๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
๐Ÿด‍โ˜ ๏ธ CTF ๐Ÿด‍โ˜ ๏ธ/๐Ÿงฎ ์•”ํ˜ธํ•™ ๐Ÿงฎ

[Dream Hack - Crypto] X-Time Pad

arock 2023. 12. 9. 23:30
๋ฐ˜์‘ํ˜•

One-Time Pad

One-Time Pad ๋Š” ์ผํšŒ์„ฑ ํŒจ๋“œ๋ฅผ ์ด์šฉํ•˜์—ฌ ๋ณด์•ˆ๊ธฐ๋Šฅ์„ ์ œ๊ณตํ•˜๋Š” ์•”ํ˜ธ ์‹œ์Šคํ…œ์ด๋‹ค. ํ‰๋ฌธ๊ณผ ํ‚ค์˜ ๊ธธ์ด๊ฐ€ ์„œ๋กœ ๋™์ผํ•ด์•ผ ํ•˜๋ฉฐ, ํ‚ค๋Š” ๋‹จ ํ•œ๋ฒˆ๋งŒ ์‚ฌ์šฉ๋˜์–ด์•ผ ํ•œ๋‹ค. ์•”ํ˜ธํ™” ๊ณผ์ •์—์„œ ํ‰๋ฌธ๊ณผ ํ‚ค ๊ฐ„์˜ XOR ์—ฐ์‚ฐ์„ ์‚ฌ์šฉํ•œ๋‹ค.

 

๋ฌธ์ œ ํ•ด์„

  1. flag_enc = FLAG ^ key
  2. FLAG ๊ฐ’์„ ์ฝ์–ด์™€์„œ key ์™€ xor ํ•œ ํ›„ flag_enc ๋ฅผ ์ถœ๋ ฅํ•œ๋‹ค.
  3. new_key = key ^ rand_bit
  4. key์— ๋ฌด์ž‘์œ„ํ•œ bit์—ด์„ ๋”ํ•ด์„œ ์ƒˆ๋กœ์šด ํ‚ค๋ฅผ ์ƒ์„ฑํ•œ๋‹ค. ์ด๋•Œ, rand_bit์˜ ๊ธธ์ด๊ฐ€ 64byte์ด๋ฏ€๋กœ new_key์˜ ๊ธธ์ด๋„ 64byte์— ๊ทผ์ ‘ํ•  ๊ฒƒ์ด๋ผ ์ถ”์ธกํ•  ์ˆ˜ ์žˆ๋‹ค.
  5. input_enc = {input} ^ new_key
  6. ์šฐ๋ฆฌ๊ฐ€ ์ž…๋ ฅํ•œ ๊ฐ’์— ์ƒˆ๋กœ์šด ํ‚ค๋ฅผ xor ํ•˜์—ฌ ์•”ํ˜ธํ™”๋œ ๊ฐ’์„ ์ถœ๋ ฅํ•œ๋‹ค. input์˜ ๊ธธ์ด ๋งŒํผ๋งŒ key๋ฅผ ์ž˜๋ผ์„œ ์‚ฌ์šฉํ•˜๋Š” ์ฝ”๋“œ๊ฐ€ ์กด์žฌํ•˜๋ฏ€๋กœ input์— ๋„ฃ์„ ์ˆ˜ ์žˆ๋Š” ์ตœ๋Œ€ ๊ธธ์ด๋ฅผ ๋„ฃ๋„๋ก ํ•œ๋‹ค.

 

์„œ๋ฒ„ ์‹คํ–‰

flag_enc: 0b10100000100111011101010101011110 ... 

Plain text : 0000000000000000000000000000000000000000000000000000000000000000
input_enc: 3346417034361305867439072305201355648991850274910930070918752521983423720001914392514304897965851295662176779195519267721152888101451266383436211583479274

 

ํ’€์ด ์ฝ”๋“œ

๋ฌธ์ œ ํ•ด์„ ๋‹จ๊ณ„์˜ ์—ฐ์‚ฐ์„ ๊ฑฐ๊พธ๋กœ ์˜ฌ๋ผ๊ฐ€๋‹ค๋ณด๋ฉด FLAG ๊ฐ’์„ ๊ตฌํ•  ์ˆ˜ ์žˆ๋‹ค.

# input ํ‰๋ฌธ 
input_txt = '0000000000000000000000000000000000000000000000000000000000000000'
input_enc = 3346417034361305867439072305201355648991850274910930070918752521983423720001914392514304897965851295662176779195519267721152888101451266383436211583479274
flag_enc = 0b10100000010011101110101010101111011111100010001011101001111100000001010001000100010101111001101111010011111001011100111011000001001011010011011010100000000011010110001010101011101100000000100001100110010011100110100110010110111010110001100101111111001101111111010101010100001011110011001001000010011101000010001000000110001111101011000111101001001101001011111010000010110001011111001101110101000110110011000001110000100111110100011001100010011011000100010001011100010000111100000110110011101010011100001000010010

# input์„ ์ด์ง„์ˆ˜๋กœ ๋ณ€ํ™˜
binary_list = ['0b']
for ch in input_txt:
    binary_list.append(format(ord(ch), 'b').zfill(8))
binf = "".join(binary_list)

# 3. new_key = input ^ input_enc
new_key = int(binf, 2) ^ input_enc

# 2. key = new_key ^ rand_bit
old_key = bin(new_key ^ 0b10010110101011100100111011100101101011110011001110000101111010111110010111100000111110000000010101101011001100010100010101111000111111100010001010110000010111110111110010001111110011110101001011111010100101010100001110010111111010001101111110011001010110011001010101010000001010100000101101001010010010100010100001011101011011010011010101111111010010100111011001100000101011100001010111111101000110011000110101111111010111001101111110011101101100011101001111111000010011010111100010111001100101011111101111111001)

# 1. FLAG = key ^ flag_enc
flag_bin = bin(int(old_key, 2) ^ flag_enc)[2:]

# flag_bin์˜ ์•ž์— 0์ด ์ƒ๋žต ๋˜์—ˆ์„ ์ˆ˜ ์žˆ์œผ๋ฏ€๋กœ 8์„ ๋‚˜๋ˆ  ๋‚˜๋จธ์ง€ ์—ฐ์‚ฐ
remainder = (len(flag_bin)) % 8
print(chr(int(flag_bin[0:remainder], 2)), end='')
flag_binary = [chr(int(flag_bin[i:i+8], 2)) for i in range(6, len(flag_bin), 8)]
FLAG = "".join(flag_binary)

print(FLAG)
๋ฐ˜์‘ํ˜•

'๐Ÿดโ€โ˜ ๏ธ CTF ๐Ÿดโ€โ˜ ๏ธ > ๐Ÿงฎ ์•”ํ˜ธํ•™ ๐Ÿงฎ' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

[Dream Hack - Crypto] Pyploit  (2) 2023.12.18
[Dream Hack - Crypto] [LINE CTF 2021] babycrypto1  (2) 2023.12.12
[Dream Hack - Crypto] likeb64  (0) 2023.12.09
[DreamHack - Crypto] uncommon_e  (2) 2023.11.22
[Dream Hack - Pwnable] baby-bof  (0) 2023.11.19

'๐Ÿด‍โ˜ ๏ธ CTF ๐Ÿด‍โ˜ ๏ธ/๐Ÿงฎ ์•”ํ˜ธํ•™ ๐Ÿงฎ' Related Articles

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”