반응형
Description
커스텀 키 테이블을 이용한 base64
encode_flag.txt
7nqRmsVR7AD/mhOpmsyNnHyp7YO+mHORmHOAnHDpihFl95==
data.txt
How many special people change? How many lives are livin' strange? Where were you while we were getting high? Slowly walkin' down the hall Faster than a cannonball Where were you while we were getting high? Someday you will find me Caught beneath the landslide In a champagne supernova in the sky Someday you will find me Caught beneath the landslide In a champagne supernova A champagne supernova in the sky Wake up the dawn and ask her why A dreamer dreams she never dies Wipe that tear away now from your eye Slowly walkin' down the ha11 Faster than a cannonball Where were you while we were getting high?
encode_data.txt
gsON3sYlmA+o8Nq/7H/lmaqFuhOFms6o7HllmQi/vTq3mN8omhwCkgqEjnu/8Tql8Q6oms/HjhUA3xrB8QwCuH6P3wiZune/3xi/8Q6okhOY3xiZjhV/3xi/3xi/8Q6ouHyBis/CuTqZjhiZvTqbmsONmx+oiHwEjH/CeTq+mNiC3xtZugqZ7hVE32ul8Nt/80qBjswC3s2o7HwCmQOC7QwEmaqnjsyTugqNune/3x/RigqNjs/EugqNugqNune/3si/ixtWmQ8ojs/AjzKo6HODuhtlkgqJmN6oiH/EmaqQjhJ+3sY/32rlihiZiaq0uhJ/7ntZ3xtZugqE7hJ+8HVWus6oghUo7gqpjswD8swAmQ6o8NyFuneCmNul3s/C3xtZugqGjN+o6HODuhtlkgqJmN6oiH/EmaqQjhJ+3sY/32rlihiZiaq0uhJ/7ntZ3xtZugqE7hJ+8HVWus6oghUo7gqpjswD8swAmQ6o8NyFuneCmNul322o7HllmnqluHJ/3xrY8syTmQOH7gqWm0qBjs6o8HDJ3wiljH6oin1oisl/3stliHUo7hJ+3swGjTqZun3oiHlJ322ouxe/7hY/80q+8Qylmn4o8Hl/3sJ/iQyT3stWun4oyH/FugqBjswB3xt/7n3o7nilkgqCmN8ouAeRmgqJmNyT3syJugqbmsONmx+oiHwEjH/CeTq+mNiC3xtZugqZ7b2V32ul8Nt/80qBjswC3s2o7HwCmQOC7QwEmaqnjsyTugqNune/3x/RigqNjs/EugqNugqNune/3si/ixtWmQ8ojs/AjzK=
풀이법 1
data와 encode_data를 가지고 base64로 변환하여 key를 획득한다.
이후 encode_flag와 매핑하여 flag로 복호화
fd = open("data.txt", 'r') # plain text
fe = open("encode_data.txt", 'r') # encrypted text by base64
ef = open("encode_flag.txt") # encrypted flag
data = fd.readline()
encode_data = fe.readline()
encode_flag = ef.readline()
binaryData = "" # 2진수 데이터
b64_dict = {}
# plain text를 2진수로 변환한다.
for i in range(len(data)):
tmpData = bin(ord(data[i]))[2:]
filledTmpData = tmpData.zfill(8) # 2진수 변환 및 0으로 채움
binaryData += str(filledTmpData) # String으로 형변환
for i in range(len(binaryData)):
if i % 6 == 5:
b64_dict[encode_data[i // 6]] = binaryData[i - 5:i + 1:]
def dec_flag(df):
flag = ""
for i in range(0, len(df), 8):
flag += chr(int(df[i:i + 8:], 2))
print(flag)
decode_flag = ""
for i in range(len(encode_flag)):
decode_flag += b64_dict[encode_flag[i]]
dec_flag(decode_flag[:])
풀이법 2
# 데이터를 스트링으로 읽어오기
def readFile(fileName):
temp = open(fileName, 'r').readline()
return temp
# 주어진 배열들의 길이가 서로 같은지 체크
def compareChk(a, b):
# 길이 비교
if len(a) != len(b):
print("[ERROR] ! 첫번째 인자와 두번째 인자 길이가 다릅니다. -> ", len(a), " ", len(b))
return False
else:
return True
# 딕셔너리 조합을 만드는 함수
def makeDiction(a, b):
tmp = {}
for i in range(len(a)):
tmp[a[i]] = b[i]
return tmp
# 매핑된 데이터에서 Value를 찾아내 String으로 반환
def mappByDiction(a, b):
tmp = ""
try:
for i in range(len(a)):
tmp += (b[a[i]])
except KeyError as e:
print("[ERROR] 매칭되는것이 없습니다! -> ", e)
return tmp
import ctfUtils
mainData = ctfUtils.readFile("data_64.txt") # base64 데이터
encode_data = ctfUtils.readFile("encode_data.txt") # 커스텀키로 암호화된 base64
encode_flag = ctfUtils.readFile("encode_flag.txt") # 커스텀키가 암호화된 base64
if __name__ == '__main__':
if ctfUtils.compareChk(mainData, encode_data):
dataDic = ctfUtils.makeDiction(encode_data, mainData) # B -> A 매핑
# print(dataDic1)
result = ctfUtils.mappByDiction(encode_flag, dataDic) # C <= 딕셔너리
print(result)
반응형
'IT > CTF' 카테고리의 다른 글
CCE2023 APOLLO PWNABLE [100] - X64_ROP (0) | 2023.06.06 |
---|---|
CCE2023 APOLLO PWNABLE [100] - X86_ROP (0) | 2023.06.06 |
CCE2023 APOLLO CRYPTO [100] - ROT (0) | 2023.06.04 |
CCE2023 APOLLO WEB HACKING [100] - reborn of php (0) | 2023.06.03 |
CCE2023 APOLLO WEB HACKING [100] - BabyWeb (0) | 2023.06.03 |