流密码

Replay

from Crypto.Cipher import ARC4
from os import *
from secret import flag

key=urandom(10)

def Rc4_Encrypt(msg,key):
    Rc4=ARC4.new(key)

    return Rc4.encrypt(msg).hex()

hint=b'do you know how to recover the keystream?'
print(Rc4_Encrypt(hint,key))
#56c36031c2d6455ced3eed3f267251a023478f493c3fc567956869930483b0334a1b4bf4c74eda8151
print(Rc4_Encrypt(flag,key))
#54c0212fd6c05154e265a82c767c16e26e1a9c036b6cce72932f79de0dd0f66f1a5a0cb9d756

RC4已知明文攻击

from binascii import *
from Crypto.Util.strxor import strxor
m1=b'do you know how to recover the keystream?'
c1='56c36031c2d6455ced3eed3f267251a023478f493c3fc567956869930483b0334a1b4bf4c74eda8151'
c1=unhexlify(c1)    # 将十六进制字符串转换成bytes流
keystream=strxor(m1,c1)  #strxor两个比特流逐比特亦或得到密钥流
c2='54c0212fd6c05154e265a82c767c16e26e1a9c036b6cce72932f79de0dd0f66f1a5a0cb9d756'
c2=unhexlify(c2)
print(strxor(c2,keystream[:len(c2)]))

strxor函数实现

def strxor(a, b):     
    if len(a) > len(b):
        return "".join([chr(ord(x) ^ ord(y)) for (x, y) in zip(a[:len(b)], b)])
    else:
        return "".join([chr(ord(x) ^ ord(y)) for (x, y) in zip(a, b[:len(a)])])

Easy_Lfsr

from random import *
flag='flag{'+hex(getrandbits(32))[2:]+'}'
print(flag)

def lfsr(R,mask):
    output = (R << 1) & 0xffffffff  
    i=(R&mask)&0xffffffff
    lastbit=0
    while i!=0:
        lastbit^=(i&1)
        i=i>>1
    output^=lastbit
    return (output,lastbit)



R=int(flag[5:-1],16)
mask =0b10100110001000111000100110010001

f=open('key','wb')
for i in range(8):
    tmp=0
    for j in range(8):
        (R,out)=lfsr(R,mask)
        tmp=(tmp<<1)^out
    f.write(chr(tmp).encode('latin-1'))
f.close()

先得到key

f=open('key','rb')
s=f.read()
print(hexlify(s))

from Crypto.Util.number import *
from binascii import *
key=0x25aaea999c18a4e3
bin_out=bin(key)[2:].zfill(8*8)
key=bin_out[0:32]
mask ='10100110001000111000100110010001'
print(len(mask))
R=''
tem=key
for i in range(32):
    output='?'+key[:31]
    ans=int(tem[-1-i])^int(output[-1])^int(output[-5])^int(output[-8])^int(output[-9])^int(output[-12])^int(output[-16])^int(output[-17])^int(output[-18])^int(output[-22])^int(output[-26])^int(output[-27])^int(output[-30])
    R+=str(ans)
    key=str(ans)+key[:31]
print(R[::-1])

Mt_19937

from random import *

f=open('key','w')

for _ in range(624):
    f.write(str(getrandbits(32))+'\n')
    
flag='flag{'+hex(getrandbits(32))[2:]+'}'
print(flag)
f.close()

预测随机数

from random import Random

def invert_right(m,l,val=''):
    length = 32
    mx = 0xffffffff
    if val == '':
        val = mx
    i,res = 0,0
    while i*l<length:
        mask = (mx<<(length-l)&mx)>>i*l
        tmp = m & mask
        m = m^tmp>>l&val
        res += tmp
        i += 1
    return res

def invert_left(m,l,val):
    length = 32
    mx = 0xffffffff
    i,res = 0,0
    while i*l < length:
        mask = (mx>>(length-l)&mx)<<i*l
        tmp = m & mask
        m ^= tmp<<l&val
        res |= tmp
        i += 1
    return res

def invert_temper(m):
    m = invert_right(m,18)
    m = invert_left(m,15,4022730752)
    m = invert_left(m,7,2636928640)
    m = invert_right(m,11)
    return m

def clone_mt(record):
    state = [invert_temper(i) for i in record]
    gen = Random()
    gen.setstate((3,tuple(state+[0]),None))
    return gen


f = open("key.txt",'r').readlines()
prng = []
for i in f:
    i = i.strip('n')
    prng.append(int(i))

g = clone_mt(prng[:624])
for i in range(624):
    g.getrandbits(32)

key = g.getrandbits(32)
print(hex(key))

MT19937伪随机数生成算法详细说明