貌似叫这个名字。
# -*- coding:utf-8 -*-
import A,SALT
from itertools import *def encrypt(m, a, si):c=""for i in range(len(m)):c+=hex(((ord(m[i])) * a + ord(next(si))) % 128)[2:].zfill(2)return c
if __name__ == "__main__":m = 'flag{********************************}'a = Asalt = SALTassert(len(salt)==3)assert(salt.isalpha())si = cycle(salt.lower())print("明文内容为:")print(m)print("加密后的密文为:")c=encrypt(m, a, si)print(c)#加密后的密文为:#177401504b0125272c122743171e2c250a602e3a7c206e014a012703273a3c0160173a73753d
仿射密码,求a,b
a与128互质可得a为1-127的奇数
b为三个字母的循环,可以理解为明文中n,n+3的字母采用相同的a,b加密。
已知明文攻击
已知明文为开头为flag,f和g采用相同的a,b加密。
f-->0x17,g-->0x50
仿射加密公式(ax+b)%n=y
a*(f-g)%n=0x17-0x50-->a=57,满足与128互质。
下面求b
m='177401504b0125272c122743171e2c250a602e3a7c206e014a012703273a3c0160173a73753d'
m=bytes.fromhex(m)
x=b'flag'
y=m[:3]
a=57
b=[]
for x1,y1 in zip(x,y):temp=(y1-a*x1)%128b.append(chr(temp))
print(b)
# ['a', 'h', 'h']根据a,b及仿射的解密公式
m='177401504b0125272c122743171e2c250a602e3a7c206e014a012703273a3c0160173a73753d'
m=bytes.fromhex(m).decode()def decrypt(m, a, si):c=""for i in range(len(m)):c+=hex(pow(a,-1,128)*((ord(m[i])) -ord(next(si))) % 128)[2:].zfill(2)return c
a=57
si=cycle('ahh')
y=decrypt(m,a,si)
print(bytes.fromhex(y))
# b'flag{ad7d973ffdd285b476a1a727b3a8fbc4}'如果熟悉同余相关概念应该很简单。
用爆破找flag字符串的方式也很快。
import string,itertools
from itertools import *def encrypt(m, a, si):c=""for i in range(len(m)):c+=hex(((ord(m[i])) * a + ord(next(si))) % 128)[2:].zfill(2)return ccomb =string.ascii_lowercase
m='177401504b0125272c122743171e2c250a602e3a7c206e014a012703273a3c0160173a73753d'
m=bytes.fromhex(m).decode()for a in range(1,128,2):for i in itertools.product(comb, repeat=3):salt= '{}{}{}'.format(*i)si = cycle(salt.lower())res=encrypt('flag',a,si)if '17740150' == res:print('found',a,si,salt)breakelse:continue
# found 57 <itertools.cycle object at 0x0000020010DCDB00> ahh
渗透测试环境搭建)
)
