattern.py中的函数获取WordPattern,调用WordDict.py中的变量生成word-candidate的字典Reference
            WordPattern = GetWordPattern.GetWordPattern(word) 
            if WordPattern in WordPatternDict.AllPattern: 
                Reference[word] = WordPatternDict.AllPattern[WordPattern]
        #print(Reference)
        for word in Reference: #调用本地函数获取字母预测表refer,通过增加单词,不断简化和补充WordDict。
            refer = WordReference(word,Reference[word])
            LetterReference(refer,WordDict)
            #print('*******************************')
            #print(WordDict)
        i = 0
        while len(SimpleDict) != len(WordDict) :#破解的标志设置为密文中所有字母都有了确定解or实在破解不了时break,人工介入
            Simple(WordDict,SimpleDict)
            i += 1
            if i == 999:
                break
            #print(WordDict)
        if i == 999:
            print('fail to crack.the possible reference might be this:\n')
            print(WordDict)
            key,value='',''     
            for i in sorted(SimpleDict):
                key += i
                value += SimpleDict[i]
            for i in WordDict:
                if WordDict[i]: 
                    key += i
                    value += ' '
            print(key+key.lower(),value+value.lower(),sep='\n')         
        else :
            print('Cracked!the cipher text"%s" might means:\n%s'%(EncodedString,ReplaceEncode.Encode(SimpleDict,EncodedString)))
            print(WordDict)
        print('Done.')
    if __name__=='__main__':
        main()
    

    谢谢观赏,整个代码贼长……只贴出来破解的地方说明下思路……还是没有完美的解决方案,不过可以凑合大部分了(),现在还没有搞定在多个可选项里直接全跑出来给人选的方案……以后再说把!

    相关文章

      网友评论

          本文标题:CTF-CRYPTO #python#beale#套路

          本文链接:https://www.haomeiwen.com/subject/tawyiftx.html