CTF

드림핵 1534 STREAMer-Prototype

hajin1209 2024. 11. 28. 00:22

cipher.py 문제파일

class STREAM:
    def __init__(self, seed, size):
        self.state = self.num2bits(seed, size)

    def num2bits(self, num, size):
        assert num < (1 << size)

        return bin(num)[2:].zfill(size)
    
    def bits2num(self, bits):
        return int('0b' + bits, 2)
    
    def shift(self):
        new_bit = self.state[-1]
        self.state = new_bit + self.state[:-1]

        return new_bit
    
    def getNbits(self, num):
        sequence = ""
        for _ in range(num):
            sequence += self.shift()
        
        return sequence

    def encrypt(self, plaintext):
        ciphertext = b""
        for p in plaintext:
            stream = self.bits2num(self.getNbits(8))
            c = p ^ stream
            ciphertext += bytes([c])

        return ciphertext

    def decrypt(self, ciphertext):
        plaintext = b""
        for c in ciphertext:
            stream = self.bits2num(self.getNbits(8))
            p = c ^ stream
            plaintext += bytes([p])

        return plaintext


if __name__ == "__main__":
    import os

    for seed in range(0x100):
        Alice = STREAM(seed, 16)
        Bob = STREAM(seed, 16)
        plaintext = os.urandom(128)
        ciphertext = Alice.encrypt(plaintext)
        assert plaintext == Bob.decrypt(ciphertext)

 

prob.py 문제파일

#!/usr/bin/env python3
from cipher import STREAM
import random


if __name__ == "__main__":
    with open("flag", "rb") as f:
        flag = f.read()

    assert flag[:3] == b'DH{' and flag[-1:] == b'}'

    seed = random.getrandbits(16)
    stream = STREAM(seed, 16)

    print(f"encrypted flag > {stream.encrypt(flag).hex()}")

 

보면 시드가 16bit로 이루어져있다는 것을 확인할 수 있다.

2^16 = 65536

경우의 수가 65,536개이므로 굉장히 적다.

 

dec.py

from cipher import STREAM
import random

if __name__ == "__main__":
    while(True):
        seed = random.getrandbits(16)
        stream = STREAM(seed, 16)
        cipher = '3cef03c64ac240c349971d9e4c951cc14ec4199f409249c21e964ac540c540944f901c934cc240934d96419f4b9e4d9f1cc41dc61dc34e9219c31bc11a914f9141c61ada'
        cip_hex = bytes.fromhex(cipher)
        plain = stream.decrypt(cip_hex)
        if plain[:3] == b'DH{' and plain[-1:] == b'}':
            print(seed)
            print(plain)
            break

 

그래서 시드값을 브루트 포스로 시도하면 58654라는 것을 알 수 있다.

 

이를 이용해 플래그 값을 구하면 된다.

'CTF' 카테고리의 다른 글

드림핵 517 Basic_Crypto1  (0) 2024.11.28
드림핵 1169 What is This???  (0) 2024.11.27
드림핵 1257 Easy Linguistics  (0) 2024.11.27
드림핵 680 Robot Only  (2) 2024.11.26
드림핵 409 session-basic  (0) 2024.11.25

'CTF'의 다른글

  • 현재글드림핵 1534 STREAMer-Prototype

관련글

티스토리툴바