gkctf KillerAid

挂科CTF KillerAid

题目下载: KillerAid.zip

C# 逆向,DLL做核心验证,DLL 里面有反调试,简单 patch 即可

然后有一个极其恶心的 AES 魔改算法

行移位

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
void myshift(int pArray[4][4]){
    int tmpArr[4][4] = {0};
    tmpArr[0][0] = pArray[0][0];
    tmpArr[0][1] = pArray[1][1];
    tmpArr[0][2] = pArray[2][2];
    tmpArr[0][3] = pArray[3][3];

    tmpArr[1][0] = pArray[1][0];
    tmpArr[1][1] = pArray[2][1];
    tmpArr[1][2] = pArray[3][2];
    tmpArr[1][3] = pArray[0][3];


    tmpArr[2][0] = pArray[2][0];
    tmpArr[2][1] = pArray[3][1];
    tmpArr[2][2] = pArray[0][2];
    tmpArr[2][3] = pArray[1][3];

    tmpArr[3][0] = pArray[3][0];
    tmpArr[3][1] = pArray[0][1];
    tmpArr[3][2] = pArray[1][2];
    tmpArr[3][3] = pArray[2][3];

    for (int i = 0; i < 4; ++i) {
        for (int j = 0; j < 4; ++j) {
            pArray[i][j] = tmpArr[i][j];
        }
    }

}

外层的也很恶心

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
void mydeaes(char *p, char * iv,int plen, char *key){

    int pArray0[4][4];
    int pArray1[4][4];
    int pIv[4][4];
    int k=0;
    char key_use[16];


    convertToIntArray(iv, pIv);

    for(int k1 = 31; k1 >= 0; k1 -= 1) {

        memcpy(key_use, key, 16);
        getRoundIvAndKey(k1, iv, key_use, pIv);  // f8 82
        extendKey(key_use);//扩展密钥


        convertToIntArray(&p[16], pArray1);
        convertToIntArray(&p[0], pArray0);

        addRoundKey(pArray1, 10);
        for(int i = 9; i >= 1; i--) {
            mydeshift(pArray1);
            deSubBytes(pArray1);
            addRoundKey(pArray1, i);

            myTranspose(pArray1);
            deMixColumns(pArray1);//列混合
            myTranspose(pArray1);
        }
        mydeshift(pArray1);//行移位
        deSubBytes(pArray1);//字节代换
        addRoundKey(pArray1, 0);//一开始的轮密钥加

        for (int i = 0; i < 4; ++i) {
            for (int j = 0; j < 4; ++j) {
                pArray1[i][j] ^= pArray0[i][j];
            }
        }


        addRoundKey(pArray0, 10);
        for(int i = 9; i >= 1; i--) {
            mydeshift(pArray0);
            deSubBytes(pArray0);
            addRoundKey(pArray0, i);

            myTranspose(pArray0);
            deMixColumns(pArray0);//列混合
            myTranspose(pArray0);
        }
        mydeshift(pArray0);//行移位
        deSubBytes(pArray0);//字节代换
        addRoundKey(pArray0, 0);//一开始的轮密钥加

        for (int i = 0; i < 4; ++i) {
            for (int j = 0; j < 4; ++j) {
                pArray0[i][j] ^= pIv[i][j];
            }
        }
        convertArrayToStr(pArray0, &p[0]);
        convertArrayToStr(pArray1, &p[16]);
    }
}

解密目标数据得到: Meaningless_!$!%*@^%#%_Code 字符串

C#层还有一个 code 计算

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
from z3 import *
flag2 = bytearray(b'Meaningless_!$!%*@^%#%_Code')
id = [BitVec('a%d' % i, 8) for i in range(9)]
fuckId = [i for i in id]
tt = bytearray(target)
for j in range(len(flag2)):
    id[j % len(target)] ^= flag2[j % len(flag2)]

s = Solver()
for i in range(9):
    s.add(id[i] == target[i])

s.check()
res = s.model()
id_ = ''
for i in range(9):
    id_ += chr(res[fuckId[i]].as_long())
print(id_)

最后组合得到flag

CTF
Reverse AES AntiDebug

本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!