blowfishgame
Category: Cryptography
Source: 祥云杯2020
Author: unknown
Score: 35
Description
Solution
CBC 翻转攻击使 message 前 8 字节为 get_flag,然后就是简单的逐字节爆破,我全都防出去了,防出去了啊。
# -*- coding: utf-8 -*-
# @Project: Hello Python!
# @File : exp
# @Author : Nonuplebroken <birkenwald.cn>
# @Date : 2020-11-22
from pwn import *
import string
import itertools
from hashlib import sha384
import re
import base64
def PoW(part, hash_value):
alphabet = string.ascii_letters + string.digits
for x in itertools.product(alphabet, repeat=3):
nonce = ''.join(x)
if sha384(nonce + part).hexdigest() == hash_value:
return nonce
def xor(a, b):
assert len(a) == len(b)
return ''.join([chr(ord(a[i])^ord(b[i])) for i in range(len(a))])
sh = remote('8.131.69.237', 15846)
s1 = sh.recvuntil('Give me XXX:')
re_res = re.search(r'sha384\(XXX\+([a-zA-Z0-9]{17})\) == ([0-9a-f]{96})', s1)
part = re_res.group(1)
hash_value = re_res.group(2)
print 'part:', part
print 'hash_value:', hash_value
nonce = PoW(part, hash_value)
print 'nonce:', nonce
sh.sendline(nonce)
_ = [sh.recvline() for i in range(8)]
s1 = sh.recvline()
s1 = base64.b64decode(s1)
iv, c = s1[:8], s1[8:]
print len(iv)
print len(c)
d_c1 = xor('Blowfish', iv)
new_iv = xor(d_c1, 'get_flag')
get_flag = base64.b64encode(new_iv + c)
print get_flag
flag = ''
alphabet = 'flag{}-0123456789abcdef'
# alphabet = string.printable
for i in range(42):
sh.sendline(get_flag)
target_m = ('x' * (47 - i))
sh.sendline(target_m)
target_c = base64.b64decode(sh.recvline())
for x in alphabet:
sh.sendline(get_flag)
test_m = ('x' * (47 - i)) + flag + x
sh.sendline(test_m)
test_c = base64.b64decode(sh.recvline())
if test_c[:48] == target_c[:48]:
flag += x
print '[%02d/42] %s' % (i+1, flag)
break
sh.interactive()
Flag
flag{ba524422-7769-4d00-bd4d-6d6946c173ce}
Reference
Writeup from https://mp.weixin.qq.com/s/0b9nQRxkbu7mDPji_Y8Ghw