CTF of Z2BNS
0%

GENERAL

发表于 分类于
| 阅读次数: |
Valine:
本文字数: 596 阅读时长 ≈ 1 分钟

This category tests your skills in fundamental areas for understanding modern cryptography. These include data encoding, the XOR operator, and basic modular arithmetic. You may know this stuff already, but you can still gain points and have fun completing these challenges!

ENCODING
ASCII

题目描述

image-20211102112315562

python代码

1
2
3
4
5
arr=[99, 114, 121, 112, 116, 111, 123, 65, 83, 67, 73, 73, 95, 112, 114, 49, 110, 116, 52, 98, 108, 51, 125]
flag=''
for i in arr:
	flag+=chr(i)
print(flag)
Hex

题目描述

image-20211102112418283

python代码

1
2
3
s='63727970746f7b596f755f77696c6c5f62655f776f726b696e675f776974685f6865785f737472696e67735f615f6c6f747d'
flag=bytes.fromhex(s)
print(flag)
Base64

题目描述

image-20211102113128460

python代码

1
2
3
4
import base64
s='72bca9b68fc16ac7beeb8f849dca1d8a783e8acf9679bf9269f7bf'
flag=base64.b64encode(bytes.fromhex(s))
print(flag)
Bytes and Big Integers

题目描述

image-20211102113651203

python代码

1
2
3
4
5
from Crypto.Util.number import *

s=11515195063862318899931685488813747395775516287289682636499965282714637259206269
flag=long_to_bytes(s)
print(flag)
Encoding Challenge

题目描述

image-20211102114115521

解题过程

服务端运行的13377.py文件内容如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#!/usr/bin/env python3

from Crypto.Util.number import bytes_to_long, long_to_bytes
from utils import listener # this is cryptohack's server-side module and not part of python
import base64
import codecs
import random

FLAG = "crypto{????????????????????}"
ENCODINGS = [
    "base64",
    "hex",
    "rot13",
    "bigint",
    "utf-8",
]
with open('/usr/share/dict/words') as f:
    WORDS = [line.strip().replace("'", "") for line in f.readlines()]


class Challenge():
    def __init__(self):
        self.challenge_words = ""
        self.stage = 0

    def create_level(self):
        self.stage += 1
        self.challenge_words = "_".join(random.choices(WORDS, k=3))
        encoding = random.choice(ENCODINGS)

        if encoding == "base64":
            encoded = base64.b64encode(self.challenge_words.encode()).decode() # wow so encode
        elif encoding == "hex":
            encoded = self.challenge_words.encode().hex()
        elif encoding == "rot13":
            encoded = codecs.encode(self.challenge_words, 'rot_13')
        elif encoding == "bigint":
            encoded = hex(bytes_to_long(self.challenge_words.encode()))
        elif encoding == "utf-8":
            encoded = [ord(b) for b in self.challenge_words]

        return {"type": encoding, "encoded": encoded}

    #
    # This challenge function is called on your input, which must be JSON
    # encoded
    #
    def challenge(self, your_input):
        if self.stage == 0:
            return self.create_level()
        elif self.stage == 100:
            self.exit = True
            return {"flag": FLAG}

        if self.challenge_words == your_input["decoded"]:
            return self.create_level()

        return {"error": "Decoding fail"}


listener.start_server(port=13377)


分析代码发现,每次输入会执行challenge(),只有当stage==100时会输出flag,而改变stage的值需要调用create_level()函数,也就是要成功执行100次create_level()函数,解题脚本pwntools_example.py如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
from pwn import * # pip install pwntools
import json
import codecs
from Crypto.Util.number import bytes_to_long, long_to_bytes
#远程连接
r = remote('socket.cryptohack.org', 13377, level = 'debug')
#接收信息
def json_recv():
    line = r.recvline()
    return json.loads(line.decode())
#发送信息
def json_send(hsh):
    request = json.dumps(hsh).encode()
    r.sendline(request)

for i in range(100):
	received = json_recv()
	print('***************************************************************第',i+1,'次********************************')

	print("Received type: ")
	print(received["type"])
	print("Received encoded value: ")
	print(received["encoded"])
	print(type(received["encoded"]))
    #将接收到的信息解密后发送出去
	encoding=received["type"]
	if encoding == "base64":
        #b64decode()参数是str类型,返回结果是bytes类型,使用.deocode()把bytes类型转成str类型赋值给decoded变量
	    decoded = base64.b64decode(received["encoded"]).decode() # wow so encode
	elif encoding == "hex":
        #bytes.fromhex(str),将16进制格式的字符串转成bytes类型,如'686f737069'->b'hospi'
	    decoded = bytes.fromhex(received["encoded"]).decode()
	elif encoding == "rot13":
	    decoded = codecs.decode(received["encoded"], 'rot_13')
	elif encoding == "bigint":
        #先用int(str,16)将16进制格式字符串转成整型,再使用long_to_bytes()转成bytes
	    decoded = long_to_bytes(int(received["encoded"],16)).decode()
	elif encoding == "utf-8":
        #把数组中的每一个整数转成对应的ASCII字符,再将数组转成字符串
	    decoded =''.join(chr(b) for b in received["encoded"])
	to_send = {
	    "decoded": decoded
	}
    #发送信息到服务端
	json_send(to_send)


XOR
XOR Starter
XOR Properties
Favourite byte
You either know, XOR you don’t
Lemur XOR
MATHEMATICS
DATA FORMATS
------------- THE END! THANKS! -------------