異或加密 - cr2-many-time-secrets(攻防世界) - 異性相吸(buuctf)

⭐Crib dragging attack

在開始了解 Crib dragging attack 之前，先來理一理 異或。

異或加密

【詳情請戳這里】 XOR 加密簡介

異或加密特性：

① 兩個值相同時，返回false，否則返回true 。

② 如果對一個值連續做兩次 XOR，會返回這個值本身。

③ 加密應用：

假設原始信息是message，密鑰是key，第一次 XOR 會得到加密文本cipherText。對方拿到以后，再用key做一次 XOR 運算，就會還原得到message。

④ 一次性密碼本 one-time pad（OTP）：

• key的長度大於等於message
• key必須是一次性的，且每次都要隨機產生

滿足上述兩個條件，即稱為 OTP

關於破解

這就要引入主題 ：Crib dragging 法。

詳情可見 這里

簡單來說呢，就是利用一些用同個密鑰生成的密文，猜對其中部分密文對應的明文，即可求出公共密鑰，再用該可能的密鑰去解其他的密文，若符合，則為密鑰正確。

⭐ 例題解析-cr2-many-time-secrets

上一道例題看看。 【攻防世界】 題目鏈接 【cr2-many-time-secrets】

下載附件，得到如下字符串：

0529242a631234122d2b36697f13272c207f2021283a6b0c7908
2f28202a302029142c653f3c7f2a2636273e3f2d653e25217908
322921780c3a235b3c2c3f207f372e21733a3a2b37263b313012
2f6c363b2b312b1e64651b6537222e37377f2020242b6b2c2d5d
283f652c2b31661426292b653a292c372a2f20212a316b283c09
29232178373c270f682c216532263b2d3632353c2c3c2a293504
613c37373531285b3c2a72273a67212a277f373a243c20203d5d
243a202a633d205b3c2d3765342236653a2c7423202f3f652a18
2239373d6f740a1e3c651f207f2c212a247f3d2e65262430791c
263e203d63232f0f20653f207f332065262c3168313722367918
2f2f372133202f142665212637222220733e383f2426386b

乍一看，可不就是十六進制嘛，結果一個ASCII碼轉換，一堆亂七八糟。

腳本1

依靠大佬 題解 才知 ，對於 OTP 密鑰重用，可執行 此攻擊腳本 進行破解

將其按一行展開）：

0529242a631234122d2b36697f13272c207f2021283a6b0c79082f28202a302029142c653f3c7f2a2636273e3f2d653e25217908322921780c3a235b3c2c3f207f372e21733a3a2b37263b3130122f6c363b2b312b1e64651b6537222e37377f2020242b6b2c2d5d283f652c2b31661426292b653a292c372a2f20212a316b283c0929232178373c270f682c216532263b2d3632353c2c3c2a293504613c37373531285b3c2a72273a67212a277f373a243c20203d5d243a202a633d205b3c2d3765342236653a2c7423202f3f652a182239373d6f740a1e3c651f207f2c212a247f3d2e65262430791c263e203d63232f0f20653f207f332065262c31683137223679182f2f372133202f142665212637222220733e383f2426386b

對其執行一下腳本（cribdrag.py）：

python cribdrag.py 0529242a631234122d2b36697f13272c207f2021283a6b0c79082f28202a302029142c653f3c7f2a2636273e3f2d653e25217908322921780c3a235b3c2c3f207f372e21733a3a2b37263b3130122f6c363b2b312b1e64651b6537222e37377f2020242b6b2c2d5d283f652c2b31661426292b653a292c372a2f20212a316b283c0929232178373c270f682c216532263b2d3632353c2c3c2a293504613c37373531285b3c2a72273a67212a277f373a243c20203d5d243a202a633d205b3c2d3765342236653a2c7423202f3f652a182239373d6f740a1e3c651f207f2c212a247f3d2e65262430791c263e203d63232f0f20653f207f332065262c31683137223679182f2f372133202f142665212637222220733e383f2426386b

輸入 ALEXCTF{ “0”的位置出現 “Dear Fri” 有戲。

於是將其放入其中，按照步驟一步步來： （如下）

補全前面 Dear Friend ，繼續 。得到 ALEXCTF{HER

就這樣一步一步摸下來：

最后得到：

腳本2

選自此大佬 腳本

import binascii
def dec(msg, key):
    '''
    Simple char-by-char XOR with a key (Vigenere, Vernam, OTP)
    '''
    m = ""
    for i in range(0, len(key)):
        m += chr(msg[i] ^ ord(key[i]))
    return m
######################################
lines = []
with open("msg", "r") as f:
    # Read lines from file and decode Hex
    ls = f.readlines()
    for l in ls:
        lines.append(binascii.unhexlify(l[:-1]))
 
# Step 1: Decode each line with the known key
k = "ALEXCTF{"
mes = []
for l in lines:
    m = dec(l, k)
    mes.append(m)
print(mes)
 
# Step 2: Guess some part of the first message 'Dear Fri'
k = "Dear Friend, "
m = dec(lines[0], k)
print(m)
 
# Step 3: Decode each line with the new known key
k = "ALEXCTF{HERE_"
mes = []
for l in lines:
    m = dec(l, k)
    mes.append(m)
print(mes)
 
# Step 4: Guess some part of the last message 'ncryption sc'
k = 'ncryption scheme '
m = dec(lines[-1], k)
print(m)
 
# Step 5: Decode each line with the new known key
k = "ALEXCTF{HERE_GOES_"
mes = []
for l in lines:
    m = dec(l, k)
    mes.append(m)
print(mes)
 
# Step 6: Guess all the second message 'sed One time pad e'
# the third message is 'n scheme, I heard '
# so we can retrive the complete key
k = 'sed One time pad encryptio'
m = dec(lines[2], k)
print(m)
 
'''
['Dear Fri', 'nderstoo', 'sed One ', 'n scheme', 'is the o', 'hod that', ' proven ', 'ever if ', 'cure, Le', 'gree wit', 'ncryptio']
ALEXCTF{HERE_
['Dear Friend, ', 'nderstood my ', 'sed One time ', 'n scheme, I h', 'is the only e', 'hod that is m', ' proven to be', 'ever if the k', 'cure, Let Me ', 'gree with me ', 'ncryption sch']
ALEXCTF{HERE_GOES
['Dear Friend, This ', 'nderstood my mista', 'sed One time pad e', 'n scheme, I heard ', 'is the only encryp', 'hod that is mathem', ' proven to be not ', 'ever if the key is', 'cure, Let Me know ', 'gree with me to us', 'ncryption scheme a']
ALEXCTF{HERE_GOES_THE_KEY}
'''

Flag 如下：

ALEXCTF{HERE_GOES_THE_KEY}

⭐ 異或例題 - buuctf 異性相吸

【buuctf】 題目鏈接 異性相吸

下載附件得到一段密文以及一段密鑰。key.txt(密鑰)如下：

asadsasdasdasdasdasdasdasdasdasdqwesqf

這題解法與 南郵CTF：密碼學 異性相吸 相似

解法： 將密鑰與密文的每一位異或 得到明文

於是寫出相應腳本：

#coding:utf-8

miwen = open("E:\\密文.txt",'rb').read()
key = open("E:\\key.txt",'rb').read()
flag = ''
for i in range(0,len(miwen)):
    str = list(miwen)[i] ^ list(key)[i]
    flag += chr(str)
print(flag)

得到flag：

flag{ea1bc0988992276b7f95b54a7435e89e}

【侵權刪】 【參考鏈接】