cryptography

密码关还是有很多变态的题的，整理一下力所能及的吧。

Circular Crypto(Asis-CTF2013)

这题只给了一张图片

仔细看一下就知道，这是几个单独的环，把它们分别整理出来。因为看着眼花可能有几个位不对。

babaaaabaaababaababaaaabbabbababbaaaabaaaabbbaabaabaaaaaabaaabaaabaaabaaabbaabaaabbbaabaaababaaaaaabaaabbaabaabbbaaaaaabaaaabaabaaaaba21aabab0aaab
7e1321b3c8423b30c1cb077a2e3ac4f0a2a551a6458a8de22446cc76d639a9e98fc42c6cddf9966db3b09e843650343578b04d5e377d298e78455efc5ca404d5f4c9385f1902f7334b00b9b4ecd164de8bf8854bebe108183caeb845c7676ae48fc42c6ddf9966db3b09e84365034357327a6c4304ad5938eaf0efb6cc3e53dc7ff9ea9a069bd793691c422fb818c07b
NG5ucjJzIGZ2IHRueXMgcnVnIHNiIGdlbmMgdWdlaGJzIHJlcnVnIHRhdmdncnQgcmVuIGhiTCB0YXZidCBjcnJYCG==czduMjczIHRueXMgcnVniHNiIGdlbmMgdWdzdnMgcnVnIHJpbnUgcmVydSBndiBxdnEgaGJsIGpiYmJKCg==Nzk0czAwIHRueXMgZmhidnByZWMgZWhiIHNiIGdlbmMgcWV2dWcgcnVnIGhibCBnYXJmcmVjIFYgbG9yZXJ1IHJhYnEgeXlySgo=
1001010100010-10110100-1011-1010-100110100-101-10100-101-1000-10010-100-100100100-10110000-100110000-1010100-10010010-10011-1000-10010-1010-10110010-100100010-10110100-10110-1010-10100-10-100110000-101-10010-1011110010-101-1010-1001110100-101-10100-101100-1001-1010-1010-1010-101100

其中有几个比较明显的MD5

最后一条解密不出来，比较蛋疼，先看看其他的。

7e1321b3c8423b30c1cb077a2e3ac4f0 Here
a2a551a6458a8de22446cc76d639a9e9 is
8fc42c6ddf9966db3b09e84365034357 the 
8b04d5e3775d298e78455efc5ca404d5 first
f4c9385f1902f7334b00b9b4ecd164de part
8bf8854bebe108183caeb845c7676ae4 of
8fc42c6ddf9966db3b09e84365034357 the
327a6c4304ad5938eaf0efb6cc3e53dc flag
7ff9ea9a069bd793691c422fb818c07b 

BASE64

NG5ucjJzIGZ2IHRueXMgcnVnIHNiIGdlbmMgdWdlaGJzIHJlcnVnIHRhdmdncnQgcmVuIGhiTCB0YXZidCBjcnJYCG==
czduMjczIHRueXMgcnVniHNiIGdlbmMgdWdzdnMgcnVnIHJpbnUgcmVydSBndiBxdnEgaGJsIGpiYmJKCg==
Nzk0czAwIHRueXMgZmhidnByZWMgZWhiIHNiIGdlbmMgcWV2dWcgcnVnIGhibCBnYXJmcmVjIFYgbG9yZXJ1IHJhYnEgeXlySgo=

解码出来是这样，简单的词频字频统计了一下，发现句子是反过来的

4nnr2s fv tnys rug sb genc ugehbs rerug tavggrt ren hbL tavbt crrX
s7n273 tnys rug sb genc ugsvs rug rinu reru gv qvq hbl jbbbJ
794s00 tnys fhbvprec ehb sb genc qevug rug hbl garfrec V loreru rabq yyrJ

好吧··我们把它翻过来，这样就可以开始解密了，因为英文不太好，最怕猜单词了，看了眼提示说是凯撒加密，这就好办多了。

Xrrc tbvat Lbh ner trggvat gurer sbhegu cneg bs gur synt vf s2rnn4
Jbbbj lbh qvq vg urer unir gur svsgu cneg bs gur synt 372n7s
Jryy qbar urerol V cerfrag lbh gur guveq cneg bs bhe cerpvbhf synt 00s497

写了个小程序把密码解出来

Keep going You are getting there fourth part of the flag is f2eaa4
Wooow you did it here have the fifth part of the flag 372a7f
Well done hereby I present you the third part of our precious flag 00f497

程序代码

#include <iostream>

using namespace std;

int main()
{
    string s,ss;
    int t;
    getline(cin,s);
    for (int x=0;x<26;x++){
        ss="";
        for (int i=0;i<s.length();i++){
            if ('a'<=s[i] && s[i]<='z')
                t=(s[i] - 'a' + x) % 26 + 'a';
            else if ('A'<=s[i] && s[i]<='Z')
                t=(s[i] - 'A' + x) % 26 + 'A';
            else
                t = s[i];
            ss+=char(t);
        }
        cout<<ss<<endl;
    }
}

再来看那一串abab的字符串，根据提示是培根密码，这就好办多了，照例写个小程序解开。

这个题目比较阴险的地方在于，他没有用常规的加密表而是用了这样的一个加密表

i和j编码相同  u和v编码相同

a AAAAA g AABBA n ABBAA t BAABA
b AAAAB h AABBB o ABBAB u-v BAABB
c AAABA i-j ABAAA p ABBBA w BABAA
d AAABB k ABAAB q ABBBB x BABAB
e AABAA l ABABA r BAAAA y BABBA
f AABAB m ABABB s BAAAB z BABBB

小程序

#include <iostream>

using namespace std;

int main()
{
    string s,os;
    char c;
    int num,t,i,j,k,l;

    getline(cin,s);
    i=0;
    os="";
    while (i<s.length()){
        num=0;
        t=1;
        for (j=4;0<=j;j--){
            k = (i+j) % s.length();
            if (s[k]=='b')
                num+=t;
            t*=2;
        }
        if (8<=num && num<=19) num++;
        else if (19<=num) num+=2;
        os+=char(97+num);
        i+=5;

        cout<<num<<endl;
    }
    cout<<os<<endl;
    return 0;
}

得到明文，这里密文的结尾和开头共用一个字母。

WELL DONE HERE IS THE LAST PART c21f0d 

这样的话一共得到了这些信息，最后那个加密我也不知道咋解，writeup也没说

WELL DONE HERE IS THE LAST PART c21f0d
Keep going You are getting there fourth part of the flag is f2eaa4
Wooow you did it here have the fifth part of the flag 372a7f
Well done hereby I present you the third part of our precious flag 00f497
Here is the  first part of the flag 7ff9ea9a069bd793691c422fb818c07b 

根据其他几段每段6个字母的规律，开头应该是ASIS_??,写程序尝试一下得出ASIS_a9

import md5
for a in "abcdef0123456789":
    for b in "abcdef0123456789":
        if "7ff9ea9a069bd793691c422fb818c07b" == md5.md5('ASIS_' + a + b).hexdigest():
            print 'ASIS_' + a + b
This gives us the first part of the flag: ASIS_a9!

之后wirteup使用暴力的办法，猜出了剩下的6位密码，对最后一种加密方式这里我也就不深究了。

Rookie Agent(Asis-CTF2013)

这题直接给了一大串密文，典型的频率分析加硬猜的题，做这个题的时候我的出发点错了，应该是吧空格和换行删掉再做分析，代表某个单词的字符串长度不一。

这里就不写了，写着也蛋疼。

6di16 ovhtm nzsls xqcjo 8fkdm tyrbn
g4bg9 pwu9g lefmr k4bg9 ahmfm tyr4b
g9htm 7ejcn zsbng 492cj olsxq 9glef
mrk4b g9ahm fmtyr lsxq7 ejccj o9gle
9gle8 fkdls xq8fk dhtmn zs7ej c8fkd
szxbn g4bg9 pwu7e jccjo 9gle9 gle8f
kdlsx q8fkd htmnz s6dii pufmr kipul
sxqmt yrmty ripug nslip u9gle 7ejc8
fkdgn sllsx qmtyr krwpo v4bg9 lsxq8
fkdmt yr16g nsl8f kdlsx q8fkd 6dinz
s4bg9 htmah mffmr k8fkd mtyr1 6gnsl
8fkd8 fkdpw u8fkd htmfm rkcjo elqj8
fkdnz slsxq cjo4b g9htm ahmff mrk8f
kd7ej c8fkd htmnz sbng8 fkdls xq8fk
dlsxq mtyrs zxgns l5ha1 6fmrk cjo6d
i9gle fmrk4 bg9ah mfmty rfmrk cjoel
qj8fk dnzsb ng8fk d6dib ng8fk d6die
lqj8f kdlsx q8fkd 7ejc9 glefm rk4bg
9ahmf 9gle1 6lsxq mtyrc joahm fhtm4
bg9fm rkcjo htmah mfnzs bng8f kd8fk
dhtm7 ejc16 9gle4 bg9ls xq4bg 96di8
fkd16 lsxqq xvbng cjonz s8fkd 9glef
mrk4b g9ahm fipu9 glejq vo8fk d4bg9
6di8f kd5ha ovnzs 4bg9f mrkfm rk7ej
ccjot y9gle 4bg96 dinzs mtyr4 bg9ls
xq8fk dcjol sxqls xq8fk dfmrk 8fkdp
wu4bg 9htmn zs9gl efmrk 4bg9a hmfcj
omtyr 4bg9m tyrcj omtyr ovhtm 7ejc8
fkdls xqfmr kcjoh tm8fk d4926 dib44
bg907 c6di4 9229e 707c5 ha492 38107
c6di2 705a3 49216 b43af 8381b 45a35
ha270 3af84 bg98f kd3af 83af8 5a3b4