ippatsu-nyuukon

0x00 写在前面

设计思路:
 应用层与驱动层通信,在驱动层加密由应用层发送过来的明文后比较flag,并输出结果

 部分细节:

  • 驱动层的分发函数分为2部分,SEND和RECV;
    SEND:接受从应用层发来的明文并加密,其本体是DES
    RECV:比较加密后的明文和加密flag
  • 驱动层接受的明文,实际上只有第一次加密结果是正确的
  • DES后将不可视数据转为hex
  • 加密数据与加密flag比较前先异或同一个随机字节

0x01 wp


跟到分发函数的SEND, 定位加密算法
因为DES对称加密算法,所以从ida中抠出来,修改小部分并添加密文+key就可以跑解密脚本了

    // desrypt_des.cpp
    #include <stdio.h>    
    #include <string.h>    

    #define maxn 0x8000     // 理论支持明文长度
    //#define ENCODE 0,16,1       // 加密用的宏
    #define DECODE 15,-1,-1     // 解密用的宏    

    // 明文初始置换    
    char msg_ch[64] = {
        58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
        62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
        57, 49, 41, 33, 25, 17,  9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
        61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
    };

    // 密钥初始置换    
    char key_ch[56] = {
        57, 49, 41, 33, 25, 17,  9,  1, 58, 50, 42, 34, 26, 18,
        10,  2, 59, 51, 43, 35, 27, 19, 11,  3, 60, 52, 44, 36,
        63, 55, 47, 39, 31, 23, 15,  7, 62, 54, 46, 38, 30, 22,
        14,  6, 61, 53, 45, 37, 29, 21, 13,  5, 28, 20, 12,  4
    };

    // 扩展置换    
    char msg_ex[48] = {
        32,  1,  2,  3,  4,  5,  4,  5,  6,  7,  8,  9,
        8,  9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17,
        16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25,
        24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32,  1
    };

    // 每轮密钥的位移    
    char key_mov[16] = {
        1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
    };

    // 压缩置换    
    char key_cmprs[48] = {
        14, 17, 11, 24,  1,  5,  3, 28, 15,  6, 21, 10,
        23, 19, 12,  4, 26,  8, 16,  7, 27, 20, 13,  2,
        41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
        44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
    };

    // S 盒置换    
    char s_box[8][6][16] = {
        // S1    
        14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7,
        0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8,
        4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0,
        15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13,
        // S2    
        15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10,
        3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5,
        0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15,
        13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9,
        // S3    
        10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8,
        13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1,
        13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7,
        1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12,
        // S4    
        7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15,
        13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9,
        10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4,
        3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14,
        // S5    
        2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9,
        14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6,
        4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14,
        11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3,
        // S6    
        12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11,
        10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8,
        9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6,
        4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13,
        // S7    
        4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1,
        13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6,
        1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2,
        6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12,
        // S8    
        13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7,
        1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2,
        7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8,
        2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11
    };

    // P 盒置换    
    char p_box[32] = {
        16, 7, 20, 21, 29, 12, 28, 17, 1,  15, 23, 26, 5,  18, 31, 10,
        2,  8, 24, 14, 32, 27, 3,  9,  19, 13, 30, 6,  22, 11, 4,  25
    };

    // 末置换    
    char last_ch[64] = {
        40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31,
        38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,
        36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27,
        34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41,  9, 49, 17, 57, 25
    };

    // hash 置换,将加密后的密文置换为可读明文    
    char hs_ch[20] = "0123456789abcdef";
    char sh_ch[128];

    void init_trans() {
        char i;
        for (i = 0; i < 16; i++)
            sh_ch[hs_ch[i]] = i;    // 完成hash转换的对应    
    }

    char msg[maxn] = "aed3899df15bd7babb99acf5ebb9f5cd8cd44a77c53263de46ef9f3d773fe908";
    char res[32];
    char msgb[72], msgbt[72], keyb[18][72];
    char key[16] = "deadbeef";

    // 字符转成二进制    
    void ChToBit(char* dest, char* src, int length) {
        int i, j;
        char t;
        for (i = 0; i < length; i++) {
            for (j = 8, t = src[i]; j > 0; j--) {
                dest[(i << 3) + j] = t & 1;   // 取字符末位    
                t >>= 1;
            }
        }
    }

    // 二进制转成字符    
    void BitToCh(char* dest, char* src, int length) {
        int i;
        for (i = 0; i < length << 3; i++) {
            dest[i >> 3] <<= 1;
            dest[i >> 3] |= src[i + 1];   // 添加到末位    
        }
        dest[length] = 0;
    }

    // 批置换,以offset为偏移,以count为长度    
    void BatchSet(char* dest, char* src, char* offset, int count) {
        int i;
        for (i = 0; i < count; i++)
            dest[i + 1] = src[offset[i]];
    }

    // 得到16轮所需的密钥    
    void getKeys() {
        char tk[128], bk[72];
        char* ptk = tk;
        int i, j;
        for (i = 0; i < 8; i++)
            key[i] <<= 1; // 跳过奇偶校验位    
        ChToBit(bk, key, 8);
        BatchSet(tk, bk, key_ch, 56);
        for (i = 0; i < 16; i++) {
            for (j = 0; j < key_mov[i]; j++, ptk++) {
                ptk[57] = ptk[28];
                ptk[28] = ptk[1];
            }
            BatchSet(keyb[i], ptk, key_cmprs, 48);
        }
    }

    // 将密文转换为真正的密文    
    void dropMsg(char* dest, char* src) {
        int i;
        for (i = 0; i < 16; i++) { 
            dest[i >> 1] = (dest[i >> 1] << 4) | sh_ch[src[i]];
        }
    }

    void DES(char* pmsg, int st, int cl, int step) {
        int i, row, col;
        char r[64], rt[48], s[8];
        ChToBit(msgbt, pmsg, 8);
        BatchSet(msgb, msgbt, msg_ch, 64); // 初始置换    
        for (; st != cl; st += step) {
            memcpy(rt, msgb + 33, 32);
            BatchSet(r, msgb + 32, msg_ex, 48); // 扩展置换    
            for (i = 1; i <= 48; i++)
                r[i] ^= keyb[st][i]; // 异或操作    
                                     // s_box 代替    
            for (i = 0; i < 48; i += 6) {
                row = col = 0;
                row = r[i + 1] << 1 | r[i + 6];
                col = (r[i + 2] << 3) | (r[i + 3] << 2) | (r[i + 4] << 1) | r[i + 5];
                s[i / 12] = (s[i / 12] <<= 4) | s_box[i / 6][row][col];
            }
            ChToBit(r, s, 4);
            BatchSet(msgb + 32, r, p_box, 32); // p_box 置换    
            for (i = 1; i <= 32; i++)
                msgb[i + 32] ^= msgb[i]; // 异或    
            memcpy(msgb + 1, rt, 32);
        }
        memcpy(msgbt + 33, msgb + 1, 32);
        memcpy(msgbt + 1, msgb + 33, 32);
        BatchSet(msgb, msgbt, last_ch, 64); // 末置换    
        BitToCh(res, msgb, 8); // 转为原明文    
    }

    int main(int arg, char* arv[]) {
        init_trans();
        char mode = 'd';

        getKeys(); // 得到16轮要用到的密钥    

        int i;

        printf("dec: ");
        for (i = 0; msg[i]; i += 16) {
            dropMsg(res, msg + i); // 将密文转换为真正的密文    
            DES(res, DECODE); // 解密    
            printf("%s", res);
        }
        printf("\n");
        return 0;
    }

简单来说 只要把加密宏[0, 16 ,1]替换为[15, -1, -1]解密宏即可。

flag: hctf{Dr1v5r_M5ngM4n_2Oi7}

ippatsu-nyuukon

ps: 附一张成功cm的截图

ippatsu-nyuukon

本文章首发在 网安wangan.com 网站上。

上一篇 下一篇
讨论数量: 0
只看当前版本


暂无话题~