Problem: [SWPUCTF 2021 新生赛]简简单单的解密
思路
- 解题大致思路
EXP
- 具体攻击代码
总结
- 对该题的考点总结
import base64, urllib.parse
# 精简的RC4解密解决方案
# 已知的加密结果和密钥
enc = "%C2%A6n%C2%87Y%1Ag%3F%C2%A01.%C2%9C%C3%B7%C3%8A%02%C3%80%C2%92W%C3%8C%C3%BA"
key = "HereIsFlagggg"
# 主解密函数
def rc4_decrypt(ciphertext, key):
# 初始化S盒
s_box = list(range(256))
j = 0
for i in range(256):
j = (j + s_box[i] + ord(key[i % len(key)])) % 256
s_box[i], s_box[j] = s_box[j], s_box[i]
# 生成密钥流并解密
plaintext = []
i = j = 0
for s in ciphertext:
i = (i + 1) % 256
j = (j + s_box[i]) % 256
s_box[i], s_box[j] = s_box[j], s_box[i]
k = s_box[(s_box[i] + s_box[j]) % 256]
plaintext.append(chr(ord(s) ^ k))
return "".join(plaintext)
# 十六进制转ASCII(精简版)
def hex_to_ascii(hex_values):
return ''.join([chr(int(h, 16)) for h in hex_values])
# 执行解密流程
if __name__ == "__main__":
# 1. URL解码
url_decoded = urllib.parse.unquote(enc)
# 2. 简化的base64处理(实际无需操作)
cipher = url_decoded
# 3. RC4解密得到flag
flag = rc4_decrypt(cipher, key)
# 4. 获取并显示flag的十六进制表示
flag_hex = [hex(ord(c)) for c in flag]
# print(f"flag的十六进制表示: {flag_hex}")
# 5. 十六进制转ASCII验证
ascii_flag = hex_to_ascii(flag_hex)
# 6. 输出结果
print(f"\n最终flag: {flag}")