0%

RC4解密原理

2024-07-11 20:00By
JHWong
RC4Python算法分析语言逆向逆向技术

Problem: [SWPUCTF 2021 新生赛]简简单单的解密

[[toc]]

思路

新手但是有点 cry 基础,在并不熟悉 RC4 的情况下解出来了。

import base64,urllib.parse
key = "HereIsFlagggg"
flag = "xxxxxxxxxxxxxxxxxxx"

s_box = list(range(256))
print(s_box)
j = 0
for i in range(256):
    j = (j + s_box[i] + ord(key[i % len(key)])) % 256
    s_box[i], s_box[j] = s_box[j], s_box[i]
print(s_box)
res = []
i = j = 0
for s in flag:
    i = (i + 1) % 256
    j = (j + s_box[i]) % 256
    s_box[i], s_box[j] = s_box[j], s_box[i]
    t = (s_box[i] + s_box[j]) % 256
    k = s_box[t]
    res.append(chr(ord(s) ^ k))
cipher = "".join(res)
crypt = (str(base64.b64encode(cipher.encode('utf-8')), 'utf-8'))
enc = str(base64.b64decode(crypt),'utf-8')
enc = urllib.parse.quote(enc)
print(enc)
# enc = %C2%A6n%C2%87Y%1Ag%3F%C2%A01.%C2%9C%C3%B7%C3%8A%02%C3%80%C2%92W%C3%8C%C3%BA

可以看到加密逻辑中前面一大段看着吓人但是没用。直接跑一下就知道最后的s_box 是啥了。
NSSIMAGE
然后,后面的加密过程主要是按照一定逻辑产生k,使得k与明文异或。这里不需要逆过程,因为按照正流程就可以获取得到k了。所以直接正流程得到k对密文异或即可。
最后还有一个编码问题,因为对base64采取了加密、解密两个流程。所以两个操作抵消了。只剩下url编码。

EXP

key = "HereIsFlagggg"
enc = "%C2%A6n%C2%87Y%1Ag%3F%C2%A01.%C2%9C%C3%B7%C3%8A%02%C3%80%C2%92W%C3%8C%C3%BA"
crypt =urllib.parse.unquote(enc)
flag=''
s_box = [201, 41, 34, 138, 39, 23, 155, 169, 37, 231, 162, 202, 217, 43, 157, 90, 244, 85, 211, 44, 172, 2, 97, 29, 45, 28, 30, 7, 21, 158, 108, 27, 144, 112, 89, 33, 124, 0, 149, 215, 145, 153, 154, 73, 99, 62, 31, 32, 251, 131, 121, 191, 66, 220, 132, 100, 161, 160, 205, 237, 12, 250, 92, 190, 101, 238, 135, 78, 229, 17, 9, 185, 24, 38, 18, 178, 68, 218, 222, 119, 22, 192, 91, 141, 200, 36, 84, 163, 188, 103, 227, 125, 13, 146, 208, 140, 252, 242, 173, 6, 63, 179, 75, 1, 72, 247, 170, 122, 20, 193, 117, 194, 69, 249, 210, 26, 55, 214, 177, 11, 114, 118, 3, 105, 60, 196, 83, 129, 180, 189, 207, 147, 175, 133, 137, 195, 40, 159, 143, 225, 71, 241, 5, 186, 240, 234, 156, 110, 94, 130, 223, 246, 245, 152, 182, 70, 181, 197, 213, 123, 77, 228, 204, 253, 224, 236, 51, 14, 25, 167, 49, 58, 139, 104, 136, 67, 98, 102, 53, 56, 151, 52, 199, 74, 164, 120, 48, 198, 176, 230, 93, 233, 235, 86, 232, 142, 255, 65, 248, 183, 87, 10, 47, 174, 46, 106, 111, 148, 209, 221, 81, 95, 61, 79, 15, 54, 80, 212, 57, 35, 171, 8, 166, 96, 64, 82, 88, 127, 184, 203, 243, 50, 226, 165, 134, 239, 109, 116, 254, 128, 59, 107, 168, 150, 19, 16, 187, 206, 113, 115, 4, 42, 76, 219, 216, 126]
res = []
i = j = 0
for s in crypt:
    i = (i + 1) % 256
    j = (j + s_box[i]) % 256
    s_box[i], s_box[j] = s_box[j], s_box[i]
    t = (s_box[i] + s_box[j]) % 256
    k = s_box[t]
    flag+=chr(ord(s) ^ k)

print(flag)

总结

  • 对该题的考点总结
还没有人赞赏,快来当第一个赞赏的人吧!
  
© 著作权归作者所有
加载失败
广告
×
评论区
添加新评论
文章信息
板块REVERSE
作者
JHWong
目录导航