周六作了两个N1CTF感觉很难就没做，有些东西只是不懂，不是很难。

solve_pow

这个题就是其一

题目会给出一道2乘幂的题

POW: 2^(2^168650911) mod 14410422756791856006977221261653848398173123908149127966358804284026606184669 = ?

一开始想最后是取模，根据费小有a**(p-1)=1 (mod p)，然后用公式求解

powmod(2,pow(2,bit,p-1),p)
#4661732238801194169405982400350387428895918512377690837157075128714991112731

但是这个事有点麻烦，p不是素数,如果乘幂又太大了，后来看别人作的，用了bit_set这个函数，原来都没听说过，因为底是2，直接置bit位就行了

所以正确的解法是

powmod(2,bit_set(0,bit),p)
#36808033546212382710607382805842490500296061506256519355047811358611503260

不过只是当时卡在这了，不有另外一个方法，不用这个函数一样

powmod(2,1<<bit,p)
#36808033546212382710607382805842490500296061506256519355047811358611503260

baby_N1ES

这个题都没看到，其实这个题很简单，而且还有更简单的解法。

原题

from N1ES import N1ES
import base64
key = "wxy191iss00000000000cute"
n1es = N1ES(key)
flag = "N1CTF{*****************************************}"
cipher = n1es.encrypt(flag)
print base64.b64encode(cipher) # HRlgC2ReHW1/WRk2DikfNBo1dl1XZBJrRR9qECMNOjNHDktBJSxcI1hZIz07YjVx

和一个N1ES.py的库

# -*- coding: utf-8 -*-
def round_add(a, b):f = lambda x, y: x + y - 2 * (x & y)res = ''for i in range(len(a)):res += chr(f(ord(a[i]), ord(b[i])))return resdef permutate(table, block):return list(map(lambda x: block[x], table))def string_to_bits(data):data = [ord(c) for c in data]l = len(data) * 8result = [0] * lpos = 0for ch in data:for i in range(0, 8):result[(pos << 3) + i] = (ch >> i) & 1pos += 1return results_box = [54, 132, 138, 83, 16, 73, 187, 84, 146, 30, 95, 21, 148, 63, 65, 189, 188, 151, 72, 161, 116, 63, 161, 91, 37,24, 126, 107, 87, 30, 117, 185, 98, 90, 0, 42, 140, 70, 86, 0, 42, 150, 54, 22, 144, 153, 36, 90, 149, 54, 156,8, 59, 40, 110, 56, 1, 84, 103, 22, 65, 17, 190, 41, 99, 151, 119, 124, 68, 17, 166, 125, 95, 65, 105, 133, 49,19, 138, 29, 110, 7, 81, 134, 70, 87, 180, 78, 175, 108, 26, 121, 74, 29, 68, 162, 142, 177, 143, 86, 129, 101,117, 41, 57, 34, 177, 103, 61, 135, 191, 74, 69, 147, 90, 49, 135, 124, 106, 19, 89, 38, 21, 41, 17, 155, 83,38, 159, 179, 19, 157, 68, 105, 151, 166, 171, 122, 179, 114, 52, 183, 89, 107, 113, 65, 161, 141, 18, 121, 95,4, 95, 101, 81, 156, 17, 190, 38, 84, 9, 171, 180, 59, 45, 15, 34, 89, 75, 164, 190, 140, 6, 41, 188, 77, 165,105, 5, 107, 31, 183, 107, 141, 66, 63, 10, 9, 125, 50, 2, 153, 156, 162, 186, 76, 158, 153, 117, 9, 77, 156,11, 145, 12, 169, 52, 57, 161, 7, 158, 110, 191, 43, 82, 186, 49, 102, 166, 31, 41, 5, 189, 27]def generate(o):k = permutate(s_box, o)b = []for i in range(0, len(k), 7):b.append(k[i:i + 7] + [1])c = []for i in range(32):pos = 0x = 0for j in b[i]:x += (j << pos)pos += 1c.append((0x10001 ** x) % (0x7f))return cclass N1ES:def __init__(self, key):if (len(key) != 24 or isinstance(key, bytes) == False):raise Exception("key must be 24 bytes long")self.key = keyself.gen_subkey()def gen_subkey(self):o = string_to_bits(self.key)k = []for i in range(8):o = generate(o)k.extend(o)o = string_to_bits([chr(c) for c in o[0:24]])self.Kn = []for i in range(32):self.Kn.append(map(chr, k[i * 8: i * 8 + 8]))returndef encrypt(self, plaintext):if (len(plaintext) % 16 != 0 or isinstance(plaintext, bytes) == False):raise Exception("plaintext must be a multiple of 16 in length")res = ''for i in range(len(plaintext) / 16):block = plaintext[i * 16:(i + 1) * 16]L = block[:8]R = block[8:]for round_cnt in range(32):L, R = R, (round_add(L, self.Kn[round_cnt]))L, R = R, Lres += L + Rreturn res

先读题，就是个分段加密，每次原来的左与Kn异或然后左右互换，作32轮。由于Kn是固定的，而且加密是异或，所以round_add并不需要处理，只要反过来作个decrypt就行了

这有个小坑，python 2的程序需要改一下

# -*- coding: utf-8 -*-
def round_add(a, b):   #xorf = lambda x, y: x + y - 2 * (x & y)res = b''for i in range(len(a)):#res += chr(f(ord(a[i]), ord(b[i])))res += bytes([f(a[i], b[i])])return resdef permutate(table, block):return list(map(lambda x: block[x], table))def string_to_bits(data):#data = [ord(c) for c in data]data = [c for c in data]l = len(data) * 8result = [0] * lpos = 0for ch in data:for i in range(0, 8):result[(pos << 3) + i] = (ch >> i) & 1pos += 1return results_box = [54, 132, 138, 83, 16, 73, 187, 84, 146, 30, 95, 21, 148, 63, 65, 189, 188, 151, 72, 161, 116, 63, 161, 91, 37,24, 126, 107, 87, 30, 117, 185, 98, 90, 0, 42, 140, 70, 86, 0, 42, 150, 54, 22, 144, 153, 36, 90, 149, 54, 156,8, 59, 40, 110, 56, 1, 84, 103, 22, 65, 17, 190, 41, 99, 151, 119, 124, 68, 17, 166, 125, 95, 65, 105, 133, 49,19, 138, 29, 110, 7, 81, 134, 70, 87, 180, 78, 175, 108, 26, 121, 74, 29, 68, 162, 142, 177, 143, 86, 129, 101,117, 41, 57, 34, 177, 103, 61, 135, 191, 74, 69, 147, 90, 49, 135, 124, 106, 19, 89, 38, 21, 41, 17, 155, 83,38, 159, 179, 19, 157, 68, 105, 151, 166, 171, 122, 179, 114, 52, 183, 89, 107, 113, 65, 161, 141, 18, 121, 95,4, 95, 101, 81, 156, 17, 190, 38, 84, 9, 171, 180, 59, 45, 15, 34, 89, 75, 164, 190, 140, 6, 41, 188, 77, 165,105, 5, 107, 31, 183, 107, 141, 66, 63, 10, 9, 125, 50, 2, 153, 156, 162, 186, 76, 158, 153, 117, 9, 77, 156,11, 145, 12, 169, 52, 57, 161, 7, 158, 110, 191, 43, 82, 186, 49, 102, 166, 31, 41, 5, 189, 27]def generate(o):k = permutate(s_box, o)b = []for i in range(0, len(k), 7):b.append(k[i:i + 7] + [1])c = []for i in range(32):pos = 0x = 0for j in b[i]:x += (j << pos)pos += 1c.append((0x10001 ** x) % (0x7f))return cclass N1ES:def __init__(self, key):#if (len(key) != 24 or isinstance(key, bytes) == False):#    raise Exception("key must be 24 bytes long")self.key = keyself.gen_subkey()def gen_subkey(self):o = string_to_bits(self.key)k = []for i in range(8):o = generate(o)k.extend(o)#o = string_to_bits([chr(c) for c in o[0:24]])o = string_to_bits([c for c in o[0:24]])self.Kn = []for i in range(32):#self.Kn.append(map(chr, k[i * 8: i * 8 + 8]))self.Kn.append(k[i * 8: i * 8 + 8])returndef encrypt(self, plaintext):#if (len(plaintext) % 16 != 0 or isinstance(plaintext, bytes) == False):#    raise Exception("plaintext must be a multiple of 16 in length")res = b''for i in range(len(plaintext) // 16):block = plaintext[i * 16:(i + 1) * 16]L = block[:8]R = block[8:]for round_cnt in range(32):L, R = R, (round_add(L, self.Kn[round_cnt]))L, R = R, Lres += L + Rreturn resdef decrypt(self, plaintext):#if (len(plaintext) % 16 != 0 or isinstance(plaintext, bytes) == False):#    raise Exception("plaintext must be a multiple of 16 in length")res = b''for i in range(len(plaintext) // 16):block = plaintext[i * 16:(i + 1) * 16]L = block[:8]R = block[8:]for round_cnt in range(32):L, R = (round_add(R, self.Kn[round_cnt])), LL, R = R, L            res += L + Rreturn res

然后直接解密

from N1ES import N1ES
import base64key = b"wxy191iss00000000000cute"
n1es = N1ES(key)
t = base64.b64decode('HRlgC2ReHW1/WRk2DikfNBo1dl1XZBJrRR9qECMNOjNHDktBJSxcI1hZIz07YjVx')
print(n1es.decrypt(t))
#b'N1CTF{F3istel_n3tw0rk_c4n_b3_ea5i1y_s0lv3d_/--/}'

不过今天看了个WP，还有更简单的方法，这个东西是个循环，直接再加密，而且3次就循环，太容易了

for i in range(3):t = n1es.encrypt(t)print(t)

没作，也没保存确实可惜了，只是那个checkin没作出来。

[N1CTF 2022] solve_pow,baby_N1ES相关推荐

2022年新能源汽车产业集群百人会
2022年新能源汽车产业集群百人会 3月25日-3月27日,2022年第八届中国电动汽车百人会(以下简称百人会)在线上举办.本届论坛以"迎接新能源汽车市场化发展新阶段"为主题. ...
2022年AI芯片场景
2022年AI芯片场景随着技术成熟化,AI芯片的应用场景除了在云端及大数据中心,也会随着算力逐渐向边缘端移动,部署于智能家居.智能制造.智慧金融等领域:同时还将随着智能产品种类日渐丰富,部署于智能 ...
回顾2021，展望2022
2021,这一年最大的收获是孕育了一个聪明漂亮机灵的小家伙.这一年我虚岁28岁,和爱的人有了爱的结晶.东哥各方面都挺好的,我们都不是圣人,都是能力有限的普通人,但他在尽其所能的对我好.我不是万能的人, ...
Maya 2022中的硬表面建模技术学习视频教程
Maya 2022中的硬表面建模信息: 使用正确的拓扑和边流在Maya中建模硬曲面对象. 你会学到什么硬质表面工具和技术细分工作流程边缘流动控制正确拓扑材料设置 Studio Lightn ...
MAYA 2022基础入门学习教程
流派:电子学习| MP4 |视频:h264,1280×720 |音频:AAC,48.0 KHz 语言:英语+中英文字幕(根据原英文字幕机译更准确)|大小解压后:3.41 GB |时长:4.5小时包含 ...
PBR游戏3D模型合集包 PBR Game 3D-Models Bundle February 2022
PBR游戏3D模型捆绑包2022年2月大小解压后:6.99G MAX| OBJ | FBX |TEX 模型获取:PBR游戏3D模型合集包 PBR Game 3D-Models Bundle Feb ...
2022，人工智能开启未来新密码
作者 | 剑客阿良_ALiang(胡逸) 出品 | AI科技大本营(ID:rgznai100) 购买大型电器.汽车,你是否会询问有没有智能语音功能?是的,潜移默化中人们已经不再将人工智能当作魔术,而是 ...
《2022产业互联网安全十大趋势》发布，专家学者透析产业安全新变化
2月28日,在中国产业互联网发展联盟指导下,人民邮电报.中国信息安全.腾讯安全联合实验室.腾讯研究院联合推出<2022产业互联网安全十大趋势>.该报告由<中国信息安全>杂志出品 ...
英特尔2022年投资者大会：公布技术路线图及重要节点
在英特尔2022年投资者大会上,英特尔CEO帕特·基辛格和各业务部门负责人概述了公司发展战略及长期增长规划的主要内容.在半导体需求旺盛的时代,英特尔的多项长期规划将充分把握转型增长的机遇.在演讲中,英 ...

[N1CTF 2022] solve_pow,baby_N1ES

solve_pow

baby_N1ES

[N1CTF 2022] solve_pow,baby_N1ES相关推荐

最新文章

热门文章