x_xor_md5
打开附件,用010打开
发现有一行值是重复的。
根据题目提示我们把全文与重复行进行异或
str1 =[0x01,0x78,0x0C,0x4C,0x10,0x9E,0x32,0x37,0x12,0x0C,0xFB,0xBA,0xCB,0x8F,0x6A,0x53]
result=[]
txt =[0x69,0x35,0x41,0x01,0x1C,0x9E,0x75,0x78,0x5D,0x48,0xFB,0xF0,0x84,0xCD,0x66,0x79,0x55,0x30,0x49,0x4C,0x56,0xD2,0x73,0x70,0x12,0x45,0xA8,0xBA,0x85,0xC0,0x3E,0x53,0x73,0x1B,0x78,0x2A,0x4B,0xE9,0x77,0x26,0x5E,0x73,0xBF,0xAA,0x85,0x9C,0x15,0x6F,0x54,0x2C,0x73,0x1B,0x58,0x8A,0x66,0x48,0x5B,0x19,0x84,0xB0,0x80,0xCA,0x33,0x73,0x5C,0x52,0x0C,0x4C,0x10,0x9E,0x32,0x37,0x12,0x0C,0xFB,0xBA,0xCB,0x8F,0x6A,0x53,0x01,0x78,0x0C,0x4C,0x10,0x9E,0x32,0x37,0x12,0x0C,0xFB,0xBA,0xCB,0x8F,0x6A,0x53,0x01,0x78,0x0C,0x4C,0x10,0x9E,0x32,0x37,0x12,0x0C,0xFB,0xBA,0xCB,0x8F,0x6A,0x53,0x01,0x78,0x0C,0x4C,0x10,0x9E,0x32,0x37,0x12,0x0C,0x89,0xD5,0xA2,0xFC]
for i in range(len(txt)):
tmp = 0
tmp = str1[i%len(str1)]^txt[i]
result+=[tmp]
print((hex(tmp)[2:]).zfill(2),end="")
是十六进制文件,导入010中
有ctf出现证明咱们的思路是对的。
再观察发现后面都是00,但是这不是真正的空,应该是0x20才对,所以我们进行0x20异或
str1 =[0x01,0x78,0x0C,0x4C,0x10,0x9E,0x32,0x37,0x12,0x0C,0xFB,0xBA,0xCB,0x8F,0x6A,0x53]
result=[]
txt =[0x69,0x35,0x41,0x01,0x1C,0x9E,0x75,0x78,0x5D,0x48,0xFB,0xF0,0x84,0xCD,0x66,0x79,0x55,0x30,0x49,0x4C,0x56,0xD2,0x73,0x70,0x12,0x45,0xA8,0xBA,0x85,0xC0,0x3E,0x53,0x73,0x1B,0x78,0x2A,0x4B,0xE9,0x77,0x26,0x5E,0x73,0xBF,0xAA,0x85,0x9C,0x15,0x6F,0x54,0x2C,0x73,0x1B,0x58,0x8A,0x66,0x48,0x5B,0x19,0x84,0xB0,0x80,0xCA,0x33,0x73,0x5C,0x52,0x0C,0x4C,0x10,0x9E,0x32,0x37,0x12,0x0C,0xFB,0xBA,0xCB,0x8F,0x6A,0x53,0x01,0x78,0x0C,0x4C,0x10,0x9E,0x32,0x37,0x12,0x0C,0xFB,0xBA,0xCB,0x8F,0x6A,0x53,0x01,0x78,0x0C,0x4C,0x10,0x9E,0x32,0x37,0x12,0x0C,0xFB,0xBA,0xCB,0x8F,0x6A,0x53,0x01,0x78,0x0C,0x4C,0x10,0x9E,0x32,0x37,0x12,0x0C,0x89,0xD5,0xA2,0xFC]
for i in range(len(txt)):
tmp = 0
tmp = str1[i%len(str1)]^txt[i]
result.append((hex(tmp)[2:]).zfill(2))
print((hex(tmp)[2:]).zfill(2),end="")
print('\n')
result2=[]
for j in range(len(result)):
tmp = 0
tmp = int(result[j],16)^0x20
result2.append((hex(tmp)[2:]).zfill(2))
print((hex(tmp)[2:]).zfill(2),end="")
print('\n')
同上,导入010
原本我以为这就完了,但是提交....不对
后来也是看了wp才知道没有结束,不看我是真想不到呀,好了,话题扯回来。
观察发现{ }里有两个.
通过*key推断后面应该也是 * 才对,即原本是0x00,要变成0x2A(就是32)。
所以我们将这两个特殊的进行0x2A异或---------0x1C^0x2A=0x36-->6
你以为到这里总算是完了吧,不不不,还没有!!!
这道题有个提示key不存在,以及题目中的MD5都还没有使用。
发现第一次的异或刚好是32个十六进制数字,即MD5
“01780C4C109E3237120CFBBACB8F6A53”进行MD5解密------没有
因为我们再前面进行了0x20异或,那将这串数字也进行0x20(即32)异或
a = ['01','78','0C','4C','10','9E','32','37','12','0C','FB','BA','CB','8F','6A','53']
final = []
for i in range(0,len(a)):
x = int(a[i],16)
final.append(hex(x^32)[2:])
print(hex(x^32)[2:].zfill(2),end="")
进行MD5解密
所以RCTF{We1l_d0n3_6ut_wh4t_i5_that}
![【C语言标准库函数】标准输入输出函数详解[6]:字符文件读取写入](https://i-blog.csdnimg.cn/direct/5bb7d92cd50c4891a48c36d040d6216c.png)
