接着昨天的题目
第五题
看题目,一道简单的xor题,就是将“label中每个字符与13进行异或处理”,直接上代码:
s="label"
result = ""
for i in s:
result+=chr(ord(i^13
print(result
或者按照题目所说,用pwntools库中的xor函数来进行异或操作,具体操作如下:
from pwn import xor
s1 = "label"
s2 = 13
result = xor(s1,s2
print(result
第六题
按照题目所给:
KEY1 = a6c8b6733c9b22de7bc0253266a3867df55acde8635e19c73313
KEY2 ^ KEY1 = 37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e
KEY2 ^ KEY3 = c1545756687e7573db23aa1c3452a098b71a7fbf0fddddde5fc1
FLAG ^ KEY1 ^ KEY3 ^ KEY2 = 04ee9855208a2cd59091d04767ae47963170d1660df7f56f5faf
对其进行分析:(KEY2 ^ KEY1 ^ KEY1 = KEY2 ^ (KEY1 ^ KEY1 = KEY2 ^ 0 = KEY2
同理:KEY2 ^ (KEY2 ^ KEY3 = (KEY2 ^ KEY2 ^ KEY3 = 0 ^ KEY3 = KEY3
即:(FLAG ^ KEY1 ^ KEY3 ^ KEY2 ^ KEY1 ^ KEY3 ^ KEY2 = FLAG
代码如下:
from pwn import xor
from binascii import unhexlify
k1 = 'a6c8b6733c9b22de7bc0253266a3867df55acde8635e19c73313'
k21 = '37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e'
k23 = 'c1545756687e7573db23aa1c3452a098b71a7fbf0fddddde5fc1'
fk123 = '04ee9855208a2cd59091d04767ae47963170d1660df7f56f5faf'
k2 = xor(unhexlify(k21,unhexlify(k1
print(k2
k3 = xor(unhexlify(k23,k2
print(k3
flag = xor(unhexlify(fk123,unhexlify(k1,unhexlify(k23
print(flag.decode(
第七题
代码如下:
s = '73626960647f6b206821204f21254f7d694f7624662065622127234f726927756d'
decode_s = bytes.fromhex(s#根据题目提示,先进行16进制解码
print(decode_s
#接下来遍历可能的异或
for i in range(256:
flag = ''.join(chr(j^i for j in decode_s
print(str(i + ":" + flag
在一堆乱码中找到flag
第八题
一般他给的注意就是解题的关键,题目说注意题目格式,且只给了密文,猜测前面几个字节与“crypto{”有关,先解码在进行异或试试,如下,解出key:
s = '0e0b213f26041e480b26217f27342e175d0e070a3c5b103e2526217f27342e175d0e077e263451150104'
decode_s = bytes.fromhex(s#根据题目提示,先进行16进制解码
print(decode_s
k = "crypto{"
key = ""
for i in range(7:
key +=(chr(ord(k[i]^decode_s[i]
print(key
解的key为:myXORke,由于直接异或操作flag错误,猜测key为:myXORkey,结果对了,ctf题中需要猜测的地方还是挺多的。
from pwn import xor
key = key + "y"
flag = xor(decode_s,key.encode(
print(flag