首页
论坛
课程
招聘
[原创]第十题 初入好望角 WriteUp
2019-3-19 12:57 880

[原创]第十题 初入好望角 WriteUp

2019-3-19 12:57
880

第十题 初入好望角 WriteUp

Step 1

 

如图,使用de4dot 脱壳,得到

 

Step 2

载入.Net Reflector

private static void Main(string[] args)
{
    Console.WriteLine("Please Input Serial:");
    if (smethod_0(Console.ReadLine(), "Kanxue2019") == "4RTlF9Ca2+oqExJwx68FiA==")
    {
        Console.WriteLine("Congratulations!  : )");
        Console.ReadLine();
    }
}
public static string smethod_0(string string_1, string string_2)
{
    byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1");
    byte[] buffer = Encoding.UTF8.GetBytes(string_1);
    byte[] rgbKey = new PasswordDeriveBytes(string_2, null).GetBytes(0x20);
    ICryptoTransform transform = new RijndaelManaged { Mode = CipherMode.CBC }.CreateEncryptor(rgbKey, bytes);
    MemoryStream stream = new MemoryStream();
    CryptoStream stream1 = new CryptoStream(stream, transform, CryptoStreamMode.Write);
    stream1.Write(buffer, 0, buffer.Length);
    stream1.FlushFinalBlock();
    byte[] inArray = stream.ToArray();
    stream.Close();
    stream1.Close();
    return Convert.ToBase64String(inArray);
}

很明显,得到本题为des的cbc模式加密,Kanxue2019为密钥,"Kanxue2019CTF-Q1"为IV

 

据此写出脚本如下

 public static string Decrypt(string pToDecrypt, string sKey)
        {
            byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1");
            //byte[] bytes2 = Encoding.UTF8.GetBytes(pToDecrypt);
            byte[] bytes3 = new PasswordDeriveBytes(sKey, null).GetBytes(32);
            ICryptoTransform transform = new RijndaelManaged
            {
                Mode = CipherMode.CBC
            }.CreateDecryptor(bytes3, bytes);
            //DESCryptoServiceProvider des = new DESCryptoServiceProvider();
            byte[] inputByteArray = Convert.FromBase64String(pToDecrypt);

            MemoryStream ms = new MemoryStream();
            CryptoStream cs = new CryptoStream(ms, transform, CryptoStreamMode.Write);
            cs.Write(inputByteArray, 0, inputByteArray.Length);
            // 如果两次密匙不一样,这一步可能会引发异常
            cs.FlushFinalBlock();
            return System.Text.Encoding.Default.GetString(ms.ToArray());
        }
        static void Main(string[] args)
        {
            string str1 = "4RTlF9Ca2+oqExJwx68FiA==";
            string str2 = "Kanxue2019";
            string out1 = Program.Decrypt(str1,str2);
            Console.WriteLine(out1);
            System.Console.ReadKey();

        }

拿到flag

 

 

over!!!


2020 KCTF秋季赛【攻击篇】正在火热进行中!

最后于 2019-3-20 16:40 被小白abc编辑 ,原因:
收藏
点赞0
打赏
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
返回