Boston Key Party CTF 2014 Crypto : 200
2014-03-06 12:27
537 查看
Xorxes the Hash Crypto : 200 Xorxes is a hash collision challenge. The goal is to find a second preimage for the input string "Klaatubaradanikto". Submit it as the flag. UPDATE: It has been pointed out that there are multiple solutions. The flag is the one with md5sum '7179926e4253a0b405090df67f62c543'. (Use `echo -n FLAG | md5sum'.) UPDATE THE SECOND: The solution is short. http://bostonkeyparty.net/challenges/xorxes-ad7b52380d3ec704b28954c80119789a.py[/code]
xor的性质是可以结合的,所以compress()函数可以展开, 这样就解开了chaining。
展开后发现每个字节对最后hash结果的影响取决于当前字节之后的数据长度。比如"abcde", b对hash的影响就是迭代执行RROT len(“cde")次。
又发现RROT每迭代执行4次会产生相同的值。字符串s = ”Klaatubaradanikto“里距离间隔4的重复字符有s[3] = s[7] = s[1] = 'a'
随便替换两个为两外两个一样的就好, 比如'Klabtubbradanikto'#!/usr/bin/python from xores_the_hash import * import hashlib, struct, sys def my_rrot(b, times): for i in range(0, times): b = RROT(b, 56, 224) return b dic = {} def my_hash(m): IV = ord('M') ^ ord('i') ^ ord('t') ^ ord('h') ^ ord('r') ^ ord('a') IV = my_rrot(IV, len(m)) c = IV for i in range(0, len(m)): sha = SHA224(m[i]) tmp = my_rrot(sha, len(m) - i - 1) if dic.get(tmp) != None: print dic[tmp], print (i, m[i], len(m) - i - 1) else: dic[tmp] = (i, m[i], len(m) - i - 1) c = c ^ tmp out = c + ( len(m) % 24 ) return hex(out)[2:-1] #'Klabtubbradanikto' print my_hash(sys.argv[1]) def get_wraparound(m): cnt = 0 dic = {} sha = SHA224(m) while cnt < 100: cnt += 1 tmp = my_rrot(sha, cnt) if dic.get(tmp) != None: print dic[tmp], print cnt else: dic[tmp] = cnt #get_wraparound(sys.argv[1])
相关文章推荐
- Boston Key Party CTF 2014 Crypto 200
- Boston Key Party CTF 2014 Crypto 100
- 【Writeup】Boston Key Party CTF 2015(部分题目)
- 实验吧NSCTF crypto200:
- Boston Key Party CTF 2017: prudentialv2-50
- xctf --Hctf2014 Quals write up
- [writeup]360-ctf-2014-re123
- [ICECTF 2016] [CRYPTO 140 – SAND CASTLE] WRITE UP
- 阿里ctf-2014 android 第三题――andriod模拟器安装
- writeup hitcon-ctf-2014/stkof
- Pwnium CTF2014 – MatterOfCombination writeup
- 【CTF】ASM-Pico CTF 2014 Snippet
- 决斗场 - 实验吧 WEB NSCTF web200
- 越南CTF的crypto 100
- 越南CTF的crypto 100
- 2014百度之星初赛第一轮解题报告:party
- 2014百度之星初赛第一轮解题报告:party
- CTF杂项之隐写术、Crypto
- 2014百度之星 Party
- 阿里ctf-2014 android 第一、二题