【湾区杯2025】Hardtest
本平台连接:[hardtest - Bugku CTF平台]
|> 这个题目拖进IDA里面发现整体很干净,没有混淆或者奇怪的加壳与花指令,可以尝试对伪代码进行算法还原
|>整体的分析转化为C语言差不多就这样(将就着看吧,反正不能运行)
>下面是伪代码,尝试直接进行分析
#include <bits/stdc++>
// Sbox查表 - 屯数据
char s_box[256] = {
0x63, 0x7C, 0x77, 0x7B,叽里咕噜那一堆....
};
// 加密后的flag
char encrypted_flag[24] = {
-105, -43, 96, 67, -76, 16, 67, 115, 15, -38, 67, -51, -45, -24, 115, 74,
-108, -61, -51, 113, -67, -36, -105, 26
};
// 循环左移函数
char rotate_left(char value, int shift) {
return (value << shift) | (value >> (8 - shift));
}
// 循环右移函数
char rotate_right(char value, int shift) {
return (value >> shift) | (value << (8 - shift));
}
// 在GF(257)有限域中计算模逆元
char modular_inverse(char a) {
if (a == 0) return 0;
short result = 1;
short exponent = 255;
short base = a;
// 使用快速幂算法计算模逆(出题人还会算法哦)
while (exponent) {
if (exponent & 1) {
result = (result * base) % 257;
}
base = (base * base) % 257;
exponent >>= 1;
}
return (char)result;
}
// 主要字符变换函数
char transform_character(char input_char) {
// 第一步:与0x5A异或后循环左移3位
char step1 = rotate_left(input_char ^ 0x5A, 3);
// 第二步:分离高4位和低4位
char high_bits = (step1 >> 4) & 0xF; // 高4位
char low_bits = step1 & 0xF; // 低4位
// 第三步:在GF(16)上进行仿射变换
char transformed_high = (3 * high_bits) & 0xF; // 高4位乘以3
char transformed_low = (5 * low_bits) & 0xF; // 低4位乘以5
// 第四步:重新组合高低位
char combined = (transformed_high << 4) | transformed_low;
// 第五步:在GF(257)上求模逆
char inverse = modular_inverse(combined);
// 第六步:使用S盒替换并循环右移2位
return s_box[rotate_right(inverse, 2)];
}
// 预处理输入字符串
void preprocess_input(const char* input, char* output) {
int length = strlen(input);
for (int i = 0; i < length; ++i) {
// 对每个字符进行循环左移,移位量由位置决定
output[i] = rotate_left(input[i], (i % 7) + 1);
}
}
int main() {
char random_number = rand() % 255 + 1;
printf("input your number(1-255): ");
int user_input;
if (random_number == user_input) {
//碰运气哦
while (getchar() != '\n');
printf("flag: ");
char user_flag[100];
fgets(user_flag, sizeof(user_flag), stdin);
// 移除换行符
user_flag[strcspn(user_flag, "\n")] = 0;
int flag_length = strlen(user_flag);
// 预处理输入
char* preprocessed_flag = (char*)malloc(flag_length + 1);
preprocess_input(user_flag, preprocessed_flag);
// 对每个字符进行变换
char* transformed_flag = (char*)malloc(flag_length + 1);
for (int i = 0; i < flag_length; ++i) {
transformed_flag[i] = transform_character(preprocessed_flag[i]);
}
// 与目标flag比较
int is_correct = 1;
for (int i = 0; i < flag_length; ++i) {
if (transformed_flag[i] != encrypted_flag[i]) {
is_correct = 0;
break;
}
}
(is_correct) ? printf("right\n"):printf("error\n");
}然后整体的加密与解密流程>>
>>>加密:
原始字符 → 预处理 → 异或0x5A → 循环左移3 → 分离高低位 → GF(16)乘法 → 组合 → GF(257)模逆 → S盒 → 循环右移2 → 密文
>>>逆向解密:密文 → 循环左移2 → 逆S盒 → GF(257)模逆 → 分离高低位 → GF(16)逆乘法 → 组合 → 循环右移3 → 异或0x5A → 逆向预处理 → 原始字符由此可以写出简单的解密脚本喵~ >>
byte_2020 = [
99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118,
202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192,
183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21,
4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117,
9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132,
83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207,
208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168,
81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210,
205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115,
96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219,
224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121,
231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8,
186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138,
112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158,
225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22
]
target = [b & 0xFF for b in [
-105, -43, 96, 67, -76, 16, 67, 115, 15, -38, 67, -51, -45, -24, 115, 74,
-108, -61, -51, 113, -67, -36, -105, 26
]]
# 计算逆元
def mod_inv(a, m=257):
for i in range(1, m):
if (a * i) % m == 1:
return i
return 0
#循环左移
def leftroll(x, s):
return ((x << s) | (x >> (8 - s))) & 0xFF
#循环右移
def rightroll(x, s):
return ((x >> s) | (x << (8 - s))) & 0xFF
#sbox逆向
def sbox(val):
idx = byte_2020.index(val)
v3 = leftroll(idx, 2)
inv_v3 = mod_inv(v3)
if inv_v3 == 0:
return 0
for v1 in range(256):
high = (3 * (v1 >> 4)) & 0xF
low = (5 * (v1 & 0xF)) & 0xF
test = (16 * high) | low
if test == inv_v3:
return rightroll(v1, 3) ^ 0x5A
return 0
flag = []
for i, b in enumerate(target):
orig = sbox(b)
shift = (i % 7) + 1
flag.append(chr(rightroll(orig, shift)))
print(''.join(flag))然后运行获得flag >>
flag{Bl@st1ng_1s_a_g00d_Way!!}
