题目
给了一个enc.txt和附件,附件中有伪码如下
get buf unsign s[256]
get buf t[256]
we have key:hello world
we have flag:????????????????????????????????
for i:0 to 256
set s[i]:i
for i:0 to 256
set t[i]:key[(i)mod(key.lenth)]
for i:0 to 256
set j:(j+s[i]+t[i])mod(256)
swap:s[i],s[j]
for m:0 to 37
set i:(i + 1)mod(256)
set j:(j + S[i])mod(256)
swap:s[i],s[j]
set x:(s[i] + (s[j]mod(256))mod(256))
set flag[m]:flag[m]^s[x]
fprint flagx to file
分析
- 通过前半部分明显看出是RC4
- 加密操作是异或过程,所以通过相同的步骤再来一次异或即可解出明文。
- 参照伪码写出代码如下
s = list(range(256))
t = []
key = "hello world"
for i in range(256):
t.append(key[i % len(key)]) # fill t with key (by circle)
print(t)
j = 0
for i in range(256):
j = (j + s[i] + ord(t[i])) % 256
s[i], s[j] = s[j], s[i]
print(s)
c = open("F:\ChromeCommon\enc\enc.txt","rb").read()
i = 0
j = 0
flag = ""
for ci in c:
i = (i + 1) % 256
j = (j + s[i]) % 256
s[i], s[j] = s[j], s[i]
x = (s[i] + (s[j] % 256)) % 256
flag += chr(ci ^ s[x])
print(flag)
- 前半部分的代码是世界转化过来的,最后一个for循环,伪码中是对明文m进行遍历加密的过程(这也意味着明文共37位),而解密的代码是对密文进行遍。历。