Problem: [NSSRound#22 Basic]简简又单单
思路
- 解题大致思路
EXP
- 具体攻击代码
def rc4_decrypt(key, data):
"""
RC4解密函数
:param key: 密钥 (bytes或string)
:param data: 密文数据 (bytes或list of int)
:return: 明文字符串
"""
if isinstance(key, str):
key = key.encode('utf-8')
if isinstance(data, list):
data = bytes(data)
# 初始化S和T数组
S = list(range(128))
T = [key[i % len(key)] for i in range(128)]
# 初始化
j = 0
for i in range(128):
j = (j + S[i] + T[i]) % 128
S[i], S[j] = S[j], S[i] # 交换
# 生成密钥流并解密
i = j = 0
output = []
for k in range(len(data)):
i = (i + 1) % 128
j = (j + S[i]) % 128
S[i], S[j] = S[j], S[i] # 交换
keystream_byte = S[(S[i] + S[j]) % 128]
decrypted_byte = data[k] ^ keystream_byte
output.append(decrypted_byte)
# 转换为字符串
plaintext = bytes(output).decode('utf-8', errors='replace')
return plaintext
# 密钥和密文
key = "NS5_R0Un6_z2_apK"
encrypted_data = [
0x57, 0x2e, 0x18, 0x0b, 0x1a, 0x68, 0x0b, 0x3e,
0x52, 0x76, 0x34, 0x4b, 0x24, 0x1d, 0x5b, 0x52,
0x52, 0x5a, 0x04, 0x31, 0x73, 0x34, 0x6b, 0x13,
0x55, 0x44, 0x20, 0x28
]
# 解密
plaintext = rc4_decrypt(key, encrypted_data)
print(plaintext)
NSSCTF{V3ry_4z_1ib_W1th_4pk}
总结
- 对该题的考点总结