一个有意思的解密

第一关

密文

这是给出的密文

begin 777 portal.bin
M(R!796QC;VUE#0H-"B,C($ME>0T*#[email protected]'5B;&EC($ME>[email protected]*$XL(#<I
M<FEM92!T:&%T(&UA:V5S([email protected]('=I=&@@,C,S#0H-"B,C($5N8W)Y<'1E
M9"!!=61I="!142!G<F]U<"!N=6UB97(-"@T*5&AE($%U9&ET(%%1(&=R;W5P
M(&YU;6)E<B!I<R!E;F-R>[email protected]=VET:"!T:&[email protected]*[email protected]'5B;&EC($ME
M>[email protected]*#[email protected]&`-"D-/3D-!5"A$14-265!4*#$Y-S,W,BDN=&]3=')I;F<H
M*[email protected]$5#4EE05"@S,S,P-SDI+G1O4W1R:6YG*"DI#[email protected]&`-"@T*(R!#05!4
M0TA!#0I5<[email protected]=&AI<R!G:7-T(')E=FES:6]N(&`W9#(S939E.3DY-&)B-F9A
[email protected]&1A8C,U930V9F0W-6(Y9&0Q-6)E8"!R97-U;'[email protected],@0T%05$-(02X-
!"@``
`
end

分析

其实这个我之前还真不知道,不过观察一下每行都是M开头,然后以BEGIN开头,END结尾,GG一下,发现是uunicode。嗯然后写个程序转换下.

import uu
if __name__ == '__main__':
#二进制模式 打开和写入
uu.decode(file_path,out_file=out_path_,mode='wb')

然后就可以得到第一关的明文了。

明文

就是这样。

# Welcome
## Key
RSA Public Key: (N, 7)
N = 233 * M
M is the greatest four-digit prime that makes N end with 233
## Encrypted Audit QQ group number
The Audit QQ group number is encrypted with the **RSA Public Key**.

CONCAT(DECRYPT(197372).toString(), DECRYPT(333079).toString())

# CAPTCHA
Use this gist revision `7d23e6e9994bb6fae874dab35e46fd75b9dd15be` result as CAPTCHA.

算群号

M是一个最大的4位数并且乘以233的结果末尾还是233. 口算一下也知道是9001啦。 然后用9001*233和7生成公钥,再然后用这个公钥解密两个数字得到群号。

import random
def fastExpMod(b, e, m):
result = 1
e=int(e)
while e != 0:
if (e&1) == 1:
result = (result * b) % m
e >>= 1
b = (b*b) % m
return result
def primeTest(n):
q = n - 1
k = 0
while q % 2 == 0:
k += 1;
q /= 2
a = random.randint(2, n-2);
if fastExpMod(a, q, n) == 1:
return "inconclusive"
for j in range(0, k):
if fastExpMod(a, (2**j)*q, n) == n - 1:
return "inconclusive"
return "composite"
def findPrime(halfkeyLength):
while True:
n = random.randint(0, 1<<halfkeyLength)
if n % 2 != 0:
found = True
for i in range(0, 10):
if primeTest(n) == "composite":
found = False
break
if found:
return n
def extendedGCD(a, b):
if b == 0:
return (1, 0, a)
x1 = 1
y1 = 0
x2 = 0
y2 = 1
while b != 0:
q = a / b
r = a % b
a = b
b = r
x = x1 - q*x2
x1 = x2
x2 = x
y = y1 - q*y2
y1 = y2
y2 = y
return(x1, y1, a)
def selectE(fn, halfkeyLength):
while True:
e = random.randint(0, 1<<halfkeyLength)
(x, y, r) = extendedGCD(e, fn)
if r == 1:
return e
def computeD(fn, e):
(x, y, r) = extendedGCD(fn, e)
if y < 0:
return fn + y
return y
def keyGeneration(keyLength):
p = 233
q = 9001
n = p * q
fn = (p-1) * (q-1)
e = 7
d = computeD(fn, e)
return (n, e, d)
def encryption(M, e, n):
return fastExpMod(M, e, n)
def decryption(C, d, n):
return fastExpMod(C, d, n)
(n, e, d) = keyGeneration(1024)
M1 = decryption(197372, d, n)
M2 = decryption(333079, d, n)
print (M1)#378
print (M2)#390696

嗯,跑完之后,结果是:嘿嘿嘿。

第二关

密文

begin 644 questions.bin
M_3=Z6%H```3FUK1&`@`A`1P````0SUC,X`(/`9]=`!N.;&N&K&,WE,:Z:&"_
M.H>=//80*Y./YOI$*@LU"[email protected]/%]Q<;1CEUQGGILPN<FARF"\H=E]C1
MJRI$35+PQD[7(+3PY9FD#83:F6KV\4:2WEF/"4+3Y-I6/0:5C!ITP9<;<6"'
M&6XR!BTZ#7+J(6M`(SWW(/"971/.Z*8!9]T][-"[email protected]\M+-#:QA'1/R"#
M&\O9AQ>!_EKD0\[2%L*[SR45;._(;/'.L+0%WL5XR$WL,4GXQ9G<RBA+1<:E
M.AI%Z:CA$8YH^-90T]PER65PZ#8HTN2C!<CO1>(:[@&;1Y'0Z"0*P940A,:9
M$W&7+NJ+YL#DXZ9WD,M<\EAN(""<3<A4*7,SQLQ=5D/B>N=<!>IKT1-(7(,%
MN[*!#TA?04GTUO7L#<?A^Y2QA;WHS`Q+<_7S;L9P`!S3+[`RM?D7;$YYV,K5
M?8IH&VQ-Y"=\5W,IVWCWZI1$G8]O%LGAJNUS=B`<#$*NH:\@G:.=W%2ARZY!
MB'LV(`$:##;*RSA2)::'Q,SR51I5<Y<IX\7R.$3?VN*SSUS>1+!+=,0``")$
>@7M0Y!TN``&[`Y`$``##!+%.L<1G^P(`````!%E:
`
end

分析

同样解密,发现是个二进制文件,发现文件头是个fd377a58,然后我们用python的magic模块来分析下文件是什么类型的。

import magic
#读入
data=open(bin_file).read()
#获取类型
magic.from_buffer(data)
#lzma

返回的是lzma,我们直接用7Z解压,发现一个文本文件。

79955ff7576a0f5a167b3ccb506bed3a d46b6f8c1ea3b812c2bba0edc0e63c85 | Roman Hitman
================================================================
H4sIAAAAAAACA1WPT0+DQBDF7/spRgTttbRsZRPZ1d1Fwg0OBYKEhWqMlwZBqjaF
z+7Win8ylzeT95u8F8Otj4UkjIrCcxCKYzCmA0KqAMvFYFMRYA6SwTVZ4RykvvmU
3GEu9GZTB7DWoXQJvdqi6gRJTKULPVkwai+XBKjvLTDforqAeTsObWMlnS1x0XPm
7XEYMO4k0a6fgcBU6N/g2GGUFj3jni2T6HDouiiH6N0c758eSxWlOXzxAwt+TF3n
edr0z5bOdSv4YITChYkMA3ac+TfPKDuJ71xABGTZlKuuFIxq87CBF1XqUapMs0wj
l5iTVQhtc2a1b80Rmrqs9+scmsGcvZ4nhkp/dfVH18c0n2XEkwVzAQAA

那,很明显下面的又是一个base64加密,我们解密

import base64
str='H4sIAAAAAAACA1WPT0+DQBDF7/spRgTttbRsZRPZ1d1Fwg0OBYKEhWqMlwZBqjaF\
z+7Win8ylzeT95u8F8Otj4UkjIrCcxCKYzCmA0KqAMvFYFMRYA6SwTVZ4RykvvmU\
3GEu9GZTB7DWoXQJvdqi6gRJTKULPVkwai+XBKjvLTDforqAeTsObWMlnS1x0XPm\
7XEYMO4k0a6fgcBU6N/g2GGUFj3jni2T6HDouiiH6N0c758eSxWlOXzxAwt+TF3n\
edr0z5bOdSv4YITChYkMA3ac+TfPKDuJ71xABGTZlKuuFIxq87CBF1XqUapMs0wj\
l5iTVQhtc2a1b80Rmrqs9+scmsGcvZ4nhkp/dfVH18c0n2XEkwVzAQAA'
base64.b64decode(str)

打开发现还是个二进制文件。。。。我去!!!

重复以上步骤,返回的是zip,我们继续用7z解压,发现终于有点正常了,但是好像还是乱码! 没关系我们继续解密

def caesar_decode(data, num=47):
res = ''
for x in data:
if x in (' ', '\n'):
tmp = x
elif 32 <= (ord(x) + num) <= 126:
tmp = chr(ord(x) + num)
else:
tmp = chr(ord(x) - num)
res += tmp
return res

明文

## Questions
1. The answer to life, the universe, and everything? Google 之
2. The tenth Fibonacci number? Google 之
3. `CONCAT(Date.FromKeyword("GFW sensive day").Format("MMDD", "ISO-8601"), Date.Now.Format("DDmm", , "ISO-8601"))`
# Join US
QQ Group:
* Group number is **CONCAT(D321 O1454 B10101110)**
* Verify CAPTCHA is `CONCAT('K', ANSWER(Q1), ANSWER(Q2), ANSWER(Q3))`

算群号

十进制的321,八进制的1454,二进制的10101110进行组合得到结果:321812174

算答案

第一个谷歌一下是42 第二个谷歌一下或者

def fib(n):
if n == 0:
return 0
if n <= 2:
return 1
return fib(n - 1) + fib(n - 2)

是55 第三个GFW sensive day是1989年6月4日,然后今天的日期拼接。 得到答案K42550604xxxx

结语

历经千辛万苦,终于算完了。进群之后发现剩女总是有原因的,跋扈刁蛮,还要照片啥的,于是就退了。
哎,我本以为能碰见知己来着。

版权说明

本页地址为 https://post.zz173.com/detail/hfu17Yn_YpMY9TlVNTqv8w.html,本文作者为落月
本文采用 署名-相同方式共享 3.0 中国大陆许可协议 ,分享、演绎需署名且使用相同方式共享。转载请务必保留本页网址和作者信息,否则即为侵权。

– EOF –