반응형
반응형
반응형

System32.kr 

[EZB64] 풀이

 

 

 

코드는 이러하다 :

import flag
flag = flag.EZB64
story='''The usage "crib" was adapted from a slang term referring to cheating (e.g., "I cribbed my answer from your test paper"). A "crib" originally was a literal or interlinear translation of a foreign-language text-usually a Latin or Greek text-that students might be assigned to translate from the original language.
The idea behind a crib is that cryptologists were looking at incomprehensible ciphertext, but if they had a clue about some word or phrase that might be expected to be in the ciphertext, they would have a "wedge," a test to break into it. If their otherwise random attacks on the cipher managed to sometimes produce those words or (preferably) phrases, they would know they might be on the right track. When those words or phrases appeared, they would feed the settings they had used to reveal them back into the whole encrypted message to good effect.
In the case of Enigma, the German High Command was very meticulous about the overall security of the Enigma system and understood the possible problem of cribs. The day-to-day operators, on the other hand, were less careful. The Bletchley Park team would guess some of the plaintext based upon when the message was sent, and by recognizing routine operational messages. For instance, a daily weather report was transmitted by the Germans at the same time every day. Due to the regimented style of military reports, it would contain the word Wetter (German for "weather") at the same location in every message. (Knowing the local weather conditions helped Bletchley Park guess other parts of the plaintext as well.) Other operators, too, would send standard salutations or introductions. An officer stationed in the Qattara Depression consistently reported that he had nothing to report. "Heil Hitler," occurring at the end of a message, is another well-known example.
At Bletchley Park in World War II, strenuous efforts were made to use (and even force the Germans to produce) messages with known plaintext. For example, when cribs were lacking, Bletchley Park would sometimes ask the Royal Air Force to "seed" a particular area in the North Sea with mines (a process that came to be known as gardening, by obvious reference). The Enigma messages that were soon sent out would most likely contain the name of the area or the harbour threatened by the mines.
The Germans themselves could be very accommodating in this regard. Whenever any of the turned German Double cross agents sent a message (written by the British) to their respective handlers, they frequently obligingly re-encrypted the message word for word on Enigma for onward transmission to Berlin.
When a captured German revealed under interrogation that Enigma operators had been instructed to encode numbers by spelling them out, Alan Turing reviewed decrypted messages and determined that the number "eins" ("one") was the most common string in the plaintext. He automated the crib process, creating the Eins Catalogue, which assumed that "eins" was encoded at all positions in the plaintext. The catalogue included every possible position of the various rotors, starting positions, and keysettings of the Enigma.
The Polish Cipher Bureau had likewise exploited "cribs" in the "ANX method" before World War II (the Germans' use of "AN", German for "to", followed by "X" as a spacer to form the text "ANX").
The United States and Britain used one-time tape systems, such as the 5-UCO, for their most sensitive traffic. These devices were immune to known-plaintext attack; however, they were point-to-point links and required massive supplies of one time tapes. Networked cipher machines were considered vulnerable to cribs, and various techniques were used to disguise the beginning and ends of a message, including cutting messages in half and sending the second part first and adding nonsense padding at both ends. The latter practice resulted in the world wonders incident. The KL-7, introduced in the mid-1950s, was the first U.S. cipher machine that was considered safe against known-plaintext attack.
Classical ciphers are typically vulnerable to known-plaintext attack. For example, a Caesar cipher can be solved using a single letter of corresponding plaintext and ciphertext to decrypt entirely. A general monoalphabetic substitution cipher needs several character pairs and some guessing if there are fewer than 26 distinct pairs._______
'''
import base64,random,string
table = string.ascii_uppercase + string.ascii_lowercase + string.digits + '+/'
rtable = ''.join(random.sample(table,len(table)))
tb=string.maketrans(table,rtable)
orig=base64.b64encode(story+flag)
print(orig.translate(tb))
#Output : CpIMrXCk5u7MrSZoQcMsrsBy5LU45uKIQXKMGSBcQca0rpV4QxiI3cQ47pCw3qBwGuGMQYZt3cQ47p+45xIM5LKt3cQ4EpFgGwd/rSZZrpfwTuZsGul43LP45uJk7xCwrpGw3xe4jua1QsBeGLferXBIQpCwrsPgrVV4rcfwTursrpawTu7t3cn/3XP47xnkrpV43pMeGLZI3SB6QsBt3YKMQcit3cCIQsBeQcngQxiI7pM63sB6GsBIrpG6QcCtGxd03pngGyCIGxF47pCd7S11QyCI3piJrpV4OpneTud43yr4KyZMGu/47pCd7S1eTpnerXfe7uKM3YKkrp1tGxIerpZMrpnkQxMY3cCPrXK6rXKw5uJk3pneGqBcQca0rXKbGqB6QcMYTuJI3SB/5uJY7unYGqdESMKbGqBtGpCIrpZMTpMgGSBIrpfwTur4TLU47pII7SBoQYMz7pa/3x7tQyKkrX7MQcF43pa6TxMgGwBI7SBt3cf63LBwGuIM3Yft5ciMrpftQpIMQYKMjXl/rpZ17SBtGsBeTpCJrpIIGSBIrpf/7uF45uZ67Ll4Qxa0GqBy3yZPrpawrXBbQcnkGqBeTpnerp1tGxIerpZMrpCdQpCo7pCPrXK6rpZMrpMgrXKbGqBoTLBbGLZeGLIehSBeTpCJrX767uiPrpII7cF45q2s7xCPGxF/rsBIrXKMQyl47p+45YZM5u/4TuJe3wBt7Sd4qu547pIMTLr43yKbGLZyTLfMrXZI3cK63qBI7XKI5x0krpagrXKbGqBoTLBbGLr43ung5u7MGSBe3wBk3x1M7pM0GLU4QXZ6GXCoGqBeTpakGqBy3yZPQwB6Qs2bQXZMGcCw5uZ/jqP4QpIw5LfMQwz47pIMjqBy3yC/GSBN3cayrXKbGLP43uMYTXl45cF43xd47pIMrXZtGxIerXKw5ufNhsBLTpCgrXKb3yfMrX76QcKkrpawrXBbQcnkGLU45LBzGunwGul/rXKbGLP47xa13pl4GcCMGSBeTpF4QxCe7pMgGyU47pIMjqBb5ul47LfMGSBe3wBwGLGM5uz47pIM3qBs5ufNrpMg7p+47pIMrX7b3xiMrpCg5yZJQXKMGSB0GLfk5u7MrXK6rp763xl4GuGcGufeh4bEqud47pIMrpfIQxF43x54KuJtGx1IhSBeTpF4KxCw3ungrVItGx44lxa03ungGSBy5LU47cCwjqB0GLKt5yC/3yCkrpns3yCerXKbGqB67cCw5ui/rXfM5yCwTLKJrpacrXKbGqBn3cMY3uV4QyMk7pC0rpngGSB13cKMQYfe3xaPrXKbGqBz3yfkTuZ/GqBzQcas3pC0rpacrpfwTuZkhsBFTpF4GpnJhLK6huKIjqB6QpCw5LK6QYU/rpagrXKbGqB67pIMQsBb5uJPhSByGLZMrpiMQyU45xnwGuG13Sd4CpIMrVZ/GLKoTpiMjqBl5LZNrXKM5ue47xa13pl4GyCMQyU4Qxa0GqB6GsBeTpF4QpiITuJeGLIerpZIQxCPrXCz3xd47xIM3sBeTpF43uCkQxnYGqBy5LU4QxCg7Sz45uJPrpZJrXZM5xaY3cMvTuJYrXZ67LKt3cF43yBMQcneTuag5uz43uCkQxnYGLUgrVG6QsBt3Yfe5uJoGqz45qBP5uM/jqByGuneTpCwrXZMQpaw7SBy5LU47XZI3Yf0TLKeGul45YP47pIMrV7MQc1I3YU45Ll47pIMrXfI3uF47pM0GqBM7cCwjqBP5LPgrVK1GqBe3wBeTpF4QcCYTu1M3YKMGSBk7XM/GqB6GsB0Tuit7pnwjqBwGLB6QYKkhSBt7SBy3yC/GSBo3xJe5uMgrXKbGqBy3yZPrn7M7XKMQs2bKxCw3ungrpG6Qs2s7xCI7pIMQsrtrpnerXKbGqBk5u1Mrpi65xneTuagrpMgrpCxGLZJrp1MQyfIGxFgrSIh3cayTuJYrXKbGqB/3xfI3SByGuneTpCwrpf63cKt7pM63YU4TpC/QpCPrVZ/GLKoTpiMjqBl5LZNrp71GLfkrpaeTpCwrXBIQYKkrpacrXKbGqBz3pnt3YKMjXl45LU47xC/3SdtrVaeTpCwrpazGLZI7pawQwz47pa6hSBy3yC/GSBkGuJPrXfe5uJP5LZPrXfI3XCe5LKt3xJkrpawrpMg7XZ6GXCo7pM63YUgrVngrpacGcMoGLr4QyKI7pM63cCPrpMgrXKbGqBK5LKe5LZIrVKMQXZMQyft3xd45xagQxMk7pCg7piJrXZMQpaw7pCPrXKb5Ll4TpF4TpnPrpJ67pIt3cQ47p+4QcCz3yZehs2sqpCt3SBrTLK/GLr/rsB65xf1QYZt3cQ45Ll47pIMrpCgGSB6GsBIrp1MQyfIGxF/rpMkrpng3yKbGLr47xC/3S1N3cay3sBMjpn0QpiMh4bElLl4lciM7pfb3pCJrnBIQc/4Tud4Cxaw3pl4CxnwrVMZhSBk7XZM3YC67LU4GuGc3yZeQwByGLZMrp1IGpF47p+47LfMrSII3cl4GLGM3sBc3yZoGqBeTpF4KxCw3ungQwBe3wBzQcaP7ufMEqB0GLfk5u7MQwByTLKbrp0g3y7grXB/5uMg7pCd7Sd4KcawrpCd5u1z3pF/rX7bGud45yZt5YU47xCwGqB/5ufNTuJYhSBS3pCe5xI/GLP4FpnwTwBy3yC/GSBk3x1M7pM0GLU45LfNrXKbGqBq3yMI3SBBTLr4Kcaw5xF47p+4rYfMGulsrpV4Qpnw7pMo7uiIQsBIQcCIrpMgrXKbGqBm3yZeTSBOGuV47xMeTSB0TuJMQw2b5qBzQcaoGLfkrXKb5Ll45xn0GqBe3wBsGqBN3cay3sBIQwBY5LZPGuJt3cQ/rpZJrpas7cM67LU4QcCcGLZM3cfMEqd4CpIMrVCgTu705qB0GLfk5u7MQwBeTpnerX7MQcF4Qxa63sBkGuJerpa17SBy3yC/GSB03yferpitTxC/jqBo3xJe5uMgrXKbGqBg5u1MrpacrXKbGqBIQcCIrpawrXKbGqBb5LZs3yCwrXKbQcCI7pCgGul45YP47pIMrp1t3cCkh4bECpIMrV7MQc1I3YU47pIM3LfM3XGMQwBo3yC/GSBsGqBxGLZJrpno5xa03uaP5LKt3cQ4Tud47pItQwBwGu7IQclgrn7bGuJM7cCwrpngjqB6GsBeTpF47XCw3cCPrV7MQc1I3sBV3yCs3pF45yZ6QyU45u7M3YKkrXfM3Yl45qB0GLfk5u7MrSIyQcMe7pCgrpZJrXKbGqBSQcMeTLfbEqBe3wBeTpCtQsBwGLfzGufeTLGMrpII3cK/GLZkhSBeTpCJrpGwGLn1GuJe3XP43xZ/Tu7t3c7/jqBwGq1M3cfwjLBeGul47pIMrp1MQyfIGxF47xawGSBc3yr47xawGSB63sBn3cMY3uV4Gcawrpag7xnwGSBeQcngQx1tQyft3xd47p+4lcCw3pMgh4bECxIM3sBIrpfIQXK1QcCPrV7MQc1I3sBwGLGM5uiMGSB13cKMQsBt3YKMQYZ6GxneTuagrXKb5Ll4KuJtGx1IrpazGLZI7pawQwBb5ul45cCM3sBt3YfeQYCo7pCPrXK6rpCg5xaPGqBg7u1sGLZkrpZJrXfzGui/TuJYrXKbGue43yCehSBB3pngrnK1QcMgGwBwGLGtGL7MGSBPGufwjLBeGul43uCkQxnYGLU45uJPrpKM7pCw3uMgGul47pII7SBeTpF43YC05cCwrSZMTuJkrs2brcagGqrtrX7IQwBeTpF43uak7SBo3x103xd4QyKwTuJYrpMgrXKbGqBz3pnt3YKMjXlgrVIMrpn17pa05LKMGSBeTpF45yZt5sBzQcaoGLfkhSBoQcCI7pMgGwBeTpF4KuMgQwBA5LKI3paY7uF/rX7bTufbrpnkQyC0Gul47pII7S2sGuMgQwr47xnkrpCg5xaPGul45Ll45ui/rXB6QxMeTuagQwBt3sBeTpF4QpiITuJeGLIehsBFTpF45xne5ui6GyCMrpMg5xi1GpCPrpCxGLZJrXB6Qyft5ciMrXB6QxMeTuagrpacrXKbGqBx5LZt3yCkrXZ67pawQwz4QyKIQYKt3cQ4QpakTLKt3xJkhSBI3cl4TxCJQxCe7pMgGyU43x547pIMrVCgTu705qdESMKbGqBl3xitQx44lxMzTpCwrVZ1QcCI7qBb5ul43pMNGL7tQxF4GLIz3pat7pCPrSZoQcMsQwr4Tud47pIMrSZBOM443uCeTpaPrsBsGuG6QcF4Cxaw3pl4CxnwrVMZrSIeTpF4KxCw3ungQwQ47LfMrpacrSZBOsr/rV7MQc1I3sBc3yr4rYK6rsz4Gca/3payGul45YP4rM4srpnkrpV4QyBI5xCwrXK6rpG6Qce47pIMrXKMjXl4rPnmuSrth4bECpIMrnCgTLKMGSBO7pneGLU45uJPrVZwTLKITud47LfMGSB63cF07pM0GqBe5LBMrXfJQyKM3LU/rXf15x445LU47pIMrAF0CFfHhSBc3yr47pIMTLr43uak7SBkGuJkTLKt7cF47XZIGcGt5wd4CpIMQxF4GpCxTufMQwByGLZMrpM03LCgGqBe3wBN3cay3s1z3pnt3YKMjXl45LKe5ufNmwBb3y7M7cCwhSBeTpCJrX7MQcF4Qpat3Yl07p+0Qpat3Yl43pMgTyU45uJPrXZMQLCtQcCPrp1IQyft7cF4QyCzQpitGLU43x543xJMrXKt3uF47pnzGLUgrVJM7X76Qc0MGSBoTLBbGLr43unoTpMgGLU47xCwGqBo3xJkTuKMQcCPrXG13pJMQcns3pF47p+45yZt5YU/rpngGSBx5LZt3yCkrXKM5xIgTLn1GLU47xCwGqB1QxCPrXK6rpKtQx71TLfMrXKbGqBsGu7t3cJt3cQ45uJPrpCgGXU43x545qB0GLfk5u7MhSBt3cf/7uKt3cQ45yCe7pMgGwB0GLfk5u7MQwBt3sBb5uicrpngGSBkGuJPTuJYrXKbGqBkGuf63cl4Qpnw7SBcTLZk7SBI3cl45uKPTuJYrpJ63YfM3YfMrXBIGpKt3cQ45Ll45caeTSBM3cKkhsBFTpF43pne7pCwrXBw5ufeTufMrXZMQyC/7pCPrpMgrXKbGqBy3yZ/GSBy3xJPGLZkrpMg5xMPGuJehsBFTpF4qez0fwz4TuJeQcaP7ufMGSBt3sBeTpF43uMPhOVJfOBkhSBy5LU47pIMrpGtQYfernFgFwd45xMzTpCwrp1I5xIt3cF47pII7SBy5LU45xagQxMPGLZMGSBk5uGMrpnY5uMgQyl4TxJ67xd0QpiITuJeGLIerpne7pnoTwdESPf/5LfkTufI3SBoTLBbGLZkrpnwGqBejLBt5xn/3XP47YC/3cCw5uZ/GqBe3wBN3cay3s1z3pnt3YKMjXl45LKe5ufNhsBp3yr4GLII3LB/Gqz45qBA5uCk5Lr45xMzTpCwrpfI3sBsGqBk3xixGul47Lft3cQ45qBkTuJY3pF43pCe7pCwrpacrpf6QYZMQyB63cKt3cQ4QpiITuJeGLIerpngGSBoTLBbGLZeGLIerXK6rpKM5yZJQXl4GuJeTLZM3XPgrVV4GxCgGLZI3SB03xJ65uizTpnsGLKt5wBk7uZk7pMe7LKt3xd45xMzTpCwrpJMGuKkrXfM7cCw5uz45xIIQcno7pCwrXBITLZkrpngGSBk3x1Mrp71GLfkTuJYrpMcrXKbGLZMrpnwGqBcGL7MQsBeTpngrArxrpKtQyKt3cferXBITLZkhMaWL1aWL1+EKciIGy0eTpMkLxMkLyK631aMjMac3yZWCCat3cMeHye=

 

table = A-Za-z0-9+/

 

stroy에 flag를 붙여서 base64 인코딩을 하고, 랜덤으로 만든 테이블로 치환을 해서 출력을 한다.

 

 

 

만약

table=ABCDE

rtable=qwert

이면, A는 q로, B는 w로 치환하는 것이다.

 

 

 

 

 

flag를 얻기 위해서는 rtable를 구해야 한다.

 

샘플을 충분히 제공하기 때문에, rtable를 쉽게 구할 수 있다.

 

story만을 base64로 인코딩하면 VGhlIHVzYWdlICJjcmliIi....이 나오는데

 

이를 Output과 비교를 하게 되면 V->C, G->p, h->I 이렇게 1:1대응이 된다.

 

 

 

 

 

 

1:1 대응 리스트를 쫙 뽑아서 rtable를 만들고 rtable->table로 Output를 바꿔주어서 base64 디코딩을 하면 flag를 구할 수 있다.

 

 

python2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
story='''The usage "crib" was adapted from a slang term referring to cheating (e.g., "I cribbed my answer from your test paper"). A "crib" originally was a literal or interlinear translation of a foreign-language text-usually a Latin or Greek text-that students might be assigned to translate from the original language.
 
The idea behind a crib is that cryptologists were looking at incomprehensible ciphertext, but if they had a clue about some word or phrase that might be expected to be in the ciphertext, they would have a "wedge," a test to break into it. If their otherwise random attacks on the cipher managed to sometimes produce those words or (preferably) phrases, they would know they might be on the right track. When those words or phrases appeared, they would feed the settings they had used to reveal them back into the whole encrypted message to good effect.
 
In the case of Enigma, the German High Command was very meticulous about the overall security of the Enigma system and understood the possible problem of cribs. The day-to-day operators, on the other hand, were less careful. The Bletchley Park team would guess some of the plaintext based upon when the message was sent, and by recognizing routine operational messages. For instance, a daily weather report was transmitted by the Germans at the same time every day. Due to the regimented style of military reports, it would contain the word Wetter (German for "weather") at the same location in every message. (Knowing the local weather conditions helped Bletchley Park guess other parts of the plaintext as well.) Other operators, too, would send standard salutations or introductions. An officer stationed in the Qattara Depression consistently reported that he had nothing to report. "Heil Hitler," occurring at the end of a message, is another well-known example.
 
At Bletchley Park in World War II, strenuous efforts were made to use (and even force the Germans to produce) messages with known plaintext. For example, when cribs were lacking, Bletchley Park would sometimes ask the Royal Air Force to "seed" a particular area in the North Sea with mines (a process that came to be known as gardening, by obvious reference). The Enigma messages that were soon sent out would most likely contain the name of the area or the harbour threatened by the mines.
 
The Germans themselves could be very accommodating in this regard. Whenever any of the turned German Double cross agents sent a message (written by the British) to their respective handlers, they frequently obligingly re-encrypted the message word for word on Enigma for onward transmission to Berlin.
 
When a captured German revealed under interrogation that Enigma operators had been instructed to encode numbers by spelling them out, Alan Turing reviewed decrypted messages and determined that the number "eins" ("one") was the most common string in the plaintext. He automated the crib process, creating the Eins Catalogue, which assumed that "eins" was encoded at all positions in the plaintext. The catalogue included every possible position of the various rotors, starting positions, and keysettings of the Enigma.
 
The Polish Cipher Bureau had likewise exploited "cribs" in the "ANX method" before World War II (the Germans' use of "AN", German for "to", followed by "X" as a spacer to form the text "ANX").
 
The United States and Britain used one-time tape systems, such as the 5-UCO, for their most sensitive traffic. These devices were immune to known-plaintext attack; however, they were point-to-point links and required massive supplies of one time tapes. Networked cipher machines were considered vulnerable to cribs, and various techniques were used to disguise the beginning and ends of a message, including cutting messages in half and sending the second part first and adding nonsense padding at both ends. The latter practice resulted in the world wonders incident. The KL-7, introduced in the mid-1950s, was the first U.S. cipher machine that was considered safe against known-plaintext attack.
 
Classical ciphers are typically vulnerable to known-plaintext attack. For example, a Caesar cipher can be solved using a single letter of corresponding plaintext and ciphertext to decrypt entirely. A general monoalphabetic substitution cipher needs several character pairs and some guessing if there are fewer than 26 distinct pairs._______
'''
 
tran='''CpIMrXCk5u7MrSZoQcMsrsBy5LU45uKIQXKMGSBcQca0rpV4QxiI3cQ47pCw3qBwGuGMQYZt3cQ47p+45xIM5LKt3cQ4EpFgGwd/rSZZrpfwTuZsGul43LP45uJk7xCwrpGw3xe4jua1QsBeGLferXBIQpCwrsPgrVV4rcfwTursrpawTu7t3cn/3XP47xnkrpV43pMeGLZI3SB6QsBt3YKMQcit3cCIQsBeQcngQxiI7pM63sB6GsBIrpG6QcCtGxd03pngGyCIGxF47pCd7S11QyCI3piJrpV4OpneTud43yr4KyZMGu/47pCd7S1eTpnerXfe7uKM3YKkrp1tGxIerpZMrpnkQxMY3cCPrXK6rXKw5uJk3pneGqBcQca0rXKbGqB6QcMYTuJI3SB/5uJY7unYGqdESMKbGqBtGpCIrpZMTpMgGSBIrpfwTur4TLU47pII7SBoQYMz7pa/3x7tQyKkrX7MQcF43pa6TxMgGwBI7SBt3cf63LBwGuIM3Yft5ciMrpftQpIMQYKMjXl/rpZ17SBtGsBeTpCJrpIIGSBIrpf/7uF45uZ67Ll4Qxa0GqBy3yZPrpawrXBbQcnkGqBeTpnerp1tGxIerpZMrpCdQpCo7pCPrXK6rpZMrpMgrXKbGqBoTLBbGLZeGLIehSBeTpCJrX767uiPrpII7cF45q2s7xCPGxF/rsBIrXKMQyl47p+45YZM5u/4TuJe3wBt7Sd4qu547pIMTLr43yKbGLZyTLfMrXZI3cK63qBI7XKI5x0krpagrXKbGqBoTLBbGLr43ung5u7MGSBe3wBk3x1M7pM0GLU4QXZ6GXCoGqBeTpakGqBy3yZPQwB6Qs2bQXZMGcCw5uZ/jqP4QpIw5LfMQwz47pIMjqBy3yC/GSBN3cayrXKbGLP43uMYTXl45cF43xd47pIMrXZtGxIerXKw5ufNhsBLTpCgrXKb3yfMrX76QcKkrpawrXBbQcnkGLU45LBzGunwGul/rXKbGLP47xa13pl4GcCMGSBeTpF4QxCe7pMgGyU47pIMjqBb5ul47LfMGSBe3wBwGLGM5uz47pIM3qBs5ufNrpMg7p+47pIMrX7b3xiMrpCg5yZJQXKMGSB0GLfk5u7MrXK6rp763xl4GuGcGufeh4bEqud47pIMrpfIQxF43x54KuJtGx1IhSBeTpF4KxCw3ungrVItGx44lxa03ungGSBy5LU47cCwjqB0GLKt5yC/3yCkrpns3yCerXKbGqB67cCw5ui/rXfM5yCwTLKJrpacrXKbGqBn3cMY3uV4QyMk7pC0rpngGSB13cKMQYfe3xaPrXKbGqBz3yfkTuZ/GqBzQcas3pC0rpacrpfwTuZkhsBFTpF4GpnJhLK6huKIjqB6QpCw5LK6QYU/rpagrXKbGqB67pIMQsBb5uJPhSByGLZMrpiMQyU45xnwGuG13Sd4CpIMrVZ/GLKoTpiMjqBl5LZNrXKM5ue47xa13pl4GyCMQyU4Qxa0GqB6GsBeTpF4QpiITuJeGLIerpZIQxCPrXCz3xd47xIM3sBeTpF43uCkQxnYGqBy5LU4QxCg7Sz45uJPrpZJrXZM5xaY3cMvTuJYrXZ67LKt3cF43yBMQcneTuag5uz43uCkQxnYGLUgrVG6QsBt3Yfe5uJoGqz45qBP5uM/jqByGuneTpCwrXZMQpaw7SBy5LU47XZI3Yf0TLKeGul45YP47pIMrV7MQc1I3YU45Ll47pIMrXfI3uF47pM0GqBM7cCwjqBP5LPgrVK1GqBe3wBeTpF4QcCYTu1M3YKMGSBk7XM/GqB6GsB0Tuit7pnwjqBwGLB6QYKkhSBt7SBy3yC/GSBo3xJe5uMgrXKbGqBy3yZPrn7M7XKMQs2bKxCw3ungrpG6Qs2s7xCI7pIMQsrtrpnerXKbGqBk5u1Mrpi65xneTuagrpMgrpCxGLZJrp1MQyfIGxFgrSIh3cayTuJYrXKbGqB/3xfI3SByGuneTpCwrpf63cKt7pM63YU4TpC/QpCPrVZ/GLKoTpiMjqBl5LZNrp71GLfkrpaeTpCwrXBIQYKkrpacrXKbGqBz3pnt3YKMjXl45LU47xC/3SdtrVaeTpCwrpazGLZI7pawQwz47pa6hSBy3yC/GSBkGuJPrXfe5uJP5LZPrXfI3XCe5LKt3xJkrpawrpMg7XZ6GXCo7pM63YUgrVngrpacGcMoGLr4QyKI7pM63cCPrpMgrXKbGqBK5LKe5LZIrVKMQXZMQyft3xd45xagQxMk7pCg7piJrXZMQpaw7pCPrXKb5Ll4TpF4TpnPrpJ67pIt3cQ47p+4QcCz3yZehs2sqpCt3SBrTLK/GLr/rsB65xf1QYZt3cQ45Ll47pIMrpCgGSB6GsBIrp1MQyfIGxF/rpMkrpng3yKbGLr47xC/3S1N3cay3sBMjpn0QpiMh4bElLl4lciM7pfb3pCJrnBIQc/4Tud4Cxaw3pl4CxnwrVMZhSBk7XZM3YC67LU4GuGc3yZeQwByGLZMrp1IGpF47p+47LfMrSII3cl4GLGM3sBc3yZoGqBeTpF4KxCw3ungQwBe3wBzQcaP7ufMEqB0GLfk5u7MQwByTLKbrp0g3y7grXB/5uMg7pCd7Sd4KcawrpCd5u1z3pF/rX7bGud45yZt5YU47xCwGqB/5ufNTuJYhSBS3pCe5xI/GLP4FpnwTwBy3yC/GSBk3x1M7pM0GLU45LfNrXKbGqBq3yMI3SBBTLr4Kcaw5xF47p+4rYfMGulsrpV4Qpnw7pMo7uiIQsBIQcCIrpMgrXKbGqBm3yZeTSBOGuV47xMeTSB0TuJMQw2b5qBzQcaoGLfkrXKb5Ll45xn0GqBe3wBsGqBN3cay3sBIQwBY5LZPGuJt3cQ/rpZJrpas7cM67LU4QcCcGLZM3cfMEqd4CpIMrVCgTu705qB0GLfk5u7MQwBeTpnerX7MQcF4Qxa63sBkGuJerpa17SBy3yC/GSB03yferpitTxC/jqBo3xJe5uMgrXKbGqBg5u1MrpacrXKbGqBIQcCIrpawrXKbGqBb5LZs3yCwrXKbQcCI7pCgGul45YP47pIMrp1t3cCkh4bECpIMrV7MQc1I3YU47pIM3LfM3XGMQwBo3yC/GSBsGqBxGLZJrpno5xa03uaP5LKt3cQ4Tud47pItQwBwGu7IQclgrn7bGuJM7cCwrpngjqB6GsBeTpF47XCw3cCPrV7MQc1I3sBV3yCs3pF45yZ6QyU45u7M3YKkrXfM3Yl45qB0GLfk5u7MrSIyQcMe7pCgrpZJrXKbGqBSQcMeTLfbEqBe3wBeTpCtQsBwGLfzGufeTLGMrpII3cK/GLZkhSBeTpCJrpGwGLn1GuJe3XP43xZ/Tu7t3c7/jqBwGq1M3cfwjLBeGul47pIMrp1MQyfIGxF47xawGSBc3yr47xawGSB63sBn3cMY3uV4Gcawrpag7xnwGSBeQcngQx1tQyft3xd47p+4lcCw3pMgh4bECxIM3sBIrpfIQXK1QcCPrV7MQc1I3sBwGLGM5uiMGSB13cKMQsBt3YKMQYZ6GxneTuagrXKb5Ll4KuJtGx1IrpazGLZI7pawQwBb5ul45cCM3sBt3YfeQYCo7pCPrXK6rpCg5xaPGqBg7u1sGLZkrpZJrXfzGui/TuJYrXKbGue43yCehSBB3pngrnK1QcMgGwBwGLGtGL7MGSBPGufwjLBeGul43uCkQxnYGLU45uJPrpKM7pCw3uMgGul47pII7SBeTpF43YC05cCwrSZMTuJkrs2brcagGqrtrX7IQwBeTpF43uak7SBo3x103xd4QyKwTuJYrpMgrXKbGqBz3pnt3YKMjXlgrVIMrpn17pa05LKMGSBeTpF45yZt5sBzQcaoGLfkhSBoQcCI7pMgGwBeTpF4KuMgQwBA5LKI3paY7uF/rX7bTufbrpnkQyC0Gul47pII7S2sGuMgQwr47xnkrpCg5xaPGul45Ll45ui/rXB6QxMeTuagQwBt3sBeTpF4QpiITuJeGLIehsBFTpF45xne5ui6GyCMrpMg5xi1GpCPrpCxGLZJrXB6Qyft5ciMrXB6QxMeTuagrpacrXKbGqBx5LZt3yCkrXZ67pawQwz4QyKIQYKt3cQ4QpakTLKt3xJkhSBI3cl4TxCJQxCe7pMgGyU43x547pIMrVCgTu705qdESMKbGqBl3xitQx44lxMzTpCwrVZ1QcCI7qBb5ul43pMNGL7tQxF4GLIz3pat7pCPrSZoQcMsQwr4Tud47pIMrSZBOM443uCeTpaPrsBsGuG6QcF4Cxaw3pl4CxnwrVMZrSIeTpF4KxCw3ungQwQ47LfMrpacrSZBOsr/rV7MQc1I3sBc3yr4rYK6rsz4Gca/3payGul45YP4rM4srpnkrpV4QyBI5xCwrXK6rpG6Qce47pIMrXKMjXl4rPnmuSrth4bECpIMrnCgTLKMGSBO7pneGLU45uJPrVZwTLKITud47LfMGSB63cF07pM0GqBe5LBMrXfJQyKM3LU/rXf15x445LU47pIMrAF0CFfHhSBc3yr47pIMTLr43uak7SBkGuJkTLKt7cF47XZIGcGt5wd4CpIMQxF4GpCxTufMQwByGLZMrpM03LCgGqBe3wBN3cay3s1z3pnt3YKMjXl45LKe5ufNmwBb3y7M7cCwhSBeTpCJrX7MQcF4Qpat3Yl07p+0Qpat3Yl43pMgTyU45uJPrXZMQLCtQcCPrp1IQyft7cF4QyCzQpitGLU43x543xJMrXKt3uF47pnzGLUgrVJM7X76Qc0MGSBoTLBbGLr43unoTpMgGLU47xCwGqBo3xJkTuKMQcCPrXG13pJMQcns3pF47p+45yZt5YU/rpngGSBx5LZt3yCkrXKM5xIgTLn1GLU47xCwGqB1QxCPrXK6rpKtQx71TLfMrXKbGqBsGu7t3cJt3cQ45uJPrpCgGXU43x545qB0GLfk5u7MhSBt3cf/7uKt3cQ45yCe7pMgGwB0GLfk5u7MQwBt3sBb5uicrpngGSBkGuJPTuJYrXKbGqBkGuf63cl4Qpnw7SBcTLZk7SBI3cl45uKPTuJYrpJ63YfM3YfMrXBIGpKt3cQ45Ll45caeTSBM3cKkhsBFTpF43pne7pCwrXBw5ufeTufMrXZMQyC/7pCPrpMgrXKbGqBy3yZ/GSBy3xJPGLZkrpMg5xMPGuJehsBFTpF4qez0fwz4TuJeQcaP7ufMGSBt3sBeTpF43uMPhOVJfOBkhSBy5LU47pIMrpGtQYfernFgFwd45xMzTpCwrp1I5xIt3cF47pII7SBy5LU45xagQxMPGLZMGSBk5uGMrpnY5uMgQyl4TxJ67xd0QpiITuJeGLIerpne7pnoTwdESPf/5LfkTufI3SBoTLBbGLZkrpnwGqBejLBt5xn/3XP47YC/3cCw5uZ/GqBe3wBN3cay3s1z3pnt3YKMjXl45LKe5ufNhsBp3yr4GLII3LB/Gqz45qBA5uCk5Lr45xMzTpCwrpfI3sBsGqBk3xixGul47Lft3cQ45qBkTuJY3pF43pCe7pCwrpacrpf6QYZMQyB63cKt3cQ4QpiITuJeGLIerpngGSBoTLBbGLZeGLIerXK6rpKM5yZJQXl4GuJeTLZM3XPgrVV4GxCgGLZI3SB03xJ65uizTpnsGLKt5wBk7uZk7pMe7LKt3xd45xMzTpCwrpJMGuKkrXfM7cCw5uz45xIIQcno7pCwrXBITLZkrpngGSBk3x1Mrp71GLfkTuJYrpMcrXKbGLZMrpnwGqBcGL7MQsBeTpngrArxrpKtQyKt3cferXBITLZkhMaWL1aWL1+EKciIGy0eTpMkLxMkLyK631aMjMac3yZWCCat3cMeHye=
'''
 
import base64, string
table = string.ascii_uppercase + string.ascii_lowercase + string.digits + '+/'
table_dict = dict.fromkeys(table, '?')
#rtable = ''.join(random.sample(table,len(table)))
orig=base64.b64encode(story)
 
for i in range(0len(orig)-4):
    table_dict[orig[i]] = tran[i]
    #print(orig[i]+";;"+tran[i])
 
tdv = table_dict.values()
rtable=""
for j in range(len(table)):
    rtable += table_dict[table[j]]
print(rtable)
tb=string.maketrans(rtable,table)
btran = tran.translate(tb)
print(base64.b64decode(btran))
 
cs

 

반응형

'WAR GAME > System32.kr' 카테고리의 다른 글

System32.kr [RSA108] 풀이  (0) 2021.01.19
System32.kr [RSA107] 풀이  (0) 2021.01.18
System32.kr [RSA106] 풀이  (0) 2019.05.19
System32.kr [RSA104] 풀이  (0) 2019.05.19
System32.kr [RSA105] 풀이  (0) 2019.05.19
반응형

files  Forensics  Cert


BigImage.md

CertCertCert… Find FLAG 

Ex) FLAG{Can_you_Find_Flag}

 

Make my hanukoon



인증서... 복호화쪽 문제인줄 알았으나 hex로 까서 아랫부분에 있는 hex값 긁어다가 ascii로 바꿔주면 된다.



yougotit!flag{I_can_import_certification_in_certmgr}



flag{I_can_import_certification_in_certmgr}




아직 중간고사 안끝났는데 이러고 있...

반응형

'WAR GAME > System32.kr' 카테고리의 다른 글

System32.kr [RSA105] 풀이  (0) 2019.05.19
System32.kr [RSA103] 풀이  (0) 2019.05.19
System32.kr [Password] 풀이  (2) 2018.09.02
System32.kr [CMD] 풀이  (0) 2018.09.02
System32.kr [BigImage] 풀이  (0) 2018.08.31
반응형

files  Forensics  Password


system32.kr의 Password 문제 풀이입니다.



cmd.md

I lost my password…. 

Who can find password?

Make my pental




zip파일이 주어진다.



윈도우 프로세스 덤프파일로 보인다.

이 프로세스 덤프파일에서 패스워드를 찾아야 한다.


일단 어디에 있는지를 몰라서 검색해봤다.


"윈도우 패스워드 프로세스"



갓 구글.. 원하는걸 딱 보여준다.

패스워드는 lsass.exe에 있는 것 같다.

lsass.exe를 덤프한 lsass.DMP만 따로 뺐다.



mimikatz를 이용하면 윈도우 패스워드를 알 수 있다.

다운로드 링크 : https://github.com/gentilkiwi/mimikatz/releases

(그냥 다운로드 받으면 바이러스 있다고 막아버린다. 윈도우 디펜더랑 이것저것 다 꺼놔야 한다.)



lsass.DMP파일을 mimikatz.exe 경로로 옮겼다.


mimikatz.exe를 실행하고 다음 명령어를 입력해 주었다.


sekurlsa::minidump lsass.DMP


sekurlsa::logonpasswords



만약 오류가 나면 아래를 참고하자.


Some errors:

  • ERROR kuhl_m_sekurlsa_acquireLSA ; Minidump pInfos->MajorVersion (A) != MIMIKATZ_NT_MAJOR_VERSION (B)
    You try to open minidump from a Windows NT of another major version (NT5 vs NT6).
  • ERROR kuhl_m_sekurlsa_acquireLSA ; Minidump pInfos->ProcessorArchitecture (A) != PROCESSOR_ARCHITECTURE_xxx (B)
    You try to open minidump from a Windows NT of another architecture (x86 vs x64).
  • ERROR kuhl_m_sekurlsa_acquireLSA ; Handle on memory (0x00000002)
    The minidump file is not found (check path).
  • https://github.com/gentilkiwi/mimikatz/wiki/module-~-sekurlsa




플래그를 구할 수 있다.


FLAG : FLAG{I_WILL_FIND_PASSWORD}




반응형

'WAR GAME > System32.kr' 카테고리의 다른 글

System32.kr [RSA103] 풀이  (0) 2019.05.19
System32.kr [Cert] 풀이  (0) 2018.10.12
System32.kr [CMD] 풀이  (0) 2018.09.02
System32.kr [BigImage] 풀이  (0) 2018.08.31
System32.kr [PPT] 풀이  (3) 2018.07.29
반응형

files  Forensics  CMD


system32.kr의 CMD 문제 풀이입니다.



cmd.md

Find Flag

Make my pental




압축파일이 하나 있는데, 압축을 풀면 1GB짜리 파일이 하나 나온다.


써니나타스 30번의 문제파일이랑 형태가 거의 같은 것 같아서

메모리 덤프 파일임을 확신하고 vol.py를 쓰기 위해 파일을 리눅스로 옮겼다.


volatility 설치방법이랑 사용법은 다음 링크를 참조하자. http://mandu-mandu.tistory.com/145



먼저 시스템정보를 확인했다.


vol.py -f cmd imageinfo




Win7SP1x86 이다.


어디서 무얼 찾아야 하나 생각하다가 파일이름이 cmd라서 cmdscan을 사용해 봤다.


vol.py -f cmd --profile=Win7SP1x86 cmdscan




역시나 플래그가 있었다.


FLAG : FLAG{CMD_LINE_CAN_YOU_FIND?}

반응형

'WAR GAME > System32.kr' 카테고리의 다른 글

System32.kr [Cert] 풀이  (0) 2018.10.12
System32.kr [Password] 풀이  (2) 2018.09.02
System32.kr [BigImage] 풀이  (0) 2018.08.31
System32.kr [PPT] 풀이  (3) 2018.07.29
System32.kr [HardCrypto] 풀이  (0) 2018.07.29
반응형

files  Misc  BigImage


system32.kr의 BigImage 문제 풀이입니다.



BigImage.md

Can you find FLAG? 

Make my RMT




jpg파일이 하나 있다.




시공조아 시공조아 시공조아 시공조아



jpg파일인데 크기가 1MB나 된다.

아마 여러 파일들이 붙어있는 것 같다. 붙어있는 파일들을 분해(?)하기 위해서 foremost를 사용했다.







zip파일이 하나 나온다.





압축을 풀고 보니 BigImage.png파일에 플래그가 있었다.


FLAG : Flag{Th1s_Imag3_is_T00_Big}


반응형

'WAR GAME > System32.kr' 카테고리의 다른 글

System32.kr [Password] 풀이  (2) 2018.09.02
System32.kr [CMD] 풀이  (0) 2018.09.02
System32.kr [PPT] 풀이  (3) 2018.07.29
System32.kr [HardCrypto] 풀이  (0) 2018.07.29
System32.kr [Easy Crypto] 풀이  (0) 2018.07.29
반응형

files  Forensics  PPT


system32.kr의 ppt 문제 풀이입니다.



PPT.md

Can you find FLAG? 
Ex) FLAG{Can_you_Find_Flag}

Make my hanukoon



PPT.zip 파일이 주어진다.


압축을 풀면 OOXML_XXE.pptx가 나온다.


ppt파일은 확장자명을 zip으로 바꿔서 풀면 된다.



이제 파일하나하나 확인해보면 된다...

몇 개 안되니 해볼만 하다



하나하나 열어서 보던중 아무것도 안뜨는 것이 발견되었다.

presentation2\ppt\presentation.xml


플래그 냄새가 나서 HxD로 까보았다.




역시나 플래그가 있었다!


FLAG : FLAG{OPENOFFICEXMLXXE_IS_GOOOOOD!}


반응형

'WAR GAME > System32.kr' 카테고리의 다른 글

System32.kr [CMD] 풀이  (0) 2018.09.02
System32.kr [BigImage] 풀이  (0) 2018.08.31
System32.kr [HardCrypto] 풀이  (0) 2018.07.29
System32.kr [Easy Crypto] 풀이  (0) 2018.07.29
System32.kr [RSA102] 풀이  (0) 2018.07.29
반응형

files  Crypto  HardCrypto


system32.kr의 HardCrypto 문제 풀이입니다.



HardCrypto.md

Do you know Hard Crypto? 
Find the Flag!! 
Ex)FLAG{ABCEDFG} 

Make my pental



Do_you_know_Crypto.txt

c075121115114075121115114075121115114075049115043075122052114075121115043075121115114075121115114075122052114075121115114075121115114075121115114080068119056080067049100080106052043076105115114075121115114075121052116076083048116076083048116076083048116076083052114075121115114075121115117080105115114075121115114075121115114075121115114075121115114075121115114075121115114075121115114076106119116076083048116076083052043076083048116076083048116076083048116076105048116076083048116076083048116076083048116076083048116076083048116076106119116076083048116076083048116076083048116076083048116076083048116076083052043075121115114075121115114075121115114075121115114075121052056075121115114075121115114075121115114075121115114075121115114075121115114075121115114076106052114075121115114075121115114076105048116076083048116076083048116076083048116076083048116076083048116076083052114075121115114075121115114075121052116076083048116076083048116076083048116076083048117080068119114075121115114075121115114075121115114075121115114075121115114075121115114076106052043075121115114075121115114075121115114075121115114075121115114075121115114075121115117076083048116076083048116076083048116076083048116076083048116076083048116076083048117080067052043075121115114075121115114075121115114075121115114075121115114075121115114075121115114075121052116076083048116076083048116076105052114075121115114075121115114075121115114075121052056075121115114075121115114075121115114075121115114075121115114075121115114075121115114075121115114075121052056075121115114075121115114075121115114075121115114075121115114075121115114076106052043076083048116076083048116076083052114075121115114075121115114076105048116076083048116076083048116076083052114075121115114076106119056076083048116076083048116076083048116076083048116076083048116076083048116076083052043080105115114075121115114075121115114075121052061


으어.... 일단 dec 2 string을 해보았습니다.


아스키로 보니 


KysrKysrKysrK1s+Kz4rKys+KysrKysrKz4rKysrKysrKysrPDw8PC1dPj4+LisrKysrKy4tLS0tLS0tLS0tLS4rKysrKysuPisrKysrKysrKysrKysrKysrKysrKysrLjwtLS0tLS4+LS0tLS0tLS0tLi0tLS0tLS0tLS0tLS0tLS0tLjwtLS0tLS0tLS0tLS0tLS0tLS4+KysrKysrKysrKysrKy48KysrKysrKysrKysrKysrKysrKysrLj4rKysrKysrLi0tLS0tLS0tLS0tLS0tLS0tLS4rKysrKysrKy4tLS0tLS0tLS0tLS0uPDwrKysrKysrKysrKysrKysrKysrLj4+KysrKysrKysrKysrKysrKysrKysuLS0tLS0tLS0tLS0tLS0tLS0tLS0uPC4+KysrKysrKysrKysrKysrKysrKysrKy4tLS0tLS0tLi4rKysrKysrKysrKy48KysrKysrKysrKysrKysrKysrKysrKysrKy48KysrKysrKysrKysrKysrKysrLj4+LS0tLS0tLS4rKysrKysrLi0tLS0tLS0tLS4rKysrLjw8LS0tLS0tLS0tLS0tLS0tLS0tLS4+PisrKysrKysrKy4=



처음엔 이 루트가 아닌줄 알았으나.. 마지막에 =을 보고 base64로 디코딩~


++++++++++[>+>+++>+++++++>++++++++++<<<<-]>>>.++++++.-----------.++++++.>+++++++++++++++++++++++.<-----.>---------.-----------------.<-----------------.>+++++++++++++.<+++++++++++++++++++++.>+++++++.------------------.++++++++.------------.<<+++++++++++++++++++.>>++++++++++++++++++++.--------------------.<.>++++++++++++++++++++++.-------..+++++++++++.<+++++++++++++++++++++++++.<++++++++++++++++++.>>-------.+++++++.---------.++++.<<-------------------.>>+++++++++.


이건...예전에 어떤 CTF에서 나왔던 문제였다는게 기억났는데...


뭐지뭐지 하다가 brainfuck 언어라는게 기억나서 바로 디코딩했습니다!


FLAG : FLAG{Bra1nFuck_1s_Funny_Crypt0}


반응형

'WAR GAME > System32.kr' 카테고리의 다른 글

System32.kr [BigImage] 풀이  (0) 2018.08.31
System32.kr [PPT] 풀이  (3) 2018.07.29
System32.kr [Easy Crypto] 풀이  (0) 2018.07.29
System32.kr [RSA102] 풀이  (0) 2018.07.29
System32.kr [RSA101] 풀이  (0) 2018.07.29
반응형

files  Crypto  EasyCrpyto


system32.kr의 EasyCrpyto 문제 풀이 입니다. 아마 EasyCrypto 인데 Crpyto로 오타내신듯 하네요.


EasyCrypto.md

How about This Crypto? 
It is Very Easy Crypto! 

Find the Crpyto FLAG!


Ex) FLAG{ABC} <= FLAG(upper) 

Make my pental


어... crypto인지 crpyto인지 으어어어어ㅓㅓㅓㅓㅓㅓㅓ


혀튼 문제파일을 봅시다.



Crypto.txt

WKHUH LV D GLIIHUHQFH EHWZHHQ YROXQWDUB VLPSOLFLWB DQG YROXQWDUB SRYHUWB. YROXQWDUB VLPSOLFLWB VHHPV YHUB PXFK WR PH D PRYHPHQW DEVRUEHG LQWR WKH PBWK RI WKH VXVWDLQDEOH PLGGOH FODVV. SRYHUWB ZDV QRW VHHQ DV SDUWLFXODUOB DWWUDFWLYH, VR LQVWHDG LW EHFDPH VLPSOLFLWB. WKHUH LV D ILQH, FRPSHOOLQJ, EXW KRUULEOB GHVWUXFWLYH VWRUB. LW’V D VWRUB WKDW SURYLGHV HDVH RI PLQG WR HYHUB RQH RI XV ZKR KDV D ZHDNQHVV IRU DOO WKH FRPIRUWV WKDW WKH GRPLQDQW VBVWHP JUDQWV XV ZKLOH VLPXOWDQHRXVOB FUHDWLQJ WKH LOOXVLRQ RI SHUVRQDO UHVSRQVLELOLWB EB WHOOLQJ XV WKDW ZH QHHG D PDVVLYH HIIRUW WR HOHFW D JRYHUQPHQW WKDW ZLOO SURPLVH XV D XWRSLDQ IXWXUH DQG D VXVWDLQDEOH, EURDG-EDVHG SHULRG RI HFRQRPLF JURZWK. BRX FDQ VWLOO EXB BRXU ZDB WR KDSSLQHVV, ZKLFK LV MXVW VOLJKWOB GLIIHUHQW IURP ZKDW WKH PDLQVWUHDP SUHVFULEHV. YROXQWDUB SRYHUWB, RQ WKH RWKHU KDQG, LV EUXWDOOB KRQHVW. WKHUH’V QR JHWWLQJ DURXQG WKH ZRUG “SRYHUWB”?LW PHDQV OHVV PRQHB, OHVV HQHUJB, OHVV UHVRXUFHV. LW PHDQV WKDW BRX FDQ’W EXB BRXU ZDB RXW RI BRXU SUHGLFDPHQW, DQG WKDW LQVWHDG BRX KDYH WR OHDUQ KRZ WR OLYH LQ D IXQGDPHQWDOOB GLIIHUHQW ZDB. LW PHDQV OHVV FRPIRUW DQG OXAXUB, DQG OHDUQLQJ KRZ WR OLYH ZHOO ZLWK WKDW. LQ RWKHU ZRUGV, LI YROXQWDUB VLPSOLFLWB LV WKH HOHFWULF FDU, YROXQWDUB SRYHUWB LV ZDONLQJ WR ZKHUH BRX QHHG WR JR. ZDONLQJ LV KRQHVWB. WKH HOHFWULF FDU LV VWRUBWHOOLQJ. IODJ{MXOLXV_FDHVDU_FUBSWR_VFRUH_1}


매우 긴 문자열이지만 우리가 살펴볼 곳은 오직 맨 마지막입니다.


IODJ{MXOLXV_FDHVDU_FUBSWR_VFRUH_1}


플래그 형식임을 확인할 수 있습니다.



IODJ가 FLAG가 되어야 합니다.

일단 매우매우 쉬운 암호라고 했으니 카이사르로 풀어보겠습니다.



23회 shift 한 결과 I가 F에 맞춰지면서 복호화가 되었습니다. (사실 처음에 치환암호인줄 알고 삽질하다가 힌트가 너무 없어서 엇 카이사르 아닐까 하고 시도해보니 맞았던...)


there is a difference between voluntary simplicity and voluntary poverty. voluntary simplicity seems very much to me a movement absorbed into the myth of the sustainable middle class. poverty was not seen as particularly attractive, so instead it became simplicity. there is a fine, compelling, but horribly destructive story. it’s a story that provides ease of mind to every one of us who has a weakness for all the comforts that the dominant system grants us while simultaneously creating the illusion of personal responsibility by telling us that we need a massive effort to elect a government that will promise us a utopian future and a sustainable, broad-based period of economic growth. you can still buy your way to happiness, which is just slightly different from what the mainstream prescribes. voluntary poverty, on the other hand, is brutally honest. there’s no getting around the word “poverty”?it means less money, less energy, less resources. it means that you can’t buy your way out of your predicament, and that instead you have to learn how to live in a fundamentally different way. it means less comfort and luxury, and learning how to live well with that. in other words, if voluntary simplicity is the electric car, voluntary poverty is walking to where you need to go. walking is honesty. the electric car is storytelling. flag{julius_caesar_crypto_score_1}



플래그는 대문자라고 했으니 대문자로 바꿔주었습니다.


FLAG : FLAG{JULIUS_CAESAR_CRYPTO_SCORE_1}

반응형

'WAR GAME > System32.kr' 카테고리의 다른 글

System32.kr [BigImage] 풀이  (0) 2018.08.31
System32.kr [PPT] 풀이  (3) 2018.07.29
System32.kr [HardCrypto] 풀이  (0) 2018.07.29
System32.kr [RSA102] 풀이  (0) 2018.07.29
System32.kr [RSA101] 풀이  (0) 2018.07.29
반응형

files  Crypto  RSA  RSA101


system32.kr의 rsa101 풀이입니다.



문제내용입니다.


p : 11820547749265118607908336189140061659994883367758644383099900753008997316272341754974105712436833864387373302687964986221522289414610698068230842231006759

q : 2076478388690715447644222392295584753007140199740835763821170999934221864895193172716587341806099928941239417181782165665806324184552950128351328886814107

e : 65537

c : 15175007508230661949213125841853820919948368859221761481847700530363990883761097704372435675552656459480039957857925187102590466676354015036181849182155680399350099015532296504916485091012255771133872737687990897080899160898509685794777509104691093814282101492973637294053730555124794841034604131492169339102


p, q, e를 이용해 개인키를 생성하고 c를 복호화 하면 될 것으로 보입니다.



rsatool.py를 이용해 개인키를 생성했습니다.


python rsatool.py -p 11820547749265118607908336189140061659994883367758644383099900753008997316272341754974105712436833864387373302687964986221522289414610698068230842231006759 -q 2076478388690715447644222392295584753007140199740835763821170999934221864895193172716587341806099928941239417181782165665806324184552950128351328886814107 -o private.pem


Using (p, q) to initialise RSA instance

n =

22f411ffb9af2f9a00c69a748d13175e23c56414b7b89ca0f3664e94960b5a144933f0ec92dbe2f9

b302d356c9f05a05cd7529bdb5a0e1ac3bbc0acc06d5847335114e0436090c829515321173e4eb44

ad5d538f4333981c7518ad2e8909372be0b0a1438026ac91ac66a6e7ab5974ea20e7423a63de228b

5ca70d0fc26a6c9d


e = 65537 (0x10001)


d =

1bb6e2be9d806681f9b37fac825f6cdbdc091b3dc21ec3326b4be76ab13df702b6b85483803e914d

e3be8dcbf6fa78a6b92df916cef8ed771f360e698fd1a4ded205086eff52626529cd3394508ae2cb

cd7d5f96f25b1212b4752232cb01ebc6cd85a2fc621c16905dce7c415a3336fe8bb98a3f9f1eda26

2a5589f531803091


p =

e1b1a243eff5356b26ffa41b8ad3b2781fcd81d148cf921ab2c31e3adc78108ff3fd25667e661634

3769a8271bada71d0284aa224397f5f4db3a7cde8fcfa627


q =

27a59d6cb8c26315b6f1f572e28c6d3e372a44ebfb5db7279502e608661851e644cde326e615338e

a426774b568f7b070f7cacd1b5c05339ecb468e292d7759b


Saving PEM as private.pem


e는 값을 자동으로 잡아주었네요 ㅇㅅㅇ



이제 생성된 private.pem을 가지고 openssl을 이용해 c를 복호화 하면 되나.... 자꾸 오류가 나서 온라인 복호화툴을 이용하겠습니다... :(


제가 복호화에 이용한 사이트입니다 : http://extranet.cryptomathic.com/rsacalc/index



위에 표시된 n, d, e를 차례로 입력해줍니다.

input data에는 c값을 입력해 주면 되는데, hex값으로 넣어달라고 하기 때문에.. hex로 변환해주어야 합니다.


이 과정도 온라인 툴의 도움을... : https://www.mobilefish.com/services/big_number/big_number.php



변환하면 이런 값이 나옵니다.


159C243DE63E52D8C6F5F37040A43788061847824AADCFC8B26DA05992C5C3DD5D344915F69DCE6961BD199761962CF706BF7D93CA1DC941C42F5302FF1A8F8853A20C591F2C28266502377710B66B44B8701BE4D1A471D0136FCF8BD3EA1813D4BB2C3D6A7C9C9A7A5B2148E52AA386C29887934F53A89F73CD467B3D4950DE



이 값을 input data란에 채워주고 decrypt에 체크한후 calculate해주면 복호화된 값이 출력됩니다.


464c41477b77336c63306d653273797374656d33325f5253415f6330757273657d



이 값도 hex이기 때문에 string형태로 바꿔주겠습니다. https://codebeautify.org/hex-string-converter




FLAG : FLAG{w3lc0me2system32_RSA_c0urse}




반응형

'WAR GAME > System32.kr' 카테고리의 다른 글

System32.kr [BigImage] 풀이  (0) 2018.08.31
System32.kr [PPT] 풀이  (3) 2018.07.29
System32.kr [HardCrypto] 풀이  (0) 2018.07.29
System32.kr [Easy Crypto] 풀이  (0) 2018.07.29
System32.kr [RSA102] 풀이  (0) 2018.07.29

+ Recent posts