直接通过题目来学习
from Crypto.Cipher import AES
import binascii
from Crypto.Util.number import bytes_to_long
from aes_flag import flag,key
import os
#maybe flag is fake
iv = flag
l = len(key)
if l==16:
hint = os.urandom(4) * 16
print(bytes_to_long(hint)^bytes_to_long(key))
msg = b'Welcome! Good luck have fun! diyicichutiqiuqingpen xiexiele.....'
def encrypto(message):
aes = AES.new(key,AES.MODE_CBC,iv)
return aes.encrypt(message)
print(binascii.hexlify(encrypto(msg))[-32:])
'''
10814139970454569101142970101299943513649261825483864773663646850498898172963892837254881797558641977330505910327448279013601791760702391621769017335029566
b'a99b50f2320e2768e94535cac2888a96'
'''分析
l = len(key)
if l==16:
hint = os.urandom(4) * 16
print(bytes_to_long(hint)^bytes_to_long(key))
#key是16个字节 而hint是16个重复的4个字节
#所以hint 可以通过异或之后前面的字节求出
#key通过异或求出# -----------get key---------
tmp = 10814139970454569101142970101299943513649261825483864773663646850498898172963892837254881797558641977330505910327448279013601791760702391621769017335029566
hint = int(str(hex(tmp))[2:10] * 16,16)
key = long_to_bytes(tmp ^ hint)from Crypto.Util.number import long_to_bytes
import binascii, sys
from Crypto.Util.strxor import strxor
from Crypto.Cipher import AES
# -----------get key---------
tmp = 10814139970454569101142970101299943513649261825483864773663646850498898172963892837254881797558641977330505910327448279013601791760702391621769017335029566
hint = int(str(hex(tmp))[2:10] * 16,16)
key = long_to_bytes(tmp ^ hint)
# ----------get iv-----------
msg = b'Welcome! Good luck have fun! diyicichutiqiuqingpen xiexiele.....'
msgs = [msg[ii:(ii+16)] for ii in range(0,len(msg),16)]
msgs.reverse()
IV = binascii.unhexlify('a99b50f2320e2768e94535cac2888a96')
def decry(key,IV,ms):
aes=AES.new(key,AES.MODE_ECB)
return strxor(aes.decrypt(IV),ms)
for ms in msgs:
IV=decry(key,IV,ms)
print(b'flag{' + IV+ b'}')
