ctfshow刷题记录-cry方向-1

0x00

题目来源:ctfshow 菜狗杯 crypto方向 base47
题目描述:
神必字符: E9CVT+HT5#X36RF4@LAU703+F$E-0N$@68LMXCVDRJJD5@MP#7MUZDTE?WWLG1S#L@+66H@59KTWYK8TW0RV
神必字典:
0123456789ABCDEFGHJKLMNPQRSTUVWXYZ?!@#$%^&*-+

0x01

第一次做这种base换表的题目,在网上查了查相关wp,感觉自己对base家族还不太熟悉,于是自己先用py写了个base64的加解密的脚本,代码如下:

string1 = "E9CV^T+HT5#X36RF4@LAU703+F$E-0N$@68LMXCVDRJJD5@MP#7MUZDTE?WWLG1S#L@+^66H@59KTWYK8TW0RV"
test_string = "abc123"
dict1 = "0123456789ABCDEFGHJKLMNPQRSTUVWXYZ?!@#$%^&*-+"


def base64_encode(test_string):
    dict2 = ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/")# base64表
    temp_string = str()
    for i in test_string:  # 字符->二进制ascii码, 放到temp_string里
        temp_string += bin(ord(i))[2:].zfill(8)
    temp_list = list() 
    if len(test_string) % 3 == 1:
        temp_string += "0000"
    if len(test_string) % 3 == 2:
        temp_string += "00"
    while temp_string!='':
        temp_list.append(temp_string[0:6])
        temp_string=temp_string[6:]
    fina_list = list()  # 以这些6位的二进制数值查找base表,存到fina_list中
    for i in range(0, len(temp_list)):
        fina_list.append(dict2[int(temp_list[i], 2)])
    fina_string = str()
    for i in fina_list:  # 转化成字符串fina_string
        fina_string +=  i
    if len(test_string) % 3 == 1:
        fina_string += "=="
    if len(test_string) % 3 == 2:
        fina_string += "="
    return fina_string

'''print("asfaegqfa123:", base64_encode("asfaegqfa123"), "YXNmYWVncWZhMTIz"==base64_encode("asfaegqfa123"))
print("asfaegqfa12:", base64_encode("asfaegqfa12"), "YXNmYWVncWZhMTI="==base64_encode("asfaegqfa12"))
print("asfaegqfa1231:", base64_encode("asfaegqfa1231"), "YXNmYWVncWZhMTIzMQ=="==base64_encode("asfaegqfa1231"))'''


def base64_decode(string):
    #dict2 = "0123456789ABCDEFGHJKLMNPQRSTUVWXYZ?!@#$%^&*-+"
    dict2="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
    list2 = list(dict2)
    temp_string=str()
    if string[-1] == "=" and string[-2] == "=":
        string = string[0 : len(string) - 2]
    if string[-1] == "=" and string[-2] != "=":
        string = string[0 : len(string) - 1]
    for i in string:  # 字符转二进制码
        temp_string+=str(bin(list2.index(i))[2:].zfill(6))
    length=len(temp_string)
    if length%8==2:
        temp_string=temp_string[0:length-2]
    if length%8==4:
        temp_string=temp_string[0:length-4]
    fina_list=list()
    while temp_string!='':   #每八位分一组  放入fina_list中
        fina_list.append(temp_string[0:8])
        temp_string=temp_string[8:] 
    fina_string=str()
    for i in fina_list:
        fina_string+=chr(int(i,2))
    return fina_string

'''print("asfaegqfa123"==base64_decode("YXNmYWVncWZhMTIz"))
print("asfaegqfa12" == base64_decode("YXNmYWVncWZhMTI="))
print("asfaegqfa1231"==base64_decode(""))'''
`

后来问了问王师傅,基本理解了base的本质其实就是进制转换,每个字符串都对应一串256进制的数字(一个字符都是8bit,用ascii解码方式) 回过头来看题目,这个其实就是base45加密的字符串,思路应该是密文中每个字符对应字典的下标这一串数字是len(字典)进制的,先转成10进制,再转ascii码字符串即可,脚本代码如下:

import libnum
cipher = "E9CV^T+HT5#X36RF4@LAU703+F$E-0N$@68LMXCVDRJJD5@MP#7MUZDTE?WWLG1S#L@+^66H@59KTWYK8TW0RV" 
key = "0123456789ABCDEFGHJKLMNPQRSTUVWXYZ?!@#$%^&*-+"
sum=0
for i in range(len(cipher)):
    sum+=key.index(cipher[i])*pow(len(key),len(cipher)-1-i)
flag=libnum.n2s(sum)
print(flag)

0x02

由这道题引发的思考,可不可以做一个base任意数字的编码,由上述原理写出了一个basexx加解密的脚本,代码如下:

import libnum
def base_xx_decode(cipher):
    # key为任意映射表 
    # key = "0123456789ABCDEFGHJKLMNPQRSTUVWXYZ?!@#$%^&*-+"  
    key = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"  #base64表
    sum = 0
    for i in range(len(cipher)):
        sum += key.index(cipher[i]) * pow(len(key), len(cipher) - 1 - i)  #len(key)进制转10进制
    flag = libnum.n2s(sum)    #ascii值转字符串
    return flag
print(base_xx_decode("YWJjMTIz"))       # just an example  =='abc123'

def base_xx_encode(plaintext):
    key = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
    beichushu = libnum.s2n(plaintext)
    cipher=str()
    chushu = len(key)   #给chushu yushu shang beichushu赋初值  然后辗转相除法进行10进制转len(key)进制,并直接映射到cipher里
    yushu = beichushu % chushu
    shang = beichushu // chushu
    beichushu = shang
    cipher += key[yushu]
    while shang != 0:
        yushu = beichushu % chushu
        shang = beichushu // chushu
        beichushu = shang
        cipher += key[yushu]
    cipher=cipher[::-1]
    return cipher
print(base_xx_encode("abc123"))  # just an example   =='YWJjMTIz' 

这个脚本只能加解密无填充规则且ascii编码的那种,比如base64就是无“=”

热门相关:护花猎王   北宋闲王   黑暗血时代   三国之袁氏枭雄   资本大唐