2018 layer7ctf WhatIsWrong

1 minute read

layer7ctf 때 못풀었던 .net문제이다.

using System;
using System.Text;
using System.Security.Cryptography;
using System.IO;
using System.Linq;

namespace WhatIsWrong
{
    public static class StringCipher
    {
        private const int Keysize = 256;

        private const int DerivationIterations = 1000;
        public static string Decrypt(string cipherText, string passPhrase)
        {
            var cipherTextBytesWithSaltAndIv = Convert.FromBase64String(cipherText);
            var saltStringBytes = cipherTextBytesWithSaltAndIv.Take(Keysize / 8).ToArray();
            var ivStringBytes = cipherTextBytesWithSaltAndIv.Skip(Keysize / 8).Take(Keysize / 8).ToArray();
            var cipherTextBytes = cipherTextBytesWithSaltAndIv.Skip((Keysize / 8) * 2).Take(cipherTextBytesWithSaltAndIv.Length - ((Keysize / 8) * 2)).ToArray();

            using (var password = new Rfc2898DeriveBytes(passPhrase, saltStringBytes, DerivationIterations))
            {
                var keyBytes = password.GetBytes(Keysize / 8);
                using (var symmetricKey = new RijndaelManaged())
                {
                    symmetricKey.BlockSize = 256;
                    symmetricKey.Mode = CipherMode.CBC;
                    symmetricKey.Padding = PaddingMode.PKCS7;
                    using (var decryptor = symmetricKey.CreateDecryptor(keyBytes, ivStringBytes))
                    {
                        using (var memoryStream = new MemoryStream(cipherTextBytes))
                        {
                            using (var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
                            {
                                var plainTextBytes = new byte[cipherTextBytes.Length];
                                var decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);
                                memoryStream.Close();
                                cryptoStream.Close();
                                return Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount);
                            }
                        }
                    }
                }
            }
        }
}


    namespace EncryptStringSample
    {
        class Program
        {
            static void Main(string[] args)
            {
                string password = "TEFZRVI4e1RISVMgSVMgRkFLRSBGTEFHIEhBSEEhIX19ISFBSEFIIEdBTEYgRUtBRiBTSSBTSUhUezhSRVlBTCXNsoGTf94KxJs8YUlv3my6g+NubCug+Bimmvpij8GUawLsMZjNHrA0mAVkH5T3VHhxJ/lZqqcERcMQWo3wh3lIRlSiUxNDv5xKJD57f8ECw1YbIjLf+3Q2YC//rpOzEKvnKqP4ikk6vrQFVBMqmm6eD7nXq7oaoGrBSxJEz+9DIEzeP4z/CsRQm8d2dDPwZ5zM+JUdmgM54LNXlfyjwmnctqZYwOCGGt5VJJVj3K9nrPYmwFm1+RBXsd6zw/8TLlvnIl/sJ+ZgB4gShuNoOpJRDHHkQVbkZhFos43au1WuPgGwlrFdU8+gZDajS+cho1J0l1kObLrZ3htm5lJXl1od1hubv4+V/zk3pQQvG0U6kSCkWjM5shYZkhU6NZrddW/bJe5SGpoFW7jSxRkmDEFsz4Oz+BfMqPdMdgwEhTBE";
                string encryptedstring = "TEFZRVI4e1RISVMgSVMgRkFLRSBGTEFHIEhBSEEhIX19ISFBSEFIIEdBTEYgRUtBRiBTSSBTSUhUezhSRVlBTD5KFXSjwraTuJkmiJU8DB73nhajg2W0tWJ/VwLTH7I+";
                Console.WriteLine("Your decrypted string is:");
                string decryptedstring = StringCipher.Decrypt(encryptedstring, password);
                Console.WriteLine(decryptedstring);
                Console.WriteLine("Press any key to exit...");
            }
        }
    }
}

지금 다시 분석해보니 aes암호화여서 이곳에서 복호화 코드를 찾아서 분석해서 얻은 키를 넣으니 슥-삭하고 플래그가 나왔다.

 Flag:LAYER7{MVVM Master}

You may also enjoy

notion blog

less than 1 minute read

새 노션 블로그로 옮깁니다!

N4NU’s Rev-chall[medium_easy]

less than 1 minute read

ASISCTF2018 Destiny analyze.py from ctypes import * table1="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/@$_!\"#%&'()*+,-./:;<=&...

De1ctf2019-Re_Sign

1 minute read

De1ctf2019의 Re_Sign 이라는 문제였고 문제 설명에는 UPX라고 적혀있었다.